Electrical computers and digital processing systems: support – Digital data processing system initialization or configuration
Reexamination Certificate
1999-11-19
2003-09-16
Lee, Thomas (Department: 2185)
Electrical computers and digital processing systems: support
Digital data processing system initialization or configuration
C713S001000, C713S100000, C711S104000, C711S135000, C711S118000
Reexamination Certificate
active
06622243
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to computer systems. More specifically, the invention relates to systems for storing configuration information in a tamper resistant manner.
BACKGROUND OF THE INVENTION
Each of Intel's Pentium® III processors stores a value, which is intended to be statistically unique for a given processor, that is analogous to its “fingerprint.” That statistically unique value can be said to constitute a processor serial number (“PSN”) for a given processor. Invoking the CPUID instruction enables access to the PSN by loading the PSN into a general purpose register that is visible to a programmer, who may use that value for any desired purpose.
Because of this processor identifier, a remote server may identify a particular Pentium® III processor containing system by simply accessing that value. Such a feature may enable such a server to grant access to certain confidential information to authorized systems only. For example, a server that stores bank, brokerage, medical, or other confidential records, may permit access only to a remote system that has a particular PSN. When such a remote system requests access to a restricted account or record, the server can retrieve that system's PSN, then check it against a set of previously stored PSNs, which identify systems for which access is authorized. If the remote system's PSN does not match any of the stored PSNs, then access is denied.
Although the presence of a remotely accessible PSN on a given system may enable such a useful authentication function, the system user may not want to allow indiscriminate access to that number. Such access could, in theory, permit tracking of the user's web surfing activity, which the user may not desire. One proposal for enabling a user to choose whether to permit or prohibit access to a system's PSN is to provide a setup option that allows the user to activate or disable PSN access. The user's selection is recorded as an “on” or “off” state for a bit stored in CMOS memory.
For some users, however, such a mechanism for providing user control over access to the PSN may not be deemed adequate. A malicious intruder having access to the system could locate the bit in CMOS that controls the PSN disable function and program a change from the “off” state to the “on” state. Such a change will reactivate remote access to the PSN without the user's knowledge the next time the system is restarted.
Accordingly, there is a need for a method for securing CMOS configuration information. There is a need for such a method that makes it more difficult for an intruder to remotely alter CMOS settings, e.g., one disabling remote access to the PSN of a Pentium® III processor containing system.
SUMMARY OF THE INVENTION
A system and method for securing configuration information for a computer is disclosed. The method comprises saving configuration information in CMOS memory, and automatically programming that configuration information into a non-volatile memory at the same time it is saved into the CMOS memory. The configuration information is automatically programmed into the non-volatile memory in a user transparent manner without user action. The method of the present invention may further comprise storing configuration information in a non-volatile memory, and automatically writing the configuration information from the non-volatile memory to a CMOS memory every time the computer system is powered on or reset, in a user transparent manner without user action.
The system includes a processor, a CMOS memory, and a non-volatile memory. That memory, preferably a flash memory, contains computer-executable instructions for causing configuration information, when saved to the CMOS memory, to be automatically programmed into the non-volatile memory and/or for causing configuration information to be automatically retrieved from the non-volatile memory and written into the CMOS memory every time the computer system is powered on or reset.
REFERENCES:
patent: 4845632 (1989-07-01), Kroll et al.
patent: 4916605 (1990-04-01), Beardsley et al.
patent: 5519843 (1996-05-01), Moran et al.
patent: 5542077 (1996-07-01), Johnson et al.
patent: 5579522 (1996-11-01), Christeson et al.
patent: 5781793 (1998-07-01), Larvoire et al.
patent: 5822581 (1998-10-01), Chirsteson
patent: 5938764 (1999-08-01), Klein
patent: 5956749 (1999-09-01), Kakihara
patent: 5961611 (1999-10-01), Oh
patent: 6263398 (2001-07-01), Taylor et al.
patent: 6289459 (2001-09-01), Fischer et al.
patent: 6356965 (2002-03-01), Broyles et al.
patent: 407191910 (1995-07-01), None
patent: 408328963 (1999-12-01), None
Lee Thomas
Patel Nitin C.
Seeley Mark V.
LandOfFree
Method for securing CMOS configuration information in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for securing CMOS configuration information in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for securing CMOS configuration information in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3025493