TARGETED SECURITY POLICY OVERRIDE

US 20140195799A1
Filed: 01/07/2013
Published: 07/10/2014
Est. Priority Date: 01/07/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

gathering, with an information handling device, client system identification data of a client system;

providing, with the information handling device, the client system with at least one cryptographic key;

transmitting, with the information handling device, the client system identification data and a request for security policy override to a third party;

receiving, with the information handling device, encrypted approval data from the third party; and

transmitting, with the information handling device, encrypted approval data to the client system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aspect provides a method, including: gathering, with an information handling device, client system identification data of a client system; providing, with the information handling device, the client system with at least one cryptographic key; transmitting, with the information handling device, the client system identification data and a request for security policy override to a third party; receiving, with the information handling device, encrypted approval data from the third party; and transmitting, with the information handling device, encrypted approval data to the client system. Other aspects are described and claimed.

Citations

20 Claims

1. A method, comprising:
- gathering, with an information handling device, client system identification data of a client system;
  
  providing, with the information handling device, the client system with at least one cryptographic key;
  
  transmitting, with the information handling device, the client system identification data and a request for security policy override to a third party;
  
  receiving, with the information handling device, encrypted approval data from the third party; and
  
  transmitting, with the information handling device, encrypted approval data to the client system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20)
- - 2. The method of claim 1, wherein the at least one cryptographic key provides the client system a decryption capability for decrypting the encrypted approval data.
  - 3. The method of claim 1, wherein the encrypted approval data further comprises security policy attributes indicative of permitted security policy changes.
  - 4. The method of claim 1, wherein the encrypted approval data is encrypted by the third party using the at least one cryptographic key provided to the client system.
  - 5. The method of claim 4, wherein the encrypted approval data is encrypted by the third party using at least one additional key.
  - 6. The method of claim 5, wherein the at least one additional key is a private key of a public/private key pair.
  - 7. The method of claim 1, wherein the client system identification data comprises a client system hardware identification.
  - 8. The method of claim 7, wherein the client system hardware identification comprises one or more of a machine type, a model number and a serial number.
  - 9. The method of claim 1, wherein the client system comprises an enterprise computing system, wherein the information handling device comprises an enterprise administrative system, and wherein the third party comprises a third party system operated by a manufacturer of the client system.
  - 20. The method of claim 1, wherein the encrypted approval data from the third party further comprises one or more added attributes such that only targeted areas of a BIOS of the client system can be overridden.

10. An information handling device, comprising:
- one or more processors; and
  
  a memory operatively coupled to the one or more processors that stores instructions executable by the one or more processors to perform acts comprising;
  
  gathering client system identification data of a client system;
  
  providing the client system with at least one cryptographic key;
  
  transmitting the client system identification data and a request for security policy override to a third party;
  
  receiving encrypted approval data from the third party; and
  
  transmitting encrypted approval data to the client system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The information handling device of claim 10, wherein the at least one cryptographic key provides the client system a decryption capability for decrypting the encrypted approval data.
  - 12. The information handling device of claim 10, wherein the encrypted approval data further comprises security policy attributes indicative of permitted security policy changes.
  - 13. The information handling device of claim 10, wherein the encrypted approval data is encrypted by the third party using the at least one cryptographic key provided to the client system.
  - 14. The information handling device of claim 13, wherein the encrypted approval data is encrypted by the third party using at least one additional key.
  - 15. The information handling device of claim 14, wherein the at least one additional key is a private key of a public/private key pair.
  - 16. The information handling device of claim 10, wherein the client system identification data comprises a client system hardware identification.
  - 17. The information handling device of claim 16, wherein the client system hardware identification comprises one or more of a machine type, a model number and a serial number.
  - 18. The information handling device of claim 10, wherein the client system comprises an enterprise computing system, wherein the information handling device comprises an enterprise administrative system, and wherein the third party comprises a third party system operated by a manufacturer of the client system.

19. A program product, comprising:
- a storage medium having computer program code embodied therewith, the computer program code comprising;
  
  computer program code configured to gather, with an information handling device, client system identification data of a client system;
  
  computer program code configured to provide, with the information handling device, the client system with at least one cryptographic key;
  
  computer program code configured to transmit, with the information handling device, the client system identification data and a request for security policy override to a third party;
  
  computer program code configured to receive, with the information handling device, encrypted approval data from the third party; and
  
  computer program code configured to transmit, with the information handling device, encrypted approval data to the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Erickson, David Edward, Springfield, Randall Scott

Granted Patent

US 9,239,937 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/73   by creating or determining ...

G06F 2221/2115   Third party

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

TARGETED SECURITY POLICY OVERRIDE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TARGETED SECURITY POLICY OVERRIDE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links