Some creative thinking from the BIOS demigod

Phoenix Technologies Ltd., the king of the BIOS hill, has come up with a number of interesting initiatives that stem from its BIOS history.

One innovation is a suite of instant-on PC applications called FirstWare Rescue that can be evoked without loading the OS. Rescue enables PC makers to stash a full Windows image – and even some applications – on a protected spot on the hard drive. If things go south, Rescue can be used to rebuild the machine without the original software CDs.

Another Rescue application is FirstWare Connect, an instant-on Web browser that will let users access vendor support sites or download drivers as they attempt to resuscitate PCs, all sans OS.

The company is also hell-bent on a security scheme called FirstAuthority Trusted Device Infrastructure, which is innovative if not a bit ambitious. The basic idea is to get manufacturers to embed a ROM chip containing an RSA crypto engine into PCs and laptops so network managers can turn these devices into trusted network endpoints.

Dictating which machines have access to what involves an enrolling process whereby the computers contact a Phoenix device authority and go through a crypto dance that generates a unique device key that is stored in the ROM.

From then on, every time an enrolled machine makes a request for a secured resource, the device key will be brought up and forwarded. If it matches the application key, access is granted.

To reach pre-ROM machines, Phoenix has developed a CD product that generates a unique device key by assigning numerical values to things the BIOS normally checks, such as product ID and MAC address, and then doing a hash on that. While not as secure as the ROM version, it is said to be 20 times more secure than password-only protection.

Pretty nifty, but Phoenix has to convince a lot of players to participate. So far Compaq Computer Corp., Samsung Electronics Co. Ltd. and NEC Corp. have committed to building in the ROM, and IBM Corp. and Hewlett-Packard Co. are considering it. On the software side, Check Point Software Technologies Ltd. has already agreed to build device-aware applications and Phoenix is working with Microsoft on the operating system and application fronts.

Whether or not Phoenix is successful in seeing the security idea through, you have to give the company credit for all these creative ideas.