Secure information handling system

US 6,834,351 B1
Filed: 10/29/1999
Issued: 12/21/2004
Est. Priority Date: 10/29/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for enabling a function of an information handling system configured for communication with a central system via a communication link, the method comprising the steps of:

providing communication between the information handling system and the central system via the communication link;

requesting authentication via the communication link from the central system for enabling the function on the information handling system; and

upon receipt of the authentication from the central system, enabling the function to be performed independent of the communication link with the central system, the authentication comprising an encrypted token passed between the central system and the information handling system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for enabling functions of an information handling system such as startup (i.e., boot), loading of an operating system or execution of a software application, by requiring authentication of the information handling system. A client information handling system establishes a communication link with a central system or server via a network such as a Local Area Network (LAN) or the Internet. A request for authentication is then sent to the central system by the information handling system via the communication link. The central system, upon receiving the authentication request from the information handling system, determines if the authentication request is valid, and, if valid, provides authentication of the information handling system via one or more encrypted tokens passed from the central system to the information handling system, thereby allowing the information handling system to provide or continue to provide the function, even when disconnected from the network.

Citations

64 Claims

1. A method for enabling a function of an information handling system configured for communication with a central system via a communication link, the method comprising the steps of:
- providing communication between the information handling system and the central system via the communication link;
  
  requesting authentication via the communication link from the central system for enabling the function on the information handling system; and
  
  upon receipt of the authentication from the central system, enabling the function to be performed independent of the communication link with the central system, the authentication comprising an encrypted token passed between the central system and the information handling system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method as recited in claim 1, wherein the authentication requesting step comprises communicating an identification for the information handling system to the central system.
  - 3. The method as recited in claim 2, wherein the identification communicating step further comprises encrypting the information handling system identification.
  - 4. The method as recited in claim 1, further comprising the steps of:
5. The method as recited in claim 4, further comprising the step of encrypting the authentication.
6. The method as recited in claim 4, further comprising the step of:
- upon determining that the authentication request is invalid, denying authentication.
7. The method as recited in claim 1, further comprising the step of:
- upon failure to receive authentication from the central system, disabling the function.
8. The method as recited in claim 7, wherein the authentication requesting step is repeated a predetermined number of times before disabling the function.
9. The method as recited in claim 1, further comprising the step of terminating the communication link prior to executing at least a part of the function.
10. The method as recited in claim 9, further comprising the step of disablingthe function after usage of a predetermined number of functions enabled by the authentication has been reached.
11. The method as recited in claim 1, wherein the function comprises starting the information handling system.
12. The method as recited in claim 11, wherein starting the information handling system comprises executing a basic input/output system (BIOS).
13. The method as recited in claim 1, wherein the token allows provision of the function independent of the location of the information handling system relative to the central system.
14. The method as recited in claim 1, wherein the token allows provision of the function only from a predetermined location with regard to the communication link between the central system and the information handling system.
15. The method as recited in claim 1, wherein the token allows for execution of a predetermined number of functions from a remote location.
16. The method as recited in claim 1, wherein the function comprises loading an operating system.
17. The method as recited in claim 1, wherein the function comprises executing a software application.
18. The method as recited in claim 17, wherein each authentication received allows execution of the software application for a predetermined period of time.
19. The method as recited in claim 1, further comprising:
- ending the communication between the information handling system and the central system via the communication link after receipt of the authentication; and
  
  thereafter, performing the function.

20. A program of instructions storable on a medium readable by an information handling system for implementing a method enabling the information handling system to execute a function, said information handling system being configured to communicate with a central system via a communication link, the steps comprising:
- providing communication between the information handling system and the central system via the communication link;
  
  requesting authentication via the communication link from the central system for enabling the function on the information handling system;
  
  receiving the authentication request from the information handling system in the central system;
  
  determining if the authentication request is valid;
  
  upon validating the authentication request, providing authentication to the information handling system; and
  
  upon receipt of the authentication from the central system, enabling the function to be performed independent of the communication link with the central system.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 21. The program of instructions as recited in claim 20, wherein the authentication requesting step comprises communicating an identification for the information handling system to the central system.
  - 22. The program of instructions as recited in claim 21, wherein the identification communicating step further comprises encrypting the information handling system identification.
  - 23. The program of instructions as recited in claim 20, further comprising the step of encrypting the authentication.
  - 24. The program of instructions as recited in claim 20, further comprising the step of:
25. The program of instructions as recited in claim 20, further comprising the step of:
- upon failure to receive authentication from the central system, disabling the function.
26. The program of instructions as recited in claim 25, wherein the authentication requesting step is repeated a predetermined number of times before disabling the function.
27. The program of instructions as recited in claim 20, further comprising the step of terminating the communication link prior to executing at least a part of the function.
28. The program of instructions as recited in claim 27, further comprising the step of disabling the function after usage of a predetermined number of functions enabled by the authentication has been reached.
29. The program of instructions as recited in claim 20, wherein the function comprises starting the information handling system.
30. The program of instructions as recited in claim 29, wherein starting the information handling system comprises executing a basic input/output system (BIOS).
31. The program of instructions as recited in claim 20, wherein the function comprises loading an operating system.
32. The program of instructions as recited in claim 20, wherein the function comprises executing a software application.
33. The program of instructions as recited in claim 32, wherein each authentication received allows execution of the software application for a predetermined period of time.
34. The program of instructions as recited in claim 20, further comprising the steps of:
- ending the communication between the information handling system and the central system via the communication link after receipt of the authentication; and
  
  thereafter, performing the function.

