Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-06-14
2003-11-11
Barron, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S152000, C713S001000
Reexamination Certificate
active
06647494
ABSTRACT:
BACKGROUND
(1) Field
This invention relates to the field of security of computer systems or platforms, especially in the areas where sensitive data or parameters on a platform is remotely configured via request messages.
(2) General Background
Data stored on computer systems or platforms in a network can be remotely updated or configured. In certain cases, the data is extremely sensitive. A good example of configurable sensitive data is the Basic Input and Output System (BIOS) of a computer system. Typically stored in some form of non-volatile memory, the BIOS is machine code, usually part of an Operating System (OS), which allows the Central Processing Unit (CPU) to perform tasks such as initialization, diagnostics, loading the operating system kernel from mass storage, and routine input/output (“I/O”) functions. Upon power up, the CPU will “boot up” by fetching the instruction code residing in the BIOS. Without any security protection the BIOS is vulnerable to attacks through capturing and replaying request messages to remotely update configurable parameters stored in the BIOS. These attacks may corrupt the BIOS and disable the computer system.
Accordingly, there is a need to provide a system and method to verify the integrity of remote request messages for configurations operations and to enforce proper authorization limits of those remote request messages.
SUMMARY
A system and method for checking authorization of remote configuration operations is described. The method comprises generating a request credential manifest to request an update of configurable parameters on a client platform. Furthermore, the method comprises signing the request credential manifest with a manifest digital signature, which was generated using a private key in a cryptographic key pair. In addition, the method comprises verifying the manifest digital signature using a public key to ascertain that the request credential manifest was generated by an authorized console platform.
REFERENCES:
patent: 5022077 (1991-06-01), Bealkowski et al.
patent: 5444850 (1995-08-01), Chang
patent: 5473692 (1995-12-01), Davis
patent: 5539828 (1996-07-01), Davis
patent: 5568552 (1996-10-01), Davis
patent: 5633932 (1997-05-01), Davis et al.
patent: 5751809 (1998-05-01), Davis et al.
patent: 5796840 (1998-08-01), Davis
patent: 5799141 (1998-08-01), Galipeau et al.
patent: 5805706 (1998-09-01), Davis
patent: 5805712 (1998-09-01), Davis
patent: 5818939 (1998-10-01), Davis
patent: 5825879 (1998-10-01), Davis
patent: 5828753 (1998-10-01), Davis
patent: 5835594 (1998-11-01), Albrecht et al.
patent: 5844986 (1998-12-01), Davis
patent: 5907619 (1999-05-01), Davis
patent: 5974416 (1999-10-01), Anand et al.
patent: 6070246 (2000-05-01), Beser
patent: 6185612 (2001-02-01), Jensen et al.
patent: 6427227 (2002-07-01), Chamberlain
patent: 2002/0019941 (2002-02-01), Chan et al.
LandOfFree
System and method for checking authorization of remote... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for checking authorization of remote..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for checking authorization of remote... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3160057