Method for the secure remote flashing of a BIOS memory
First Claim
1. A computer system, comprising:
- a writable nonvolatile memory;
at least one microprocessor operatively connected to execute at least one instruction sequence from said nonvolatile memory at reboot, and to control writing thereto;
validation data in said nonvolatile memory which can authenticate digital signatures from first and second originators;
wherein said microprocessor enables writing into said nonvolatile memory only after successful authentication, using said validation data, of first and second digital signature codes which are attached to the data to be written, by a digital signature verification process;
wherein said first digital signature code corresponds to a vendor signature;
wherein said second digital signature code corresponds to an administrator signature;
whereby the administrator can update a system program from any computer in the system by providing said second digital signature code.
4 Assignments
0 Petitions
Accused Products
Abstract
An improved system and method for FLASH BIOS upgrades which is particularly useful in network hubs. Each hub or node which is equipped with a FLASH memory is also equipped with a validation system, which ensures that a received FLASH upgrade is authorized and uncorrupted. Each set of instructions to be flashed is marked both with a vendor authorization digital signature and also a system administrator authorization digital signature, and BOTH digital signatures must be recognized by the validation system before the FLASH memory will be upgraded. Because digital signatures are used for security purposes, flash upgrades can be performed from any location on the network, and are not limited to an administrative node.
-
Citations
17 Claims
-
1. A computer system, comprising:
-
a writable nonvolatile memory; at least one microprocessor operatively connected to execute at least one instruction sequence from said nonvolatile memory at reboot, and to control writing thereto; validation data in said nonvolatile memory which can authenticate digital signatures from first and second originators; wherein said microprocessor enables writing into said nonvolatile memory only after successful authentication, using said validation data, of first and second digital signature codes which are attached to the data to be written, by a digital signature verification process; wherein said first digital signature code corresponds to a vendor signature; wherein said second digital signature code corresponds to an administrator signature; whereby the administrator can update a system program from any computer in the system by providing said second digital signature code. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer network system, comprising:
-
a network hub; a plurality of computer systems, each system connected to said network hub and having a user input device, a microprocessor operatively connected to detect inputs from said input device, a memory which is connected to be read/write accessible by said microprocessor, a programmable non-volatile memory, said programmable non-volatile memory containing first and second validation keys as well as boot routines, a power supply connected to provide power to said microprocessor, said memory, and said display; wherein said programmable non-volatile memory of any of said computer systems can be remotely programmed, but only when two digital signatures on the data to be programmed are both validated by a digital signature verification process which uses said first and said second validation keys; wherein said first digital signature corresponds to a vendor signature wherein said second digital signature corresponds to a system administrator signature; whereby the administrator can update a system program from any computer in the system by providing said second digital signature. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer network system, comprising:
-
a network hub having a programmable non-volatile memory; a plurality of computer systems, each system connected to said network hub and having a user input device, a microprocessor operatively connected to detect inputs from said input device, a memory which is connected to be read/write accessible by said microprocessor, a video controller connected to said microprocessor, a display operatively connected to display data generated by said video controller at a first refresh rate, and a power supply connected to provide power to said microprocessor, said memory, and said display; wherein said programmable non-volatile memory of said network hub can only be programmed when codes corresponding to first and second digital signatures are received by said hub and verified against public keys stored by said hub; wherein said first digital signature corresponds to a vendor code; wherein said second digital signature corresponds to an authorization code; whereby the administrator can update a system program from any computer in the system by providing said second digital signature. - View Dependent Claims (14, 15, 16)
-
-
17. A method, comprising the steps of:
-
(a.) receiving, in a computer system, boot memory update data corresponding to a system program, together with a vendor digital signature and an administrator digital signature; (b.) verifying that said first digital signature authenticates said boot memory update data, and said second digital signature authenticates said boot memory update data in combination with said first digital signature, using public keys which are nonvolatilely stored in said system; and (c.) only if said verifying step is successful, then programming a programmable nonvolatile memory of said system with said boot memory update data; whereby the administrator can update a system program from any computer in the system by providing said administrator digital signature.
-
Specification