1. Technical Field
The present invention relates in general to data processing systems, and in particular to data security within such systems. More particularly, the present invention relates to a system and method for setting a persistent data security state in a convenient manner impervious to runtime interference.
2. Description of the Related Art
Computer security encompasses a number of different aspects, from passwords and permissions, to data encryption, virus protection, firewalls, and VPNs, software bugs, data backup and physical system security. The continued growth in electronic communication and commerce over expansive computer-driven networks has resulted in a dramatic proliferation of potential security data security problems as data is stored and delivered over multiple networked devices.
Specialized security hardware that complements transmission-based security has been developed to address the myriad of potential security threats to stored and/or transmitted digital data. Such complementary hardware security addresses hardening and assuring the integrity of the environment in which digital application data resides. This security hardware can be utilized for a number of purposes including securing storage of confidential information such as security keys, and off-loading of intensive security operations such as Secure Socket Layer (SSL) processing or digital signature operations. So called “smart cards” and hardware tokens are among the most common forms of secured hardware storage. These mechanisms are tamper-resistant, preventing unauthorized access to security keys. security devices can also perform cryptographic operations solely from within a system thus providing both a secure environment to access of confidential data, as well as being able to off-load processor intensive operations from network devices.
One such hardware security device is known as an embedded security subsystem (ESS), which provides system security measures outside the interactive processing environment (i.e. the operating system). An ESS typically includes a protective enablement/disablement mechanism which serves to prevent both unauthorized access to sensitive data stored with the ESS as well as unauthorized enablement of ESS functionality. A major source of security vulnerability occurs incident to initial activation and enablement of an ESS, since such enablement signals or instructions are required when otherwise necessary authorization information (owner authentication, for example) is unavailable. ESS initialization techniques are therefore subject to unintended function disablement and/or denial of service (DoS) attacks.
The currently developed Trusted Computing Platform Alliance (TCPA) specification addresses the vulnerability of ESS enablement/activation by requiring specialized forms of user authorization. These user authorization techniques typically rely on verifying physical presence of a user before ESS enablement/activation commands are allowed to operate. For a personal computer (PC), such verification might be implemented using manual switches or buttons, or using computer startup instructions. Such physical presence verification during initial enablement of an ESS are often cumbersome and preclude remote enablement of access to the features and data associated with the object ESS.
From the foregoing, it can be appreciated that a need exists for a system that provides secure access to ESS functionality while maintaining the flexibility afforded by remote initialization and management. The present invention addresses such a need by providing a system and method that utilizes a power-on reset requirement that avoids the aforementioned problems associated with physical presence verification before a change of enablement/activation status of an ESS can be implemented.