Secure Near Field Communication Server Information Handling System Support

US 20150089221A1
Filed: 09/26/2013
Published: 03/26/2015
Est. Priority Date: 09/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method for secure near field communication (NFC) with a server information handling system, the method comprising:

storing a private key at a baseboard management controller of the server information handling system, the private key stored in association with a predetermined end user;

inputting the private key to an NFC application executing on a portable information handling system, the portable information handling system having an NFC device;

applying the private key with the NFC application to generate an NFC application hash;

inputting a user name and password of the predetermined end user to the NFC application;

applying the private key with the NFC application to generate a user credential hash;

communicating the NFC application hash and user credential hash with the NFC application and portable information handling system NFC device through an NFC communication to the baseboard management controller; and

authorizing access by the predetermined end user in response to the communicating.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure NFC interactions with a server information handling system management controller, such as a baseboard management controller, are supported with an NFC application running on a mobile information handling system. A private key is applied by the mobile application to create an application hash that a baseboard management controller verifies to authorize access by the NFC application. The private key encrypts a user name and password so that the baseboard management controller decrypts the user credentials to look up access privileges in a security database. If user privileges include access to components, the baseboard management controller automatically actuates locks to provide access.

Citations

20 Claims

1. A method for secure near field communication (NFC) with a server information handling system, the method comprising:
- storing a private key at a baseboard management controller of the server information handling system, the private key stored in association with a predetermined end user;
  
  inputting the private key to an NFC application executing on a portable information handling system, the portable information handling system having an NFC device;
  
  applying the private key with the NFC application to generate an NFC application hash;
  
  inputting a user name and password of the predetermined end user to the NFC application;
  
  applying the private key with the NFC application to generate a user credential hash;
  
  communicating the NFC application hash and user credential hash with the NFC application and portable information handling system NFC device through an NFC communication to the baseboard management controller; and
  
  authorizing access by the predetermined end user in response to the communicating.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein authorizing access by the predetermined end user in response to the communicating further comprises:
    - applying the private key to generate a server hash with the baseboard management controller; and
      
      comparing the NFC application hash and the server hash;
      
      authorizing communication by the NFC device of the user credential hash if the NFC application hash matches the server hash; and
      
      declining communication by the NFC device of the user credential hash if the NFC application hash fails to match the server hash.
  - 3. The method of claim 2 wherein authorizing access by the predetermined end user in response to the communicating further comprises:
    - communicating the user credential hash with the NFC device to the baseboard management controller;
      
      applying the private key with the baseboard management controller to extract the user name and password of the predetermined end user from the user credential hash; and
      
      authorizing access if the user name and password match an authorized user name and password.
  - 4. The method of claim 3 wherein authorizing access if the user name and password match an authorized user name and password further comprises:
    - looking up the user name and password with the BMC at an active directory security database; and
      
      authorizing access by NFC communications at an access level indicated by the active directory security database.
  - 5. The method of claim 3 wherein authorizing access if the user name and password match an authorized user name and password further comprises:
    - looking up the user name and password with the BMC at an LDAP security database; and
      
      authorizing access by NFC communications at an access level indicated by the LDAP security database.
  - 6. The method of claim 3 wherein authorizing access if the user name and password match an authorized user name and password further comprises:
    - looking up the user name and password with the BMC at a local security table; and
      
      authorizing access by NFC communications at an access level indicated by the local security table.
  - 7. The method of claim 1 wherein the private key authorizes only NFC communication by only one end user.
  - 8. The method of claim 1 wherein authorizing access by the predetermined end user in response to the communicating further comprises:
    - applying the private key to decrypt the user credential hash at a microcontroller associated with an NFC device disposed proximate the baseboard management controller;
      
      sending the user name and password of the decrypted user credential hash from the microcontroller to the baseboard management controller; and
      
      determining authorization of the user name and password with the baseboard management controller.
  - 9. The method of claim 1 wherein authorizing access by the predetermined end user in response to the communicating further comprises automatically releasing a lock engaged at the server information handling system.
  - 10. The method of claim 9 wherein the lock secures a storage device to the server information handling system.

11. A server information handling system comprising:
- a chassis;
  
  one or more processors disposed in the chassis and operable to process information;
  
  memory disposed in the chassis and interfaced with the processors, the memory operable to store the information;
  
  one or more network devices disposed in the chassis and interfaced with the processor, the one or more network devices operable to communicate with one or more networks;
  
  a baseboard management controller disposed in the chassis and interfaced with the one or more processors, the memory and the one or more network devices, the baseboard management controller operable to manage operation of the one or more processors;
  
  an NFC device interfaced with the baseboard management controller and operable to exchange NFC communications with an external NFC device; and
  
  an encryption module interfaced with the NFC device and operable to apply a private key to restrict NFC communications to external NFC devices that have the private key.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The server information handling system of claim 11 wherein the encryption module comprises firmware instructions stored in flash memory of the baseboard management controller.
  - 13. The server information handling system of claim 11 further comprising a microcontroller disposed between the NFC device and the baseboard management controller, wherein the encryption module comprises firmware instructions stored in flash memory of the baseboard management controller.
  - 14. The server information handling system of claim 13 wherein the baseboard management controller further comprises an LDAP module operable to accept a user name and password decrypted by the encryption module from an NFC communication encrypted with the private key, and to apply the user name and password to a security database that defines an access level associated with the user name.
  - 15. The server information handling system of claim 14 further comprising a chassis lock interfaced with the microcontroller, the microcontroller operable to unlock the chassis lock if the user name has an access level associated with access to the chassis.
  - 16. The server information handling system of claim 14 further comprising a memory lock interfaced with the microcontroller, the microcontroller operable to unlock the memory lock if the user name has an access level associated with access to the memory.

17. A security system for providing secure access to a server information handling system with NFC communication, the security system comprising:
- a security database storing plural user names, each user name having a password and one or more access privileges;
  
  a baseboard management controller integrated with the server information handling system and operable to manage operations of the server information handling system;
  
  an NFC device integrated with the server information handling system and interfaced with the baseboard management controller, the NFC device operable to provide NFC communications to the baseboard management controller; and
  
  an NFC application stored in memory of a portable information handling system and operable to apply a private key to create an NFC application hash and a user credential hash;
  
  wherein the baseboard management controller accepts NFC communications only from NFC applications having a private key stored on the server information handling system and provides NFC applications access at a privilege level retrieved from the security database based upon a user name and password provided from the NFC application and encrypted by the private key.
- View Dependent Claims (18, 19, 20)
- - 18. The security system of claim 17 wherein the private key only provides access by NFC communications.
  - 19. The security system of claim 17 further comprising a microcontroller disposed between the NFC device and the baseboard management controller, the microcontroller operable to buffer information communicated between the baseboard management controller and the NFC device.
  - 20. The security system of claim 19 further comprising a lock interfaced with the microcontroller, the lock restricting physical access to the server information handling system, the microcontroller operable to unlock the lock if the user name has a privilege level for physical access to the server information handling system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Taylor, Travis, Ahmed, Syed S., Palmer, John R.

Granted Patent

US 9,967,749 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/35   communicating wirelessly

H04L 9/3236   using cryptographic hash fu...

H04W 12/08   Access security

Secure Near Field Communication Server Information Handling System Support

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Near Field Communication Server Information Handling System Support

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links