Securing sensitive configuration data remotely

Assignee

• Lenovo (Singapore) Pte. Ltd. · SG

Inventors

• David Carroll Challener · Raleigh, US
• Steven Dale Goodman · Raleigh, US
• David R. Safford · Brewster, US
• Randall Scott Springfield · Chapel Hill, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/62
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.