Pre-boot authentication

From Wikipedia, the free encyclopedia

Pre-Boot Authentication (PBA) or Power-On Authentication (POA)[1] serves as an extension of the BIOS or boot firmware and guarantees[citation needed] a secure, tamper-proof[citation needed] environment external to the operating system as a trusted authentication layer. The PBA prevents anything[citation needed] being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.[2]

Benefits of Pre-Boot Authentication

  • Full disk encryption outside[citation needed] of the operating system level [2]
  • Encryption of temporary files[citation needed]
  • Data-at-rest protection[citation needed]

How Pre-Boot Authentication Works

Generic Boot Sequence

  1. Basic Input/Output System (BIOS)
  2. Master boot record (MBR) partition table
  3. Pre-boot authentication (PBA)
  4. Operating system (OS) boots

A PBA environment serves as an extension of the BIOS or boot firmware[citation needed] and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents[citation needed] Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the computer. That trusted layer eliminates the possibility[citation needed] that one of the millions of lines of OS code can compromise the privacy of personal or company data[citation needed].

Pre-Boot Authentication Technologies

Combinations with Full Disk Encryption

Pre-Boot Authentication is generally provided[citation needed] by a variety of full disk encryption vendors, but can be installed separately[citation needed]. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption. However, without some form of authentication, encryption provides little protection[citation needed].

Authentication Methods

The standard complement of authentication methods exist for Pre-Boot Authentication including:

  1. Something you know (i.e. username / password)
  2. Something you have (i.e. smart card or other token)
  3. Something you are (i.e. biometric data)

References

  1. "Sophos brings enterprise-level encryption to the Mac". Network World. August 2, 2010. Retrieved 2010-08-03. 
  2. 2.0 2.1 "Pre-Boot Authentication". SECUDE. February 21, 2008. Archived from the original on 2012-03-04. Retrieved 2008-02-22. 
This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.