METHOD AND SYSTEM FOR PREBOOT SUMMARY OF THE INVENTION
The present invention provides a method and system for
FIELD OF THE INVENTION authenticating a user of a computer system using biometric
5 information. The method and system of the present inven
Tt, . • .. , . „,,,,.,,, tion includes registering a biometric template in the comine present invention relates generally to the field of ,e _ 6 . , r, . . _ , , ^. , , ° \, , , ^ puter system, thereafter, verifying the authenticity of the computer security and particularly to a method and system . ^ , , . ^ . ^ , ^ ,°, \, , . „ , . . . „ registered biometnc template and then comparing the motor preboot system authentication of a user. ... , . ... ,i -f +u ^ J metric template with a biometric image the user if the
10 biometric template is authentic. If the user's biometric image
BACKGROUND OF THE INVENTION matches the biometric template, the computer system will
continue to boot.
With the advent of personal computer system use in every The present invention offers multiple layers of security in
day personal and business affairs, the issue of computer that it verifies the authenticity of the biometric template
security has become critical. To protect the information 15 before the template is used to authenticate the identity of the
contained in the personal computer system, which in many user attempting to log on to the computer system. In this
cases may be highly sensitive and confidential, measures manner, the computer system is protected from intruders,
must be taken to ensure that a user attempting to use the Moreover, because registration of the template is performed
computer system is an authorized user. These protective by 311 application program outside of BIOS, the limited
measures should be taken before the operating system 20 resources available in BIOS are not depleted.
("OS") boots because once the OS boots, files can be
deleted, copied, or modified to help a rogue user gain access
to the computer system. FIG j ig a Wock diagram iuustratmg a preferred embodi
Preboot security systems prevent the computer system 25 ment of a system in accordance with the present invention,
from booting if a security breach is detected. So for instance, FIG. 2 is a flowchart illustrating the template registration
a user attempting to use the computer system may be process in accordance with the present invention,
required to enter a password before the computer system FIG. 2A is a block diagram depicting the process in FIG.
will boot. While this method is simple, it has its drawbacks. 2.
First, a rogue user can steal a password from an authorized 30 FIG. 3 is a flowchart illustrating the preboot authentica
user and enter the password to gain access. Second, an tion process in accordance with the present invention,
authorized user could forget the password and therefore be FIG- 3A is a block diagram depicting the process in FIG.
locked out of the computer system. 3.
Currently, biometric data, such as a finger print, is being nrT1IT ...
. ,' , . , . . K ,. . 35 DETAILED DESCRIPTION used to identify authorized users in a variety of applications.
Using biometric data as a security check is advantageous TM . . .. , , . „
, ° i i ^ • • ^ , , ° 1 he present invention provides a method and system tor
because such data is umque to each individual and presum- ^ 5 ^. „ ^ , . :. . „
,, ^ , , ,. ^ ^ , , , ^ authenticating a user of a computer using biometnc lnior
ably no other person could replicate or steal such data. .. TM . , . .. . ° , . , ,
,,J ,. , ^ . , j-^ 1 mation. 1 he iollo wing description is presented to enable one
Moreover, biometnc data is characteristic oi the individual. „ ,. , ... . ^ ° ^ , , ^ . ^. ,
„,.,.:,, , 1^-1^1 • 40 oi ordinary skill in the art to make and use the invention and
1 he individual need not remember this data because it is an . ., , . ^ ^ ^ „ ^ ^ ,. ^. ,
. , . . j., . , , . is provided in the context oi a patent application and its
inherent part oi his or her being. r. . ^. 5 ^ j- ,
requirements. Various modifications to the preferred
Applications utilizing biometric authentication generally embodiment and the generic principles and features
include some device or sensor that receives the biometnc described herein will be readily apparent to those skilled in
information. Thus, a sensor can be used to capture data 45 the ^ ^ the present invention is not intended to be
corresponding to a thumbprint or fingerpnnt. This data is limited to the embodiment shown but is to be accorded the
then transmitted to an application that creates a template that widest scope consistent with the principles and features
can be stored and used later when some type of authentica- described herein
tion is required. In such a situation, a current biometric In a preferred embodiment of the present invention, a image is captured from the sensor and compared to the 5Q sensor for obtaining the biometric information is coupled to biometnc template stored previously. If the image and the computer system^ which includes a processor. The protemplate match, then the action requested will be granted. cessor mns an application which allows a system adminis. Otherwise, the request will be denied. trator tQ register the biometric information of an authorized
Biometric authentication at the computer system preboot user into the computer system. The registered biometric
stage is very desirable. Nevertheless, implementing such a 55 information is then stored in memory, preferably, nonvola
security system is difficult. The OS preboot is typically tile memory. Thereafter, when a user tries to log on to the
controlled by the Basic Input and Output System ("BIOS"). computer system, the user will be prompted to submit his or
The available memory and executable code in BIOS is very her biometric information, e.g., fingerprint, via the sensor
limited, and BIOS would not be able to accommodate the prior to a system boot. The BIOS will retrieve the stored
memory and code required to implement a biometric authen- 60 biometric template, verify its authenticity, and compare it to
tication system. the submitted biometric information. If the biometric tem
Accordingly, what is needed is a system and method for plate is authentic and the submitted biometric information
preboot OS authentication of a user using biometric infor- matches the biometric template, the system will boot. Oth
mation. The system and method should ensure that the erwise, the system will not boot and the administrator will
biometric information stored is valid and that such informa- 65 be notified.
tion can be used by BIOS. The present invention addresses FIG. 1 is a system that can be utilized in accordance with
such needs. the preferred embodiment of the present invention. The