| CPC G06F 21/572 (2013.01) [G06F 21/44 (2013.01); G06F 21/85 (2013.01); H04L 9/006 (2013.01); H04L 9/0825 (2013.01); H04L 9/0869 (2013.01); H04L 9/3268 (2013.01); H04L 9/3271 (2013.01)] | 7 Claims |
|
1. A system for sending a command to a device, comprising:
at least one server;
the at least one server having a server processor and server memory connected to the server processor;
at least one device configured to be in communication with the at least on server, and
the at least one device having a device processor; and
device memory connected to the device processor;
the server memory comprising server instructions that when executed by the server processor cause the at least one server to send a signed server key to any one or more of the at least one device;
upon reboot of the at least one device a first time, the at least one device executes device instructions stored in the device memory which cause the device to verify the signed server key in a DXE (driver execution environment) of firmware in the at least one device's firmware and send a nonce to the at least one server, the nonce being encrypted using the signed server key;
upon receipt of the nonce, the at least one server sends a message to the at least one device that includes a first portion with a secure command and a second portion that is based on a hash of the nonce;
the at least one device configured to reboot a second time after receipt of the message and verify the message in the DXE of the at least one device's, firmware; and
execute the secure command on the at least one device.
|