Method and apparatus for remote ROM flashing and security management for a computer system

US 6,223,284 B1
Filed: 04/30/1998
Issued: 04/24/2001
Est. Priority Date: 04/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A remote method of flashing a non-volatile memory of a target computer system comprising the steps of:

packaging component object model-based remote flash control code for calling a remote flash driver to execute a remote flash of the non-volatile memory, a file containing an image to be flashed onto the non-volatile memory, and a remote flash control container for containing the component object model-based remote flash control code and the image file into a remote flash software package;

packaging an administrator password in the remote flash software package; and

delivering the remote flash software package to the target computer system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A remote flash ROM and security package is formed and delivered to a system ROM of a target computer system for remote flashing of the ROM and remote configuration of security settings for the computer system. The remote flash ROM and security package includes flash ROM and security control code for calling a remote flash and security driver to execute a remote flash or to remotely configure a security setting, a file containing a “signed” ROM image to be flashed to the ROM, a security settings file which preferably is encrypted, and a remote flash and security control container for containing the flash ROM and security code, the ROM image, and the security settings file. The remote flash and security driver may be included in the remote flash ROM and security package or may be resident to the target computer system. In the preferred embodiment, the computer system includes a secure memory device containing an administrator password for locking and unlocking the ROM. The remote flash ROM and security package preferably includes an administrator password matching the administrator password stored in the secure memory device to place the computer system in an administrator mode. A system ROM thereby may be flashed or a security setting changed remotely without the need for a user to enter an administrator password. Further, flashing the ROM or changing a security setting occurs as an “inband” process. Flashing a ROM or changing a security setting by remotely providing an administrator password to a secure memory device eliminates the need to reboot a computer system after downloading the ROM and security package.

Citations

63 Claims

1. A remote method of flashing a non-volatile memory of a target computer system comprising the steps of:
- packaging component object model-based remote flash control code for calling a remote flash driver to execute a remote flash of the non-volatile memory, a file containing an image to be flashed onto the non-volatile memory, and a remote flash control container for containing the component object model-based remote flash control code and the image file into a remote flash software package;
  
  packaging an administrator password in the remote flash software package; and
  
  delivering the remote flash software package to the target computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, further comprising the step of:
3. The method of claim 1, the non-volatile memory having a flash enabled state for allowing a flash of the non-volatile memory and a flash disabled state for preventing a flash of the non-volatile memory and being in the flash disabled state, further comprising the steps of:
- comparing the administrator password in the remote flash package to an administrator password stored in the target computer system; and
  
  placing the non-volatile memory in a flash enabled state if the administrator password of the remote flash software package matches the administrator password in the target computer system.
4. The method of claim 1, the target computer system including a secure memory device storing an administrator password and controlling the locking and unlocking of the non-volatile memory, the non-volatile memory being in a locked state, comprising the step of:
- unlocking the non-volatile memory by the secure memory device if the administrator password of the remote flash software package matches the administrator password stored in the secure memory device.
5. The method of claim 1, comprising the step of:
- packaging an encrypted checksum of the image in the remote flash software package to be delivered to the target computer system.
6. The method of claim 1, further comprising the step of:
- packaging software distribution application scripts in the remote flash software package to be delivered to the target computer system.
7. The method of claim 1, further comprising the step of:
- remotely powering the target computer system before said step of delivering the remote flash software package.
8. The method of claim 1, further comprising the step of:
- packaging a uniform resource locator pointing to the location of the file containing the image in the remote flash software package.
9. The method of claim 1, wherein the non-volatile memory is a flash read-only-memory.
10. The method of claim 1, wherein the remote flash control code is an OCX file.
11. The method of claim 1, wherein the component object model-based remote flash control code is an ActiveX control.
12. The method of claim 1, wherein the file containing the image to be flashed is an OCX file.
13. The method of claim 1, wherein the remote flash control container is an ActiveX control container.
14. The method of claim 1, comprising the step of:
- signing the image to be packaged into the remote flash software package.
15. The method of claim 14, wherein the step of signing the image comprises the step of calling a cryptographic function.
16. The method of claim 14, further comprising the step of:
- verifying the signature of the image delivered to the target computer system.
17. The method of claim 1, further comprising the steps of:
- calling the remote flash driver by the component object model-based remote flash control code; and
  
