System and method for remote security enablement

US 7,568,225 B2
Filed: 09/08/2004
Issued: 07/28/2009
Est. Priority Date: 09/08/2004
Status: Active Grant

First Claim

Patent Images

1. A system for remote security enablement, comprising:

a trusted platform module (TPM) disposed on a user client;

an administration client configured to, via a communication network;

interface with the user client to authorize access to the TPM of the user client by the administration client;

determine whether the TPM is enabled;

interface with the TPM to determine whether ownership of the TPM has been previously established;

where if ownership of the TPM has not been previously established, the administration client establishes ownership of the TPM; and

where the administration client interfaces with the BIOS of the user client to determine whether taking ownership of the TPM by the administration client is enabled; and

where the administration client is configured to access, via the communication network, the user client to enable the TPM on a re-boot of the user client, and wherein the user client is configured to request an input from a user of the user client on the re-boot corresponding to enablement of the TPM.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for remote security enablement comprises a trusted platform module (TPM) disposed on a user client and an administration client adapted to access, via a communication network, the user client to cause enablement of the TPM on a subsequent boot of the user client.

38 Citations

View as Search Results

31 Claims

1. A system for remote security enablement, comprising:
- a trusted platform module (TPM) disposed on a user client;
  
  an administration client configured to, via a communication network;
  
  interface with the user client to authorize access to the TPM of the user client by the administration client;
  
  determine whether the TPM is enabled;
  
  interface with the TPM to determine whether ownership of the TPM has been previously established;
  
  where if ownership of the TPM has not been previously established, the administration client establishes ownership of the TPM; and
  
  where the administration client interfaces with the BIOS of the user client to determine whether taking ownership of the TPM by the administration client is enabled; and
  
  where the administration client is configured to access, via the communication network, the user client to enable the TPM on a re-boot of the user client, and wherein the user client is configured to request an input from a user of the user client on the re-boot corresponding to enablement of the TPM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the administration client is configured to cause the user client to notify the user of the user client that the TPM is being enabled.
  - 3. The system of claim 1, wherein the administration client is configured to cause the user client to display a prompt to the user of the user client requesting acceptance of the TPM enablement.
  - 4. The system of claim 1, wherein the user client is configured to receive an acceptance input from the user of the user client indicating acceptance of the TPM enablement.
  - 5. The system of claim 1, wherein the user client is configured to receive a rejection input from a user of the user client indicating rejection of the TPM enablement.
  - 6. The system of claim 1, wherein the administration client is configured to cause the user client to display a prompt to the user of the user client to enable the user to reject the TPM enablement.
  - 7. The system of claim 1, wherein the administration client is configured to instruct a basic input/output system (BIOS) of the user client to enable the TPM on the re-boot of the user client.
  - 8. The system of claim 1, wherein the administration client is configured to cause the user client to display a prompt to the user of the user client during the re-boot to notify the user of the TPM enablement.
  - 9. The system of claim 1, wherein the user client is configured to indicate to the administration client whether ownership of the TPM has been previously established.
  - 10. The system of claim 1, wherein the user client is configured to enable ownership of the TPM by the administration client.

11. A system for remote security enablement, comprising:
- means for enabling access to a user client by an administration client via a communication network;
  
  where the administration client is configured to, via the communication network;
  
  interface with the user client to authorize access to a trusted platform module (TPM) of the user client by the administration client;
  
  determine whether the TPM is enabled;
  
  interface with the TPM to determine whether ownership of the TPM has been previously established;
  
  where if ownership of the TPM has not been previously established, the administration client establishes ownership of the TPM; and
  
  where the administration client interfaces with the BIOS of the user client to determine whether taking ownership of the TPM by the administration client is enabled; and
  
  means for enabling the administration client to cause enablement of the trusted platform module (TPM) of the user client on a re-boot of the user client, and wherein the means for enabling enablement of the TPM comprises means for configuring the user client to request an input from a user of the user client on the re-boot corresponding to enablement of the TPM.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, further comprising means for displaying a prompt on the user client requesting the user of the user client to accept the TPM enablement.
  - 13. The system of claim 11, further comprising means for receiving a rejection input by the user of the user client indicating user rejection the TPM enablement.
  - 14. The system of claim 11, further comprising means for receiving an acceptance input from the user of the user client indicating user acceptance of the TPM enablement.
  - 15. The system of claim 11, further comprising means for notifying the user of the user client that the TPM will be enabled on the re-boot of the user client.

