Method and apparatus for providing remote access to security features on a computer network

US 6,145,085 A
Filed: 04/30/1998
Issued: 11/07/2000
Est. Priority Date: 04/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A security device for allowing remote access to the security features of a network computer, comprising:

a first memory slot for securely storing a user password, the user password allowing access to a predetermined feature(s) of the network computer;

a second memory slot for securely storing an administrator password, the administrator password used to unlock all slots of the security device;

a register for receiving user key information; and

comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the predetermined feature(s) if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A run-time security methodology and apparatus for supporting complete access to the security features of a network computer by a network administrator. In a network computer according to the invention, various resources are secured by a security device. The resources are accessible by a computer user with knowledge of one or more user passwords stored in the security device. An administrator password is also stored in the security device. In addition to control access to specified resources, the administrator password also functions as a surrogate for the other passwords stored in the security device. An administrator password implemented according to the invention thereby allows a network administrator to remotely override any activated user security settings and receive complete access to a secured network computer.

Citations

20 Claims

1. A security device for allowing remote access to the security features of a network computer, comprising:
- a first memory slot for securely storing a user password, the user password allowing access to a predetermined feature(s) of the network computer;
  
  a second memory slot for securely storing an administrator password, the administrator password used to unlock all slots of the security device;
  
  a register for receiving user key information; and
  
  comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the predetermined feature(s) if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password.
- View Dependent Claims (2, 3, 5)
- - 2. The security device of claim 1, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional feature(s) of the network computer.
  - 3. The security device of claim 2, wherein the security device allows the administrator password to be modified following assertion of the second unlock signal.
  - 5. The security device of claim 1, further comprising:
    - additional memory slots for storing additional user passwords,wherein the comparator logic is further configured to assert additional unlock signals if the user key information matches a corresponding one of the additional user passwords, and wherein the comparator logic asserts each of the additional unlock signals if the user key information matches the administrator password.

4. A security device for allowing remote access to the security features of a network computer, comprising:
- a first memory slot for securely storing a user password, the user password allowing access to a predetermined feature(s) of the network computer;
  
  a second memory slot for securely storing an administrator password;
  
  a register for receiving user key information; and
  
  comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the predetermined feature(s) if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional feature(s) of the network computer, wherein the security device allows the user password to be modified following assertion of either the first unlock signal or the second unlock signal.

6. A computer system, comprising:
- a processor;
  
  a video subsystem coupled to the processor;
  
  a network interface card for communicatively coupling the computer system to a network;
  
  at least one resource to be protected, the resource(s) coupled to the processor; and
  
  a security device coupled to the processor and the network interface card, the security device comprising;
  
  a first memory slot for securely storing a user password, the user password allowing access to the at least one resource;
  
  a second memory slot for securely storing an administrator password, the administrator password used to unlock all slots of the security device;
  
  a register for receiving user key information; and
  
  comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the at least one resource if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 14, 16, 17)
- - 7. The computer system of claim 6, further comprising:
    - a nonvolatile memory for storing the user password and the administrator password for provision to the security device during a secure initialization procedure; and
      
      security logic coupled to the security device and the nonvolatile memory, the security logic placing the nonvolatile memory in a locked state following provision of the user password and the administrator password to the security device and prior to any attempt to access the resource to be protected.
  - 8. The computer system of claim 7, wherein the security logic further places the nonvolatile memory in an unlocked state only in response to assertion of the unlock signal.
  - 9. The computer system of claim 7, wherein the resource to be protected is a programmable memory.
  - 10. The computer system of claim 9, wherein the programmable memory is a Flash ROM.
  - 11. The computer system of claim 7, wherein the user password is a power-on password.
  - 12. The computer system of claim 7, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional one of the resource(s) to be protected.
  - 14. The computer system of claim 12, wherein the security device allows the administrator password to be modified following assertion of the second unlock signal.
  - 16. The computer system of claim 7, further comprising a timer coupled to the security device, the timer delaying operation of the comparator logic for a predetermined period of time after an unsuccessful comparison between the user key information and either one of the user password or the administrator password.
  - 17. The computer system of claim 7, the security device further comprising:
    - additional memory slots for storing additional user passwords,wherein the comparator logic is further configured to assert additional unlock signals if the user key information matches a corresponding one of the additional user passwords, and wherein the comparator logic asserts each of the additional unlock signals if the user key information matches the administrator password.

