Detecting unauthorized computer access

US 8,250,630 B2
Filed: 03/05/2009
Issued: 08/21/2012
Est. Priority Date: 03/05/2009
Status: Active Grant

First Claim

Patent Images

1. A machine executed method comprising:

at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer;

the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted;

after the root-administrator access is terminated, maintaining the stored access state data in the second state to continue to indicate that root-administrator access to the OS was granted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine executed method comprising at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer; the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted.

Citations

22 Claims

1. A machine executed method comprising:
- at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer;
  
  the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted;
  
  after the root-administrator access is terminated, maintaining the stored access state data in the second state to continue to indicate that root-administrator access to the OS was granted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16, 17)
- - 2. The method of claim 1, wherein the second state is associated with a lesser amount of technical support services than the first state.
  - 3. The method of claim 1, wherein the state data originally comprises a secret key value, and wherein modifying the state data comprises deleting the secret key value.
  - 4. The method of claim 1, wherein the state data originally comprises a secret key value, and further comprising the first computer generating and displaying a warranty verification number on a display device that is coupled to the first computer, wherein the generating comprises one-way hash logic in the first computer processing at least the secret key, a current time, and a serial number associated with the first computer.
  - 5. The method of claim 1, wherein the state data originally comprises a secret key value, and further comprising the first computer receiving a challenge value, and generating and displaying a warranty verification number on a display device that is coupled to the first computer, wherein the generating comprises one-way hash logic in the first computer processing at least the secret key, the challenge value, and a serial number associated with the first computer.
  - 6. The method of claim 1, further comprising re-imaging the OS and changing the stored state value to the first state associated with the OS.
  - 7. The method of claim 1, further comprising, in response to receiving the request to gain root-administrator access, displaying on a display device coupled to the first computer, a warning message indicating that gaining root-administrator access will reduce support for the OS, and receiving user input indicating confirmation to accept reduced support and gain root-administrator access.
  - 8. The method of claim 1, wherein the state data comprises a secret key value, and further comprising generating a first warranty verification number for the first computer based on the secret key value, wherein the first warranty verification number is valid for a specified time after the generating;
    - in response to receiving the request to gain root-administrator access to the operating system (OS), deleting the secret key value and granting the root-administrator access of the OS.
  - 9. The method of claim 1, wherein the state data comprises at least a first secret key value and a second secret key value, and further comprising:
    - the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access, deleting the first secret key value, and modifying stored state data from a first state associated with the OS to a third state associated with the OS, wherein the third state is different than the first state and the third state indicates that root-administrator access to the OS was granted;
      
      the first computer receiving a second request to gain root-administrator access;
      
      the first computer, in response to receiving the second request to gain root-administrator access, granting the root-administrator access, deleting the second secret key value, and modifying stored state data from a first state associated with the OS to the second state associated with the OS, wherein the second state indicates that root-administrator access to the OS was granted.
  - 16. The computer of claim 1, wherein the state data comprises a secret key value, and wherein the access logic is further configured to cause generating a first warranty verification number for the first computer based on the secret key value, wherein the first warranty verification number is valid for a specified time after the generating;
    - in response to receiving the request to gain root-administrator access to the operating system (OS), deleting the secret key value and granting the root-administrator access of the OS.
  - 17. The computer of claim 1, wherein the state data comprises at least a first secret key value and a second secret key value, and wherein the access logic is further configured to cause:
    - the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access, deleting the first secret key value, and modifying stored state data from a first state associated with the OS to a third state associated with the OS, wherein the third state is different than the first state and the third state indicates that root-administrator access to the OS was granted;
      
      the first computer receiving a second request to gain root-administrator access;
      
      the first computer, in response to receiving the second request to gain root-administrator access, granting the root-administrator access, deleting the second secret key value, and modifying stored state data from a first state associated with the OS to the second state associated with the OS, wherein the second state indicates that root-administrator access to the OS was granted.

