With the advent of personal computer system use in every day personal and business affairs, the issue of computer security has become critical. To protect the information contained in the personal computer system, which in many cases may be highly sensitive and confidential, measures must be taken to ensure that a user attempting to use the computer system is an authorized user. These protective measures should be taken before the operating system (“OS”) boots because once the OS boots, files can be deleted, copied, or modified to help a rogue user gain access to the computer system.
Preboot security systems prevent the computer system from booting if a security breach is detected. So for instance, a user attempting to use the computer system may be required to enter a password before the computer system will boot. While this method is simple, it has its drawbacks. First, a rogue user can steal a password from an authorized user and enter the password to gain access. Second, an authorized user could forget the password and therefore be locked out of the computer system.
Currently, biometric data, such as a finger print, is being used to identify authorized users in a variety of applications. Using biometric data as a security check is advantageous because such data is unique to each individual and presumably no other person could replicate or steal such data. Moreover, biometric data is characteristic of the individual. The individual need not remember this data because it is an inherent part of his or her being.
Applications utilizing biometric authentication generally include some device or sensor that receives the biometric information. Thus, a sensor can be used to capture data corresponding to a thumbprint or fingerprint. This data is then transmitted to an application that creates a template that can be stored and used later when some type of authentication is required. In such a situation, a current biometric image is captured from the sensor and compared to the biometric template stored previously. If the image and template match, then the action requested will be granted. Otherwise, the request will be denied.
Biometric authentication at the computer system preboot stage is very desirable. Nevertheless, implementing such a security system is difficult. The OS preboot is typically controlled by the Basic Input and Output System (“BIOS”). The available memory and executable code in BIOS is very limited, and BIOS would not be able to accommodate the memory and code required to implement a biometric authentication system.
Accordingly, what is needed is a system and method for preboot OS authentication of a user using biometric information. The system and method should ensure that the biometric information stored is valid and that such information can be used by BIOS. The present invention addresses such needs.