Browse Prior Art Database

Authorized Configuration Management and Change Notification

IP.com Disclosure Number: IPCOM000015057D
Original Publication Date: 2001-Aug-11
Included in the Prior Art Database: 2003-Jun-20

Publishing Venue

IBM

Abstract

Today's PCs present a problem to an IT organization in maintaining a consistent hardware configuration. Users can open boxes and move device adapters around in the PCI Bus, or change the configuration of attached USB devices by removing or adding devices as they are external to the system unit, or remove PC Cards from PC Card sockets without authorization. This invention describes a secure method for tracking any changes to the authorized configuration. In addition, the system administrator who authorizes the official configuration can select a method to be notified of a change. *Main Idea 1. Describe your invention, stating the problem solved (if appropriate), and indicating the advantages of using the invention. Today's PCs present a problem to an IT organization in maintaining a consistent hardware configuration. Users can open boxes and move device adapters around in the PCI Bus, or change the configuration of attached USB devices by removing or adding devices as they are external to the system unit, or remove PC Cards from PC Card sockets without authorization. This invention discloses a secure method for tracking any changes to the authorized configuration. In addition, the system administrator who authorizes the official configuration can select a method to be notified of a change. A new setup option is provided for the system administrator to create a digital signature which contains the "approved" configuration for the system. The approved configuration record consists of the all allowed IDs in the system appended to the setup password. The result is hashed and then signed using a public/private key digital signature algorithm. The signature is stored in non-volatile memory on the system board and write protected just prior to operating system boot time. Read access is allowed in order to provide inventory and asset management during normal operation.