Method for securely communicating remote control commands in a computer network

US 6,119,228 A
Filed: 08/22/1997
Issued: 09/12/2000
Est. Priority Date: 08/22/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for securely broadcasting remote control commands in a computer network including at least one targeted network computer capable of responding to remote control commands from a network administrator computer or other network computer, the method comprising the steps of:

generating a remote control command;

creating a digital signature of the remote control command;

appending the digital signature to the remote control command to create a broadcast message; and

communicating the broadcast message to at least one targeted network computer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing secure remote control commands in a distributing computer environment. In the preferred embodiment of the invention, a network administrator or network management software creates a shutdown record, including an index or time stamp, for powering down a specified network computer(s). Prior to broadcast over the network, a secure one-way hash function is performed on the shutdown record. The result of the one-way hash function is encrypted using the network administrator'"'"'s private key, thereby generating a digital signature that can be verified by specially configured network nodes. The digital signature is appended to the original shutdown record prior to broadcast to the network. Upon receiving the broadcast message, the targeted network computer(s) validates the broadcast message by verifying the digital signature of the packet or frame. The validation process is performed by decrypting the hash value representation of the shutdown record using the network administrator'"'"'s public key. A one-way hash function is also performed on the original shutdown record portion of the received message. If the two values match, the broadcast message is determined to be authentic and the shutdown control code is executed. The invention insures that the shutdown command was neither modified in transit nor originated from an unauthorized source.

Citations

53 Claims

1. A method for securely broadcasting remote control commands in a computer network including at least one targeted network computer capable of responding to remote control commands from a network administrator computer or other network computer, the method comprising the steps of:
- generating a remote control command;
  
  creating a digital signature of the remote control command;
  
  appending the digital signature to the remote control command to create a broadcast message; and
  
  communicating the broadcast message to at least one targeted network computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the step of creating a digital signature of the remote control command comprises:
    - performing a one-way hash function on the remote control command to generate a signature hash value; and
      
      encrypting the signature hash value with a private key.
  - 3. The method of claim 2, wherein the targeted network computer(s) further performs the steps of:
    - decrypting the signature hash value portion of the broadcast message using a public key corresponding to the private key,performing a one-way hash function on the remote control command portion of the broadcast message to generate a verification hash value; and
      
      comparing the decrypted signature hash value with the verification hash value.
  - 4. The method of claim 3, wherein the targeted network computer(s) further performs the step of:
    - executing the remote control command only if the signature hash value and the verification hash value are identical.
  - 5. The method of claim 4, wherein the step of communicating the broadcast message to at least one targeted network computer is substantially compliant with the Magic Packet™
    - specification.
  - 6. The method of claim 4, wherein the remote control command includes an index or time stamp.
  - 7. The method of claim 4, wherein the remote control command directs the targeted network computer to enter a low power state.
  - 8. The method of claim 4, wherein the remote control command directs the targeted network computer to enter a fully powered state.
  - 9. The method of claim 2, wherein the private key is maintained in secure memory space.
  - 10. The method of claim 3, farther comprising the step of invalidating the public key corresponding to the private key in at least one network computer such that predetermined remote control commands cannot be validated.
  - 11. The method of claim 1, wherein the targeted network computer(s) further performs the steps of:
    - utilizing the digital signature to verify that the broadcast message is authorized; and
      
      executing the remote control command only if the broadcast message is authentic and authorized.
  - 12. The method of claim 11, wherein the step of communicating the broadcast message to at least one targeted network computer is substantially compliant with the Magic Packet™
    - specification.
  - 13. The method of claim 12, wherein the remote control command directs the targeted network computer to enter a low power state.
  - 14. The method of claim 12, wherein the remote control command directs the targeted network computer to enter a fully powered state.
  - 15. The method of claim 1, wherein the remote control command includes an index or time stamp.
  - 16. The method of claim 1, wherein the digital signature is generated during a secure mode of operation or in secure computer memory.