13. A computer system, comprising:
- a processor;
  
  a video subsystem coupled to the processor;
  
  a network interface card for communicatively coupling the computer system to a network;
  
  at least one resource to be protected, the resource(s) coupled to the processor; and
  
  a security device coupled to the processor and the network interface card, the security device comprising;
  
  a first memory slot for securely storing a user password, the user password allowing access to the at least one resource;
  
  a second memory slot for securely storing an administrator password;
  
  a register for receiving user key information; and
  
  comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the at least one resource if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional one of the resource(s) to be protected,a nonvolatile memory for storing the user password and the administrator password for provision to the security device during a secure initialization procedure; and
  
  security logic coupled to the security device and the nonvolatile memory, the security logic placing the nonvolatile memory in a locked state following provision of the user password and the administrator password to the security device and prior to any attempt to access the resource to be protected, wherein the additional resource to be protected is a chassis lock control register.

15. A computer system comprising:
- a processor;
  
  a video subsystem coupled to the processor;
  
  a network interface card for communicatively coupling the computer system to a network;
  
  at least one resource to be protected, the resource(s) coupled to the processor; and
  
  a security device coupled to the processor and the network interface card, the security device comprising;
  
  a first memory slot for securely storing a user password, the user password allowing access to the at least one resource;
  
  a second memory slot for securely storing an administrator password;
  
  a register for receiving suer key information; and
  
  comparator logic coupled to the first and second memory slots and the register, the comparator logic asserting an unlock signal for permitting access to the at least one resource if the user key information matches the user password, the comparator logic further asserting the unlock signal if the user key information matches the administrator password, wherein the comparator logic asserts a second unlock signal if the user key information matches the administrator password, the second unlock signal provided for permitting access to an additional one of the resources(s) to be protected, wherein the additional resource to be protected is a chassis lock control register, wherein the security device allows the user password to be modified following assertion of either the first unlock signal or the second unlock signal;
  
  a nonvolatile memory for storing the user password and the administrator password for provision to the security device during a secure initialization procedure; and
  
  security logic coupled to the security device and the nonvolatile memory, the security logic placing the nonvolatile memory in a locked state following provision of the user password and the administrator password to the security device and prior to any attempt to access the resource to be protected.

18. A method for gaining remote access to the computer security features of a network computer in a distributed computing environment, the network computer having a security device with a plurality of memory slots for storing at least one user password and an administrator password, the security device further having a register for receiving user key information and comparator logic for comparing the user key information to stored passwords, the method comprising the steps of:
- providing user key information to the register of the security device via a network connection;
  
  comparing the user key information to the administrator password the administrator password used for unlocking all of the plurality of memory slots of the security device; and
  
  permitting remote access to a secured network computer resource if the user key information matches the administrator password.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein step of permitting remote access to a secured network computer resource comprises asserting an unlock signal, wherein the unlock signal is also asserted when the user key matches the user password.
  - 20. The method of claim 18, wherein the network computer further includes a nonvolatile memory for storing the user password and the administrator password and security logic capable of placing the nonvolatile memory in a locked state, and wherein prior to the step of providing user key information, performing the steps of:
    - transferring the user password and the administrator password from the nonvolatile memory to the memory slots of the security device during a secure initialization procedure; and
      
      placing the nonvolatile memory in a locked state prior to any attempt to access the secured computer resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Tran, Robin T., Simonich, Christopher E.
Primary Examiner(s)
Beausoliel, Jr., Robert W.

Application Number

US09/070,458
Time in Patent Office

922 Days
Field of Search

713/202, 713/201, 713/200, 713/1, 713/2
US Class Current

726/5
CPC Class Codes

G06F 21/31 User authentication

Method and apparatus for providing remote access to security features on a computer network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing remote access to security features on a computer network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links