System and method for registering a personal computing device to a service processor

US 8,532,302 B2
Filed: 11/30/2011
Issued: 09/10/2013
Est. Priority Date: 11/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a personal computing device, a service processor, and a management computer,(a) wherein the personal computing device stores a computer-executable first registration module, wherein the first registration module is configured to, when executed by one or more processors, perform functions including;

providing a device identifier associated with the personal computing device to a service processor over a communications link between the service processor and the management computer,receiving from the service processor a cryptographic key over the communications link,capturing an image of a visual representation of an encrypted code,decrypting data of the captured image based on the cryptographic key,generating a second set of login information based on the decrypted data, anddisplaying the second set of login information;

(b) wherein the service processor stores a computer-executable second registration module and a computer-executable management access module operatively coupled to the second registration module,wherein the second registration module is configured to, when executed by one or more processors, perform functions including;

(i) receiving the device identifier over the communications link;

(ii) retrieving stored user access data associated with the personal computing device;

(iii) generating the cryptographic key based on the device identifier and configuration data associated with firmware of the service processor; and

(iv) providing the cryptographic key to the personal computing device over the communications link;

wherein the management access module is configured to, when executed by one or more processors, perform functions including;

(v) receiving a first set of login information from the management computer and matching the first set of login information with at least one first set of the stored user access data;

(vi) retrieving, when the first set of login information matches the at least one first set of the stored user access data, the device identifier associated with the personal computing device;

(vii) retrieving the cryptographic key corresponding to the device identifier;

(viii) dynamically generating the encrypted code based on the cryptographic key and transmitting the visual representation of the encrypted code to the management computer;

(ix) receiving the second set of login information from the management computer and matching the second set of login information with at least one second set of the stored user access data; and

(x) granting, when the second set of login information matches the at least one second set of the stored user access data, remote access of the service processor to the management computer; and

(c) wherein the management computer is separate from the personal computing device and communicatively coupled to the service processor via the communications link, wherein the management computer is configured to;

transfer the device identifier associated with the personal computing device to the service processor over the communications link,receive a first set of login information and transmit the first set of login information to the service processor,receive the second set of login information, anddisplay the visual representation of the encrypted code received from the service processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, a system for registering a personal computing device to a service processor is disclosed. The system includes a computer-executable first registration module that is executable to perform functions that include providing a device identifier associated with a personal computing device to a service processor over a communications link. The system also includes a computer-executable second registration module that is executable to perform functions that include receiving the device identifier over the communications link and retrieving stored user access data associated with a particular authorized user of the personal computing device who has remote access to the service processor via a management computer. The second registration module is further executable to generate a cryptographic key based on the device identifier and configuration data associated with firmware of the service processor, and to provide the cryptographic key to the personal computing device over the communications link.

17 Citations

17 Claims

1. A system, comprising:
- a personal computing device, a service processor, and a management computer,(a) wherein the personal computing device stores a computer-executable first registration module, wherein the first registration module is configured to, when executed by one or more processors, perform functions including;
  
  providing a device identifier associated with the personal computing device to a service processor over a communications link between the service processor and the management computer,receiving from the service processor a cryptographic key over the communications link,capturing an image of a visual representation of an encrypted code,decrypting data of the captured image based on the cryptographic key,generating a second set of login information based on the decrypted data, anddisplaying the second set of login information;
  
  (b) wherein the service processor stores a computer-executable second registration module and a computer-executable management access module operatively coupled to the second registration module,wherein the second registration module is configured to, when executed by one or more processors, perform functions including;
  
  (i) receiving the device identifier over the communications link;
  
  (ii) retrieving stored user access data associated with the personal computing device;
  
  (iii) generating the cryptographic key based on the device identifier and configuration data associated with firmware of the service processor; and
  
  (iv) providing the cryptographic key to the personal computing device over the communications link;
  
  wherein the management access module is configured to, when executed by one or more processors, perform functions including;
  
  (v) receiving a first set of login information from the management computer and matching the first set of login information with at least one first set of the stored user access data;
  
  (vi) retrieving, when the first set of login information matches the at least one first set of the stored user access data, the device identifier associated with the personal computing device;
  
  (vii) retrieving the cryptographic key corresponding to the device identifier;
  
  (viii) dynamically generating the encrypted code based on the cryptographic key and transmitting the visual representation of the encrypted code to the management computer;
  