17. A computer system configured to receive secure network communications, the secure network communications having a remote control command and a digital signature, the computer system comprising:
- a system bus;
  
  a processor coupled to the system bus;
  
  power management hardware or software; and
  
  network interface circuitry coupled to the system bus and the power management hardware or software, the network interface circuitry configured to perform or direct the steps of;
  
  utilizing the digital signature to verify that the broadcast message is authentic; and
  
  permitting the execution of the remote control command only if the broadcast message is authentic, wherein the remote control command causes a change in state in the power management hardware or software.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The computer system of claim 17, wherein the change in state in the power management hardware or software causes the computer system to enter a low power mode.
  - 19. The computer system of claim 17, wherein the change in state in the power management hardware or software causes the computer system to become fully powered.
  - 20. The computer system of claim 17, wherein the digital signature comprises a hash code representation of the remote control command, the hash code representation encrypted with a private key, and wherein the step of utilizing the digital signature to verify that the broadcast message is authentic comprises:
    - decrypting the signature hash code representation of the broadcast message using a public key corresponding to the private key;
      
      performing a one-way hash function on the remote control command portion of the broadcast message to generate a verification hash value; and
      
      comparing the decrypted hash code representation of the broadcast message with the verification hash value.
  - 21. The computer system of claim 17, wherein the network interface circuitry is further configured to substantially comply with the Magic Packet™
    - specification.
  - 22. The computer system of claim 17, further comprising a non-writeable secure memory space coupled to the processor, wherein the public key is maintained in the secure memory space.

23. A computer system configured to broadcast secure computer network communications, the computer system comprising:
- a system bus;
  
  a processor coupled to the system bus;
  
  a processor readable storage medium coupled to the system bus for directing the processor to perform the steps ofgenerating a remote control command;
  
  creating a digital signature of the remote control command; and
  
  appending the digital signature to the remote control command to create a broadcast message;
  
  network interface circuitry coupled to the system bus, the network interface circuitry responsive to a command(s) from the processor to transmit the broadcast message to a computer network.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The computer system of claim 23, wherein the step of creating a digital signature of the remote control command comprises the steps of:
    - performing a one-way hash function on the remote control command to generate a signature hash value; and
      
      encrypting the signature hash value with a private key.
  - 25. The computer system of claim 23, wherein the broadcast message is substantially compliant with the Magic Packet™
    - specification.
  - 26. The computer system of claim 23, wherein the remote control command includes an index or time stamp.
  - 27. The computer system of claim 23, further comprising a secure memory space coupled to the processor, wherein the private key is maintained in the secure memory space.

28. A computer system configured to receive secure network communications, the secure network communications having a remote control command and a digital signature, the computer system comprising:
- a system bus;
  
  a processor coupled to the system bus;
  
  a mass storage device coupled to the system bus;
  
  power management hardware or software; and
  
  network interface circuitry coupled to the system bus and the power management hardware or software, the network interface circuitry configured to perform or direct the steps of;
  
  utilizing the digital signature to verify that the broadcast message is authentic; and
  
  permitting the execution of the remote control command only if the broadcast message is authentic, wherein the remote control command causes a change in state in the power management hardware or software.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The computer system of claim 28, wherein the change in state in the power management hardware or software causes the computer system to enter a low power mode.
  - 30. The computer system of claim 28, wherein the change in state in the power management hardware or software causes the computer system to become fully powered.
  - 31. The computer system of claim 28, wherein the digital signature comprises a hash code representation of the remote control command, the hash code representation encrypted with a private key, and wherein the step of utilizing the digital signature to verify that the broadcast message is authentic comprises:
    - decrypting the signature hash code representation of the broadcast message using a public key corresponding to the private key;
      
      performing a one-way hash function on the remote control command portion of the broadcast message to generate a verification hash value; and
      
      comparing the decrypted hash code representation of the broadcast message with the verification hash value.
  - 32. The computer system of claim 28, wherein the network interface circuitry is further configured to substantially comply with the Magic Packet™
    - specification.

