+

US20160080359A1 - Authentication using lights-out management credentials - Google Patents

Authentication using lights-out management credentials Download PDF

Info

Publication number
US20160080359A1
US20160080359A1 US14/946,759 US201514946759A US2016080359A1 US 20160080359 A1 US20160080359 A1 US 20160080359A1 US 201514946759 A US201514946759 A US 201514946759A US 2016080359 A1 US2016080359 A1 US 2016080359A1
Authority
US
United States
Prior art keywords
lom
user
credential
authenticating
data storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/946,759
Inventor
Cecil J. Ayvaz
Jorge Daniel Cisneros
Lee A. Preimesberger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Enterprise Development LP
Original Assignee
Hewlett Packard Enterprise Development LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Enterprise Development LP filed Critical Hewlett Packard Enterprise Development LP
Priority to US14/946,759 priority Critical patent/US20160080359A1/en
Publication of US20160080359A1 publication Critical patent/US20160080359A1/en
Assigned to HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. reassignment HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AYVEZ, CEMIL J., CISNEROS, JORGE DANIEL, PREIMESBERGER, LEE A.
Assigned to HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP reassignment HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Definitions

  • a device of the system may be operated remotely when the system device is powered down.
  • the lights-out management capability may be accessed by an authorized user via a data port of the system device.
  • An authorized user may be authenticated by comparison of data (e.g. user name, identification, information, or password) that is provided by a user that is accessing device with credential data that is stored in a data storage device that is associated with the system device.
  • Many applications that run on a computing device such as an operating system or network access, also require authentication of a user before permitting the user to access the application. For example, logging in to a network or communicating with the network may include application of a Secure Shell (SSH) protocol.
  • SSH Secure Shell
  • FIG. 1 is a schematic illustration of an example of a system for application of authentication using lights-out management (LOM) credentials;
  • LOM lights-out management
  • FIG. 2 is a schematic illustration of an example of a system device for application of authentication using LOM credentials
  • FIG. 3 is a flowchart depicting an example of a method for authentication using LOM credentials.
  • FIG. 4 is a flowchart depicting an example of application of a method for authentication using LOM credentials to communication using an SSH protocol.
  • a system device may include credential-related data that is stored on a non-volatile data storage device that is associated with the system device.
  • the non-volatile data storage device may be associated with a lights-out management (LOM, alternatively known as out-of-band, OOB, management) capability of the system device.
  • LOM lights-out management
  • an LOM capability may enable an authorized user operating a remote device (e.g. that is capable of communicating with the system device via a network) to access and operate at least some capabilities of the system device, even when the system device is shut down.
  • an LOM capability may enable the authorized user to remotely access and manipulate the system device without starting an operating system on the system device. Communication between the remote device and the system device may be in accordance with a communications protocol.
  • Non-volatile data storage device may include a solid-state data storage device that may be accessible when an electrical power line to the system device is disconnected (main power turned off).
  • the non-volatile data storage device may be integrated into a circuit board (e.g. a mother board or separate LOM-related card) that is associated with the system device or with the LOM capability of the system device.
  • a user of a remote device that is attempting to interact with the system device via the LOM capability of the system device may be required to submit authentication data.
  • an application running on the remote device that communicates with the system device via the LOM capability may require the user to enter authentication data via a user interface. If the submitted authentication data is compatible with the credentials that are store on the non-volatile data storage device, the user may be allowed access to the system device via the LOM capability.
  • An application that is running on the system device may also require authentication of a user that is attempting to operate the system. For example, authentication or verification of a user's identity may be required when starting or restarting an operating system (e.g. Linux or Windows), connecting to a network (e.g. using a Secure Shell (SSH) protocol), or starting an application that runs under an operating system.
  • an operating system e.g. Linux or Windows
  • SSH Secure Shell
  • credentials used to authenticate the user e.g. user name, permissions, password, public key
  • the stored credentials may be utilized by an LOM capability to authenticate a user, and by an application running under an operating system.
  • FIG. 1 is a schematic illustration of an example of a system for application of authentication using LOM credentials.
  • System 10 for application of authentication using LOM credentials includes a system device 12 .
  • system device 12 may represent a computer or server.
  • FIG. 2 is a schematic illustration of an example of a system device for application of authentication using LOM credentials.
  • System device 12 may include one or more of a processor 24 , a data storage device 28 , or a memory 32 .
  • Processor 24 of system device 12 may be configured to operate in accordance with stored programmed instructions.
  • Processor 24 of system device 12 may be capable of executing an application for authentication using LOM credentials.
  • Processor 24 may include a single processor, or two or more intercommunicating data processing units.
  • Processor 24 may communicate with memory 32 .
  • Memory 32 may include one or more volatile or nonvolatile memory devices. Memory 32 may be utilized to store, for example, programmed instructions for operation of processor 24 , data or parameters for use by processor 24 during operation, or results of operation of processor 24 .
  • Data storage device 28 may include one or more fixed or removable nonvolatile data storage devices.
  • data storage device 28 may include a computer readable medium for storing program instructions for operation of processor 24 .
  • the programmed instructions may take the form of communications module 30 for communicating with LOM enabling unit 14 .
  • storage device 20 may be remote from processor 24 or from system device 12 .
  • storage device 20 may be a storage device of a remote server storing communications module 30 in the form of an installation package or packages that can be downloaded and installed for execution by processor 24 .
  • Data storage device 28 may be utilized to store data or parameters for use by processor 24 during operation, or results of operation of processor 24 .
  • Processor 24 may communicate with an output device 18 .
  • output device 18 may include a computer monitor or screen.
  • Processor 24 may communicate with a screen of output device 18 to display a user interface or a notification that is visible to a user.
