Method and system for programming a non-volatile device in a data processing system

US 20030135744A1
Filed: 01/11/2002
Published: 07/17/2003
Est. Priority Date: 01/11/2002
Status: Abandoned Application

First Claim

Patent Images

1. A computer program product comprising processor executable instructions for programming a non-volatile storage element in a data processing system, the instructions being stored on a computer readable medium, comprising:

computer code means for encrypting a digital signature using a first encryption key;

computer code means for passing the encrypted signature to a kernel routine;

computer code means, responsive to successfully decrypting the encrypted signature using a second encryption key, for transitioning the data processing system from a protected-mode to a real-mode; and

real-mode computer code means for flash programming the non-volatile storage element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for insure that code being loaded (flashed) into a flash memory card or other non-volatile storage device of a data processing system is authorized code. The system may include code comprising a kernel portion that transitions the system from a protected-mode to a real-mode and a user portion that includes the code to be loaded onto the flash card. In one embodiment, an asymmetric authentication scheme ensures that the code flashed into the flash card is verified as authorized while complying with the open-source requirements of the operating system. In this embodiment, the public key may become a part of the kernel portion, which is available for all to inspect, while the private key is known only to the user portion. The user portion may generate a signature that is encrypted using the private key. The signature may be generated algorithmically based upon characteristics of or information associated with the corresponding data processing system. The encrypted signature may then be passed as a parameter to the kernel portion, which decrypts the signature according to the public key. If the decrypted signature correctly identifies the system, the kernel potion of the code completes the transition to real-mode and then invokes real-mode flashing code to flash the card. In this manner, only a small portion of code is required to be compiled into the kernel while enabling the code to prevent unauthorized access to the kernel.

78 Citations

View as Search Results

24 Claims

1. A computer program product comprising processor executable instructions for programming a non-volatile storage element in a data processing system, the instructions being stored on a computer readable medium, comprising:
- computer code means for encrypting a digital signature using a first encryption key;
  
  computer code means for passing the encrypted signature to a kernel routine;
  
  computer code means, responsive to successfully decrypting the encrypted signature using a second encryption key, for transitioning the data processing system from a protected-mode to a real-mode; and
  
  real-mode computer code means for flash programming the non-volatile storage element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer program product of claim 1, wherein the code means for encrypting the digital signature is non-privileged code.
  - 3. The computer program product of claim 2, wherein the code means for passing the encrypted signature to the kernel routine comprises code means for executing a system call from the non-privileged code and passing the signature as a parameter of the system call.
  - 4. The computer program product of claim 1, wherein the first encryption key is a private key and the second encryption key is a public key, wherein the public key and private key are generated from a common algorithm.
  - 5. The computer program product of claim 1, further comprising code means for generating the digital signature, wherein the digital signature includes information that is indicative of the data processing system.
  - 6. The computer program product of claim 5, wherein the digital signature is generated based at least in part upon dynamic information.
  - 7. The computer program product of claim 6, wherein the digital signature is generated at least in part based further upon information including a corresponding hostname and process ID.
  - 8. The computer program product of claim 1, further comprising code means for generating a random number as the digital signature.

9. A data processing system including at least one processor, memory, and input means connected to a common bus, wherein the system memory contains at least a portion of a sequence of computer executable instructions for programming a non-volatile storage element of the data processing system, the instructions comprising:
- computer code means for encrypting a digital signature using a first encryption key;
  
  computer code means for passing the encrypted signature to a kernel routine;
  
  computer code means, responsive to successfully decrypting the encrypted signature using a second encryption key, for transitioning the data processing system from a protected-mode to a real-mode; and
  
  real-mode computer code means for flash programming the non-volatile storage element.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The data processing system of claim 9, wherein the code means for encrypting the digital signature is non-privileged code.
  - 11. The data processing system of claim 10, wherein the code means for passing the encrypted signature to the kernel routine comprises code means for executing a system call from the non-privileged code and passing the signature as a parameter of the system call.
  - 12. The data processing system of claim 9, wherein the first encryption key is a private key and the second encryption key is a public key, wherein the public key and private key are generated from a common algorithm.
  - 13. The data processing system of claim 9, further comprising code means for generating the digital signature, wherein the digital signature includes information that is indicative of the data processing system.
  - 14. The data processing system of claim 13, wherein the digital signature is generated based at least in part upon dynamic information.
  - 15. The data processing system of claim 14, wherein the digital signature is generated at least in part based further upon information including a corresponding hostname and process ID.
  - 16. The data processing system of claim 9, further comprising code means for generating a random number as the digital signature.

17. A method of programming a non-volatile storage element in a data processing system, comprising:
- encrypting a digital signature using a first encryption key;
  
  passing the encrypted signature to a kernel code routine;
  
  responsive to successfully decrypting the encrypted signature using a second encryption key, transitioning the data processing system from a protected-mode to a real-mode with the kernel code routine; and
  
  flash programming the non-volatile storage element in real mode.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein encrypting the digital signature comprises encrypting the digital signature with non-privileged code.
  - 19. The method of claim 18, wherein passing the encrypted signature to the kernel routine comprises executing a system call from the non-privileged code and passing the signature as a parameter of the system call.
  - 20. The method of claim 17, wherein the first encryption key is a private key and the second encryption key is a public key, wherein the public key and private key are generated from a common algorithm.
  - 21. The method of claim 17, further comprising generating the digital signature, wherein the digital signature includes information that is indicative of the data processing system.
  - 22. The method of claim 21, wherein the digital signature is generated based at least in part upon dynamic information.
  - 23. The method of claim 22, wherein the digital signature is generated at least in part based further upon information including a corresponding hostname and process ID.
  - 24. The method of claim 17, further comprising code means for generating a random number as the digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Almeida, Jason Robert

Application Number

US10/044,432
Publication Number

US 20030135744A1
Time in Patent Office

Days
Field of Search
US Class Current

713/191
CPC Class Codes

G06F 21/572 Secure firmware programming...

G06F 2221/2105 Dual mode as a secondary as...

Method and system for programming a non-volatile device in a data processing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for programming a non-volatile device in a data processing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links