Method for the secure remote flashing of a BIOS memory

US 6,009,524 A
Filed: 08/29/1997
Issued: 12/28/1999
Est. Priority Date: 08/29/1997
Status: Expired due to Term

First Claim

Patent Images

1. A computer system, comprising:

a writable nonvolatile memory;

at least one microprocessor operatively connected to execute at least one instruction sequence from said nonvolatile memory at reboot, and to control writing thereto;

validation data in said nonvolatile memory which can authenticate digital signatures from first and second originators;

wherein said microprocessor enables writing into said nonvolatile memory only after successful authentication, using said validation data, of first and second digital signature codes which are attached to the data to be written, by a digital signature verification process;

wherein said first digital signature code corresponds to a vendor signature;

wherein said second digital signature code corresponds to an administrator signature;

whereby the administrator can update a system program from any computer in the system by providing said second digital signature code.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and method for FLASH BIOS upgrades which is particularly useful in network hubs. Each hub or node which is equipped with a FLASH memory is also equipped with a validation system, which ensures that a received FLASH upgrade is authorized and uncorrupted. Each set of instructions to be flashed is marked both with a vendor authorization digital signature and also a system administrator authorization digital signature, and BOTH digital signatures must be recognized by the validation system before the FLASH memory will be upgraded. Because digital signatures are used for security purposes, flash upgrades can be performed from any location on the network, and are not limited to an administrative node.

Citations

17 Claims

1. A computer system, comprising:
- a writable nonvolatile memory;
  
  at least one microprocessor operatively connected to execute at least one instruction sequence from said nonvolatile memory at reboot, and to control writing thereto;
  
  validation data in said nonvolatile memory which can authenticate digital signatures from first and second originators;
  
  wherein said microprocessor enables writing into said nonvolatile memory only after successful authentication, using said validation data, of first and second digital signature codes which are attached to the data to be written, by a digital signature verification process;
  
  wherein said first digital signature code corresponds to a vendor signature;
  
  wherein said second digital signature code corresponds to an administrator signature;
  
  whereby the administrator can update a system program from any computer in the system by providing said second digital signature code.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein said first digital signature code is checked for validation of said data to be written, and said second digital signature code is checked for validation of said first digital signature in combination with said data to be written.
  - 3. The system of claim 1, wherein said digital signature codes are checked using a public-key/private-key digital signature relationship, and said nonvolatile memory contains public keys corresponding to said first and second originators.
  - 4. The system of claim 1, wherein said nonvolatile memory is a flash memory which comprises separately programmable first and second halves, and a toggle bit to select between said halves.
  - 5. The system of claim 1, wherein said system is a network hub, and an initialization program stored in said nonvolatile memory is executed whenever said system undergoes a system reset.
  - 6. The system of claim 1, wherein said system is a network route, and an initialization program stored in said nonvolatile memory is executed whenever said system undergoes a system reset.

7. A computer network system, comprising:
- a network hub;
  
  a plurality of computer systems, each system connected to said network hub and havinga user input device,a microprocessor operatively connected to detect inputs from said input device,a memory which is connected to be read/write accessible by said microprocessor,a programmable non-volatile memory, said programmable non-volatile memory containing first and second validation keys as well as boot routines,a power supply connected to provide power to said microprocessor, said memory, and said display;
  
  wherein said programmable non-volatile memory of any of said computer systems can be remotely programmed, but only when two digital signatures on the data to be programmed are both validated by a digital signature verification process which uses said first and said second validation keys;
  
  wherein said first digital signature corresponds to a vendor signaturewherein said second digital signature corresponds to a system administrator signature;
  
  whereby the administrator can update a system program from any computer in the system by providing said second digital signature.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein said programmable non-volatile memory is a flash memory.
  - 9. The system of claim 7, wherein said programmable non-volatile memory is a flash memory comprising separately programmable first and second halves.
  - 10. The system of claim 7, wherein said programmable non-volatile memory comprises separately programmable first and second halves.
  - 11. The system of claim 7, wherein an initialization program stored in said programmable non-volatile memory is executed whenever said network hub is powered on.
  - 12. The system of claim 7, wherein said programmable non-volatile memory of any of said computer systems can only be remotely programmed if said first digital signature validates said data to be written, and said second digital signature validates said first digital signature in combination with said data to be written.

13. A computer network system, comprising:
- a network hub having a programmable non-volatile memory;
  
  a plurality of computer systems, each system connected to said network hub and havinga user input device,a microprocessor operatively connected to detect inputs from said input device,a memory which is connected to be read/write accessible by said microprocessor,a video controller connected to said microprocessor,a display operatively connected to display data generated by said video controller at a first refresh rate, anda power supply connected to provide power to said microprocessor, said memory, and said display;
  
  wherein said programmable non-volatile memory of said network hub can only be programmed when codes corresponding to first and second digital signatures are received by said hub and verified against public keys stored by said hub;
  
  wherein said first digital signature corresponds to a vendor code;
  
  wherein said second digital signature corresponds to an authorization code;
  
  whereby the administrator can update a system program from any computer in the system by providing said second digital signature.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein said programmable non-volatile memory is a flash memory.
  - 15. The system of claim 13, wherein said programmable non-volatile memory comprises separately programmable first and second halves.
  - 16. The system of claim 13, wherein an initialization program stored in said programmable non-volatile memory is executed whenever said network hub is powered on.

17. A method, comprising the steps of:
- (a.) receiving, in a computer system, boot memory update data corresponding to a system program, together with a vendor digital signature and an administrator digital signature;
  
  (b.) verifying that said first digital signature authenticates said boot memory update data, and said second digital signature authenticates said boot memory update data in combination with said first digital signature, using public keys which are nonvolatilely stored in said system; and
  
  (c.) only if said verifying step is successful, then programming a programmable nonvolatile memory of said system with said boot memory update data;
  
  whereby the administrator can update a system program from any computer in the system by providing said administrator digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Angelo, Michael F., Olarig, Sompong P.
Primary Examiner(s)
Hua, Ly V.
Assistant Examiner(s)
HAMDAN, WASSEEM H

Application Number

US08/920,810
Time in Patent Office

851 Days
Field of Search

709/225, 713/201, 713/200, 380/4, 380/25
US Class Current

726/10
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/572   Secure firmware programming...

G06F 21/79   in semiconductor storage me...

G06F 2211/008   Public Key, Asymmetric Key,...

Method for the secure remote flashing of a BIOS memory

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method for the secure remote flashing of a BIOS memory

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links