Method of using an account agent to access superuser account shell of a computer device
First Claim
Patent Images
1. A method of using an account agent to access a superuser account shell of a computer device, comprising:
- receiving an authentication request;
verifying whether an identity authentication is authenticated;
when the identity authentication is authenticated, establishing a secure channel between the account agent and a normal user account shell; and
allowing controlling the superuser account shell of the computer device through the normal user account shell without changing into the superuser account shell.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of using an account agent to access a superuser account shell of a computer device is disclosed. The method includes receiving an authentication request; verifying whether an identity authentication is passed; when the identity authentication is passed, establishing a secure channel between the account agent and a normal user account shell; and allowing controlling the superuser account shell of the computer device through the normal user account shell.
-
Citations
20 Claims
-
1. A method of using an account agent to access a superuser account shell of a computer device, comprising:
-
receiving an authentication request; verifying whether an identity authentication is authenticated; when the identity authentication is authenticated, establishing a secure channel between the account agent and a normal user account shell; and allowing controlling the superuser account shell of the computer device through the normal user account shell without changing into the superuser account shell.
-
-
2. The method of claim 1 further comprising:
-
when a command with at least one parameter is received from the normal user account shell after the secure channel is established, checking whether the command is allowable according to a constraint table; and switching from a superuser account to a specific user account and controlling the superuser account shell of the computer device to execute the command.
-
-
3. The method of claim 2, wherein the constraint table comprises accessibility of at least one path by at least one user account.
-
4. The method of claim 2 further comprising:
switching back to the superuser account after the command is executed.
-
5. The method of claim 1 further comprising:
verifying whether a hardware of the computer device is authorized.
-
6. The method of claim 1, wherein the authentication request comprises an username, a password, a certificate or a combination thereof.
-
7. The method of claim 6, wherein the certificate is signed by a vendor of at least a portion of the computer device.
-
8. The method of claim 1, wherein the secure channel is established based on a key exchange protocol.
-
9. The method of claim 8, wherein the key exchange protocol conforms to a Diffie-Hellman protocol.
-
10. The method of claim 1 further comprising:
-
when an encrypted setting value of a constraint table is received after the secure channel is established, saving the encrypted setting value of the constraint table, wherein the constraint table comprises accessibility of at least one path by at least one user account; and decrypting the encrypted setting value with a device root key.
-
-
11. The method of claim 10, wherein the step of decrypting the encrypted setting value with the device root key is performed after the computer device boots up.
-
12. The method of claim 10, wherein the authentication request comprises a certificate.
-
13. The method of claim 12, wherein the certificate is signed by a vendor of at least a portion of the computer device.
-
14. The method of claim 10, wherein the authentication request comprises setting of a register of the computer device.
-
15. The method of claim 10, wherein the device root key is stored in the computer device.
-
16. The method of claim 1, wherein the authentication request is sent from the normal user account shell.
-
17. The method of claim 5, wherein the step of verifying whether the hardware of the computer device is authorized comprises checking if hardware binding is applied on the account agent and the hardware of the computer device.
-
18. The method of claim 1, further comprising transmitting a message to the normal user account shell after allowing controlling the superuser account shell of the computer device through the normal user account shell.
-
19. The method of claim 18, wherein the message indicates that the secure channel is ready.
-
20. The method of claim 18, wherein the message indicates that a command to the superuser account shell of the computer device is welcome.
Specification