Portable computer system with hierarchical and token-based security policies

US 7,111,321 B1
Filed: 01/25/1999
Issued: 09/19/2006
Est. Priority Date: 01/25/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for protecting information stored in an information handling system, said method comprising:

reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;

requesting an authentication password from a user;

authenticating the use of the access token by comparing the password to the security policy;

setting the security policy in the information handling system; and

unlocking a nonvolatile storage device on the information handling system using the nonvolatile storage device password.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system including a processor, an access token communicator capable of being coupled to the processor and adapted to read an access token, an input device coupled to the processor that is able to receive verification data that confirms authorized access of the access token, and software executable on the processor that includes instructions to control access to the processor and including code to access the access token and the verification data, code to verify the validity of the access token using the verification data, code to set security policies in the processor, and code to control access to resources in the processor based on the security policies. In addition, a method for reading an access token, verifying the validity of the access token, setting security policies in a computer system, and unlocking a computer system and a nonvolatile storage device attached to the computer system.

160 Citations

36 Claims

1. A method for protecting information stored in an information handling system, said method comprising:
- reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  requesting an authentication password from a user;
  
  authenticating the use of the access token by comparing the password to the security policy;
  
  setting the security policy in the information handling system; and
  
  unlocking a nonvolatile storage device on the information handling system using the nonvolatile storage device password.

2. A method for assembling a computer system comprising:
- receiving a list of components for assembling the computer system;
  
  receiving, from an access token, a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  configuring the computer system using the set of security policies; and
  
  accessing the computer system with a user input password combined with the token access code such that the combined passwords match the one or more security policies configured in the computer system.
- View Dependent Claims (3, 4, 5, 6, 7)
- - 3. The method of claim 2 further comprising:
    - initializing a system password installed on the computer system.
  - 4. The method of claim 2 further comprising:
    - providing a nonvolatile storage device for the computer system, wherein the nonvolatile storage device includes a nonvolatile storage device password; and
      
      initializing the nonvolatile storage device password.
  - 5. The method of claim 2 wherein the configuring includes modifying a nonvolatile memory installed in the computer system.
  - 6. The method of claim 2 further comprising:
    - retaining a copy of the nonvolatile storage device password at a location removed from the computer system.
  - 7. The method of claim 2 further comprising:
    - configuring an access token for the computer system, the access token including the security policies and the passwords associated with the computer system.

8. A method of using an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access, said method comprising:
- transferring the computer system access code from the access token to a computer system;
  
  receiving a user input password at the computer system; and
  
  matching a computer system password with the user input password with the computer system access code from the access token to access the computer system, wherein the computer system access code includes one or more security policies configured in the computer system.
- View Dependent Claims (9)
- - 9. The method of claim 8 wherein the transferring step is performed in response to an access code received by the access token.

10. A communication device having an access token for use with a computer system, said communication device comprising:
- one or more security policies adapted to be used by the computer system, wherein the one or more security policies are stored in an encrypted format;
  
  the one or more security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface accessa security code stored on the access token, wherein the communication device transmits the one or more security policies in response to receiving an authentication code corresponding to the security code; and
  
  the security code integrated within the one or more security policies such that alteration of the security policies renders the security code inoperative.

11. A computer operable medium for protecting a computer system, said computer operable medium comprising:
- means for reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  means for receiving an authentication password from a user;
  
  means for verifying the validity of the access token based on a comparison of the authentication password to the security policy;
  
  means for setting security policies in the computer system; and
  
  means for unlocking a nonvolatile storage device on the computer system using the nonvolatile storage device password.

12. An information handling system comprising:
- means for reading an access token containing a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  means for receiving an authentication password from a user;
  
  means for verifying the validity of the access token based on a comparison of the authentication password to the security policy;
  
  means for setting security policies in the information handling system; and
  
  means for unlocking a nonvolatile storage device on the information handling system using the nonvolatile storage device password.

13. A computer system comprising:
- a processor;
  
  an access token communicator capable of being coupled to the processor, the access token communicator being adapted to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  an input device capable of being coupled to the processor, the input device adapted to receive a security code, the security code confirming authorized use of the access token;
  
  a software system executable on the processor and including a system security process for controlling operational access to the processor, the software system including;
  
  an executable program code that accesses the access token and the security code;
  
  an executable program code that verifies validity of the access token by comparing the security code to a verification data on the access token, whereby if the security code matches the verification data the access token is valid;
  
  an executable program code that receives the set of security policies from the access token in the processor if the access token is valid; and
  
  an executable program code that controls access to resources in the processor based on the security policies.
- View Dependent Claims (14, 15, 16, 20, 21, 22, 23)
- - 14. The computer system of claim 13 further comprising:
    - a nonvolatile storage device operably coupled to the processor;
      
      a nonvolatile storage device access password that selectively allows access to the nonvolatile storage device, wherein the nonvolatile storage device password is supplied in response to the executable program code verifying that the security code matches the verification data on the access token.
  - 15. The computer system of claim 14, wherein at least one of the set of security policies is stored within the nonvolatile storage device password.
  - 16. The computer system of claim 13 wherein one of the set of security policies corresponds to the verification data.
  - 20. The computer system of claim 14 wherein one or more bytes of the nonvolatile storage device access password are in a non-keyboard enterable format.
  - 21. The computer system of claim 13 wherein the access token includes one or more bytes of data in a non-keyboard enterable format.
  - 22. The computer system of claim 13 wherein the verification data includes biometric data supplied by a user.
  - 23. The computer system of claim 13 wherein the input device includes a keyboard and the verification data includes a personal identification number.