16. A remote security enablement method, comprising:
- establishing a communication session between a user client and an administration client via a communication network;
  
  enabling the administration client to cause enablement of a trusted platform module (TPM) of the user client on a re-boot of the user client, where the enabling comprises;
  
  interfacing with the user client to authorize access to the TPM of the user client by the administration client;
  
  determining whether the TPM is enabled;
  
  interfacing with the TPM to determine whether ownership of the TPM has been previously established;
  
  where if ownership of the TPM has not been previously established, establishing ownership of the TPM; and
  
  where the administration client interfaces with the BIOS of the user client to determine whether taking ownership of the TPM by the administration client is enabled; and
  
  enabling the administration client to configure the user client to request an input from a user of the user client on the re-boot corresponding to enablement of the TPM.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, further comprising displaying a prompt on the user client requesting the user of the user client to accept the TPM enablement.
  - 18. The method of claim 16, further comprising receiving a rejection input by the user of the user client indicating user rejection the TPM enablement.
  - 19. The method of claim 16, further comprising receiving an acceptance input from the user of the user client indicating user acceptance of the TPM enablement.
  - 20. The method of claim 16, further comprising notifying the user of the user client that the TPM will be enabled on the re-boot of the user client.
  - 21. The method of claim 16, further comprising determining an ownership state of the TPM.
  - 22. The method of claim 16, further comprising enabling ownership of the TPM by the administration client.
  - 23. The method of claim 16, further comprising displaying a prompt on the user client notifying the user of the user client of TPM enablement and requesting the user to provide an input response to continue processing on the user client.

24. A system for remote security enablement, comprising:
- a remote TPM enablement module disposed on a user client, the remote TPM enablement module configured to cause enablement of a trusted platform module (TPM) of the user client on a re-boot of the user client in response to a TPM enablement request received from an administration client via a communication network,where the user client is configured to;
  
  interface with the administrative client to authorize access to a trusted platform module (TPM) of the user client;
  
  determine whether the TPM is enabled;
  
  interface with the TPM to determine whether ownership of the TPM has been previously established;
  
  where if ownership of the TPM has not been previously established, respond to the administration client to establish ownership of the TPM; and
  
  where a basic input/output system (BIOS) of the user client interfaces with the administration client to determine whether taking ownership of the TPM by the administration client is enabled; and
  
  the remote TPM enablement module configured to apply at least one of a plurality of different policy settings set forth by the administration client for notifying a user of the user client of enablement of the TPM on the re-boot.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The system of claim 24, the TPM enablement module configured to display a prompt on the user client notifying the user of the user client of the TPM enablement.
  - 26. The system of claim 24, the TPM enablement module configured to display a prompt on the user client requesting the user of the user client to indicate acceptance of the TPM enablement.
  - 27. The system of claim 24, the TPM enablement module configured to receive an input response from the user of the user client indicating acceptance of the TPM enablement.
  - 28. The system of claim 24, the TPM enablement module configured to receive an input response from the user of the user client indicating rejection of the TPM enablement.
  - 29. The system of claim 24, the user client configured to indicate an ownership state of the TPM to the administration client.
  - 30. The system of claim 24, the user client configured to enable ownership of the TPM by the administration client.
  - 31. The system of claim 24, the remote TPM enablement module configured to initiate the subsequent boot of the user client in response to the enablement request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workday Incorporated
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Wang, Lan, Ali, Valiuddin, Rios, Jennifer
Primary Examiner(s)
COLIN, CARL G

Application Number

US10/936,918
Publication Number

US 20060053277A1
Time in Patent Office

1,784 Days
Field of Search

726/4, 726/17, 726/21, 713/1, 713/2, 713/100, 713/193, 713/185
US Class Current

726/17
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/575   Secure boot

G06F 9/4403   Processor initialisation

System and method for remote security enablement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remote security enablement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links