Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-05-16
2004-11-23
Moise, Emmanuel L. (Department: 2136)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S100000, C713S152000, C713S152000, C709S217000, C709S219000, C709S220000, C709S221000, C709S222000
Reexamination Certificate
active
06823463
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to a method and system for data processing in general, and in particular to a method and system for providing system security on a computer. Still more particularly, the present invention relates to a method for providing security to a computer on a computer network such that remote configuration of the computer can be allowed.
2. Description of the Prior Art
Generally speaking, personal computers can be connected together to form computer networks in many ways and through the use of various schemes. In some computer networks, personal computers are used essentially as “dumb” terminals to communicate with a more powerful host computer XO typically known as a mainframe that serves to provide large databases and as the location of residence of applications programs. In other computer networks, personal computers are used as “smart” terminals that obtain application programs and sometimes data from a central file server (which may be another personal computer equipped with a direct access storage device of large capacity and capable of operating at relatively quick data recovery speeds), manipulate or receive entry of data, and return data to the file server. In still other computer networks, a group of personal computers may share among group resources, including peripheral devices such as printers, scanners, modems, etc., available to one or more of the personal computers within the computer network, and application program or data files located on various direct access storage devices each of which is more directly associated with a single one of the resource sharing personal computers. This type of computer network arrangements are typically known as a local-area network (LAN).
Although computer networks allow software updates and asset management to be performed in a more efficient manner, one area that has not benefitted from the computer networks is configuration management. Part of the problem preventing remote configuration updates to individual computers within a computer network is the fact that some updates require physical actions. These updates include adding an adapter card to an I/O channel or installing additional memories to a local memory bus. However, other configuration actions, such as changing DMA channel usage, assigning I/O address spaces, or assigning interrupt levels, could be performed at a remote network management point. The only problem is that the security of the computer network may be compromised if the configuration of a personal computer within the computer network is allowed to be changed remotely without any restriction. The present disclosure provides a method for ensuring network security before any remote configuration on a personal computer within a computer network is allowed.
SUMMARY OF THE INVENTION
The present invention provides security to a computer on a computer network for allowing remote configuration of the computer. In accordance with a preferred embodiment of the present invention, when a network-supplied privileged-access password (PAP) is encountered during a system boot-up operation of the computer, the network-supplied PAP is compared with a system-installed PAP. The network-supplied PAP is stored in a first location of a non-volatile memory of the computer, and the system-installed PAP is stored in a second location of the non-volatile memory of the computer. The system-installed PAP is previously entered to the computer via a keyboard of the computer. If the network-supplied PAP does not match the system-installed PAP, a tamper evident mechanism within the computer is set. Otherwise, if the network-supplied PAP matches the system-installed PAP, the boot-up operation continues to be performed. After the boot-up operation has been completed, configuration of the computer is allowed to be performed remotely over the computer network.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.
REFERENCES:
patent: 5287519 (1994-02-01), Dayan et al.
patent: 5341422 (1994-08-01), Blackledge et al.
patent: 5432939 (1995-07-01), Blackledge et al.
patent: 5574786 (1996-11-01), Dayan et al.
patent: 5671414 (1997-09-01), Nicolet
patent: 5708777 (1998-01-01), Sloan et al.
patent: 5742758 (1998-04-01), Dunham et al.
patent: 5774058 (1998-06-01), Henry et al.
patent: 5774879 (1998-06-01), Custy et al.
patent: 5826015 (1998-10-01), Schmidt
patent: 5908469 (1999-06-01), Botz et al.
patent: 6101608 (2000-08-01), Schmidt et al.
patent: 6108782 (2000-08-01), Fletcher et al.
patent: 6496858 (2002-12-01), Frailong et al.
Challener David Carroll
Dayan Richard Alan
Newman Palmer Eugene
Dillon & Yudell LLP
Grosser George E.
Moise Emmanuel L.
LandOfFree
Method for providing security to a computer on a computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for providing security to a computer on a computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for providing security to a computer on a computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3340073