Protecting access to a hardware device through use of an aggregate identity instance

US 9,723,002 B2
Filed: 01/04/2016
Issued: 08/01/2017
Est. Priority Date: 01/04/2016
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of controlling access to an appliance, the computer-implemented method comprising:

receiving, from a client computer and by a host system, appliance-specific user data, wherein the appliance-specific user data includes a user password, a user-created name of an appliance, a user identifier, and a network address of the client computer;

concatenating, by the host system, the appliance-specific user data with a host name of the host system to create an Aggregate Identity Instance (AII);

storing, by one or more processors, the AII in the host system;

receiving, from the client computer and by the host system, a request to access the appliance, wherein the request includes the appliance-specific user data;

determining, by the host system, whether the appliance-specific user data sent with the request is contained in the AII that is stored in the host system;

in response to determining that the appliance-specific user data sent with the request is contained in the AII that is stored in the host system, the host system;

matching the user-created name of the appliance to an address of the appliance;

establishing a session between the client computer and the appliance; and

transmitting a copy of the AII to the client computer;

and utilizing, by the host system, a starting location on the AII to encrypt and decrypt data being exchanged between the client computer and the host system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method, system, and/or computer program product controls access to an appliance. A host system receives, from a client computer, appliance-specific user data that includes a user password, a user-created name of an appliance, a user identifier, and a network address of the client computer, and then concatenates the appliance-specific user data with a host name of the host system to create and store an Aggregate Identity Instance (AII) in the host system. The host system receives, from the client computer, a request to access the appliance, and determines whether appliance-specific user data sent with the request is in the AII in the host system. If so, then the host system matches the user-created name of the appliance to an address of the appliance; establishes a session between the client computer and the appliance; and uses the AII to encrypt and decrypt data.

17 Citations

20 Claims

1. A computer-implemented method of controlling access to an appliance, the computer-implemented method comprising:
- receiving, from a client computer and by a host system, appliance-specific user data, wherein the appliance-specific user data includes a user password, a user-created name of an appliance, a user identifier, and a network address of the client computer;
  
  concatenating, by the host system, the appliance-specific user data with a host name of the host system to create an Aggregate Identity Instance (AII);
  
  storing, by one or more processors, the AII in the host system;
  
  receiving, from the client computer and by the host system, a request to access the appliance, wherein the request includes the appliance-specific user data;
  
  determining, by the host system, whether the appliance-specific user data sent with the request is contained in the AII that is stored in the host system;
  
  in response to determining that the appliance-specific user data sent with the request is contained in the AII that is stored in the host system, the host system;
  
  matching the user-created name of the appliance to an address of the appliance;
  
  establishing a session between the client computer and the appliance; and
  
  transmitting a copy of the AII to the client computer;
  
  and utilizing, by the host system, a starting location on the AII to encrypt and decrypt data being exchanged between the client computer and the host system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising:
    - inputting, by the host system, the AII into a random number generator to create a starting location identifier, wherein the starting location identifier identifies the starting location on the AII to use when encrypting and decrypting data; and
      
      utilizing, by the host system, the starting location identifier when encrypting and decrypting data being exchanged between the client computer and the host system.
  - 3. The computer-implemented method of claim 1, further comprising:
    - transmitting, from the host system to the client computer, the AII, wherein the client computer inputs the AII into a random number generator to create a starting location identifier, wherein the starting location identifier identifies the starting location on the AII to use when encrypting and decrypting data, and wherein the client computer utilizes the starting location identifier when encrypting and decrypting data being exchanged between the client computer and the host system.
  - 4. The computer-implemented method of claim 1, further comprising:
    - transmitting, from the host system to the appliance, a copy of the AII, wherein the appliance inputs the AII into a random number generator to create a starting location identifier, wherein the starting location identifier identifies the starting location on the AII to use when encrypting and decrypting data, and wherein the appliance utilizes the starting location identifier when encrypting and decrypting data being exchanged between the appliance and the host system.
  - 5. The computer-implemented method of claim 1, further comprising:
    - matching, by the host system, the user identifier to a user authorization level; and
      
      limiting, by the host system, interactions between the client computer and the appliance according to the user authorization level.
  - 6. The computer-implemented method of claim 1, wherein the random number generator is a hardware circuit.
  - 7. The computer-implemented method of claim 1, wherein the appliance is a hardware device.
  - 8. The computer-implemented method of claim 1, wherein the appliance is a software resource.

