Method and apparatus for a secure network install

US 7,941,509 B2
Filed: 05/28/2008
Issued: 05/10/2011
Est. Priority Date: 07/21/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for a secure network install for a client, the computer implemented method comprising:

receiving a request for a boot image file from a client at a proxy server to form a received request, wherein the request is for the secure network install by using a modified client remote boot control code, wherein the modified client remote boot control code places the client in a Secure Bootfile Download Discovery (SBDD) mode, wherein the request for the boot image file includes a location of the boot image file and a client Internet Protocol address, and wherein the proxy server and the client are on a same subnet;

responsive to receiving the request, locating, by the proxy server, a boot image file server from a list of servers and corresponding boot image files for the boot image file server by performing a lookup of the boot image file in a mapping file to form a located boot image file wherein the mapping file includes the list of servers and corresponding boot image files;

identifying, by the proxy server, an Internet Protocol address of the boot image file server for the boot image file;

retrieving, by the proxy server, the located boot image file from the boot image file server using a secure file transfer protocol to form a retrieved boot image file, wherein the secure file transfer protocol includes at least one of file encryption and checksum verification; and

sending the retrieved boot image file from the proxy server to the client, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, an apparatus, and computer instructions are provided for a secure network install. One aspect of the present invention provides a proxy server within the same subnet of the client for performing a lookup of the boot image file and downloading the boot image file from a boot file server in a secure manner. The client in turn downloads the file from the proxy TFTP server. Another aspect of the present invention modifies the client remote boot code to include a secure boot file download discovery (SBDD) mode. The client starts the SBDD mode by sending a request for a boot image file to a subnet broadcast address and port, which is listened by a proxy TFTP server. The proxy TFTP server receives the client request and downloads the boot image file. The client in turn downloads the boot image file from the proxy TFTP server.

Citations

22 Claims

1. A computer implemented method for a secure network install for a client, the computer implemented method comprising:
- receiving a request for a boot image file from a client at a proxy server to form a received request, wherein the request is for the secure network install by using a modified client remote boot control code, wherein the modified client remote boot control code places the client in a Secure Bootfile Download Discovery (SBDD) mode, wherein the request for the boot image file includes a location of the boot image file and a client Internet Protocol address, and wherein the proxy server and the client are on a same subnet;
  
  responsive to receiving the request, locating, by the proxy server, a boot image file server from a list of servers and corresponding boot image files for the boot image file server by performing a lookup of the boot image file in a mapping file to form a located boot image file wherein the mapping file includes the list of servers and corresponding boot image files;
  
  identifying, by the proxy server, an Internet Protocol address of the boot image file server for the boot image file;
  
  retrieving, by the proxy server, the located boot image file from the boot image file server using a secure file transfer protocol to form a retrieved boot image file, wherein the secure file transfer protocol includes at least one of file encryption and checksum verification; and
  
  sending the retrieved boot image file from the proxy server to the client, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.
- View Dependent Claims (2, 3)
- - 2. The computer implemented method of claim 1, wherein the proxy server is a trivial file transfer protocol server.
  - 3. The computer implemented method of claim 1, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.

4. A computer implemented method for a secure network install for a client, the computer implemented method comprising:
- detecting, by a proxy server, a broadcast of a boot image file request initiated by a client at a subnet broadcast address and port used by the proxy server to form a detected request wherein the request is for the secure network install by using a modified client remote boot control code, wherein the modified client remote boot control code places the client in a Secure Bootfile Download Discovery (SBDD) mode, wherein the request for the boot image file includes a location of the boot image file and a client Internet Protocol address;
  
  responsive to detecting the request, locating, by the proxy server, a boot image file server from a list of servers and corresponding boot image files for the boot image file server by performing a lookup of the boot image file in a mapping file to form a located boot image file wherein the mapping file includes the list of servers and corresponding boot image files;
  
  identifying, by the proxy server, an Internet Protocol address of the boot image file server for the boot image file;
  
  retrieving, by the proxy server, the boot image file from a boot image file server using a secure file transfer protocol to form a retrieved boot image file, wherein the secure file transfer protocol includes at least one of file encryption and checksum verification;
  
  andsending the retrieved boot image file from the proxy server to the client, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.
- View Dependent Claims (6, 8, 9, 10)
- - 6. The computer implemented method of claim 4, wherein the proxy server is a trivial file transfer protocol server and wherein the proxy server and the client are on a same subnet.
  - 8. The computer implemented method of claim 4, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the boot image file server from a dynamic host configuration protocol server.
  - 9. The computer implemented method of claim 8, wherein the boot image file request includes the Internet Protocol address of the boot image file server.
  - 10. The computer implemented method of claim 4, wherein the subnet broadcast address and port is listened by all devices that belong to a same subnet.

5. A computer implemented method for a secure network install for a client, the computer implemented method comprising:
- detecting, by a proxy server, a modification of a remote boot code of a client to include a secure boot image file download discovery mode;
  
  responsive to detecting the request, initiating, by the proxy server, the secure boot image file download discovery mode to send a request for a boot image file to a subnet broadcast address and port wherein the request is for the secure network install by using a modified client remote boot control code, wherein the modified client remote boot control code places the client in a Secure Bootfile Download Discovery (SBDD) mode, wherein the request for the boot image file includes a location of the boot image file and a client Internet Protocol address;
  
  locating, by the proxy server, a boot image file server from a list of servers and corresponding boot image files for the boot image file server by performing a lookup of the boot image file in a mapping file to form a located boot image file wherein the mapping file includes the list of servers and corresponding boot image files;
  
  identifying, by the proxy server, an Internet Protocol address of the boot image file server for the boot image file;
  
  retrieving, by the proxy server, the boot image file from a boot image file server using a secure file transfer protocol to form a retrieved boot image file, wherein the secure file transfer protocol includes at least one of file encryption and checksum verification; and
  
  sending the retrieved boot image file from the proxy server to the client, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.
- View Dependent Claims (7)
- - 7. The computer implemented method of claim 5, wherein the remote boot code is a set of instructions embedded within firmware of the client for locating and downloading the boot image file.

