Computer system protection

US 8,578,469 B2
Filed: 06/12/2007
Issued: 11/05/2013
Est. Priority Date: 06/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method for protecting access to information on a computer system having a first level of authentication, comprising:

registering, in a database of a computer access protection system, a plurality of answers to a respective plurality of secret questions, wherein said answers are selected by and associated with a legitimate user of said computer system;

registering, in said database, a plurality of user passwords selected by said legitimate user, wherein each of said passwords is associated with a secret question of the plurality of secret questions and its respective answer;

detecting, by said computer access protection system, when said computer system moves outside a designated area; and

communicating, by said computer access protection system, a token to said computer system upon the computer system moving outside the designated area;

wherein said token includes authentication information associated with said legitimate user obtained from said database and triggers a second level authentication when said computer system is subsequently started outside the designated area, and wherein failure of said second level of authentication results in locking of functionalities within said computer system.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products for computer system protection are provided. Embodiments protect against unauthorized access to information on stolen and/or illegally transported computer systems. Embodiments include locking of functionalities within a computer system when the computer system moves outside a designated area. Embodiments include limiting access to functionalities within the computer system based on the location of the computer system. Embodiments of the present invention include allowing variable levels of access protection depending on the location of the computer system.

Citations

30 Claims

1. A method for protecting access to information on a computer system having a first level of authentication, comprising:
- registering, in a database of a computer access protection system, a plurality of answers to a respective plurality of secret questions, wherein said answers are selected by and associated with a legitimate user of said computer system;
  
  registering, in said database, a plurality of user passwords selected by said legitimate user, wherein each of said passwords is associated with a secret question of the plurality of secret questions and its respective answer;
  
  detecting, by said computer access protection system, when said computer system moves outside a designated area; and
  
  communicating, by said computer access protection system, a token to said computer system upon the computer system moving outside the designated area;
  
  wherein said token includes authentication information associated with said legitimate user obtained from said database and triggers a second level authentication when said computer system is subsequently started outside the designated area, and wherein failure of said second level of authentication results in locking of functionalities within said computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein said communicating step comprises communicating with radio frequency (RF) communication components integrated within said computer system.
  - 3. The method of claim 2, wherein said RF communication components are integrated within a LAN On Motherboard (LOM) network adapter, said adapter integrated within a motherboard of said computer system.
  - 4. The method of claim 2, wherein said communicating step comprises communicating with said RF communication components regardless of a power mode of said computer system at the time of communication.
  - 5. The method of claim 2, wherein said communication components comprise a Global Positioning System (GPS) receiver.
  - 6. The method of claim 1, wherein said detecting step comprises comparing global positioning coordinates of said computer system against a range of global positioning coordinates that defines the designated area.
  - 7. The method of claim 1, wherein said communicating step comprises communicating said token to said computer system when said computer system is within the designated area.
  - 8. The method of claim 7, wherein said token communicated within the designated area is activated when said computer system moves outside the designated area.
  - 9. The method of claim 2, wherein said RF communication components comprise a wireless radio transceiver.
  - 10. The method of claim 1, wherein said detecting step is performed by a centralized surveillance system of said computer access protection system.
  - 11. The method of claim 1, wherein said detecting step comprises detecting a code associated with said computer system.
  - 12. The method of claim 1, wherein said communicating step comprises communicating said token to said computer system when said computer system is outside the designated area.
  - 13. The method of claim 1, wherein said communicating step comprises downloading said token inside the designated area to said computer system and activating the token outside the designated area when said computer system is outside the designated area.
  - 14. The method of claim 1, further comprising:
    - generating said token based on one or more of a current password associated with said legitimate user and an exit time of said computer system from the designated area,wherein said token includes a secret question from said plurality of secret questions, a respective answer from said plurality of answers, and a password associated with said secret question and answer.
  - 15. The method of claim 14, further comprising upon a starting of said computer system:
    - (a) prompting for and receiving user input to said current password associated with said legitimate user;
      
      (b) verifying said user input to said current password;
      