35. An information handling system comprising:
- a processor for executing a program of instructions on the information handling system;
  
  a memory coupled to the processor for storing the program of instructions executable by the processor; and
  
  a communication device coupled to the processor for establishing a communication link between the information handling system and a central system via a network;
  
  said program of instructions being capable of configuring the information handling system to request authentication from the central system via the communication link for enabling a function, and upon receipt of authentication from the central system, enabling the function, wherein the program of instructions is capable of configuring the information handling system to terminate the communication link prior to execution of at least part of the function, the function being performed independently of the central system.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 36. The information handling system as recited in claim 35, wherein the program of instructions further configures the information handling system to communicate an identification to the central system.
  - 37. The information handling system as recited in claim 36, wherein the information handling system identification is encrypted.
  - 38. The information handling system as recited in claim 35, wherein the central system, upon receiving the authentication request from the information handling system, determines if the authentication request is valid, and upon determination that the authentication request is valid, providing authentication to the information handling system.
  - 39. The information handling system as recited in claim 38, wherein the authentication is encrypted.
  - 40. The information handling system as recited in claim 38, wherein the central system, upon determining that the authentication request is invalid, denies authentication.
  - 41. The information handling system as recited in claim 35, wherein the program of instructions further configures the information handling system to disable the function if authentication is not received from the central system.
  - 42. The information handling system as recited in claim 41, wherein the authentication request is repeated a predetermined number of times before disabling the function.
  - 43. The information handling system as recited in claim 35, wherein the program of instructions is capable of configuring the information handling system to disable the function after usage of a predetermined number of functions enabled by the authentication has been reached.
  - 44. The information handling system as recited in claim 35, wherein the function comprises starting the information handling system.
  - 45. The information handling system as recited in claim 44, wherein starting the information handling system comprises executing a basic input/output system (BIOS).
  - 46. The information handling system as recited in claim 35, wherein the function comprises loading an operating system.
  - 47. The information handling system as recited in claim 35, wherein the function comprises executing a software application.
  - 48. The information handling system as recited in claim 47, wherein each authentication received allows execution of the software application for a predetermined period of time.
  - 49. The system as recited in claim 35, wherein the program of instructions is further capable of configuring the information handling system to end the communication between the information handling system and the central system via the communication link after receipt of the authentication, and, thereafter, to perform the function.

50. An information handling system comprising:
- means for executing a program of instructions on the information handling system;
  
  means, coupled to the executing means, for storing the program of instructions executable by the executing means;
  
  means, coupled to the executing means, for establishing a communication link with a central system via a network;
  
  said program of instructions being capable of configuring the information handling system to request authentication from the central system via the communication link for enabling a function, and upon receipt of authentication from the central system, enabling the function, wherein the program of instructions is capable of configuring the information handling system to terminate the communication link prior to execution of at least part of the function, the function being performed independently of the central system.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 51. The information handling system as recited in claim 50, wherein the program of instructions further configures the information handling system to communicate an identification to the central system.
  - 52. The information handling system as recited in claim 51, wherein the information handling system identification is encrypted.
  - 53. The information handling system as recited in claim 50, wherein the central system, upon receiving the authentication request from the information handling system, determines if the authentication request is valid, and upon determination that the authentication request is valid, providing authentication to the information handling system.
  - 54. The information handling system as recited in claim 53, wherein the authentication is encrypted.
  - 55. The information handling system as recited in claim 53, wherein the central system, upon determining that the authentication request is invalid, denies authentication.
  - 56. The information handling system as recited in claim 50, wherein the program of instructions is capable of configuring the information handling system to disable the function if authentication is not received from the central system.
  - 57. The information handling system as recited in claim 56, wherein the authentication request is repeated a predetermined number of times before disabling the function.
  - 58. The information handling system as recited in claim 50, wherein the program of instructions further configures the information handling system to disable the function after usage of a predetermined number of functions enabled by the authentication has been reached.
  - 59. The information handling system as recited in claim 50, wherein the function comprises starting the information handling system.
  - 60. The information handling system as recited in claim 59, wherein starting the information handling system comprises executing a basic input/output system (BIOS).
  - 61. The information handling system as recited in claim 50, wherein the function comprises loading an operating system.
  - 62. The information handling system as recited in claim 50, wherein the function comprises executing a software application.
  - 63. The information handling system as recited in claim 62, wherein each authentication received allows execution of the software application for a predetermined period of time.
  - 64. The system as recited in claim 50, wherein the program of instructions is further capable of configuring the information handling system to end the communication between the information handling system and the central system via the communication link after receipt of the authentication, and, thereafter, to perform the function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gateway Incorporated (Acer, Inc.)
Original Assignee
Gateway Incorporated (Acer, Inc.)
Inventors
Kabenjian, Greg G.
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/430,207
Time in Patent Office

1,880 Days
Field of Search

713/2, 713/166, 713/167, 713/182, 713/183, 713/185, 713/193, 713/200, 713/201, 713/202, 713/171, 707/9, 707/10, 709/223, 709/225, 709/226, 709/203, 711/163, 711/164
US Class Current

726/9
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 2221/2115   Third party

Y10S 707/99939   Privileged access

Secure information handling system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

Secure information handling system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links