  (ix) receiving the second set of login information from the management computer and matching the second set of login information with at least one second set of the stored user access data; and
  
  (x) granting, when the second set of login information matches the at least one second set of the stored user access data, remote access of the service processor to the management computer; and
  
  (c) wherein the management computer is separate from the personal computing device and communicatively coupled to the service processor via the communications link, wherein the management computer is configured to;
  
  transfer the device identifier associated with the personal computing device to the service processor over the communications link,receive a first set of login information and transmit the first set of login information to the service processor,receive the second set of login information, anddisplay the visual representation of the encrypted code received from the service processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the first set of login data comprises at least one of a username and password.
  - 3. The system of claim 2, wherein the second set of login information as displayed on the personal computing device comprises a personal identification number (PIN).
  - 4. The system of claim 1, wherein the encrypted code is generated based on, in part, the current time of day.
  - 5. The system of claim 1, wherein the visual representation of the encrypted code is displayed as a Quick Response (QR) code or barcode.
  - 6. The system of claim 1, wherein the service processor is configured as a baseboard management controller (BMC) that is operative to perform remote management functions for at least one target computer that is separate from the management computer and personal computing device.
  - 7. The system of claim 1, wherein the communications link between the personal computing device and the service processor comprises at least one of a USB connection, local area network (LAN) connection, wireless area network (WAN) connection, and Internet connection.

8. A computer-implemented method for registering a personal computing device to a service processor, comprising the steps of:
- (a) executing, at one or more processors on a personal computing device, a first registration module stored on the personal computing device, and providing a device identifier associated with the personal computing device to a service processor over a communications link between the service processor and a management computer, wherein the management computer is separate from the personal computing device and communicatively coupled to the service processor via the communications link;
  
  (b) executing, at one or more processors on the service processor, a second registration module on the service processor to perform functions including;
  
  (i) receiving the device identifier over the communications link;
  
  (ii) retrieving stored user access data associated with the personal computing device;
  
  (iii) generating a cryptographic key based on the device identifier and configuration data associated with firmware of the service processor; and
  
  (iv) providing the cryptographic key to the personal computing device over the communications link;
  
  (c) receiving, at the personal computing device, the cryptographic key from the service processor over the communications link;
  
  (d) receiving, at the management computer, a first set of login information, and transferring the first set of login information to the service processor over the communications link;
  
  (e) executing, at the one or more processors on the service processor, a management access module stored on the service processor and operatively coupled to the second registration module to perform functions including;
  
  (v) receiving a first set of login information from the management computer and matching the first set of login information with at least one first set of the stored user access data;
  
  (vi) retrieving, when the first set of login information matches the at least one first set of the stored user access data, the device identifier associated with the personal computing device;
  
  (vii) retrieving the cryptographic key corresponding to the device identifier; and
  
  (viii) generating the encrypted code based on the cryptographic key and transmitting a visual representation of the encrypted code to the management computer; and
  
  (f) displaying, at the management computer, the visual representation;
  
  (g) capturing, by the personal computing device, an image of the displayed visual representation;
  
  (h) decrypting, at the personal computing device, data of the captured image based on the cryptographic key stored in the personal computing device, and generating a second set of login information based on decrypted data;
  
  (i) displaying, at the personal computing device, the second set of login information;
  
  (j) receiving, at the management computer, the second set of login information, and transferring the second set of login information to the service processor over the communications link; and
  
  (k) executing, at the service processor, the management access module to perform functions including;
  
  (ix) receiving the second set of login information from the management computer and matching the second set of login information with at least one second set of the stored user access data; and
  
  (x) granting, when the second set of login information matches the at least one second set of the stored user access data, remote access of the service processor to the management computer.
- View Dependent Claims (9, 10, 11, 12, 14, 15)
- - 9. The method of claim 8, further comprising the step of causing the first registration module to receive the cryptographic key from the second registration module over the communications link and securely store the cryptographic key on the personal computing device.
  - 10. The method of claim 8, further comprising the step of securely storing the cryptographic key, device identifier, and user access data on the service processor.
  - 11. The method of claim 8, wherein the personal computing device corresponds to a portable wireless communications device.
  - 12. The method of claim 11, wherein the device identifier corresponds to the predetermined international mobile equipment identity (IMEI) of the personal computing device.
  - 14. The method of claim 8, wherein the encrypted code is generated based on, in part, the current time of day.
  - 15. The method of claim 8, wherein the visual representation of the encrypted code is displayed as a Quick Response (QR) code or barcode.