17. A computer system comprising:
- a processor;
  
  an access token communicator capable of being coupled to the processor, the access token communicator being adapted to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  an input device capable of being coupled to the processor, the input device being adapted to receive verification data, the verification data confirming authorized use of the access token;
  
  a software system executable on the processor and including a system security process controlling operational access to the processor, the software system including;
  
  an executable program code that accesses the access token and the verification data;
  
  an executable program code that verifies validity of the access token using the verification data;
  
  an executable program code that sets security policies in the processor, wherein one of the one or more policies includes a BIOS control information that is used to configure the computer system; and
  
  an executable program code that controls access to resources in the processor based on the security policies.
- View Dependent Claims (18)
- - 18. The computer system of claim 17 wherein the BIOS control information further includes password change information, the password change information including one or more password change settings for a user using the one or more security policies.

19. A computer system comprising:
- a processor;
  
  an access token communicator capable of being coupled to the processor, the access token communicator being adapted to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  an input device capable of being coupled to the processor, the input device being adapted to receive verification data, the verification data confirming authorized use of the access token;
  
  a software system executable on the processor and including a system security process controlling operational access to the processor, the software system including;
  
  an executable program code that accesses the access token and the verification data;
  
  an executable program code that verifies validity of the access token using the verification data;
  
  an executable program code that sets security policies in the processor;
  
  an executable program code that controls access to resources in the processor based on the security policies; and
  
  a display device, wherein one of the one or more security policies includes one or more interface settings that control a desktop presentation on the display device.

24. A computer system comprising:
- one or more processors;
  
  memory electrically interconnected to the one or more processors;
  
  an operating system for controlling the operation of the one or more processors;
  
  an access token communication device electrically interconnected to at least one of the one or more processors, the access token communication device being operable to read an access token comprising a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  an input device electrically interconnected to at least one of the one or more processors, the input device operable to transmit a security code from a user to the one or more processors;
  
  a nonvolatile storage device electrically interconnected to at least one of the one or more processors, the nonvolatile storage device including a nonvolatile memory;
  
  a set of security policies associated with the operating system, the operating system operable to receive the security code for selectively enabling the set of security policies to limit access to the computer system; and
  
  the operating system permitting access to the nonvolatile storage device and the one or more processors if the security code and the set of security policies match an authorization data stored in the nonvolatile memory,wherein the access token further includes verification data, the verification data operable to provide the security policies to the nonvolatile memory if the security code matches an authentication code stored in the access token.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 25. The computer system of claim 24 wherein the operating system includes a BIOS and the BIOS is stored in the nonvolatile memory that is electrically interconnected to the one or more processors.
  - 26. The computer system of claim 24 wherein the access token communication device includes a smart card communication device.
  - 27. The computer system of claim 24 wherein the access token communication device includes network circuitry that is adapted to receive signals from one or more computers interconnected on a computer network.
  - 28. The computer system of claim 24 wherein the access token communication device includes a modem that receives signals from a communications line.
  - 29. The computer system of claim 24 wherein the input device is a keyboard.
  - 30. The computer system of claim 24 wherein the input device includes a biometric data reading device.
  - 31. The computer system of claim 24 wherein the biometric data reading device includes a fingerprint scanner.
  - 32. The computer system of claim 24 wherein the biometric data reading device includes a retinal scanning device.
  - 33. The computer system of claim 24 wherein the nonvolatile storage device includes a hard disk drive.
  - 34. The computer system of claim 24 further comprising a data access code stored in the nonvolatile memory, wherein a data request code corresponding to the data access code alters a state of the nonvolatile storage device.

35. A method for accessing a computer system, said method comprising:
- providing a computer system, the computer system including;
  
  one or more processors;
  
  a memory operably coupled to the one or more processors;
  
  an operating system for controlling the operation of the one or more processors;
  
  an access token reading device that is adapted to read a computer system access code and a nonvolatile storage device password integrated within a set of security policies such that alteration of the security policies renders the access code and password inoperative, stored on an access token, the security policies comprising at least one security policy selected from the group consisting of policies relating to BIOS settings and policies relating to screen interface access;
  
  an input device adapted to transmit verification data to the operating system, the verification data confirming authorized use of the access token;
  
  a nonvolatile storage device operably coupled to the memory;
  
  the nonvolatile storage device access password selectively allows access to the nonvolatile storage device, wherein the nonvolatile storage device password is supplied in response to the access token reading device reading the access token and the input device receiving verification data;
  
  storing computer system access code on the access token; and
  
  comparing the verification data to the computer system access code and the nonvolatile storage device password for access to the computer system.
- View Dependent Claims (36)
- - 36. The method of claim 35 further comprising:
    - storing a password corresponding to the nonvolatile storage device password on the nonvolatile storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Watts, La Vaughn F. Jr., Dailey, James E.
Primary Examiner(s)
Revak, Christopher
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US09/237,016
Time in Patent Office

2,794 Days
Field of Search

713/1, 713/2, 713/100, 713/182, 713184-185, 713/166, 713/172, 713/159, 713200-202, 709223-229, 726/1, 726/2, 726/3, 726/4, 726/9, 726/27, 726/34, 705/50, 705/55
US Class Current

726/2
CPC Class Codes

G06F 21/34 involving the use of extern...

Portable computer system with hierarchical and token-based security policies

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Portable computer system with hierarchical and token-based security policies

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links