9. A computer program product for controlling access to an appliance, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising:
- receiving, from a client computer, appliance-specific user data, wherein the appliance-specific user data includes a user password, a user-created name of an appliance, a user identifier, and a network address of the client computer;
  
  concatenating, by the host system, the appliance-specific user data with a host name of the host system to create an Aggregate Identity Instance (AII);
  
  storing the AII in the host system;
  
  receiving, from the client computer, a request to access the appliance, wherein the request includes the appliance-specific user data;
  
  determining, by the host system, whether the appliance-specific user data sent with the request is contained in the AII that is stored in the host system;
  
  in response to determining that the appliance-specific user data sent with the request is contained in the AII that is stored in the host system;
  
  matching the user-created name of the appliance to an address of the appliance;
  
  establishing a session between the client computer and the appliance;
  
  and transmitting a copy of the AII to the client computer;
  
  and utilizing, by the host system, a starting location on the AII to encrypt and decrypt data being exchanged between the client computer and the host system.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, wherein the method further comprises:
    - inputting the AII into a random number generator to create a starting location identifier, wherein the starting location identifier identifies the starting location on the AII to use when encrypting and decrypting data; and
      
      utilizing the starting location identifier when encrypting and decrypting data being exchanged between the client computer and the host system.
  - 11. The computer program product of claim 9, wherein the method further comprises:
    - transmitting, to the client computer, the AII, wherein the client computer inputs the AII into a random number generator to create a starting location identifier, wherein the starting location identifier identifies the starting location on the AII to use when encrypting and decrypting data, and wherein the client computer utilizes the starting location identifier when encrypting and decrypting data being exchanged between the client computer and the host system.
  - 12. The computer program product of claim 9, wherein the method further comprises:
    - transmitting, to the appliance, a copy of the AII, wherein the appliance inputs the AII into a random number generator to create a starting location identifier, wherein the starting location identifier identifies the starting location on the AII to use when encrypting and decrypting data, and wherein the appliance utilizes the starting location identifier when encrypting and decrypting data being exchanged between the appliance and the host system.
  - 13. The computer program product of claim 9, wherein the method further comprises:
    - matching the user identifier to a user authorization level; and
      
      limiting interactions between the client computer and the appliance according to the user authorization level.
  - 14. The computer program product of claim 9, wherein the random number generator is a hardware circuit.
  - 15. The computer program product of claim 9, wherein the appliance is a hardware device.
  - 16. The computer program product of claim 9, wherein the appliance is a software resource.

17. A computer system comprising:
- a processor, a computer readable memory, and a non-transitory computer readable storage medium;
  
  first program instructions to receive, from a client computer, appliance-specific user data, wherein the appliance-specific user data includes a user password, a user-created name of an appliance, a user identifier, and a network address of the client computer;
  
  second program instructions to concatenate the appliance-specific user data with a host name of the host system to create and store an Aggregate Identity Instance (AII) in a host system;
  
  third program instructions to receive, from the client computer, a request to access the appliance, wherein the request includes the appliance-specific user data;
  
  fourth program instructions to determine whether the appliance-specific user data sent with the request is contained in the AII stored in the host system;
  
  fifth program instructions to, in response to determining that the appliance-specific user data sent with the request is contained in the AII stored in the host system;
  
  match the user-created name of the appliance to an address of the appliance;
  
  establish a session between the client computer and the appliance; and
  
  transmit a copy of the AII to the client computer;
  
  and sixth program instructions to utilize a starting location on the AII to encrypt and decrypt data being exchanged between the client computer and the host system; and
  
  whereinthe first, second, third, fourth, fifth, and sixth program instructions are stored on the non-transitory computer readable storage medium for execution by one or more processors via the computer readable memory.
- View Dependent Claims (18, 19, 20)
- - 18. The computer system of claim 17, further comprising:
    - seventh program instructions to match the user identifier to a user authorization level; and
      
      eighth program instructions to limit interactions between the client computer and the appliance according to the user authorization level; and
      
      whereinthe seventh and eighth program instructions are stored on the non-transitory computer readable storage medium for execution by one or more processors via the computer readable memory.
  - 19. The computer system of claim 17, wherein the random number generator is a hardware circuit.
  - 20. The computer system of claim 17, wherein the appliance is a hardware device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Chitti, Mark V., McCain, Ronda L., Rybczyk, Kurt A., Williams, Keith C., Dahman, Kirby G.
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/986,747
Publication Number

US 20170195328A1
Time in Patent Office

575 Days
Field of Search

726 2- 15
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0471   applying encryption by an i...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

Protecting access to a hardware device through use of an aggregate identity instance

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting access to a hardware device through use of an aggregate identity instance

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links