Method and apparatus for providing remote access to security features on a computer network
First Claim
1. A security device for allowing remote access to the security features of a network computer, comprising:
- a first memory slot for securely storing a user password, the user password allowing access to a predetermined feature(s) of the network computer;
a second memory slot for securely storing an administrator password, the administrator password used to unlock all slots of the security device;
a register for receiving user key information; and
comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the predetermined feature(s) if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password.
3 Assignments
0 Petitions
Accused Products
Abstract
A run-time security methodology and apparatus for supporting complete access to the security features of a network computer by a network administrator. In a network computer according to the invention, various resources are secured by a security device. The resources are accessible by a computer user with knowledge of one or more user passwords stored in the security device. An administrator password is also stored in the security device. In addition to control access to specified resources, the administrator password also functions as a surrogate for the other passwords stored in the security device. An administrator password implemented according to the invention thereby allows a network administrator to remotely override any activated user security settings and receive complete access to a secured network computer.
-
Citations
20 Claims
-
1. A security device for allowing remote access to the security features of a network computer, comprising:
-
a first memory slot for securely storing a user password, the user password allowing access to a predetermined feature(s) of the network computer; a second memory slot for securely storing an administrator password, the administrator password used to unlock all slots of the security device; a register for receiving user key information; and comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the predetermined feature(s) if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password. - View Dependent Claims (2, 3, 5)
-
-
4. A security device for allowing remote access to the security features of a network computer, comprising:
-
a first memory slot for securely storing a user password, the user password allowing access to a predetermined feature(s) of the network computer; a second memory slot for securely storing an administrator password; a register for receiving user key information; and comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the predetermined feature(s) if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional feature(s) of the network computer, wherein the security device allows the user password to be modified following assertion of either the first unlock signal or the second unlock signal.
-
-
6. A computer system, comprising:
-
a processor; a video subsystem coupled to the processor; a network interface card for communicatively coupling the computer system to a network; at least one resource to be protected, the resource(s) coupled to the processor; and a security device coupled to the processor and the network interface card, the security device comprising; a first memory slot for securely storing a user password, the user password allowing access to the at least one resource; a second memory slot for securely storing an administrator password, the administrator password used to unlock all slots of the security device; a register for receiving user key information; and comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the at least one resource if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password. - View Dependent Claims (7, 8, 9, 10, 11, 12, 14, 16, 17)
-
-
13. A computer system, comprising:
-
a processor; a video subsystem coupled to the processor; a network interface card for communicatively coupling the computer system to a network; at least one resource to be protected, the resource(s) coupled to the processor; and a security device coupled to the processor and the network interface card, the security device comprising; a first memory slot for securely storing a user password, the user password allowing access to the at least one resource; a second memory slot for securely storing an administrator password; a register for receiving user key information; and comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the at least one resource if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional one of the resource(s) to be protected, a nonvolatile memory for storing the user password and the administrator password for provision to the security device during a secure initialization procedure; and security logic coupled to the security device and the nonvolatile memory, the security logic placing the nonvolatile memory in a locked state following provision of the user password and the administrator password to the security device and prior to any attempt to access the resource to be protected, wherein the additional resource to be protected is a chassis lock control register.
-
-
15. A computer system comprising:
-
a processor; a video subsystem coupled to the processor; a network interface card for communicatively coupling the computer system to a network; at least one resource to be protected, the resource(s) coupled to the processor; and a security device coupled to the processor and the network interface card, the security device comprising; a first memory slot for securely storing a user password, the user password allowing access to the at least one resource; a second memory slot for securely storing an administrator password; a register for receiving suer key information; and comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the at least one resource if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional one of the resources(s) to be protected, wherein the additional resource to be protected is a chassis lock control register, wherein the security device allows the user password to be modified following assertion of either the first unlock signal or the second unlock signal; a nonvolatile memory for storing the user password and the administrator password for provision to the security device during a secure initialization procedure; and security logic coupled to the security device and the nonvolatile memory, the security logic placing the nonvolatile memory in a locked state following provision of the user password and the administrator password to the security device and prior to any attempt to access the resource to be protected.
-
-
18. A method for gaining remote access to the computer security features of a network computer in a distributed computing environment, the network computer having a security device with a plurality of memory slots for storing at least one user password and an administrator password, the security device further having a register for receiving user key information and comparator logic for comparing the user key information to stored passwords, the method comprising the steps of:
-
providing user key information to the register of the security device via a network connection; comparing the user key information to the administrator password the administrator password used for unlocking all of the plurality of memory slots of the security device; and permitting remote access to a secured network computer resource if the user key information matches the administrator password. - View Dependent Claims (19, 20)
-
Specification