Methods and systems for secure remote wake, boot, and login to a computer from a mobile device

US 8,375,220 B2
Filed: 04/02/2010
Issued: 02/12/2013
Est. Priority Date: 04/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a computer, a wake-up message from a remote mobile device via a short message service (SMS);

authenticating, at the computer, the wake-up message so as to authenticate a source of the wake-up message;

providing, at the computer, a BIOS boot policy that specifies different security protocols, including different types of authentication and encryption, for handling access attempts from different sources;

querying the BIOS boot policy for an appropriate security policy among the different security protocols for handling the remote mobile device, based on the authenticated source of the wake-up message;

receiving, from the BIOS boot policy the appropriate security policy, including the types of authentication and decryption, to be applied to the source of the wake-up message;

requesting, via the SMS, a BIOS boot password from the remote mobile device;

decrypting and authenticating the BIOS boot password that is received, via the SMS, from the remote mobile device, wherein the BIOS executes when the authentication of the received BIOS boot password succeeds;

requesting, via the SMS, a login password from the remote mobile device; and

decrypting the login password that is received, via the SMS, from the remote mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems to allow an authorized user to remotely awaken, boot, and login to a computer in a secure manner. The user and computer may communicate using a short message service. (SMS). The user may communicate with the computer using a mobile device, such as a smart phone. The user may initially provide a wake-up message to the computer, which may then respond by asking for one or more boot passwords. In an embodiment, these boot passwords may be basic input/output system (BIOS) passwords that are required for the loading and operations of the computer'"'"'s BIOS. The user may then provide these one or more passwords to the computer. The computer may further request an operating system (OS) login password. The user may then provide this password to the computer. In an embodiment, all passwords may be provided to the computer in encrypted form. Moreover, authentication measures may be used to provide assurance that the user is legitimate.

Citations

24 Claims

1. A method, comprising:
- receiving, at a computer, a wake-up message from a remote mobile device via a short message service (SMS);
  
  authenticating, at the computer, the wake-up message so as to authenticate a source of the wake-up message;
  
  providing, at the computer, a BIOS boot policy that specifies different security protocols, including different types of authentication and encryption, for handling access attempts from different sources;
  
  querying the BIOS boot policy for an appropriate security policy among the different security protocols for handling the remote mobile device, based on the authenticated source of the wake-up message;
  
  receiving, from the BIOS boot policy the appropriate security policy, including the types of authentication and decryption, to be applied to the source of the wake-up message;
  
  requesting, via the SMS, a BIOS boot password from the remote mobile device;
  
  decrypting and authenticating the BIOS boot password that is received, via the SMS, from the remote mobile device, wherein the BIOS executes when the authentication of the received BIOS boot password succeeds;
  
  requesting, via the SMS, a login password from the remote mobile device; and
  
  decrypting the login password that is received, via the SMS, from the remote mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - booting an operating system (OS); and
      
      logging a user into the OS, wherein the user is associated with the remote mobile device.
  - 3. The method of claim 1, further comprising:
    - requesting, via the SMS, a subsequent BIOS password from the remote mobile device, performed when the authentication of the BIOS password fails.
  - 4. The method of claim 1, wherein said authentication of the BIOS password is performed using a public-key protocol.
  - 5. The method of claim 2, further comprising:
    - authenticating the received log in password, wherein login proceeds when the authentication of the login password succeeds.
  - 6. The method of claim 5, further comprising:
    - requesting, via the SMS, a subsequent login password from the remote mobile device, performed when the authentication of the login password fails.
  - 7. The method of claim 5, wherein said authentication of the login password is performed using a public-key protocol.
  - 8. The method of claim 1, wherein the BIOS password comprises one of:
    - a BIOS boot password;
      
      a pre-boot BIOS password;
      
      a disk unlock/decrypt password; and
      
      a user antitheft recovery password.
  - 9. The method of claim 1, wherein:
    - the requesting, via the SMS, includes requesting the BIOS boot password and a pre-boot BIOS password from the remote mobile device; and
      
      the decrypting and authenticating includes decrypting and authenticating the BIOS boot password and the pre-boot BIOS password that are received, via the SMS, from the remote mobile device, wherein the BIOS executes when the authentication of the received BIOS boot password and the BIOS pre-boot password succeed.