33. A computer system configured to broadcast secure computer network communications, the computer system comprising:
- a system bus;
  
  a processor coupled to the system bus;
  
  a mass storage device coupled to the system bus;
  
  a processor readable storage medium coupled to the system bus for directing the processor to perform the steps of;
  
  generating a remote control command;
  
  creating a digital signature of the remote control command; and
  
  appending the digital signature to the remote control command to create a broadcast message;
  
  network interface circuitry coupled to the system bus, the network interface circuitry responsive to a command(s) from the processor to transmit the broadcast message to a computer network.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The computer system of claim 33, wherein the step of creating a digital signature of the remote control command comprises the steps of:
    - performing a one-way hash function on the remote control command to generate a signature hash value; and
      
      encrypting the signature hash value with a private key.
  - 35. The computer system of claim 33, wherein the broadcast message is substantially compliant with the Magic Packet™
    - specification.
  - 36. The computer system of claim 33, wherein the remote control command includes an index or time stamp.
  - 37. The computer system of claim 33, further comprising a secure memory space coupled to the processor, wherein the private key is maintained in the secure memory space.

38. A method for securely broadcasting remote control commands in a computer network including at least one targeted network computer capable of responding remote control commands from a network administrator computer or other network computer and capable of power management, the method comprising the steps of:
- generating a remote control command for power management;
  
  creating a digital signature of the remote control command;
  
  appending the digital signature to the remote control command to create a broadcast message;
  
  communicating the broadcast message to at least one targeted network computer; and
  
  changing the state of power management hardware or software in the targeted network computer responsive to the remote control command only if the broadcast message is authentic.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 39. The method of claim 38, wherein tie step of creating a digital signature of the remote control command comprises:
    - performing a one-way hash function on the remote control command to generate a signature hash value; and
      
      encrypting the signature hash value with a private key.
  - 40. The method of claim 39, wherein the targeted network computer(s) further performs the steps of:
    - decrypting the signature hash value portion of the broadcast message using public key corresponding to the private key;
      
      performing a one-way hash function on the remote control command portion of the broadcast message to generate a verification hash value; and
      
      comparing the decrypted signature hash value with the verification hash value.
  - 41. The method of claim 40, wherein the targeted network computer(s) further performs the steps of:
    - executing the remote control command only if the signature hash value and the verification hash value are identical.
  - 42. The method of claim 41, wherein the step of communicating the broadcast message to at least one targeted network computer is substantially compliant with the Magic Packet™
    - specification.
  - 43. The method of claim 41, wherein the remote control command includes an index or time stamp.
  - 44. The method of claim 41, wherein the remote control command directs the targeted network computer to enter a low power state.
  - 45. The method of claim 41, wherein the remote control command directs the targeted network computer to enter a fully powered state.
  - 46. The method of claim 39, wherein the private key is maintained in secure memory space.
  - 47. The method of claim 40, further comprising the step of invalidating the public key corresponding to the private key in at least one network computer such that predetermined remote control commands cannot be validated.
  - 48. The method of claim 38, wherein the targeted network computer(s) further performs the steps of:
    - utilizing the digital signature to verify that the broadcast message is authorized; and
      
      executing the remote control command only if the broadcast message is authentic and authorized.
  - 49. The method of claim 48, wherein the step of communicating the broadcast message to at least one targeted network computer is substantially compliant with the Magic Packet™
    - specification.
  - 50. The method of claim 49, wherein the remote control command directs the targeted network computer to enter a low power state.
  - 51. The method of claim 49, wherein the remote control command directs the targeted network computer to enter a fully powered state.
  - 52. The method of claim 38, wherein the remote control command includes an index or time stamp.
  - 53. The method of claim 38, wherein the digital signature is generated during a secure mode of operation or in secure computer memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Kim, Donald D., Collins, David L., Angelo, Michael F., Jansen, Kenneth A.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US08/916,273
Time in Patent Office

1,117 Days
Field of Search

713/180, 713/176, 713/178, 380/255, 380/280
US Class Current

713/180
CPC Class Codes

H04L 41/28   Restricting access to netwo...

H04L 63/0442   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 63/123   received data contents, e.g...

Method for securely communicating remote control commands in a computer network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securely communicating remote control commands in a computer network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links