Password protection for high reliability computer systems
First Claim
1. A high reliability computer system, said system comprising:
- a first processing engine (PE);
a first memory accessible by said first PE, containing initialization information for said first PE;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
a third memory accessible by said first PE, said third memory having a location for storing an enable password for said first PE, the enable password protecting access to a privileged mode and execution of privileged mode commands;
a fourth memory accessible by said second PE;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE; and
a password passer writing said enable password of said first PE to the fourth memory accessible by said second PE.
1 Assignment
0 Petitions
Accused Products
Abstract
A high reliability computer system includes a first processing engine (PE), a first memory and a third memory both accessible by the first PE, a second PE, and a second memory and a fourth memory both accessible by the second PE. The first memory contains initialization information for the first PE. The third memory has a location for storing an enable password or a surrogate therefor for the first PE. The second memory contains initialization information for the second PE. The computer system also includes circuitry for switching control of the system from the first PE to the second PE upon detection of a failure of the first PE, and a password passer writing the enable password or a surrogate therefor of the first PE to the fourth memory. Alternatively, a network system includes an authentication, authorization and accounting (AAA) or any other password server having a database for maintaining an enable password for a high reliability computer system. The high reliability computer system includes an interface capable of communicating with the password server over an information bus. The interface obtains the enable password from the password server in response to a request from either one of the first and second PEs.
62 Citations
85 Claims
-
1. A high reliability computer system, said system comprising:
-
a first processing engine (PE);
a first memory accessible by said first PE, containing initialization information for said first PE;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
a third memory accessible by said first PE, said third memory having a location for storing an enable password for said first PE, the enable password protecting access to a privileged mode and execution of privileged mode commands;
a fourth memory accessible by said second PE;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE; and
a password passer writing said enable password of said first PE to the fourth memory accessible by said second PE. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A high reliability computer system, said system comprising:
-
a first PE;
a first memory accessible by said first PE, containing initialization information for said first PE;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE;
a password memory accessible by said first and second PEs, having a location for storing an enable password for the system, the enable password protecting access to a privileged mode and execution of privileged mode commands; and
a password keeper for maintaining said enable password in said password memory for said first and second PEs. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A network system for providing password protection for a high reliability computer system, on a data communications network including a password server having a database for maintaining an enable password for said high reliability computer system, said password server being coupled via an information bus to said high reliability computer system, said system comprising:
-
a first PE;
a first memory accessible by said first PE, containing initialization information for said first PE;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE; and
an interface capable of communicating with the password server over the information bus, said interface obtaining an enable password from the password server in response to a request from either one of said first and second PEs, the enable password protecting access to a privileged mode and execution of privileged mode commands. - View Dependent Claims (17, 18, 19, 20, 21, 28)
-
-
22. A system for providing password protection for a high reliability computer system on a data communications network including a password server having a database for maintaining an enable password for said high reliability computer system, said password server being coupled via an information bus to said high reliability computer system, said system comprising:
-
a first PE;
a first memory accessible by said first PE, containing initialization information for said first PE;
a first interface for said first PE, said first interface capable of communicating user authentication requests and responses with the password server over the information bus, said first interface obtaining an enable password from the password server in response to a request from said first PE, the enable password protecting access to a privileged mode and execution of privileged mode commands;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
a second interface for said second PE, said second interface capable of communicating user authentication requests and responses with the password server over the information bus, said second interface obtaining said enable password from the password server in response to a request from said second PE; and
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (23, 24)
-
-
25. A method for operating a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE and having a location for storing an enable password for said first PE, a second PE, and a second memory accessible by said second PE, said second memory containing initialization information for said second PE, said method comprising:
-
writing said enable password of said first PE to a third memory accessible by said second PE, said enable password protecting access to a privileged mode and execution of privileged mode commands; and
automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (26, 27, 29, 30)
-
-
31. A method for operating a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, and a second memory accessible by said second PE, said second memory containing initialization information for said second PE, said method comprising:
-
providing a password memory accessible by said first and second PEs, having a location for storing an enable password, said enable password protecting access to a privileged mode and execution of privileged mode commands;
maintaining said enable password for said first and second PEs in said password memory; and
automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A method for providing password protection for a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, a second memory accessible by said second PE, said second memory containing initialization information for said second PE, and circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE, said method comprising:
-
sending an enable password for the high reliability computer system for storage in a database of a server coupled to the high reliability computer system via an information bus, the enable password protecting access to a privileged mode and execution of privileged mode commands;
providing an interface capable of communicating with the password server over the information bus; and
obtaining the enable password from the password server through the interface in response to a request from either one of the first and second PEs. - View Dependent Claims (39, 40, 41)
-
-
42. A method for providing password protection for a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, a second memory accessible by said second PE, said second memory containing initialization information for said second PE, and circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE, said method comprising:
-
sending an enable password for the high reliability computer system for storage in a database of a password server coupled to the high reliability computer system via an information bus, the enable password protecting access to a privileged mode and execution of privileged mode commands;
communicating user authentication requests and responses with the password server over the information bus via a first interface and obtaining the enable password from the password server for the first PE, the enable password protecting access to a privileged mode and execution of privileged mode commands; and
communicating user authentication requests and responses with the password server over the information bus via a second interface and obtaining the enable password from the password server for said second PE. - View Dependent Claims (43, 44)
-
-
45. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for operating a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE and having a location for storing an enable password for said first PE, a second PE, and a second memory accessible by said second PE, said second memory containing initialization information for said second PE, said method steps comprising:
-
writing said enable password of said first PE to a third memory accessible by said second PE, said enable password protecting access to a privileged mode and execution of privileged mode commands; and
automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for operating a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, and a second memory accessible by said second PE, said second memory containing initialization information for said second PE, said method steps comprising:
-
providing a password memory accessible by said first and second PEs, having a location for storing an enable password, said enable password protecting access to a privileged mode and execution of privileged mode commands;
maintaining said enable password for said first and second PEs in said password memory; and
automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (52, 53, 54, 55, 56, 57)
-
-
58. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for providing password protection for a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, a second memory accessible by said second PE, said second memory containing initialization information for said second PE, and circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE, said method steps comprising:
-
sending an enable password for the high reliability computer system for storage in a database of a password server coupled to the high reliability computer system via an information bus, the enable password protecting access to a privileged mode and execution of privileged mode commands on the high reliability computer system;
providing an interface capable of communicating with the password server over the information bus; and
obtaining the enable password from the password server through the interface in response to a request from either one of the first and second PEs. - View Dependent Claims (59, 60, 61)
-
-
62. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for providing password protection for a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, a second memory accessible by said second PE, said second memory containing initialization information for said second PE, and circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE, said method steps comprising:
-
sending an enable password for the high reliability computer system for storage in a database of an authentication, authorization and accounting (AAA) server coupled to the high reliability computer system via an information bus, the enable password protecting access to a privileged mode and execution of privileged mode commands on the high reliability computer system;
communicating user authentication requests and responses with the AAA server over the information bus via a first interface and obtaining the enable password from the AAA server for the first PE; and
communicating user authentication requests and responses with the AAA server over the information bus via a second interface and obtaining the enable password from the AAA server for the second PE. - View Dependent Claims (63, 64)
-
-
65. An apparatus for operating a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE and having a location for storing an enable password for said first PE, a second PE, and a second memory accessible by said second PE, said second memory containing initialization information for said second PE, said apparatus comprising:
-
means for writing said enable password of said first PE to a third memory accessible by said second PE, said enable password protecting access to a privileged mode and execution of privileged mode commands; and
means for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (66, 67)
-
-
68. An apparatus for operating a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, and a second memory accessible by said second PE, said second memory containing initialization information for said second PE, said apparatus comprising:
-
means for providing said first and second PEs with access to an enable password, the enable password protecting access to a privileged mode and execution of privileged mode commands;
means for maintaining said enable password for said first and second PEs; and
means for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE. - View Dependent Claims (69, 70)
-
-
71. An apparatus for providing password protection for a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, a second memory accessible by said second PE, said second memory containing initialization information for said second PE, and circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE, said apparatus comprising:
-
means for sending an enable password for the high reliability computer system for storage in a database of a password server coupled to the high reliability computer system via an information bus, the enable password protecting access to a privileged mode and execution of privileged mode commands on the high reliability computer system; and
means for communicating with the password server over the information bus and obtaining the enable password from the password server in response to a request from either one of the first and second PEs. - View Dependent Claims (72, 73)
-
-
74. An apparatus for providing password protection for a high reliability computer system, said system including a first PE, a first memory accessible by said first PE, said first memory containing initialization information for said first PE, a second PE, a second memory accessible by said second PE, said second memory containing initialization information for said second PE, and circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE, said apparatus comprising:
-
means for sending an enable password for the high reliability computer system for storage in a database of a password server coupled to the high reliability computer system via an information bus, the enable password protecting access to a privileged mode and execution of privileged mode commands;
means for communicating user authentication requests and responses with the password server over the information bus via a first interface and obtaining the enable password from the password server for the first PE; and
means for communicating user authentication requests and responses with the password server over the information bus via a second interface and obtaining the enable password from the password server for the second PE. - View Dependent Claims (75, 76)
-
-
77. A security system for providing password protection for a high reliability network device on a data communications computer network, said security system comprising:
-
a password server having a database for maintaining an enable password for the high reliability network device, said password server being coupled via an information bus to the high reliability network device; and
the high reliability network device, including;
a first processing engine (PE);
a first memory accessible by said first PE, containing initialization information for said first PE;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE; and
an interface capable of communicating with said password server over the information bus, said interface obtaining an enable password from said password server in response to a request from either one of said first and second PEs, the enable password protecting access to a privileged mode and execution of privileged mode commands. - View Dependent Claims (78, 79, 80)
-
-
81. A security system for providing password protection for a high reliability network device on a data communications network, said security system comprising:
-
a password server having a database for maintaining an enable password for the high reliability network device, said password server being coupled via an information bus to said high reliability network device; and
the high reliability network device, including;
a first PE;
a first memory accessible by said first PE, containing initialization information for said first PE;
a first interface for said first PE, said first interface capable of communicating user authentication requests and responses with the password server over the information bus, said first interface obtaining an enable password from the password server in response to a request from said first PE, the enable password protecting access to a privileged mode and execution of privileged mode commands;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
a second interface for said second PE, said second interface capable of communicating user authentication requests and responses with the password server over the information bus, said second interface obtaining said enable password from the password server in response to a request from said second PE; and
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE.
-
-
82. A high reliability network device, comprising:
-
a first processing engine (PE);
a first memory accessible by said first PE, containing initialization information for said first PE;
a first consol port coupled to said first PE via a bus, adapted to receive commands from a first consol;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
a second consol port coupled to said second PE via the bus, adapted to receive commands from a second consol;
a third memory accessible by said first PE, said third memory having a location for storing an enable password for said first PE, the enable password protecting access to a privileged mode and execution of privileged mode commands;
a fourth memory accessible by said second PE;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE; and
a password passer writing said enable password of said first PE to the fourth memory accessible by said second PE.
-
-
83. A high reliability network device, comprising:
-
a first PE;
a first memory accessible by said first PE, containing initialization information for said first PE;
a first consol port coupled to said first PE via a bus, adapted to receive commands from a first consol;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE;
a second consol port coupled to said second PE via the bus, adapted to receive commands from a second consol;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE;
a password memory accessible by said first and second PEs, having a location for storing an enable password for the system, the enable password protecting access to a privileged mode and execution of privileged mode commands; and
a password keeper for maintaining said enable password in said password memory for said first and second PEs.
-
-
84. A high reliability network device, comprising:
-
a first processing engine (PE);
a first memory accessible by said first PE, containing initialization information for said first PE; and
a first consol port coupled to said first PE via a bus, adapted to receive commands from a first consol;
a second PE;
a second memory accessible by said second PE, containing initialization information for said second PE; and
a second consol port coupled to said second PE via the bus, adapted to receive commands from a second consol;
circuitry for automatically switching control of said system from said first PE to said second PE upon detection of a failure of said first PE; and
an interface coupled to said first and second PEs via the bus, said interface being capable of communicating with a password server over an information bus, said interface obtaining an enable password from the password server in response to a request from either one of said first and second PEs, the enable password protecting access to a privileged mode and execution of privileged mode commands. - View Dependent Claims (85)
-
Specification