Targeted security policy override

US 9,239,937 B2
Filed: 01/07/2013
Issued: 01/19/2016
Est. Priority Date: 01/07/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

gathering, with an information handling device, client system identification data of a client system;

providing, with the information handling device, the client system with at least one cryptographic key;

generating, with the information handling device, an unlock key;

transmitting, with the information handling device, the client system identification data, the unlock key, and a request to a third party system;

receiving, with the information handling device, encrypted approval data from the third party system; and

transmitting, with the information handling device, encrypted approval data, comprising the unlock key, to the client system, wherein the encrypted approval data, if legitimate, allows overriding of a security policy of targeted areas of a low-level control program of the client system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aspect provides a method, including: gathering, with an information handling device, client system identification data of a client system; providing, with the information handling device, the client system with at least one cryptographic key; transmitting, with the information handling device, the client system identification data and a request for security policy override to a third party; receiving, with the information handling device, encrypted approval data from the third party; and transmitting, with the information handling device, encrypted approval data to the client system. Other aspects are described and claimed.

10 Citations

20 Claims

1. A method, comprising:
- gathering, with an information handling device, client system identification data of a client system;
  
  providing, with the information handling device, the client system with at least one cryptographic key;
  
  generating, with the information handling device, an unlock key;
  
  transmitting, with the information handling device, the client system identification data, the unlock key, and a request to a third party system;
  
  receiving, with the information handling device, encrypted approval data from the third party system; and
  
  transmitting, with the information handling device, encrypted approval data, comprising the unlock key, to the client system, wherein the encrypted approval data, if legitimate, allows overriding of a security policy of targeted areas of a low-level control program of the client system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the at least one cryptographic key provides the client system a decryption capability for decrypting the encrypted approval data.
  - 3. The method of claim 1, wherein the encrypted approval data further comprises security policy attributes indicative of permitted security policy changes.
  - 4. The method of claim 1, wherein the encrypted approval data is encrypted by the third party using the at least one cryptographic key provided to the client system.
  - 5. The method of claim 4, wherein the encrypted approval data is encrypted by the third party using at least one additional key.
  - 6. The method of claim 5, wherein the at least one additional key is a private key of a public/private key pair.
  - 7. The method of claim 1, wherein the client system identification data comprises a client system hardware identification.
  - 8. The method of claim 7, wherein the client system hardware identification comprises one or more of a machine type, a model number and a serial number.
  - 9. The method of claim 1, wherein the client system comprises an enterprise computing system, wherein the information handling device comprises an enterprise administrative system, and wherein the third party comprises a third party system operated by a manufacturer of the client system.
  - 10. The method of claim 1, wherein the encrypted approval data from the third party further comprises one or more added attributes such that only targeted areas of a Basic Input/Output System (BIOS) of the client system can be overridden.

11. An information handling device, comprising:
- one or more processors; and
  
  a memory operatively coupled to the one or more processors that stores instructions executable by the one or more processors to perform acts comprising;
  
  gathering client system identification data of a client system;
  
  providing the client system with at least one cryptographic key;
  
  generating an unlock key;
  
  transmitting the client system identification data, the unlock key, and a request to a third party system;
  
  receiving encrypted approval data from the third party system; and
  
  transmitting encrypted approval data, comprising the unlock key to the client system, wherein the encrypted approval data, if legitimate, allows overriding of a security policy of targeted areas of a low-level control program of the client system.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The information handling device of claim 11, wherein the at least one cryptographic key provides the client system a decryption capability for decrypting the encrypted approval data.
  - 13. The information handling device of claim 11, wherein the encrypted approval data further comprises security policy attributes indicative of permitted security policy changes.
  - 14. The information handling device of claim 11, wherein the encrypted approval data is encrypted by the third party using the at least one cryptographic key provided to the client system.
  - 15. The information handling device of claim 14, wherein the encrypted approval data is encrypted by the third party using at least one additional key.
  - 16. The information handling device of claim 15, wherein the at least one additional key is a private key of a public/private key pair.
  - 17. The information handling device of claim 11, wherein the client system identification data comprises a client system hardware identification.
  - 18. The information handling device of claim 17, wherein the client system hardware identification comprises one or more of a machine type, a model number and a serial number.
  - 19. The information handling device of claim 11, wherein the client system comprises an enterprise computing system, wherein the information handling device comprises an enterprise administrative system, and wherein the third party comprises a third party system operated by a manufacturer of the client system.

20. A program product, comprising:
- a storage device having computer program code embodied therewith, the computer program code comprising;
  
  computer program code that gathers, with an information handling device, client system identification data of a client system;
  
  computer program code that provides, with the information handling device, the client system with at least one cryptographic key;
  
  computer program code that generates, with the information handling device, an unlock key;
  
  computer program code that transmits, with the information handling device, the client system identification data, the unlock key, and a request to a third party system;
  
  computer program code that receives, with the information handling device, encrypted approval data from the third party system; and
  
  computer program code that transmits, with the information handling device, encrypted approval data, comprising the unlock key to the client system, wherein the encrypted approval data, if legitimate, allows overriding of a security policy of targeted areas of a low-level control program of the client system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Erickson, David Edward, Springfield, Randall Scott
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
BUCKNOR, OLANREWAJU J

Application Number

US13/736,019
Publication Number

US 20140195799A1
Time in Patent Office

1,107 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/73   by creating or determining ...

G06F 2221/2115   Third party

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

Targeted security policy override

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Targeted security policy override

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links