Portable computer system with hierarchical and token-based security policies
First Claim
1. A method for protecting information stored in an information handling system, said method comprising:
- reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
requesting an authentication password from a user;
authenticating the use of the access token by comparing the password to the security policy;
setting the security policy in the information handling system; and
unlocking a nonvolatile storage device on the information handling system using the nonvolatile storage device password.
13 Assignments
0 Petitions
Accused Products
Abstract
A computer system including a processor, an access token communicator capable of being coupled to the processor and adapted to read an access token, an input device coupled to the processor that is able to receive verification data that confirms authorized access of the access token, and software executable on the processor that includes instructions to control access to the processor and including code to access the access token and the verification data, code to verify the validity of the access token using the verification data, code to set security policies in the processor, and code to control access to resources in the processor based on the security policies. In addition, a method for reading an access token, verifying the validity of the access token, setting security policies in a computer system, and unlocking a computer system and a nonvolatile storage device attached to the computer system.
160 Citations
36 Claims
-
1. A method for protecting information stored in an information handling system, said method comprising:
-
reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; requesting an authentication password from a user; authenticating the use of the access token by comparing the password to the security policy; setting the security policy in the information handling system; and unlocking a nonvolatile storage device on the information handling system using the nonvolatile storage device password.
-
-
2. A method for assembling a computer system comprising:
-
receiving a list of components for assembling the computer system; receiving, from an access token, a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; configuring the computer system using the set of security policies; and accessing the computer system with a user input password combined with the token access code such that the combined passwords match the one or more security policies configured in the computer system. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
8. A method of using an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access, said method comprising:
-
transferring the computer system access code from the access token to a computer system; receiving a user input password at the computer system; and matching a computer system password with the user input password with the computer system access code from the access token to access the computer system, wherein the computer system access code includes one or more security policies configured in the computer system. - View Dependent Claims (9)
-
-
10. A communication device having an access token for use with a computer system, said communication device comprising:
-
one or more security policies adapted to be used by the computer system, wherein the one or more security policies are stored in an encrypted format;
the one or more security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface accessa security code stored on the access token, wherein the communication device transmits the one or more security policies in response to receiving an authentication code corresponding to the security code; and the security code integrated within the one or more security policies such that alteration of the security policies renders the security code inoperative.
-
-
11. A computer operable medium for protecting a computer system, said computer operable medium comprising:
-
means for reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; means for receiving an authentication password from a user; means for verifying the validity of the access token based on a comparison of the authentication password to the security policy; means for setting security policies in the computer system; and means for unlocking a nonvolatile storage device on the computer system using the nonvolatile storage device password.
-
-
12. An information handling system comprising:
-
means for reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; means for receiving an authentication password from a user; means for verifying the validity of the access token based on a comparison of the authentication password to the security policy; means for setting security policies in the information handling system; and means for unlocking a nonvolatile storage device on the information handling system using the nonvolatile storage device password.
-
-
13. A computer system comprising:
-
a processor; an access token communicator capable of being coupled to the processor, the access token communicator being adapted to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; an input device capable of being coupled to the processor, the input device adapted to receive a security code, the security code confirming authorized use of the access token; a software system executable on the processor and including a system security process for controlling operational access to the processor, the software system including; an executable program code that accesses the access token and the security code; an executable program code that verifies validity of the access token by comparing the security code to a verification data on the access token, whereby if the security code matches the verification data the access token is valid; an executable program code that receives the set of security policies from the access token in the processor if the access token is valid; and an executable program code that controls access to resources in the processor based on the security policies. - View Dependent Claims (14, 15, 16, 20, 21, 22, 23)
-
-
17. A computer system comprising:
-
a processor; an access token communicator capable of being coupled to the processor, the access token communicator being adapted to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; an input device capable of being coupled to the processor, the input device being adapted to receive verification data, the verification data confirming authorized use of the access token; a software system executable on the processor and including a system security process controlling operational access to the processor, the software system including; an executable program code that accesses the access token and the verification data; an executable program code that verifies validity of the access token using the verification data; an executable program code that sets security policies in the processor, wherein one of the one or more policies includes a BIOS control information that is used to configure the computer system; and an executable program code that controls access to resources in the processor based on the security policies. - View Dependent Claims (18)
-
-
19. A computer system comprising:
-
a processor; an access token communicator capable of being coupled to the processor, the access token communicator being adapted to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; an input device capable of being coupled to the processor, the input device being adapted to receive verification data, the verification data confirming authorized use of the access token; a software system executable on the processor and including a system security process controlling operational access to the processor, the software system including; an executable program code that accesses the access token and the verification data; an executable program code that verifies validity of the access token using the verification data; an executable program code that sets security policies in the processor; an executable program code that controls access to resources in the processor based on the security policies; and a display device, wherein one of the one or more security policies includes one or more interface settings that control a desktop presentation on the display device.
-
-
24. A computer system comprising:
-
one or more processors; memory electrically interconnected to the one or more processors; an operating system for controlling the operation of the one or more processors; an access token communication device electrically interconnected to at least one of the one or more processors, the access token communication device being operable to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; an input device electrically interconnected to at least one of the one or more processors, the input device operable to transmit a security code from a user to the one or more processors; a nonvolatile storage device electrically interconnected to at least one of the one or more processors, the nonvolatile storage device including a nonvolatile memory; a set of security policies associated with the operating system, the operating system operable to receive the security code for selectively enabling the set of security policies to limit access to the computer system; and the operating system permitting access to the nonvolatile storage device and the one or more processors if the security code and the set of security policies match an authorization data stored in the nonvolatile memory, wherein the access token further includes verification data, the verification data operable to provide the security policies to the nonvolatile memory if the security code matches an authentication code stored in the access token. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method for accessing a computer system, said method comprising:
-
providing a computer system, the computer system including; one or more processors; a memory operably coupled to the one or more processors; an operating system for controlling the operation of the one or more processors; an access token reading device that is adapted to read a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, stored on an access token, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access; an input device adapted to transmit verification data to the operating system, the verification data confirming authorized use of the access token; a nonvolatile storage device operably coupled to the memory; the nonvolatile storage device access password selectively allows access to the nonvolatile storage device, wherein the nonvolatile storage device password is supplied in response to the access token reading device reading the access token and the input device receiving verification data; storing computer system access code on the access token; and comparing the verification data to the computer system access code and the nonvolatile storage device password for access to the computer system. - View Dependent Claims (36)
-
Specification