Systems and methods for providing authentication using a managed input/output port

US 9,811,654 B2
Filed: 06/11/2014
Issued: 11/07/2017
Est. Priority Date: 06/11/2014
Status: Active Grant

First Claim

Patent Images

1. An information handling system comprising:

a processor;

an input/output port communicatively coupled to the processor and configured to receive an external input/output device and communicatively couple the external input/output device to one or more information handling resources of the information handling system; and

an access controller communicatively coupled to the processor and configured to;

provide out-of-band management of the information handling system via a communications channel separate from and physically isolated from a network interface for in-band communication between the processor and an external network;

responsive to detecting an attempt to perform any management operation selected from a group of management operations requiring an administrator physically present at the information handling system;

determine if the external input/output device is coupled to the input/output port; and

determine if the external input/output device is authenticated as a trusted input/output device;

responsive to determining that the external input/output device is authenticated as a trusted input/output device, allow execution of the attempted management operation; and

responsive to determining that the external input/output device is not coupled to the input/output port, disallow execution of the attempted management operation;

wherein the group of management operations requiring the administrator physically present at the information handling system includes;

powering off the information handling system via a power button;

booting to basic input/output system option read-only memories;

booting to a boot manager;

booting to pre-operating system environment;

provisioning the information handling system from a local user interface via a liquid crystal display screen for remote management purposes;

booting from an operating system stored on an external storage medium;

configuring a baseboard management controller; and

automatically configuring information handling system settings with information stored on an external storage medium.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments of the present disclosure, an information handling system may include a processor, an input/output port communicatively coupled to the processor, and an access controller communicatively coupled to the processor. The an input/output port may be configured to receive an external input/output device and communicatively couple such input/output device to one or more information handling resources of the information handling system. The access controller may be configured to responsive to an attempted management operation at the information handling system, determine if an input/output device coupled to the input/output port is authenticated as a trusted input/output device. The access controller may also be configured to, responsive to determining that the input/output device is authenticated as a trusted input/output device, allow execution of the attempted management operation.

33 Citations

9 Claims

1. An information handling system comprising:
- a processor;
  
  an input/output port communicatively coupled to the processor and configured to receive an external input/output device and communicatively couple the external input/output device to one or more information handling resources of the information handling system; and
  
  an access controller communicatively coupled to the processor and configured to;
  
  provide out-of-band management of the information handling system via a communications channel separate from and physically isolated from a network interface for in-band communication between the processor and an external network;
  
  responsive to detecting an attempt to perform any management operation selected from a group of management operations requiring an administrator physically present at the information handling system;
  
  determine if the external input/output device is coupled to the input/output port; and
  
  determine if the external input/output device is authenticated as a trusted input/output device;
  
  responsive to determining that the external input/output device is authenticated as a trusted input/output device, allow execution of the attempted management operation; and
  
  responsive to determining that the external input/output device is not coupled to the input/output port, disallow execution of the attempted management operation;
  
  wherein the group of management operations requiring the administrator physically present at the information handling system includes;
  
  powering off the information handling system via a power button;
  
  booting to basic input/output system option read-only memories;
  
  booting to a boot manager;
  
  booting to pre-operating system environment;
  
  provisioning the information handling system from a local user interface via a liquid crystal display screen for remote management purposes;
  
  booting from an operating system stored on an external storage medium;
  
  configuring a baseboard management controller; and
  
  automatically configuring information handling system settings with information stored on an external storage medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The information handling system of claim 1, wherein the access controller is further configured to, responsive to determining that the external input/output device is not authenticated as a trusted input/output device, disallow execution of the attempted management operation.
  - 3. The information handling system of claim 1, wherein determining if the external input/output device coupled to the input/output port is authenticated as a trusted input/output device comprises:
    - comparing a unique identifier of the external input/output device to a list of trusted input/output devices stored on a computer-readable medium accessible to the access controller; and
      
      determining the external input/output device to be authenticated if the unique identifier is present in the list of trusted input/output devices.
  - 4. The information handling system of claim 1, the access controller further configured to:
    - determine if the attempted management operation is an authorized attempted management operation associated with the external input/output device; and
      
      responsive to determining that the external input/output device is authenticated as a trusted input/output device and that the attempted management operation is an authorized attempted management operation associated with the external input/output device, allow execution of the attempted management operation.
  - 5. The information handling system of claim 4, wherein determining if the attempted management operation is an authorized attempted management operation associated with the external input/output device comprises:
    - referencing a list of unique identifiers of trusted input/output devices stored on a computer-readable medium accessible to the access controller, wherein for each unique identifier, the list sets forth authorized management operations associated with such unique identifier; and
      
      determining the attempted management operation to be authorized if the list indicates that the attempted management operation is associated with the unique identifier of the external input/output device.
  - 6. The information handling system of claim 1, wherein the input/output port is configured to receive input/output devices compliant with the Universal Serial Bus standard.
  - 7. The information handling system of claim 1, wherein determining if the external input/output device coupled to the input/output port is authenticated as a trusted input/output device comprises:
    - reading an unencrypted unique identifier and an encrypted unique identifier from the external input/output device;
      
      encrypting the unencrypted unique identifier;
      
      comparing a result of encrypting the unencrypted unique identifier to the encrypted unique identifier read from the external input/output device; and
      
      determining the external input/output device to be authenticated if the result of encrypting the unencrypted unique identifier matches the encrypted unique identifier read from the external input/output device.
  - 8. The information handling system of claim 7, wherein encrypting the unencrypted unique identifier comprises encrypting the unencrypted unique identifier with a key unique to the information handling system.
  - 9. The information handling system of claim 8, wherein the encrypted unique identifier read from the external input/output device is generated by encrypting the unencrypted unique identifier with the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Patel, Rajeshkumar Ichchhubhai, Puthillathe, Chandrasekhar, Jreij, Elie Antoun, Dube, Shawn Joel, Arias, Pablo Rafael
Primary Examiner(s)
LWIN, MAUNG T

Application Number

US14/301,701
Publication Number

US 20150363590A1
Time in Patent Office

1,245 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

Systems and methods for providing authentication using a managed input/output port

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing authentication using a managed input/output port

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links