13. A computer-implemented method for registering a personal computing device to a service processor, comprising the steps of:
- (a) installing a computer-executable first registration module on a personal computing device, the first registration module configured to, when executed by one or more processors, perform functions including;
  
  providing a device identifier associated with the personal computing device to a service processor over a communications link between the service processor and the management computer,receiving from the service processor a cryptographic key over the communications link,capturing an image of a visual representation of an encrypted code,decrypting data of the captured image based on the cryptographic key,generating a second set of login information based on the decrypted data, anddisplaying the second set of login information;
  
  (b) installing a computer-executable second registration module on the service processor, the second registration module configured to, when executed by one or more processors, perform function including;
  
  (i) receiving the device identifier over the communications link;
  
  (ii) retrieving stored user access data associated with the personal computing device who has authorization to remotely access the service processor via a management computer, wherein the management computer is separate from the personal computing device and communicatively coupled to the service processor via the communications link;
  
  (iii) generating the cryptographic key based on the device identifier and configuration data associated with firmware of the service processor; and
  
  (iv) providing the cryptographic key to the personal computing device over the communications link;
  
  (c) installing a computer-executable management access module operatively coupled to the second registration module, the management access module configured to, when executed by one or more processors, cause the service processor to perform functions that include;
  
  (v) receiving a first set of login information from the management computer and matching the first set of login information with at least one first set of the stored user access data;
  
  (vi) retrieving, when the first set of login information matches the at least one first set of the stored user access data, the device identifier associated with the personal computing device;
  
  (vii) retrieving the cryptographic key corresponding to the device identifier;
  
  (viii) generating the encrypted code based on the cryptographic key and transmitting the visual representation of the encrypted code to the management computer;
  
  (ix) receiving the second set of login information from the management computer and matching the second set of login information with at least one second set of the stored user access data; and
  
  (x) granting, when the second set of login information matches the at least one second set of the stored user access data, remote access of the service processor to the management computer; and
  
  (d) executing, by one or more processors, the first registration module and the second registration module to register the personal computing device to the service processor;
  
  (e) receiving, at the service processor, a first set of login information from the management computer and matching the first set of login information with at least one first set of the stored user access data;
  
  (f) retrieving, at the service processor, when the first set of login information matches the at least one first set of the stored user access data, the device identifier associated with the personal computing device, and retrieving the cryptographic key corresponding to the device identifier;
  
  (g) generating, at the service processor, the encrypted code based on the cryptographic key, and transmitting the visual representation of the encrypted code to the management computer;
  
  (h) displaying, at the management computer, the visual representation;
  
  (i) capturing, by the personal computing device, an image of the displayed visual representation;
  
  (j) decrypting, at the personal computing device, data of the captured image based on the cryptographic key stored in the personal computing device, and generating a second set of login information based on decrypted data;
  
  (k) displaying, at the personal computing device, the second set of login information;
  
  (l) receiving, at the service processor, the second set of login information from the management computer and matching the second set of login information with at least one second set of the stored user access data; and
  
  (m) granting, at the service processor, when the second set of login information matches the at least one second set of the stored user access data, remote access of the service processor to the management computer.
- View Dependent Claims (16, 17)
- - 16. The method of claim 13, wherein the encrypted code is generated based on, in part, the current time of day.
  - 17. The method of claim 13, wherein the visual representation of the encrypted code is displayed as a Quick Response (QR) code or barcode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Megatrends International, LLC
Original Assignee
American Megatrends Incorporated
Inventors
Maity, Sanjoy
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
SHOLEMAN, ABU S

Application Number

US13/307,267
Publication Number

US 20130136263A1
Time in Patent Office

650 Days
Field of Search

380/278, 380/279, 380/277, 713/171, 726/7, 715/237, 715/255, 710/15, 710/18
US Class Current

380/278
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/36   by graphic or iconic repres...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 9/32   including means for verifyi...

H04W 12/71   Hardware identity

H04W 12/77   Graphical identity

System and method for registering a personal computing device to a service processor

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for registering a personal computing device to a service processor

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links