      (c) prompting for and receiving user input to said secret question included in said token, if password verification is successful in step (b);
      
      (d) verifying said user input to said secret question using said respective answer included in said token;
      
      (e) prompting for and receiving user input to said password associated with said secret question and answer, if verification is successful in step (d); and
      
      (f) verifying said user input to said associated password; and
      
      (g) allowing user access to functionalities of said computer system if said verification in step (f) is successful.
  - 16. The method of claim 15, wherein said second level of authentication includes steps (c) through (f).
  - 17. The method of claim 15, further comprising:
    - (h) locking of functionalities within said computer system if any of said verifying steps is successively failed for a determined number of times.
  - 18. The method of claim 1, wherein said second level of authentication can be bypassed by docking said computer system to an associated network system within said designated area.
  - 19. The method of claim 1, wherein said locking of functionalities within said computer system includes blocking access to one or more of:
    - an operating system, hard drives, and external drives associated with said computer system.
  - 20. The method of claim 1, wherein said token triggers limited access to certain functionalities within said computer system when said computer system moves outside the designated area, regardless of the result of said second level authentication.
  - 21. The method of claim 20, wherein said certain functionalities include one or more of printing documents, network access, and access to external drives.
  - 22. The method of claim 1, wherein said first level of authentication acts both inside and outside the designated area.

23. A system for protecting access to information on a computer system having a first level of authentication, comprising:
- a centralized surveillance system configured to detect when said computer system moves outside a designated area;
  
  a database configured to store authentication information associated with a legitimate user of said computer system, wherein said database includes a plurality of answers to a respective plurality of secret questions, said answers selected by and associated with said legitimate user of said computer system; and
  
  a radio frequency (RF) communication system configured to communicate a token to said computer system upon the computer system moving outside the designated area,wherein said token includes authentication information from said database and is configured to trigger a second level of authentication when said computer system is subsequently started outside the designated area.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The system of claim 23, further comprising:
    - a radio frequency (RF) transceiver integrated within a LAN On Motherboard (LOM) network adapter, integrated within a motherboard of said computer system.
  - 25. The system of claim 23, further comprising:
    - a Global Positioning System (GPS) receiver integrated within said computer system, wherein said GPS receiver is configured to generate position coordinates of said computer system and download said token if said computer system is outside said designated area.
  - 26. The system of claim 23, wherein said database further includes a plurality of user passwords selected by said legitimate user, and wherein each of said passwords is associated with a secret question of the plurality of secret questions and its respective answer.
  - 27. The system of claim 23, wherein said centralized surveillance system comprises:
    - a detector configured to generate detection signals when said computer system moves outside the designated area; and
      
      a controller coupled to said detector and configured to receive said detection signals from said detector.
  - 28. The system of claim 27, wherein said controller is further configured to communicate with said database and to retrieve authentication information associate with said computer system.
  - 29. The system of claim 27, wherein said controller is further configured to control said RF communication system to communicate with said computer system.

30. A method for protecting access to information on a computer system having a first level of authentication, comprising:
- detecting, by a computer access protection system, when said computer system moves outside a designated area;
  
  generating a token by said computer access protection system, wherein said token includes a secret question, an answer to the secret question, and a password, the secret question, answer, and password selected by and associated with a legitimate user of said computer system;
  
  communicating the token, by said computer access protection system, to said computer system upon the computer system moving outside the designated area,wherein said token triggers a second level authentication when said computer system is subsequently started outside the designated area, and wherein failure of said second level of authentication results in locking of functionalities within said computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Thiagarajan, Ashwin
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
SHOLEMAN, ABU S

Application Number

US11/808,698
Publication Number

US 20080313725A1
Time in Patent Office

2,338 Days
Field of Search

726/16, 726/22, 726/17, 726/18, 726/20, 726/27, 726/35
US Class Current

726/16
CPC Class Codes

G06F 21/35 communicating wirelessly

G06F 21/88 Detecting or preventing the...

Computer system protection

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system protection

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links