Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-30
2002-05-14
Barron, Jr., Gilberto (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C714S758000, C713S002000
Reexamination Certificate
active
06389539
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to a method and system for data processing or information handling systems in general and, in particular, to a method and system for providing security accesses in a computer system. Still more particularly, the present invention relates to a method and system for denying remotely made security access requests in the event of CMOS memory corruption in a computer system within a network environment.
2. Description of the Prior Art
A computer usually contains valuable, confidential or otherwise restricted information in its memory and/or external storage devices, so it is accordingly desirable to control access to this information to prevent unauthorized use. Such controlled access to computer data may be realized either by providing physical (hardware) means for preventing the use of the computer itself or I/O devices on a computer system, or by providing software means for restricting access, such as a routine that confirms a user's knowledge of a password before granting that user access to information contained in the computer system.
A password function is commonly included in the power-on or boot-up routines executed by the CPU when the power switch is turned on. This is to prevent an unauthorized user from being able to defeat the password by rebooting, as well as to prevent access to unattended systems. To this end, a password is stored in a location which is non-volatile, i.e., survives when power is off, and is also not accessible to an unauthorized user when power is on so the password cannot be copied then used later. Preferably, the code for this power on password function is stored in ROM, rather than on the hard disk, so unauthorized access cannot be achieved by forcing a boot from a floppy disk, or by reading the code from the hard disk while the system is operating.
For the above-stated reasons, the power-on password functions have been implemented, as on the IBM server business computers, using non-volatile RAM to store the password, and boot-up ROM space to store the code to perform the password routine. A particular device commonly used for this non-volatile RAM is a CMOS RAM with a built-in lithium battery, constructed as part of a clock/calendar chip. This device uses a crystal oscillator and counter circuitry to maintain real time so the operating system of the computer can read registers in the CMOS RAM upon boot-up to enter the time and date. The CMOS RAM part of the chip has extra registers, not needed for the clock/calendar function, used for holding system configuration data which is also accessed at boot-up so the operating system can define the particular system as it exists. In these additional registers, prior systems have also stored the password data for a power-on password function. When the computer is turned on, machine-language code in the startup ROM part of memory is executed, requiring the user to input the password, and the user's input is compared to the password stored in the CMOS RAM. If the passwords match, the remaining startup code is executed, and the system becomes operational. If the passwords do not match, however, startup execution is halted and the system is left inoperable, thus preventing unauthorized use of the system.
However, a problem, that may arise, is that of CMOS RAM corruption. If power has been removed from the CMOS RAM chip at any time since the previous boot, there is a strong possibility that some or all of its contents may have been lost. To exacerbate this problem, many contingencies exist which may result in the loss of power, such as the removal or replacement of the backup battery, or the replacement of various components requiring temporary removal of cables or power-supplying units. Consequently, it would be desirable to provide an improved method and system for detecting and handling the CMOS-stored system password in such cases where the CMOS may have been corrupted within a network environment.
SUMMARY OF THE INVENTION
In view of the foregoing, it is therefore an object of the present invention to provide an improved method and system for providing data security in a computer system or information handling system.
It is another object of the present invention to provide an improved method and system for detecting and handling CMOS-stored system passwords in cases where the CMOS has been corrupted within a network environment.
It is yet another object of the present invention to provide an improved method and system for handling remote log-ins when CMOS-stored system passwords have been corrupted within a network environment.
In accordance with a preferred embodiment of the present invention, when a request for system access into a network environment is first received, a service processor checks a fixed non-null pattern and based on its results performs a Cyclic Redundancy Check (CRC) on the contents of CMOS memory to verify its authenticity. An IEEE-standard CRC algorithm is used to confirm that the data in the CMOS memory has not been corrupted. If the fixed non-null pattern and/or CRC algorithm confirms that no corruption exists, then the service processor prompts the user for a system password and performs the normal authentication checks between the entered password and a stored password. If the CRC algorithm detects that corruption exists, then the service processor determines where the request was received. In response to a determination that the request was received remotely, then access is denied as a security threat. If the service processor determines that the request was received locally, then access to the network environment is granted to the user.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.
REFERENCES:
patent: 5905661 (1999-05-01), Lovell
patent: 5918008 (1999-06-01), Togawa et al.
Hamilton, II Rick Allen
Mehta Chetan
Patel Maulin Ishwarbhai
Wild, Jr. Edward Woodrow
Barron Jr. Gilberto
Bracewell & Patterson L.L.P.
International Business Machines - Corporation
Leeuwen Leslie A. Van
Revak Christopher A.
LandOfFree
Method and system for enhancing security access to a data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for enhancing security access to a data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for enhancing security access to a data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2908943