Using a location authorization extension to provide access authorization for a module to access a computing system

US 9,785,791 B2
Filed: 02/25/2016
Issued: 10/10/2017
Est. Priority Date: 12/01/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

storing in a memory information on a first validity range comprising position coordinates for a service authorization module seeking to access a computing system, wherein the first validity range defines position coordinates of an allowed range for a service technician having the service authorization module;

storing in the memory information on a second validity range comprising position coordinates for a location authorization extension for a computing system, wherein the second validity range defines position coordinates where the computing system is located when setting-up or installing the computing system;

determining from a first receiver of the service authorization module a first position signal;

determining from a second receiver of the location authorization extension a second position signal;

determining from the first position signal whether the service authorization module is within the first validity range;

determining from the second position signal whether the location authorization extension is within the second validity range;

transmitting, with one or more encryption modules, position information and authorization information between the service authorization module and the location authorization extension to ensure a secure and entrusted transmission; and

granting the service authorization module access to the computing system in response to determining that the service authorization module is within the first validity range and the location authorization extension is within the second validity range.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system. A memory stores information on a first validity range comprising position coordinates for a module seeking to access the computing system and a second validity range comprising position coordinates for a location authorization extension for a computing system. A determination is made of a first position signal from a first receiver of the module and of a second position signal from a second receiver of the location authorization module. Determinations are made as to whether the first position signal is within the first validity range and whether the second position signal is within the second validity range. The module is granted access to the computing system in response to determining that the first position signal is within the first validity range and the second position signal is within the second validity range.

Citations

16 Claims

1. A method, comprising:
- storing in a memory information on a first validity range comprising position coordinates for a service authorization module seeking to access a computing system, wherein the first validity range defines position coordinates of an allowed range for a service technician having the service authorization module;
  
  storing in the memory information on a second validity range comprising position coordinates for a location authorization extension for a computing system, wherein the second validity range defines position coordinates where the computing system is located when setting-up or installing the computing system;
  
  determining from a first receiver of the service authorization module a first position signal;
  
  determining from a second receiver of the location authorization extension a second position signal;
  
  determining from the first position signal whether the service authorization module is within the first validity range;
  
  determining from the second position signal whether the location authorization extension is within the second validity range;
  
  transmitting, with one or more encryption modules, position information and authorization information between the service authorization module and the location authorization extension to ensure a secure and entrusted transmission; and
  
  granting the service authorization module access to the computing system in response to determining that the service authorization module is within the first validity range and the location authorization extension is within the second validity range.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the service authorization module comprises a device having the first receiver that is carried by the service technician seeking authorized access to perform maintenance on the computing system.
  - 3. The method of claim 1, wherein the computing system comprises a virtual machine, and wherein the determining whether the first and second position signals are within the first and second validity ranges, respectively, and granting the service authorization module access are performed by a hypervisor controlling the computing system.
  - 4. The method of claim 3, wherein a service center sends a command to the hypervisor to stop the virtual machine and wherein the service authorization module is granted access to the virtual machine are performed in response to receiving the command to stop the virtual machine.
  - 5. The method of claim 3, further comprising:
    - storing in the memory information on a third validity range for a first authorization authority and a fourth validity range for a second authorization authority;
      
      determining a third and fourth position signals from the first and second authorization authorities, respectively; and
      
      determining whether the third and the fourth position signals are within the third and fourth validity ranges, respectively, wherein the access is granted in response to determining that the first, second, third and fourth position signals are within the first, second, third and fourth validity ranges, respectively.

6. A system in communication with a service authorization module having a first receiver, comprising:
- a computing system;
  
  a location authorization extension coupled to the computing system, including;
  
  a second receiver;
  
  a memory including information on a first validity range comprising position coordinates for the service authorization module and a second validity range comprising position coordinates for a location authorization extension, wherein the first validity range defines position coordinates of an allowed range for a service technician having the service authorization module, and wherein the second validity range defines position coordinates where the computing system is located when setting-up or installing the computing system;
  
  location authorization extension for performing operations, the operations comprising;
  
  determining from a first receiver a first position signal of the service authorization module;
  
  determining from a second receiver a second position signal of the location authorization extension;
  
