Device health tickets
First Claim
Patent Images
1. A method for facilitating remote monitoring of a computing device, the method comprising:
- using a hardware processor of the computing device to execute a trusted process during a boot sequence of the computing device before a network stack is loaded by the computing device, the trusted process;
determining that a valid health ticket issued by a management server accessible over a computer network is not present on the computing device, the determining comprising;
retrieving a health ticket from a predetermined location in a non-volatile memory of the computing device; and
failing to validate a digital signature of the health ticket;
in response to determining that the valid health ticket is not on the computing device;
executing instructions to create a network stack;
requesting recovery instructions from a management server over a network;
receiving the recovery instructions; and
executing the recovery instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems that provide for secure and reliable remote management. Cryptographic health tickets provided by a management server are provided to a protected process executing on a computing device. In some examples, the health tickets reset an authenticated watchdog timer that resets the computing device if the timer expires. In some examples, the computing device may contact the management server prior to loading an operating system to receive instructions, but may omit contacting the management server if a valid health ticket is found.
-
Citations
21 Claims
-
1. A method for facilitating remote monitoring of a computing device, the method comprising:
-
using a hardware processor of the computing device to execute a trusted process during a boot sequence of the computing device before a network stack is loaded by the computing device, the trusted process; determining that a valid health ticket issued by a management server accessible over a computer network is not present on the computing device, the determining comprising; retrieving a health ticket from a predetermined location in a non-volatile memory of the computing device; and failing to validate a digital signature of the health ticket; in response to determining that the valid health ticket is not on the computing device; executing instructions to create a network stack; requesting recovery instructions from a management server over a network; receiving the recovery instructions; and executing the recovery instructions. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device comprising:
-
a hardware processor configured to execute a trusted process during a boot sequence of the computing device before a network stack is loaded by the computing device, the trusted process comprising instructions causing the computing device to perform operations comprising; determining that a valid health ticket issued by a management server accessible over a computer network is not present on the computing device, the determining comprising; retrieving a health ticket from a predetermined location in a non-volatile memory of the computing device; and failing to validate a digital signature of the health ticket; in response to determining that the valid health ticket is not on the computing device; executing instructions to create a network stack; requesting recovery instructions from a management server over a network; receiving the recovery instructions; and executing the recovery instructions. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A hardware machine-readable storage medium comprising instructions for a trusted process, the instructions, when executed by a hardware processor of a computing device causing the computing device to perform operations during a boot sequence of a computing device before a network stack is loaded, the operations comprising:
-
determining that a valid health ticket issued by a management server accessible over a computer network is not present on the computing device, the determining comprising; retrieving a health ticket from a predetermined location in a non-volatile memory of the computing device; and failing to validate a digital signature of the health ticket; in response to determining that the valid health ticket is not on the computing device; executing instructions to create a network stack; requesting recovery instructions from a management server over a network; receiving the recovery instructions; and executing the recovery instructions. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification