System console device authentication in a network environment

US 20020152377A1
Filed: 04/06/2001
Published: 10/17/2002
Est. Priority Date: 04/06/2001
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure access to console functions of a computer system comprising:

initiating a first EKE sequence to generate a device shared secret utilizing a default device identifier and associated shared secret on a system-attached device from which a console operation is desired enabled;

generating said device shared secret from said first EKE sequence, wherein said device shared secret is utilized in place of said default device shared secret in subsequent console authentication procedures; and

storing said device shared secret within a storage location of said system and on said system-attached device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing secure access to console functions of a computer system and authentication of a console device is disclosed. The method comprises first initiating a first EKE sequence to generate a unique shared secret per device utilizing a default device identifier and associated default shared secret on a system-attached device from which a console operation is desired to be enabled. Then, a shared secret is generated from the first EKE sequence, and the generated shared secret is utilized in place of the default device shared secret in subsequent console authentication procedures for that device. Following, the shared secret is securely stored within a storage location of the system and on the system-attached device. The device'"'"'s shared secret is subsequently replaced on each connection from that device.

59 Citations

View as Search Results

27 Claims

1. A method for providing secure access to console functions of a computer system comprising:
- initiating a first EKE sequence to generate a device shared secret utilizing a default device identifier and associated shared secret on a system-attached device from which a console operation is desired enabled;
  
  generating said device shared secret from said first EKE sequence, wherein said device shared secret is utilized in place of said default device shared secret in subsequent console authentication procedures; and
  
  storing said device shared secret within a storage location of said system and on said system-attached device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said shared secret is stored in a protected manner on said system-attached device and utilized with a device ID during each connection of said system-attached device to said system.
  - 3. The method of claim 2, further comprising encrypting operator authentication data flowing between said system-attached device and said system utilizing said shared secret.
  - 4. The method of claim 2, method further comprising encrypting operator authentication data flowing between said system-attached device and said system utilizing a hash of said shared secret.
  - 5. The method of claim 2, further comprising:
    - responsive to an establishment of a first console session that authenticates said system-attached device, instantiating a second EKE sequence to authenticate a console operator utilizing a default user identifier and password; and
      
      storing said user identifier and password in a protected area of said storage location of said system.
  - 6. The method of claim 5, further comprising:
    - enabling a setup of multiple device identifiers and authorization levels for other system-attached devices to act as console devices; and
      
      storing said multiple device identifiers and authorization levels in said storage location.
  - 7. The method of claim 5, further comprising:
    - enabling a setup of multiple operator user identifiers and associated passwords and authorization levels for other console operators to access console functions of the system; and
      
      storing said multiple operator user identifiers and associated passwords and authorization levels in said storage location.
  - 8. The method of claim 5, further comprising enabling multiple console sessions for different systems on a single console device.

9. A system for providing secure access to console functions of a computer system comprising logic for:
- initiating a first EKE sequence to generate a device shared secret utilizing a default device identifier and associated shared secret on a system-attached device from which a console operation is desired enabled;
  
  generating said device shared secret from said first EKE sequence, wherein said device shared secret is utilized in place of said default device shared secret in subsequent console authentication procedures; and
  
  storing said device shared secret within a storage location of said system and on said system-attached device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 26)
- - 10. The system of claim 9, wherein said shared secret key is stored in a protected manner on said system-attached device and utilized as a device ID during each connection of said system-attached device to said system.
  - 11. The system of claim 10, further comprising encrypting operator authentication data flowing between said system-attached device and said system utilizing said shared secret.
  - 12. The system of claim 10, method further comprising logic for encrypting operator authentication data flowing between said system-attached device and said system utilizing a hash of said shared secret.
  - 13. The system of claim 10, further comprising logic for:
    - responsive to an establishment of a first console session that authenticates said system-attached device, instantiating a second EKE sequence to authenticate a console operator utilizing a default user identifier and password; and
      
