SECURE BIOS ACCESS AND PASSWORD ROTATION

US 20160028714A1
Filed: 07/25/2014
Published: 01/28/2016
Est. Priority Date: 07/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining a particular password generation algorithm, of a plurality of password generation algorithms, based on information regarding a client device;

determining password generation seed values that include milestone dates, identified based on a security protocol that indicates a frequency at which BIOS passwords should be changed;

generating a first password and one or more second passwords based on the particular password generation algorithm and the password generation seed values,the first password corresponding to a password that should be set for a BIOS associated with the client device,the one or more second passwords being possible current passwords currently set for the BIOS; and

changing the BIOS password, at the client device, to be the first password, the changing of the BIOS password being based on using the one or more second passwords.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may periodically update a BIOS password on a client device. In some implementations, the device may determine a particular password generation algorithm; determine password generation seed values; and generate a first password and one or more second passwords based on the particular password generation algorithm and the password generation seed values. The first password may be a password that should be set for the BIOS. The one or more second passwords may be possible current passwords currently set. The device may individually output the one or more second passwords to the client device to cause the client device to update a password of the BIOS to update to the first password; receive an indication that the BIOS password has been updated to the first password; and output the indication that the BIOS password has been updated to the first password.

7 Citations

24 Claims

1. A method comprising:
- determining a particular password generation algorithm, of a plurality of password generation algorithms, based on information regarding a client device;
  
  determining password generation seed values that include milestone dates, identified based on a security protocol that indicates a frequency at which BIOS passwords should be changed;
  
  generating a first password and one or more second passwords based on the particular password generation algorithm and the password generation seed values,the first password corresponding to a password that should be set for a BIOS associated with the client device,the one or more second passwords being possible current passwords currently set for the BIOS; and
  
  changing the BIOS password, at the client device, to be the first password, the changing of the BIOS password being based on using the one or more second passwords.
- View Dependent Claims (2, 3, 4, 5, 6, 21, 22)
- - 2. The method of claim 1, further comprising:
    - receiving, by one or more devices and from the client device, and when one of the one or more second passwords are valid, an indication that the BIOS password has been changed to the first password;
      
      outputting, by the one or more devices, the indication that the BIOS password has been changed to the first password;
      
      receiving, in response to outputting second passwords that are invalid, an indication that the BIOS password has not been changed;
      
      requesting, based on receiving the indication that the BIOS password has not been changed, information regarding a list of one or more known passwords; and
      
      individually outputting, the one or more known passwords to the client device to cause the client device to change the BIOS password to the first password,wherein receiving the indication that the BIOS password has been changed to the first password includes receiving the indication when one of the one or more known passwords are valid.
  - 3. The method of claim 1, further comprising:
    - receiving, by one or more devices and from the client device, and when one of the one or more second passwords are valid, an indication that the BIOS password has been changed to the first password;
      
      outputting, by the one or more devices, the indication that the BIOS password has been changed to the first password;
      
      receiving, in response to outputting second passwords that are invalid, an indication that the BIOS password has not been changed;
      
      generating, based on receiving the indication that the BIOS password has not been changed, one or more alternate passwords based on a different password generation algorithm than the particular password generation algorithm; and
      
      individually outputting, the one or more alternate passwords to the client device to cause the client device to change the BIOS to the first password,wherein receiving the indication that the BIOS password has been changed to the first password includes receiving the indication when one of the one or more alternate passwords are valid.
  - 4. The method of claim 1, wherein the seed values include a first seed value and one or more second seed values,wherein determining the seed values includes:
    - determining the first seed value based on a current milestone date identified by the security protocol, anddetermining the one or more second seed values based on previous milestone dates identified by the security protocol.
  - 5. The method of claim 1, further comprising:
    - determining that a password is currently set for the BIOS,wherein the one or more second passwords are determined based on the determination that the password is currently set for the BIOS.
  - 6. The method of claim 1, further comprising:
    - individually outputting the one or more second passwords to the client device to cause the client device to remove a password currently set for the BIOS;
      
      receiving an indication, when one of the one or more second passwords are valid, that the password, currently set for the BIOS, has been removed;
      
      accessing the BIOS after receiving the indication that the password has been removed; and
      
      performing the changing of the password after accessing the BIOS.
  - 21. The method of claim 1, wherein the updating of the BIOS password, at the client device, is performed periodically.
  - 22. The method of claim 1, wherein the updating of the password of the BIOS is performed based on execution of an imaging process at the client device.

7. (canceled)

8. (canceled)

9. A system comprising:
- a device, comprising;
  
  a non-transitory memory device storing;
  
  a plurality of processor-executable instructions; and
  
  a processor configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the processor to;
  
  determine a particular password generation algorithm, of a plurality of password generation algorithms, based on information regarding a client device;
  
  determine password generation seed values that include milestone dates, identified based on a security protocol that indicates a frequency at which BIOS passwords should be changed;
  
  generate a first password and one or more second passwords based on the particular password generation algorithm and the password generation seed values,the first password corresponding to a password that should be set for a BIOS associated with the client device,the one or more second passwords being possible current passwords currently set for the BIOS; and
  
  changing the BIOS password, to be the first password, the changing of the BIOS password being based on using the one or more second passwords.
- View Dependent Claims (10, 11, 12, 13, 14, 23, 24)
- - 10. The system of claim 9, wherein executing the processor-executable instructions further causes the processor to:
    - receive, from the client device, and when one of the one or more second passwords are valid, an indication that the BIOS password has been changed to the first password;
      
      output, by the one or more devices, the indication that the BIOS password has been changed to the first password;
      
