Method and system for secure emergency access to network devices

US 6,609,197 B1
Filed: 04/22/1999
Issued: 08/19/2003
Est. Priority Date: 04/22/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a network device, a method for creating a secure unit-unique password for the network device, comprising the steps of:

obtaining a unique serial number for a specific network device;

obtaining a global password used for a type network device that includes the specific network device; and

generating an encrypted unit-unique password for the specific network device with the unique serial number and the global password; and

storing the encrypted unit-unique password in non-volatile storage on the specific network device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and system for providing secure emergency access to network devices. The methods and system described herein can be used to provide secure emergency access to network devices such as routers, telephony switching hubs, etc. Secure emergency access helps close security holes for providing access to configuration parameters in a network device by using an encrypted unit-unique password. The secure emergency access includes generating an encrypted emergency unit-specific password for a specific network device using a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device. The encrypted emergency unit-specific password is valid only on the specific network device with the unique serial number. The encrypted emergency unit-specific password is used to regain access to a specific network device for which an original password has been lost or misplaced. The secure emergency access can also be used for wireless phones to limit access to a network device identifier and telephone number data to prevent “cloning.”

74 Citations

View as Search Results

21 Claims

1. In a network device, a method for creating a secure unit-unique password for the network device, comprising the steps of:
- obtaining a unique serial number for a specific network device;
  
  obtaining a global password used for a type network device that includes the specific network device; and
  
  generating an encrypted unit-unique password for the specific network device with the unique serial number and the global password; and
  
  storing the encrypted unit-unique password in non-volatile storage on the specific network device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 1.
  - 3. The method of claim 1 wherein the step of obtaining a unique serial number for a network device includes obtaining the unique serial number from non-volatile storage on the specific network device.
  - 4. The method of claim 1 wherein the step of generating an encrypted unit-unique password includes encrypting the global password using the unique serial number as an encryption key.
  - 5. The method of claim 1 wherein the step of generating an encrypted unit-unique password includes encrypting the unique serial number using the global password as an encryption key.
  - 6. The method of claim 1 wherein the step of storing the encrypted unit-unique password in non-volatile storage on the network device includes storing the encrypted unit-unique password in any of flash memory or flash read only memory on the network device.

7. A method for providing an emergency unit-specific password for a network device, comprising the steps of:
- obtaining a unique serial number for a specific network device, wherein an original password used to access the specific network device is not available and wherein the specific network device includes an encrypted unit-unique password in non-volatile storage on the specific network device;
  
  obtaining a global password used for a type of network device that includes the specific network device; and
  
  generating an encrypted emergency unit-specific password for the specific network device with the unique serial number and the global password, wherein the encrypted emergency unit-specific password is valid only on the specific network device with the unique serial number, and wherein the encrypted emergency unit-specific password is used to regain access to the specific network device.
- View Dependent Claims (8, 9, 10)
- - 8. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 7.
  - 9. The method of claim 7 wherein the step of generating an encrypted emergency unit-unique password for the specific network includes encrypting the global password using the unique serial number as an encryption key.
  - 10. The method of claim 7 wherein the step of generating an encrypted emergency unit-unique password for the specific network device includes encrypting the unique serial number using the global password as an encryption key.

11. A method for using an emergency unit-specific password for a specific network device, comprising the steps of:
- obtaining an emergency encrypted unit-specific password on a specific network device, wherein an original password used to access the specific network device is not available, and wherein the emergency encrypted unit-specific password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device;
  
  obtaining an original encrypted unit-unique password on the specific network device from non-volatile storage on the specific network device, wherein the original encrypted unit-unique password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device;
  
  determining whether the emergency encrypted unit-specific password matches the original encrypted unit-unique password on the specific network device, and if so, allowing access to configuration parameters on the specific network device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 11.
  - 13. The method of claim 11 further comprising:
14. The method of claim 11 wherein the specific network device includes any of a router, telephony switching hub, or a wireless phone.
15. The method of claim 11 wherein the encrypted emergency unit-specific password includes an encrypted global password using a unique serial number for the specific network device as an encryption key.
16. The method of claim 11 wherein the original encrypted unit-unique password for the specific network device includes an encrypted global password using a unique serial number for the specific network device as an encryption key.
17. The method of claim 11 wherein the original encrypted unit-unique password includes an encrypted unique serial number for the specific network device using a global password as an encryption key.
18. The method of claim 11 wherein the encrypted emergency unit-specific password includes an encrypted unique serial number for the specific network device using a global password as an encryption key.

19. An emergency password system for network devices, comprising in combination:
- an original encrypted unit-unique password for identifying a specific network device, wherein the original encrypted unit-unique password includes a unique serial number and a global password used for a type of network device that includes the specific network device;
  
  an emergency encrypted unit-specific password for accessing a specific network device, wherein an original password used to access the specific network device is not available, and wherein the emergency encrypted unit-specific password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device; and
  
  an emergency encrypted unit-specific password generator for generating an emergency encrypted unit-specific password for a specific network device, wherein the emergency encrypted unit-specific password includes a unique serial number for the specific network device and a global password used for a type of network device that includes the specific network device, and wherein the emergency encrypted unit-specific password is used to regain access to the specific network device.

20. A method for using an emergency unit-specific password for router, comprising the steps of:
- obtaining an emergency encrypted unit-specific password on a router, wherein an original password used to access the router is not available, and wherein the emergency encrypted unit-specific password includes a unique serial number for the router and a global password used for routers;
  
  obtaining an original encrypted unit-unique password for the router from non-volatile storage on the router, wherein the original encrypted unit-unique password includes a unique serial number for the router and a global password used for routers;
  
  determining whether the emergency encrypted unit-specific password matches the original encrypted unit-unique password for the router, and if so, allowing access to routing tables on the router; and
  
  if not, denying access to routing tables on the router.
- View Dependent Claims (21)
- - 21. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 20.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Acomb, Stanford K., Ketcham, Carl C.
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/296,192
Time in Patent Office

1,580 Days
Field of Search

713/153, 713/155, 713/162, 713/163, 713/182, 713/183, 713/184, 713/200, 713/201, 713/202, 380/211, 380/264
US Class Current

713/155
CPC Class Codes

H04L 41/08   Configuration management of...

H04L 41/28   Restricting access to netwo...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

Method and system for secure emergency access to network devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure emergency access to network devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links