      storing said user identifier and password in a protected area of said storage location of said system.
  - 14. The system of claim 13, further comprising logic for:
    - enabling a setup of multiple device identifiers and authorization levels for other system-attached devices to act as console devices; and
      
      storing said multiple device identifiers and authorization levels in said storage location.
  - 15. The system of claim 13, further comprising logic for:
    - enabling a setup of multiple operator user identifiers and associated passwords and authorization levels for other console operators to access console functions of the system; and
      
      storing said multiple operator user identifiers and associated passwords and authorization levels in said storage location.
  - 16. The system of claim 13, further comprising logic for enabling multiple console sessions for different systems on a single console device.
  - 18. The computer program product of claim 17, wherein said shared secret key is stored in a protected manner on said system-attached device and utilized as a device ID during each connection of said system-attached device to said system.
  - 19. The computer program product of claim 18, further comprising program code for encrypting operator authentication data flowing between said system-attached device and said system utilizing said shared secret.
  - 20. The computer program product of claim 18, further comprising program code for encrypting operator authentication data flowing between said system-attached device and said system utilizing a hash of said shared secret.
  - 21. The computer program product of claim 18, further comprising program code for:
    - responsive to an establishment of a first console session that authenticates said system-attached device, instantiating a second EKE sequence to authenticate a console operator utilizing a default user identifier and password; and
      
      storing said user identifier and password in a protected area of said storage location of said system.
  - 22. The computer program product of claim 21, further comprising program code for:
    - enabling a setup of multiple device identifiers and authorization levels for other system-attached devices to act as console devices; and
      
      storing said multiple device identifiers and authorization levels in said storage location.
  - 23. The computer program product of claim 21, further comprising program code for:
    - enabling a setup of multiple operator user identifiers and associated passwords and authorization levels for other console operators to access console functions of the system; and
      
      storing said multiple operator user identifiers and associated passwords and authorization levels in said storage location.
  - 24. The computer program product of claim 21, further comprising program code for enabling multiple console sessions for different systems on a single console device.
  - 26. The method of claim 25, further comprising encrypting data transmitted during said second EKE sequence utilizing a shared secret generated during said first EKE sequence.

17. A computer program product comprising:
- a computer readable medium; and
  
  program code on said computer readable medium for providing secure access to console functions of a computer system by;
  
  initiating a first EKE sequence to generate a device shared secret utilizing a default device identifier and associated shared secret on a system-attached device from which a console operation is desired enabled;
  
  generating a device shared secret from said first EKE sequence, wherein said device shared secret is utilized in place of said default device shared secret in subsequent console authentication procedures; and
  
  storing said device shared secret within a storage location of said system and on said system-attached device.

25. A method of signing in authenticated users to a console function of a system, comprising:
- determining via a first EKE sequence whether a device identifier and associated shared secret of a system-attached device matches a stored device identifier and associated shared secret on said system;
  
  responsive to both ends having identical shared secrets, receiving a user-entered identifier and password;
  
  responsive to said receiving, initiating a second EKE sequence to determine whether said user-entered identifier and password matches a user identifier and password combination stored on a storage location of said system; and
  
  granting said user access to console functions only when said second EKE sequence is successful.

27. A method for secure authentication of a system console device within a network environment, comprising:
- establishing a first console session from an authentication device, wherein a default device identifier is utilized to initiate an EKE sequence between a network-attached console device and a.. generating a shared secret key via an EKE sequence utilized to establish said first console session; and
  
  subsequently authenticating a console operator via a second EKE sequence, wherein said shared secret key is utilized to encrypt data of an authentication process for said console operator attempting to utilize said console operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bauman, Mark Linus, Remfert, Jeffrey Earl, Bird, John Joseph

Granted Patent

US 6,981,144 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 9/0844   with user authentication or...

Y10S 707/99931   Database or file accessing

Y10S 707/99939   Privileged access

System console device authentication in a network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System console device authentication in a network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links