      receive, in response to outputting second passwords that are invalid, an indication that the BIOS password has not been changed;
      
      request, based on receiving the indication that the BIOS password has not been changed, information regarding a list of one or more known passwords; and
      
      individually outputting, the one or more known passwords to the client device to cause the client device to change the BIOS password to the first password,wherein executing the processor-executable instructions, to receive the indication that the BIOS password has been changed to the first password, causes the processor to receive the indication when one of the one or more known passwords are valid.
  - 11. The system of claim 9, wherein executing the processor-executable instructions further causes the processor to:
    - receive, from the client device, and when one of the one or more second passwords are valid, an indication that the BIOS password has been changed to the first password;
      
      output, by the one or more devices, the indication that the BIOS password has been changed to the first password;
      
      receive, in response to outputting second passwords that are invalid, an indication that the BIOS password has not been changed;
      
      generate, based on receiving the indication that the BIOS password has not been changed, one or more alternate passwords based on a different password generation algorithm than the particular password generation algorithm; and
      
      individually output, the one or more alternate passwords to the client device to cause the client device to change the BIOS to the first password,wherein executing the processor-executable instructions, to receive the indication that the BIOS password has been changed to the first password, causes the processor to receive the indication when one of the one or more alternate passwords are valid.
  - 12. The system of claim 9, wherein the seed values include a first seed value and one or more second seed values,wherein executing the processor-executable instructions, to determine the seed values causes the processor to:
    - determine the first seed value based on a current milestone date identified by the security protocol, anddetermine the one or more second seed values based on previous milestone dates identified by the security protocol.
  - 13. The system of claim 9, wherein executing the processor-executable instructions further causes the processor to:
    - determine that a password is currently set for the BIOS,wherein the one or more second passwords are determined based on the determination that the password is currently set for the BIOS.
  - 14. The system of claim 9, wherein executing the processor-executable instructions further causes the processor to:
    - individually output the one or more second passwords to the client device to cause the client device to remove a password currently set for the BIOS;
      
      receive an indication, when one of the one or more second passwords are valid, that the password, currently set for the BIOS, has been removed;
      
      access the BIOS after receiving the indication that the password has been removed; and
      
      perform the updating of the password after accessing the BIOS.
  - 23. The system of claim 9, wherein the updating of the BIOS password, at the client device, is performed periodically.
  - 24. The system of claim 9, wherein the updating of the password of the BIOS is performed based on execution of an imaging process at the client device.

15. (canceled)

16. (canceled)

17. A method comprising,receiving, by one or more devices and from a first client device, a request to remotely access a BIOS associated with a second client device;
- validating, by the one or more devices, the request to remotely access the BIOS;
  
  determining, by the one or more devices and based on validating the request, a particular password generation algorithm, of a plurality of password generation algorithms, based on information regarding the second client device;
  
  determining, by the one or more devices, password generation seed values that include milestone dates, identified based on a security protocol that indicates a frequency at which BIOS passwords should be changed;
  
  generating a first password and one or more second passwords based on the particular password generation algorithm and the password generation seed values,the first password corresponding to a password that should be set for the BIOS associated with the second client device,the one or more second passwords being possible current passwords currently set for the BIOS;
  
  individually outputting, by the one or more devices, the one or more second passwords to the client device to cause the client device to remove a password currently set for the BIOS;
  
  receiving, by the one or more devices, an indication, when one of the one or more second passwords are valid, that the password, currently set for the BIOS, has been removed;
  
  outputting, by the one or more devices and after receiving the indication that the password has been removed, information to the first client device to cause the first client device to access the BIOS of the second client device; and
  
  causing, by the one or more devices, the second client device to set the password to the first password after the first client device is no longer accessing the BIOS.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein receiving the request includes receiving at least one of:
    - first authentication credentials,an encrypted computer file, ora first hash value,wherein the validating includes at least one of;
      
      decrypting the computer file,determining that the first authentication credentials match second authentication credentials stored by the one or more devices,calculating a second hash value and determining that the second hash value matches the first hash value.
  - 19. The method of claim 17, further comprising:
    - receiving, in response to outputting second passwords that are invalid, individual indications that the BIOS password has not been updated;
      
      requesting, based on receiving individual indications that the BIOS password has not been removed when all of the one or more second passwords have been outputted to the client device, information regarding a list of one or more known passwords; and
      
      individually outputting, the one or more known passwords to the client device to cause the client device to remove the BIOS password,wherein receiving the indication that the BIOS password has been removed includes receiving the indication when one of the one or more known passwords are valid.
  - 20. The method of claim 17, further comprising:
    - receiving, in response to outputting second passwords that are invalid, individual indications that the BIOS password has not been updated;
      
      generating, based on receiving individual indications that the BIOS password has not been removed when all of the one or more second passwords have been outputted to the client device, one or more alternate passwords based on a different password generation algorithm than the particular password generation algorithm; and
      
      individually outputting, the one or more alternate passwords to the client device to cause the client device to update the BIOS to the first password,wherein receiving the indication that the BIOS password has been removed password includes receiving the indication when one of the one or more alternate passwords are valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Umberger, William G., Kilgore, Robert P., Herman, Andrew L., Demasi, Rocco

Granted Patent

US 9,313,199 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/575   Secure boot

G06F 21/79   in semiconductor storage me...

G06F 8/654   using techniques specially ...

G06F 9/4416   Network booting; Remote ini...

SECURE BIOS ACCESS AND PASSWORD ROTATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE BIOS ACCESS AND PASSWORD ROTATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links