Browse Prior Art Database

Flexible Pre-boot security

IP.com Disclosure Number: IPCOM000014009D
Original Publication Date: 2000-May-01
Included in the Prior Art Database: 2003-Jun-19

Publishing Venue

IBM

Abstract

Disclosed in the following is a method to remotely modify the security attributes of a Personal Computer system to address certain unique, short lived situations: In today's business world, all computer manufacturers have established a scheme for protecting the system from access from an unauthorised person. Unfortunately, because a system designer cannot predict all of the various uses of computers in the industry, the current schemes are much too rigid for most customers. Because of this, many customers do not utilise the full potential of the security schemes. For example , we have customers who manage computers across the world. When the computer needs any type of maintenance, the administer must either go to the site to do the maintenance or they must give out passwords to people at the remote sites. Since the later is more economical, the passwords are exposed and the security of the system is reduced. For this reason, many customers do not use the current password schemes. The solution we recommend is that the current security needs to evolve to more accurately reflect the usage of current models for network connected PC's. The first part of this disclosure is that security needs to evolve so that an administrator can establish their own guidelines. For instance, in today's environment, the opening of the case generates an error which requires password entry. A more powerful security implementation would allow the user to specify whether this activity generates an error. For instance, if the case has been opened and then closed, and if no hardware is missing or if new hardware memory/hardfile) was added, a password would not be required. This implementation could evolve such that an administrator could change the security policy in a secure manner) for a single boot or boots so that the machine could be maintained without compromising the security of the machine. This is the second part of this disclosure.