10. A system, comprising:
- a. a management engine (ME) incorporated in a computer, said ME comprising;
  
  a memory that stores a remote BIOS boot policy that specifies different security protocols, including different types of authentication and encryption, for handling access attempts from different sources; and
  
  a remote client authentication module configured to receive a wake-up message from a remote mobile device via a short message service (SMS) and to authenticate the wake-up message, so as to authenticate a source thereof;
  
  wherein the ME is configured to request one or more encrypted BIOS boot passwords from the remote mobile device based on the source of the authenticated wake-up message, to receive said one or more boot passwords, to decrypt and authenticate said one or more boot passwords, and to permit booting of an operating system (OS) when authentication of the one or more boot passwords succeeds, andwherein the ME is further configured to request an encrypted login password from the remote mobile device, to receive and decrypt said login password, and to allow access to the OS by a user associated with the remote mobile device; and
  
  b. a basic input/output system (BIOS) configured to determine the source of the authenticated wake-up message and to query the remote BIOS boot policy for an appropriate security policy among the different security protocols for handling the remote mobile device, based on the authenticated source of the wake-up message, andreceive from the BIOS boot policy the appropriate security policy, including the types of authentication and decryption, to be applied to the source of the wake-up message.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein said one or more BIOS passwords comprise a disk unlock/decrypt password.
  - 12. The system of claim 11, wherein said ME further comprises:
    - a full disk encryption (FDE) authentication module, configured to authenticate said disc unlock/decrypt password.
  - 13. The system of claim 10, wherein said one or more BIOS passwords comprise an antitheft recovery password.
  - 14. The system of claim 13, wherein said ME further comprises:
    - an antitheft remote recovery module, configured to authenticate said antitheft recovery password.
  - 15. The system of claim 10, wherein said ME further comprises:
    - a login module, configured to authenticate said login password.
  - 16. The method of claim 10, wherein:
    - the request, via the SMS, includes a request for the BIOS boot password and a pre-boot BIOS password from the remote mobile device; and
      
      the ME decrypts and authenticates the BIOS boot password and the pre-boot BIOS password that are received, via the SMS, from the remote mobile device, and to permit the BIOS to execute when the authentication of the received BIOS boot password and the BIOS pre-boot password succeed.

17. A non-transitory computer readable medium encoded with a computer program, including instructions to cause a processor to:
- receive, at a computer, a wake-up message from a remote mobile device via a short message service (SMS), the computer having stored therein a BIOS boot policy that specifies different security protocols, including different types of authentication and encryption, for handling access attempts from different sources;
  
  authenticate, at the computer, the wake-up message so as to authenticate a source of the wake-up message;
  
  query the BIOS boot policy for an appropriate security policy among the different security protocols for handling the remote mobile device, based on the authenticated source of the wake-up message;
  
  receive, from the BIOS boot policy the appropriate security policy, including the types of authentication and decryption, to be applied to the source of the wake-up message;
  
  request, via the SMS, a BIOS boot password from the remote mobile device;
  
  decrypt and authenticate the BIOS boot password that is received, via the SMS, from the remote mobile device, wherein the BIOS executes only when the authentication of the received BIOS boot password succeeds;
  
  request, via the SMS, a login password from the remote mobile device; and
  
  decrypt the login password that is received, via the SMS, from the remote mobile device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer readable medium of claim 17, further including instructions to cause the processor to:
    - request, via the SMS, a subsequent BIOS password from the remote mobile device, performed when the authentication of the BIOS password fails.
  - 19. The computer readable medium of claim 17, wherein said authentication of the BIOS password is performed using a public-key protocol.
  - 20. The computer readable medium of claim 17, further including instructions to cause the processor to:
    - authenticate the received login password, wherein the login proceeds only when the authentication of the login password succeeds.
  - 21. The computer readable medium of claim 20, wherein said authentication of the received login password is performed using a public-key protocol.
  - 22. The computer readable medium of claim 17, further including instructions to cause the processor to:
    - request, via the SMS, a subsequent login password from the remote mobile device, performed when the authentication of the login password fails.
  - 23. The computer readable medium of claim 17, wherein the BIOS password comprises one of:
    - a BIOS boot password;
      
      a pre-boot BIOS password;
      
      a disk unlock/decrypt password; and
      
      a user antitheft recovery password.
  - 24. The method of claim 17, wherein:
    - the request, via the SMS, includes a request for the BIOS boot password and a pre-boot BIOS password from the remote mobile device; and
      
      the instructions further include instructions to cause the processor to decrypt and authenticate the BIOS boot password and the pre-boot BIOS password that are received, via the SMS, from the remote mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Prakash, Gyan, Adrangi, Farid, Dadu, Saurabh
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US12/753,591
Publication Number

US 20110246757A1
Time in Patent Office

1,047 Days
Field of Search

713/2, 726/7
US Class Current

713/187
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

G06F 21/575   Secure boot

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04W 4/14   Short messaging services, e...

Methods and systems for secure remote wake, boot, and login to a computer from a mobile device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure remote wake, boot, and login to a computer from a mobile device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links