SECURE MANAGEMENT ACCESS CONTROL FOR COMPUTERS, EMBEDDED AND CARD EMBODIMENT

US 20080072291A1
Filed: 11/29/2007
Published: 03/20/2008
Est. Priority Date: 06/13/2002
Status: Active Grant

First Claim

Patent Images

1. In a computer system having one or more processors, memory, one or more data buses, and one or more user data interfaces, a management apparatus for securing access to one or more device management functions provided by said computer system or said management apparatus and for providing for secure communication of management traffic between said devise management functions and one or more management function communication partners utilizing one or more communication networks, said management apparatus comprising:

(a) one or more management processors for controlling access to said device management functions;

(b) one or more management interfaces for communication with said management processor, said management interfaces operatively coupled to said management processor and capable of being operatively coupled to one or more of said communication networks; and

(c) one or more operative couplings between said management processor and one or more of said data buses;

wherein access to said device management functions and communication of management traffic between said device management functions and said management function communication partners utilizes one or more of said management interfaces and said management processor.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network management apparatus and method for remotely managing a networked device. The apparatus and method includes a management processor which is in direct communication with the networked device. The apparatus and method provides access for remotely and securely managing a networked device. The apparatus and method further separates management communications from user communications to ensure the security of the management communications. The apparatus and method further includes network and power monitoring and notification systems. The apparatus and method further provides authentication and authorization capabilities for security purposes.

122 Citations

View as Search Results

23 Claims

1. In a computer system having one or more processors, memory, one or more data buses, and one or more user data interfaces, a management apparatus for securing access to one or more device management functions provided by said computer system or said management apparatus and for providing for secure communication of management traffic between said devise management functions and one or more management function communication partners utilizing one or more communication networks, said management apparatus comprising:
- (a) one or more management processors for controlling access to said device management functions;
  
  (b) one or more management interfaces for communication with said management processor, said management interfaces operatively coupled to said management processor and capable of being operatively coupled to one or more of said communication networks; and
  
  (c) one or more operative couplings between said management processor and one or more of said data buses;
  
  wherein access to said device management functions and communication of management traffic between said device management functions and said management function communication partners utilizes one or more of said management interfaces and said management processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The management apparatus of claim 1, wherein said device management functions and said management traffic support one or more remote management activities selected from the group consisting of remote login, authentication, device configuration, setting of the device clock, updating device software, and patching device software.
  - 3. The management apparatus of claim 1, wherein said device management functions and said management traffic support one or more remote management activities selected from the group consisting of management apparatus login, management apparatus configuration, updating management apparatus software, patching management apparatus software.
  - 4. The management apparatus of claim 3, wherein said remote management activities for management apparatus configuration are selected from the group consisting of configuration of access controls, configuration of filtering, configuration of said management interface parameters, configuration of network parameters, and configuration of parameters for network services.
  - 5. The management apparatus of claim 1, wherein said management function communication partners are selected from the group consisting of network services and administrators.
  - 6. The management apparatus of claim 5, wherein one or more of said network services are selected from the group consisting of authentication and authorization services, domain name services, logging services, network time services, trap services, and polling services.
  - 7. The management apparatus of claim 1, wherein a portion of said management traffic comprises communication protocols selected from the group consisting of Simple Network Management Protocol, Hypertext transfer Protocol, Hypertext Transfer Protocol over Secure Socket Layer, Network Time Protocol, Telnet, Secure Shell, Domain Name System, File Transfer Protocol, Trivial File Transfer Protocol, Syslog, RADIUS, TACACS+, Lightweight Directory Access Protocol (LDAP), and eXtensible Markup Language (XML).
  - 8. The management apparatus of claim 1, wherein a portion of said management traffic comprises proprietary communication protocols.
  - 9. The management apparatus of claim 1, wherein one or more of said data buses are selected from the group consisting of CPU bus and System bus.
  - 10. The management apparatus of claim 1, wherein one or more of said device management functions utilize one or more of said management processors.
  - 11. The management apparatus of claim 1, wherein one or more of said device management functions utilize one or more of said processors of said computer system.
  - 12. The management apparatus of claim 1, wherein said management apparatus further comprises one or more types of apparatus memory.
  - 13. The management apparatus of claim 12, wherein one or more of said types of apparatus memory are selected from the group consisting of Flash memory, Random Access Memory (RAM), and Non-volatile Random Access Memory (NVRAM).
  - 14. The management apparatus of claim 12, wherein said management processor is implemented on a chip that also provides some portion of said apparatus memory.
  - 15. The management apparatus of claim 1, wherein said management apparatus utilizes one or more types of said memory of said computer system.
  - 16. The management apparatus of claim 15, wherein one or more of said types of said memory of said computer system are selected from the group consisting of Flash memory, Random Access Memory (M), Non-volatile Random Access Memory (NVRAM), and Boot Read Only Memory (Boot ROM).
  - 17. The management apparatus of claim 1, further comprising:
    - one or more network enabled interfaces, wherein said network enabled interfaces are utilized as said management interfaces.
  - 18. The management apparatus of claim 17, wherein one or more of said network enabled interfaces utilizes virtual private network technology to separate and secure management traffic.
  - 19. The management apparatus of claim 1, further comprising:
    - a management apparatus console port, wherein said management apparatus console port provides terminal access to command and control functions of said management apparatus.
  - 20. The management apparatus of claim 1 wherein one or more of said management interfaces are virtual management interfaces and further wherein said virtual management interfaces utilize one or more of said user data interfaces for communication of said management traffic and further wherein said virtual management interfaces logically separate said management traffic and user data during communication of said management traffic.
  - 21. The management apparatus of claim 20, wherein one or more of said virtual management interfaces utilizes virtual private network technology to separate and secure management traffic.