  determining from the first position signal whether the service authorization module is within the first validity range;
  
  determining whether the second position signal is within the second validity range; and
  
  granting the service authorization module access to the computing system in response to determining that the service authorization module is within the first validity range and the location authorization extension is within the second validity rang;
  
  an encryption module for transmitting position information and authorization information between the service authorization module and the location authorization extension to ensure a secure and entrusted transmission.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the service authorization module comprises a device having the first receiver that is carried by the service technician seeking authorized access to perform maintenance on the computing system.
  - 8. The system of claim 6, wherein the computing system comprises a virtual machine, and wherein the operations of determining whether the first and second position signals are within the first and second validity ranges, respectively, and granting the service authorization module access are performed by a hypervisor controlling the computing system.
  - 9. The system of claim 8, wherein a service center sends a command to the hypervisor to stop the virtual machine and wherein the service authorization module is granted access to the virtual machine in response to receiving the command to stop the virtual machine.
  - 10. The system of claim 8, wherein the operations further comprises:
    - storing, in the memory, information on a third validity range for a first authorization authority and a fourth validity range for a second authorization authority;
      
      determining a third and fourth position signals from the first and second authorization authorities, respectively; and
      
      determining whether the third and the fourth position signals are within the third and fourth validity ranges, respectively, wherein the access is granted in response to determining that the first, second, third and fourth position signals are within the first, second, third and fourth validity ranges, respectively.
  - 11. The system of claim 6, further comprising:
    - a bus, wherein the location authorization extension communicates with the computing system over the bus.

12. A computer program product accessible from a computer readable storage device including code to implement a location authorization extension for authenticating a service authorization module having a first receiver to access a computing system, wherein the code is in communication with a memory and a second receiver and executed to perform operations, the operations comprising:
- storing, in the memory, information on a first validity range comprising position coordinates for the service authorization module, wherein the first validity range defines position coordinates of an allowed range for a service technician having the service authorization module;
  
  storing information in the memory on a second validity range comprising position coordinates for the location authorization extension, wherein the second validity range defines position coordinates where the computing system is located when setting-up or installing the computing system;
  
  determining from the first receiver a first position signal;
  
  determining from a second receiver of the location authorization extension a second position signal;
  
  determining from the first position signal whether the service authorization module is within the first validity range;
  
  determining from the second position signal whether the location authorization extension is within the second validity range;
  
  transmitting, with one or more encryption modules, position information and authorization information between the service authorization module and the location authorization extension to ensure a secure and entrusted transmission; and
  
  granting the service authorization module access to the computing system in response to determining that the service authorization module is within the first validity range and the location authorization extension is within the second validity range.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer program product of claim 12, wherein the service authorization module comprises a device having the first receiver that is carried by the service technician seeking authorized access to perform maintenance on the computing system.
  - 14. The computer program product of claim 12, wherein the computing system comprises a virtual machine, and wherein the operations of determining whether the first and second position signals are within the first and second validity ranges, respectively, and granting the service authorization module access are performed by a hypervisor controlling the computing system.
  - 15. The computer program product of claim 14, wherein a service center sends a command to the hypervisor to stop the virtual machine and wherein the service authorization module is granted access to the virtual machine in response to receiving the command to stop the virtual machine.
  - 16. The computer program product of claim 14, further comprising:
    - storing, in the memory information, on a third validity range for a first authorization authority and a fourth validity range for a second authorization authority;
      
      determining a third and fourth position signals from the first and second authorization authorities, respectively; and
      
      determining whether the third and the fourth position signals are within the third and fourth validity ranges, respectively, wherein the access is granted in response to determining that the first, second, third and fourth position signals are within the first, second, third and fourth validity ranges, respectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Akelbein, Jens-Peter, Mueller-Friedt, Wolfgang
Primary Examiner(s)
Desrosiers, Evans

Application Number

US15/054,124
Publication Number

US 20160180110A1
Time in Patent Office

593 Days
Field of Search

713168-174, 713182-186, 713202, 709206, 709225, 709229, 709249, 709389, 726 2- 8
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/107   wherein the security polici...

Using a location authorization extension to provide access authorization for a module to access a computing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Using a location authorization extension to provide access authorization for a module to access a computing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links