  executing a remote flash of the non-volatile memory by the remote flash driver.
18. The method of claim 17, the target computer system having the remote flash driver, further comprising the step of:
- dynamically loading the remote flash driver to be called by the component object model-based remote flash control code.
19. The method of claim 17, further comprising the step of:
- remotely unpowering the target computer system after the step of executing a flash of the non-volatile memory.
20. The method of claim 17, the remote flash software package including an encrypted checksum, further comprising the steps of:
- decrypting the encrypted checksum after the step of delivering the remote flash software package;
  
  verifying the checksum; and
  
  executing a flash of the non-volatile memory if the checksum is valid.
21. The method of claim 17, the target computer system having a software distribution application agent, the remote flash software package including software distribution application scripts, further comprising the step of:
- invoking the step of executing a flash of the non-volatile memory as a system process.
22. The method of claim 17, wherein the flash of the non-volatile memory is an inband process.
23. The method of claim 17, the remote flash software package including a uniform resource locator pointing to the location of the file containing the image, further comprising the step of:
- locating the file containing the image using the uniform resource locator.
24. The method of claim 17, further comprising the step of:
- disabling a power button of the target computer system before the step of executing a flash of the non-volatile memory.
25. The method of claim 24, further comprising the step of:
- enabling a power button of the target computer system after the step of executing a flash of the non-volatile memory.

26. A remote method of configuring security settings of a target computer system, comprising the steps of:
- packaging component object model-based remote security control code for calling a remote security driver to execute a remote configuration of a security setting, a security settings file, and a remote security control container for containing the component object model-based remote security control code and the security settings file into a remote security software package;
  
  packaging an administrator password in the remote security software package; and
  
  delivering the remote security software package to the target computer system.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 27. The method of claim 26, further comprising the step of:
28. The method of claim 26, the computer system including a non-volatile memory storing security settings, the non-volatile memory having a unlocked state for allowing access to the non-volatile memory and locked state for preventing access to the non-volatile memory, the non-volatile memory being in the locked state, further comprising the steps of:
- comparing the administrator password in the remote security software package to an administrator password stored in the non-volatile memory; and
  
  placing the non-volatile memory in an unlocked state if the administrator password of the remote security software package matches the administrator password in the non-volatile memory.
29. The method of claim 26, the target computer system including a secure memory device storing an administrator password and controlling the locking and unlocking of a non-volatile memory, the non-volatile memory storing security settings and being in a locked state, further comprising the step of:
- unlocking the non-volatile memory by the secure memory device if the administrator password of the remote security software package matches the administrator password stored in the secure memory device.
30. The method of claim 26, further comprising the step:
- encrypting th security settings of the remote security software package to be delivered to the target computer system.
31. The method of claim 26, further comprising the step of:
- remotely powering the target computer system before said step of delivering the remote security software package.
32. The method of claim 26, further comprising the step of:
- packaging software distribution application scripts in the remote security software package to be delivered to the target computer system.
33. The method of claim 26, wherein the configuration of a security setting is an inband process.
34. The method of claim 26, wherein the remote security code is an OCX file.
35. The method of claim 26, wherein the component object model-based remote security code is an ActiveX control.
36. The method of claim 26, wherein the remote security control container is an ActiveX control container.
37. The method of claim 26, further comprising the steps of:
- calling the remote security driver by the component object model-based remote security control code; and
  
  executing a remote configuration of a security setting by the remote security driver.
38. The method of claim 37, the target computer system having a remote security driver, further comprising the step of:
- dynamically loading the remote security driver to be called by the component object model-based remote security control code.
39. The method of claim 37, the remote security software package including encrypted security settings, further comprising the step of:
- decrypting the encrypted security settings after the step of delivering the remote security software package.
40. The method of claim 37, comprising the step of:
- disabling a power button of the target computer system before the step of executing a remote configuration of a security setting.
41. The method of claim 37, the target computer system having a software distribution application agent, tile remote security package including software distribution application scripts, further comprising the step of:
- invoking the step of executing a remote configuration of a security setting as a system process.
42. The method of claim 37, wherein the step of executing a remote configuration Cf a security setting comprises the step of activating a new configuration for the security setting.
43. The method of claim 37, the target computer system including a peripheral device having a locked state for preventing access to the peripheral device and an unlocked state for allowing access to the peripheral device, wherein the step of executing a remote configuration of a security setting comprises the step of dynamically switching the state of the peripheral device.
44. The method of claim 37, further comprising the step of:
- remotely unpowering the target computer system after the step of executing a remote configuration of a security setting.
45. The method of claim 44, further comprising the step of:
- enabling a power button of the target computer system after the step of executing a remote configuration of a security setting.

