Method of providing enhanced security in a remotely managed computer system

Assignee

• International Business Machines Corporation · US

Inventors

• Daryl Cromer · Cary, US
• Joseph Wayne Freeman · Raleigh, US
• Steven Dale Goodman · Raleigh, US
• Randall Scott Springfield · Chapel Hill, US
• James Peter Ward · Apex, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/57
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Authentication of an entity remotely managing a data processing system is enabled to allow changes by the remote entity to hard-locked critical security information normally accessible only during the POST and only to trusted entities such as the system BIOS. The remote entity builds a change request and generates a hash from the change request with a current password appended. The change request and the hash are stored in a lockable non-volatile buffer which, once locked, requires a system reset to access. During the next POST, a trusted entity such as the system BIOS reads the change request, generates an authentication hash from the change request and the current password within the hard-locked security information, and compares the buffered hash with the generated hash. If a match is determined, the security information is updated; otherwise a tamper error is reported.