11. A computer program product comprising:
- a non-transitory computer usable storage medium having computer usable program code for a secure network install, the computer program product including;
  
  computer usable program code for receiving a request for a boot image file from a client at a proxy server to form a received request, wherein the request is for the secure network install by using a modified client remote boot control code, wherein the modified client remote boot control code places the client in a Secure Bootfile Download Discovery (SBDD) mode, wherein the request for the boot image file includes a location of the boot image file and a client Internet Protocol address, and wherein the proxy server and the client are on a same subnet;
  
  computer usable program code for responsive to receiving the request, locating, by the proxy server, a boot image file server from a list of servers and corresponding boot image files for the boot image file server by performing a lookup of the boot image file in a mapping file to form a located boot image file wherein the mapping file includes the list of servers and corresponding boot image files;
  
  computer usable program code for identifying, by the proxy server, an Internet Protocol address of the boot image file server for the boot image file;
  
  computer usable program code for retrieving, by the proxy server, the located boot image file from the boot image file server using a secure file transfer protocol to form a retrieved boot image file, wherein the secure file transfer protocol includes at least one of file encryption and checksum verification;
  
  andcomputer usable program code for sending the retrieved boot image file from the proxy server to the client, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.
- View Dependent Claims (12, 13, 14)
- - 12. The computer program product of claim 11, wherein the proxy server is a trivial file transfer protocol server.
  - 13. The computer program product of claim 11, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.
  - 14. The computer program product of claim 11, wherein the computer usable program code is executed in a data processing system comprising:
    - a bus,a storage device, wherein the storage device contains the computer usable program code;
      
      a communications unit connected to the bus; and
      
      a processing unit connected to the bus that executes the computer usable program code.

15. A computer program product comprising:
- a non-transitory computer usable storage medium having computer usable program code for a secure network install, the computer program product including;
  
  computer usable program code for detecting, by a proxy server, a broadcast of a boot image file request initiated by a client at a subnet broadcast address and port used by the proxy server to form a detected request wherein the request is for the secure network install by using a modified client remote boot control code, wherein the modified client remote boot control code places the client in a Secure Bootfile Download Discovery (SBDD) mode, wherein the request for the boot image file includes a location of the boot image file and a client Internet Protocol address;
  
  computer usable program code for responsive to detecting the request, locating, by the proxy server, a boot image file server from a list of servers and corresponding boot image files for the boot image file server by performing a lookup of the boot image file in a mapping file to form a located boot image file wherein the mapping file includes the list of servers and corresponding boot image files;
  
  computer usable program code for identifying, by the proxy server, an Internet Protocol address of the boot image file server for the boot image file;
  
  computer usable program code for retrieving, by the proxy server, the boot image file from a boot image file server using a secure file transfer protocol to form a retrieved boot image file, wherein the secure file transfer protocol includes at least one of file encryption and checksum verification;
  
  andcomputer usable program code for sending the retrieved boot image file from the proxy server to the client, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the proxy server from a dynamic host configuration protocol server.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The computer program product of claim 15, wherein the computer program product further comprises:
    - computer usable program code for detecting a modification of a remote boot code of the client to include a secure boot image file download discovery mode;
      
      computer usable program code for initiating the secure boot image file download discovery mode to send a request for a boot image file to a subnet broadcast address and port; and
      
      computer usable program code for receiving the boot image file from the proxy server, wherein the proxy server and the client are on a same subnet.
  - 17. The computer program product of claim 15, wherein the proxy server is a trivial file transfer protocol server.
  - 18. The computer program product of claim 16, wherein the remote boot code is a set of instructions embedded within firmware of the client for locating and downloading the boot image file.
  - 19. The computer program product of claim 15, wherein the client receives the client Internet Protocol address, the location of the boot image file, and an Internet Protocol address of the boot image file server from a dynamic host configuration protocol server.
  - 20. The computer program product of claim 15, wherein the boot image file request includes the Internet Protocol address of the boot image file server.
  - 21. The computer program product of claim 15, wherein the subnet broadcast address and port is listened by all devices that belong to a same subnet.
  - 22. The computer program product of claim 16, wherein the computer usable program code is executed in a data processing system comprising:
    - a bus,a storage device, wherein the storage device contains the computer usable program code;
      
      a communications unit connected to the bus; and
      
      a processing unit connected to the bus that executes the computer usable program code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Vallabhaneni, Vasu, Sharma, Rakesh
Primary Examiner(s)
Vaughn, Jr.; William C
Assistant Examiner(s)
Ibrahim; Mohamed

Application Number

US12/128,176
Publication Number

US 20080256221A1
Time in Patent Office

1,077 Days
Field of Search

709/203, 709/217, 709/219, 709/220, 709/222, 713/2, 717176-178
US Class Current

709/220
CPC Class Codes

G06F 9/4416   Network booting; Remote ini...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 67/06   specially adapted for file ...

H04L 67/34   involving the movement of s...

Method and apparatus for a secure network install

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a secure network install

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links