46. A computer system configured for remote non-volatile memory flashing and security management, comprising:
- a system bus;
  
  a processor coupled to the system bus;
  
  a non-volatile memory coupled to the system bus, storing;
  
  a remote flash and security package comprising;
  
  a security settings file;
  
  component object model-based remote flash and security control code for controlling remote flashing of the ROM and remote configuring of the security settings;
  
  a non-volatile memory image file;
  
  a file containing an administrator password, and a remote flash and security control container for containing the component object model-based remote flash and security control code, the security settings file, the non-volatile memory image file, and the file containing the administrator password.
- View Dependent Claims (47, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58)
- - 47. The computer system of claim 46, the remote flash and security package further comprising:
48. The computer system of claim 46, the non-volatile memory further storing:
- a dynamically loadable remote flash and security driver for selectively executing a remote flash of the ROM and selectively executing a remote configuration of a security setting.
49. The computer system of claim 46, the remote flash and security package further comprising:
- software distribution scripts for invoking execution of a remote flash of the non-volatile memory or execution of a remote configuration of a security setting as a system process.
50. The computer system of claim 46, the non-volatile memory image file comprising:
- a checksum of the non-volatile memory image.
52. The computer system of claim 46, the non-volatile memory image file having a digital signature, the remote flash and security package further comprising:
- a utility to verify the digital signature of the non-volatile memory image file.
53. The computer system of claim 46, wherein the non-volatile memory is a flash read-only-memory.
54. The computer system of claim 46, wherein the remote flash and security control is an OCX file.
55. The computer system of claim 46, wherein the component object model-based remote flash and security control code is an ActiveX control.
56. The computer system of claim 46, wherein the remote flash and security control container is an ActiveX control container.
57. The computer system of claim 46, wherein said non-volatile memory ROM image includes a digital signature.
58. The computer system of claim 46, wherein the security settings of the remote flash and security package are encrypted.

51. The computer system of 46, the remote flash and security package further comprising:
- a file containing a pointer to the location of the non-volatile memory image file.

59. A computer system configured for non-volatile memory remote security management, comprising:
- a system bus;
  
  a processor coupled to the system bus; and
  
  a processor readable storage medium storing a remote security control package, the remote security control package comprising;
  
  security settings;
  
  component object model-based remote security control code for controlling a remote configuration of a security setting; and
  
  a remote security control container for containing the component object model-based remote security control code and the security settings, the processor readable medium coupled to the system bus for directing the processor to perform the step of;
  
  processing the remote security control package to execute a remote configuration of a security setting stored in the processor readable storage medium.
- View Dependent Claims (60, 61, 62, 63)
- - 60. The computer system of claim 59, the remote security control package further comprising:
61. The computer system of claim 59, wherein the processor readable storage medium further comprises:
- a dynamically loadable remote security driver for selectively executing a remote configuration of a security setting.
62. The computer system of claim 59, the remote flash and security control package further comprising:
- a file containing a uniform resource locator pointing to the non-volatile memory image.
63. The computer system of claim 59, the non-volatile memory image having a digital signature, the remote security control package further comprising:
- a utility to verify the digital signature of the non-volatile memory image.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Sharum, Wayne P., Hokanson, Paul B., Crisan, Adrian, Novoa, Manuel, McCann, Paul H.
Primary Examiner(s)
Elmore, Reba I.

Application Number

US09/070,942
Time in Patent Office

1,090 Days
Field of Search

713/202, 713/200, 711/103, 709/217, 709/218, 709/220, 709/221, 365/185.33
US Class Current

713/100
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/79   in semiconductor storage me...

G06F 2211/1097   Boot, Start, Initialise, Power

Method and apparatus for remote ROM flashing and security management for a computer system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for remote ROM flashing and security management for a computer system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links