1. Technical Field
The present invention relates to electronic apparatuses in general, and in particular to a technique for protecting a password of a computer having a non-volatile memory.
2. Description of Related Art
A computer is equipped with disk drives such as a hard disk drive (HDD), a solid state drive (SSD), and the like. The disk drive is connected to a computer main body via a connector and therefore is able to be easily detached. The ATA standard defines the setting of a password for disk drives.
The password is normally set by a user on a setup screen of a basic input output system (BIOS). The set password is stored in a system area on a disk to which the user is not able to access. After the password is set, the user area on the disk which stores user data is inaccessible unless the BIOS transmits the password and an unlock command. Even if the computer is stolen, data is not able to be stolen from the disk drive unless the password is known. Therefore, it is important to set a password on a disk drive to protect data.
The computer transitions between a power-off state or a power saving state and a power-on state. In addition, the power of the disk drive is stopped in the power-off state and in the power saving state. Even if a correct password is input to a locked disk drive to unlock the disk drive once, if the computer shifts to the power saving state or the power-off state and then the power supply of the disk drive stops, the disk drive is reset and locked again, and therefore the password needs to be sent again.
Practically, when returning from the power-off state with a password set in a disk drive, a password input is always requested to protect data. The password input, however, has an aspect of burdening the user and degrading the operability. Therefore, in the present situation, whether the password input is to be requested is determined with consideration for usability when returning from a suspend state or a hibernation state.
In many cases, the BIOS does not request a password input in order to improve usability when returning from the suspend state. In this case, to unlock the disk drive, the BIOS automatically transmits a password stored in a secure area to the disk drive on behalf of the user. In this situation, if an eavesdropping device is attached to an interface circuit of the disk drive, the eavesdropping device is able to eavesdrop the password, which the BIOS transmits to the disk drive at the time of returning from the suspend state.
If the third party detaches the disk drive from the computer and connects the disk drive to an eavesdropping device connected to the same computer, the third party is able to eavesdrop the password sent by the BIOS. If the BIOS is arranged in advance to transmit a hash value of the password input by the user, the password of a plain text is not stolen. If, however, an eavesdropped hash value is transmitted to the disk drive on behalf of the BIOS, the third party is able to access the disk drive.
In order to prevent the above, when detecting that the disk drive has been detached from the main body at the time of resuming from the suspend state, the conventional BIOS stops the automatic transmission of a password and requests the user to input the password, and only in the case where the correct password is input, the conventional BIOS unlocks the disk drive. Additionally, a unified extensible firmware interface (UEFI) firmware which is an alternative to the BIOS is not able to request the user to input a password even in the case of detecting the detachment of the disk drive when returning from the suspend state, due to architecture restrictions. Therefore, the UEFI firmware has canceled the return to the power-on state and then forcibly shifted the computer to the power-off state to prevent password leakage.
There has not been examined so far a problem of password eavesdropping by inserting an eavesdropping device at the time of returning from a hibernation state. The reason comes from the fact that conventionally a password has been requested independently of whether a disk drive is attached/detached when returning from the hibernation state, similarly to when returning from the power-off state. In recent years, various types of BIOSs which cause a computer to return from the power saving state in a short time have been adopted. Some BIOSs among them automatically transmit a password to a disk drive without requesting a password input in the case of returning from the hibernation state or a state similar thereto.
These BIOSs execute a routine simplified more than a normal routine to complete the boot in a short time when returning from the hibernation state or a state similar thereto. In this case, requesting a password input inhibits returning in a short time. Therefore, the simplified routine is configured based on the premise that the BIOS automatically transmits a password to a disk drive on behalf of a user without displaying a prompt for inputting the password. Accordingly, the use of this type of BIOS causes the problem of password eavesdropping.
If the password input is able to be requested only when the detachment of the disk drive is detected in the same manner as for returning from the suspend state also when returning from the hibernation state, a password is conveniently able to be protected while preventing the decrease in usability. The way of requesting a password in the conventional routine for returning from the hibernation state requires much time for return and therefore conflicts with an object to return in a short time by using a simplified routine.
Furthermore, when returning from the suspend state, a code which displays an input prompt for the password is maintained in the main memory and therefore it is possible to request a password input when the detachment of the disk drive is detected. In the hibernation state, however, the code in the main memory disappears and therefore it is impossible to request a password input in a similar fashion.
Moreover, if the computer is forcibly shifted to the power-off state when returning from the hibernation state in such a way that the UEFI firmware does when returning from the suspend state, the computer comes out of hibernation, which inhibits the user to acquire data under editing before the detachment of the disk drive.
For example, if the computer is forcibly shifted to the power-off state in the case where the third party temporarily detaches the disk drive under hibernation and attaches the disk drive to the same computer with an eavesdropping device connected therebetween, a normal user is not able to return the data under editing which has been edited until then to the main memory when the normal user returns the computer to the power-on state.
Consequently, it would be desirable to provide a method for protecting a password when there is an unauthorized access to a non-volatile memory during a shift to a power saving state after data in the main memory has been saved in the nonvolatile memory. Moreover, it would be desirable to provide a method for protecting a password while maintaining data that has already been stored in the main memory before the shift to the power saving state at the time of returning from the power saving state.