10. A computer comprising:
- operating system logic comprising a command interface that provides one command configured to process requests to obtain root-administrator shell access, and an encrypted filesystem;
  
  access state data stored in the encrypted filesystem;
  
  access logic coupled to the operating system logic and coupled to the access state data, wherein the access logic is configured upon execution to cause the computer to perform;
  
  receiving from a second computer a request to gain root-administrator access to the operating system logic of the first computer;
  
  in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the operating system logic to a second state associated with the operating system logic, wherein the second state is different than the first state and the second state indicates that root-administrator access to the operating system logic was granted;
  
  after the root-administrator access is terminated, maintaining the stored access state data in the second state to continue to indicate that root-administrator access to the OS was granted.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer of claim 10, wherein the state data originally comprises a secret key value, and wherein the access logic is configured to modify the state data by deleting the secret key value.
  - 12. The computer of claim 10, wherein the state data originally comprises a secret key value, and wherein the access logic is further configured to cause the first computer generating and displaying a warranty verification number on a display device that is coupled to the first computer, wherein the generating comprises one-way hash logic in the first computer processing at least the secret key, a current time, and a serial number associated with the first computer.
  - 13. The computer of claim 10, wherein the state data originally comprises a secret key value, and wherein the access logic is further configured to cause the first computer receiving a challenge value, and generating and displaying a warranty verification number on a display device that is coupled to the first computer, wherein the generating comprises one-way hash logic in the first computer processing at least the secret key, the challenge value, and a serial number associated with the first computer.
  - 14. The computer of claim 10, wherein the access logic is further configured to cause re-imaging the operating system logic and changing the stored state value to the first state associated with the operating system logic.
  - 15. The computer of claim 10, wherein the access logic is further configured to cause, in response to receiving the request to gain root-administrator access, displaying on a display device coupled to the first computer, a warning message indicating that gaining root-administrator access will reduce support for the OS, and receiving user input indicating confirmation to accept reduced support and gain root-administrator access.

18. A non-transitory computer-readable storage medium comprising one or more sequences of instructions which when executed cause one or more processors to perform:
- at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer;
  
  the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted;
  
  after the root-administrator access is terminated, maintaining the stored access state data in the second state to continue to indicate that root-administrator access to the OS was granted.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the state data originally comprises a secret key value, and further comprising instructions which when executed cause the first computer receiving a challenge value, and generating and displaying a warranty verification number on a display device that is coupled to the first computer, wherein the generating comprises one-way hash logic in the first computer processing at least the secret key, the challenge value, and a serial number associated with the first computer.
  - 20. The non-transitory computer-readable storage medium of claim 18, wherein the state data comprises at least a first secret key value and a second secret key value, and further comprising instructions which when executed cause:
    - the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access, deleting the first secret key value, and modifying stored state data from a first state associated with the OS to a third state associated with the OS, wherein the third state is different than the first state and the third state indicates that root-administrator access to the OS was granted;
      
      the first computer receiving a second request to gain root-administrator access;
      
      the first computer, in response to receiving the second request to gain root-administrator access, granting the root-administrator access, deleting the second secret key value, and modifying stored state data from a first state associated with the OS to the second state associated with the OS, wherein the second state indicates that root-administrator access to the OS was granted.

21. A method comprising:
- at a first computer, receiving from a second computer a request to gain root-administrator access to an operating system (OS) of the first computer;
  
  the first computer, in response to receiving the request to gain root-administrator access, granting the root-administrator access and modifying stored access state data from a first state associated with the OS to a second state associated with the OS, wherein the second state is different than the first state and the second state indicates that root-administrator access to the OS was granted;
  
  after the root-administrator access is terminated, maintaining the stored access state data in the second state to continue to indicate that root-administrator access to the OS was granted;
  
  wherein the state data originally comprises a secret key value;
  
  requesting support services;
  
  receiving a request to provide a valid warranty verification number in consideration for receiving the support services;
  
  the first computer generating and displaying a warranty verification number on a display device that is coupled to the first computer, wherein the generating comprises one-way hash logic in the first computer processing at least the secret key, a current time, and a serial number associated with the first computer;
  
  providing the warranty verification number to a support services representative;
  
  a third computer associated with the support services generating and displaying a plurality of second warranty verification numbers by one-way hash logic in the third computer processing at least the secret key, a plurality of times that include the current time, and the serial number associated with the first computer;
  
  the support services determining whether one of the second warranty verification numbers matches the warranty verification number and providing the support services only when one of the second warranty verification numbers matches.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein the state data originally comprises a secret key value, and further comprising the first computer receiving a challenge value, and generating and displaying the warranty verification number by the one-way hash logic in the first computer processing at least the secret key, the challenge value, and a serial number associated with the first computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Mendonca, Eduardo
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US12/398,823
Publication Number

US 20100229219A1
Time in Patent Office

1,265 Days
Field of Search

726/4, 713/165, 380/277, 705/26
US Class Current

726/4
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

H04L 2209/80   Wireless

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

Detecting unauthorized computer access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting unauthorized computer access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links