22. A method of handling communications in a computer system having one or more processors, memory, one or more data buses, one or more user data interfaces, and one or more management apparatus wherein said computer system provides one or more device management functions to support remote management activities of said computer system generating management traffic between said device management functions and management function communication partners and further wherein said management apparatus comprising one or more management processor and one or more management interfaces and further wherein said management apparatus is operatively coupled to one or more of said data buses, the method comprising:
- (a) handling said management traffic generated by said device management functions by;
  
  (i) routing said management traffic generated by said device management functions from one or more of said processors of said computer system to one or more of said management processors;
  
  (ii) testing said management traffic for allowability by said management processor according to a set of filtering rules; and
  
  (iii) forwarding said management traffic that is acceptable to one or more of said management function communication partners using one or more of said management interfaces; and
  
  (b) handling said management traffic generated by management function communication partners by;
  
  (i) receiving said management traffic generated by said management function communication partners over one or more of said management interfaces;
  
  (ii) testing said management traffic for allowability by said management processor according to a set of filtering rules; and
  
  (iii) forwarding said management traffic that is acceptable to one or more of said processors of said computer system for processing;

23. A method of handling communications in a computer system having one or more processors, memory, one or more data buses, one or more user data interfaces, and one or more management apparatus wherein said management apparatus provides one or more device management functions to support remote management activities of said computer system generating management traffic between said device management functions and management function communication partners and further wherein said management apparatus comprising one or more management processor and one or more management interfaces and further wherein said management apparatus is operatively coupled to one or more of said data buses, the method comprising:
- (a) handling said management traffic generated by said device management functions by;
  
  (i) testing said management traffic for allowability by said management processor according to a set of filtering rules; and
  
  (ii) forwarding said management traffic that is acceptable to one or more of said management function communication partners using one or more of said management interfaces; and
  
  (b) handling said management traffic generated by management function communication partners by;
  
  (i) receiving said management traffic generated by said management function communication partners over one or more of said management interfaces;
  
  (ii) testing said management traffic for allowability by said management processor according to a set of filtering rules; and
  
  (iii) processing said management traffic that is acceptable by one or more of said management processors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures II LLC (Intellectual Ventures LLC)
Original Assignee
Infinite Bay Telecom Limited Liability Company (Intellectual Ventures LLC)
Inventors
Carley, Jeffrey

Granted Patent

US 8,474,016 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/71   to assure secure computing ...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

SECURE MANAGEMENT ACCESS CONTROL FOR COMPUTERS, EMBEDDED AND CARD EMBODIMENT

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

122 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

SECURE MANAGEMENT ACCESS CONTROL FOR COMPUTERS, EMBEDDED AND CARD EMBODIMENT

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others