Method and apparatus for secure remote programming of firmware and configurations of a computer over a network

US 5,826,015 A
Filed: 02/20/1997
Issued: 10/20/1998
Est. Priority Date: 02/20/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for securely writing data over a network to a device in a system, comprising the steps of:

generating a signal to wake up the system;

determining whether the signal was generated in response to the system having received a wake-up packet from over the network; and

configuring the system to allow data to be written to the device if the signal was generated in response to the wake-up packet, otherwise prohibiting data from being written to the device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and related apparatus enables one station on a local area network (LAN) 24 to remotely and securely modify sensitive information of another station on the LAN 24. A workstation 12, acting as a remote management console, generates a wake-up packet 32 or 42 intended for a desktop computer 14 on the LAN 24. A network interface 64 receives and processes the wake-up packet, and issues a signal to wake up the desktop computer. In response to the signal, the desktop computer 14 bootstraps. Data indicating that the network interface 64 has issued the signal is stored in register 104. In the course of bootstrapping, the processor 78 examines the register 104 to determine that the network interface 64 has initiated the wake-up of the desktop computer 14. Once this determination is made, the write protection circuitry 76 places the BIOS ROM 74 in an unprotected state wherein the contents BIOS ROM 74 can be modified by the workstation 12.

Citations

12 Claims

1. A method for securely writing data over a network to a device in a system, comprising the steps of:
- generating a signal to wake up the system;
  
  determining whether the signal was generated in response to the system having received a wake-up packet from over the network; and
  
  configuring the system to allow data to be written to the device if the signal was generated in response to the wake-up packet, otherwise prohibiting data from being written to the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1 wherein the wake-up packet is a secure wake-up packet.
  - 3. The method according to claim 1, wherein the system includes a plurality of components that could have generated the signal to wake up the system, a particular one of the components having generated the signal, and further comprising the step of:
    - storing data that identify the particular component that generated the signal.
  - 4. The method according to claim 3, further comprising the steps of:
    - bootstrapping the system in response to the signal; and
      
      reading the stored data during the bootstrapping.
  - 5. The method of claim 3, wherein the step of configuring allows data to be written to the device when the stored data identify a network interface as the particular component that generated the signal.
  - 6. The method of claim 3, wherein the step of configuring prohibits data from being written to the device when the stored data identify a power switch on the system as the particular component that generated the signal.
  - 7. The method of claim 3, further comprising the step of:
    - providing a register for storing the data that identify the particular component, the register having bits, each bit corresponding to one of the components in the system that could have generated the wake up signal.
  - 8. The method of claim 7, further comprising the step of:
    - setting the bit corresponding to the particular component to a first value when the particular component generates the signal, otherwise setting that bit to a second value.

9. An computer system for securely writing data to a device in a system over a network, comprising:
- a plurality of components capable of issuing a wake-up signal that wakes up the computer system, the components including a network interface coupled to the network for issuing the wake-up signal in response to receiving a valid wake-up packet from over the network, one of the components issuing the wake-up signal;
  
  data storage coupled to the network interface for storing data indicating whether the network interface has issued the wake-up signal;
  
  a processor coupled to the data storage for determining from the stored data whether the network interface issued the wake-up signal; and
  
  circuitry, coupled to the processor and the device, allowing data to be written to the device if the processor determines from the stored data that the network interface issued the signal, otherwise prohibiting data to be written to the device.
- View Dependent Claims (10, 11, 12)
- - 10. The computer system of claim 9, further comprising:
    - a register for storing the data that indicate whether the network interface has issued the wake-up signal.
  - 11. The computer system of claim 10, wherein the register has a plurality of bits, each bit corresponding to one of the components in the system that can issue the wake-up signal.
  - 12. The computer system of claim 10, wherein one of the components is a power switch that issues the wake-up signal when a user locally turns the power switch on, and wherein the circuitry prohibits data from being written to the device when the power switch issues the wake-up signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Schmidt, Thomas J.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
ELISCA, PIERRE E

Application Number

US08/804,096
Time in Patent Office

607 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/218, 395/200.59, 380/4, 380/49
US Class Current

726/23
CPC Class Codes

G06F 11/2294   by remote test

G06F 21/572   Secure firmware programming...

G06F 2211/005   Network, LAN, Remote Access...

G06F 2211/1097   Boot, Start, Initialise, Power

H04L 63/0435   wherein the sending and rec...

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

H04L 9/40   Network security protocols

Method and apparatus for secure remote programming of firmware and configurations of a computer over a network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure remote programming of firmware and configurations of a computer over a network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links