Method and system for secure emergency access to network devices
First Claim
1. In a network device, a method for creating a secure unit-unique password for the network device, comprising the steps of:
- obtaining a unique serial number for a specific network device;
obtaining a global password used for a type network device that includes the specific network device; and
generating an encrypted unit-unique password for the specific network device with the unique serial number and the global password; and
storing the encrypted unit-unique password in non-volatile storage on the specific network device.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and system for providing secure emergency access to network devices. The methods and system described herein can be used to provide secure emergency access to network devices such as routers, telephony switching hubs, etc. Secure emergency access helps close security holes for providing access to configuration parameters in a network device by using an encrypted unit-unique password. The secure emergency access includes generating an encrypted emergency unit-specific password for a specific network device using a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device. The encrypted emergency unit-specific password is valid only on the specific network device with the unique serial number. The encrypted emergency unit-specific password is used to regain access to a specific network device for which an original password has been lost or misplaced. The secure emergency access can also be used for wireless phones to limit access to a network device identifier and telephone number data to prevent “cloning.”
74 Citations
21 Claims
-
1. In a network device, a method for creating a secure unit-unique password for the network device, comprising the steps of:
-
obtaining a unique serial number for a specific network device;
obtaining a global password used for a type network device that includes the specific network device; and
generating an encrypted unit-unique password for the specific network device with the unique serial number and the global password; and
storing the encrypted unit-unique password in non-volatile storage on the specific network device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing an emergency unit-specific password for a network device, comprising the steps of:
-
obtaining a unique serial number for a specific network device, wherein an original password used to access the specific network device is not available and wherein the specific network device includes an encrypted unit-unique password in non-volatile storage on the specific network device;
obtaining a global password used for a type of network device that includes the specific network device; and
generating an encrypted emergency unit-specific password for the specific network device with the unique serial number and the global password, wherein the encrypted emergency unit-specific password is valid only on the specific network device with the unique serial number, and wherein the encrypted emergency unit-specific password is used to regain access to the specific network device. - View Dependent Claims (8, 9, 10)
-
-
11. A method for using an emergency unit-specific password for a specific network device, comprising the steps of:
-
obtaining an emergency encrypted unit-specific password on a specific network device, wherein an original password used to access the specific network device is not available, and wherein the emergency encrypted unit-specific password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device;
obtaining an original encrypted unit-unique password on the specific network device from non-volatile storage on the specific network device, wherein the original encrypted unit-unique password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device;
determining whether the emergency encrypted unit-specific password matches the original encrypted unit-unique password on the specific network device, and if so, allowing access to configuration parameters on the specific network device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
determining whether the encrypted emergency unit-specific password matches the encrypted unit-unique password for the specific network device, and if not, not allowing access to configuration parameters on the specific network device.
-
-
14. The method of claim 11 wherein the specific network device includes any of a router, telephony switching hub, or a wireless phone.
-
15. The method of claim 11 wherein the encrypted emergency unit-specific password includes an encrypted global password using a unique serial number for the specific network device as an encryption key.
-
16. The method of claim 11 wherein the original encrypted unit-unique password for the specific network device includes an encrypted global password using a unique serial number for the specific network device as an encryption key.
-
17. The method of claim 11 wherein the original encrypted unit-unique password includes an encrypted unique serial number for the specific network device using a global password as an encryption key.
-
18. The method of claim 11 wherein the encrypted emergency unit-specific password includes an encrypted unique serial number for the specific network device using a global password as an encryption key.
-
19. An emergency password system for network devices, comprising in combination:
-
an original encrypted unit-unique password for identifying a specific network device, wherein the original encrypted unit-unique password includes a unique serial number and a global password used for a type of network device that includes the specific network device;
an emergency encrypted unit-specific password for accessing a specific network device, wherein an original password used to access the specific network device is not available, and wherein the emergency encrypted unit-specific password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device; and
an emergency encrypted unit-specific password generator for generating an emergency encrypted unit-specific password for a specific network device, wherein the emergency encrypted unit-specific password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device, and wherein the emergency encrypted unit-specific password is used to regain access to the specific network device.
-
-
20. A method for using an emergency unit-specific password for router, comprising the steps of:
-
obtaining an emergency encrypted unit-specific password on a router, wherein an original password used to access the router is not available, and wherein the emergency encrypted unit-specific password includes a unique serial number for the router and a global password used for routers;
obtaining an original encrypted unit-unique password for the router from non-volatile storage on the router, wherein the original encrypted unit-unique password includes a unique serial number for the router and a global password used for routers;
determining whether the emergency encrypted unit-specific password matches the original encrypted unit-unique password for the router, and if so, allowing access to routing tables on the router; and
if not,denying access to routing tables on the router. - View Dependent Claims (21)
-
Specification