  • output device 18 may include a printer, display panel, speaker, or another device capable of producing visible, audible, or tactile output.
  • Processor 24 may communicate with an input device 16 .
  • input device 16 may include one or more of a keyboard, keypad, or pointing device for enabling a user to inputting data or instructions for operation of system device 12 or processor 24 .
  • LOM enabling unit 14 may be incorporated into system device 12 as part of a circuit board (e.g. a computer mother board) or as a separate unit, device, or circuit board.
  • LOM enabling unit 14 includes LOM data storage unit 16 .
  • LOM data storage unit 16 may include a solid state or other non-volatile data storage device.
  • LOM enabling unit 14 and LOM data storage unit 16 may be configured to operate on minimal electrical power (e.g. on electrical power stored in a battery or capacitor), such that LOM enabling unit 14 and LOM data storage unit 16 may operate when electrical power to system device 12 is turned off.
  • System device 12 may connect to network 20 .
  • system device 12 may communicate via network 20 with one or more other devices or systems, such as remote device 22 .
  • remote device 22 may include one or more of a processor or computer, an input device, or an output device.
  • LOM enabling unit 14 may be accessible via network 20 , e.g. to remote device 22 .
  • LOM enabling unit 14 may connect to network 20 via a dedicated communications channel (e.g. a dedicated port or cable), or via a communications channel that is common to system device 12 and to LOM enabling unit 14 .
  • a dedicated communications channel e.g. a dedicated port or cable
  • An authorized user that operates remote device 22 may access system device 12 via LOM enabling unit 14 .
  • an authorized user operating remote device 22 may provide identification data via a user interface that is running on remote device 22 .
  • the provided identification data may be authenticated in accordance with data that is stored in LOM data storage unit 16 .
  • a user name or password provided by the user via remote device 22 may be compared to, or analyzed in light of, data that is stored in LOM data storage unit 16 .
  • Data that is stored in LOM data storage unit 16 may include data that indicates which permissions are granted to each authorized user. For example, an indicated permission may indicate whether or not the authorized user is permitted to perform a particular operation on system device 12 .
  • Access to system device 12 via LOM enabling unit 14 may enable performance of operations on system device 12 when power to system device 12 is turned off, or when no operating system is running on system device 12 .
  • Such operations may include, for example, powering on system device 12 , installing or starting up an operating system on system device 12 , or modifying system firmware.
  • System device 12 may be configured to operate in a manner that requires authentication.
  • system device 12 may be configured to access network 20 using an SSH protocol.
  • system device 12 may be required to provide information that is related to data such as, for example, an authorized party identification or a I public key, for establishing secure communications between system device 12 and another device, e.g. remote device 22 .
  • credential data for providing such required information may be stored and retrieved from LOM data storage device.
  • list of remote users or devices that are authorized to access system device 12 via LOM enabling unit 14 may partially or completely overlap a list of remote users or devices with which secure communication is authorized.
  • single list of such authorized remote users or devices may be stored in LOM data storage unit 16 .
  • a remote user or device may be entered once, thus enabling entry of such credential data only once.
  • system device 12 may execute a method for authentication using LOM credentials.
  • FIG. 3 is a flowchart depicting an example of a method for authentication using LOM credentials.
  • Authentication method 100 may be executed by a processor of a system capable of authentication using LOM credentials.
  • Authentication method 100 may be executed upon a request or command that is issued by a user, or automatically issued by another application.
  • Authentication method 100 may be executed when user data is received that requires authentication (block 110 ).
  • user data may be received when a user requests to perform an operation related to a system device of a system that implements authentication using LOM credentials.
  • An appropriate application may be configured to authenticate the user and verify that the user is authorized to perform the operation.
  • LOM credential data may be received from an LOM data storage unit (block 120 ).
  • the LOM data storage unit may include a table of users and data related to the users.
  • the data related to the users may include data that may be utilized to authenticate a user or data that indicates whether the user is authorized to perform the requested operation.
  • the user data may be compared with the LOM credential data to verify whether the user data is authenticated (block 130 ). For example, authentication may verify the user's identity and may indicate if the user is authorized to perform the requested operation.
  • the operation may be performed (block 140 ).
  • the user may be granted access to data stored by the system device, to communicate with the system device, or to perform an operation on the system device.
  • the request to perform the operation is denied (block 150 ).
  • a notification may be sent to the user of the denial.
  • FIG. 4 is a flowchart depicting an example of application of a method for authentication using LOM credentials to communication using an SSH protocol.
  • SSH authentication method 200 may be executed when user data for SSH communication is to be updated (block 210 ).
  • user data may be updated when an operating system on a system device (e.g. a server) is booted or initialized, at predetermined or periodic intervals, in response to a predetermined condition, or upon a user request.
  • a system device e.g. a server
  • Credential data may be retrieved from an LOM data storage unit (block 220 ).
  • the credential data may be in the form of a table.
  • Credential data in the table may include user identification data associated with a list of public keys for use in secure communications with each of the users.
  • a list of users that are authorized to securely communicate with the system device may be updated in accordance with the retrieved data (block 230 ).
  • the credential data stored on the LOM data storage unit may be updated whenever a new user receives authorization to securely communicate with the system device, or when authorization is cancelled for a user.
  • a current list of users that is utilized by the system device e.g. in a memory that is associated with the system device, may be updated in accordance with the retrieved credential data. For example, a user appears in the credential data table but not in the current list may be added to the current list. A user that appears in the current list but not in the credential data may be removed from the current list.
  • Public keys for the users in the current list may be installed (block 240 ). Installing the public keys may enable secure communications (e.g. via an SSH protocol) between the system device and each user that is associated with an installed public key.
  • secure communications e.g. via an SSH protocol
  • a computer program application stored in a computer-readable medium may include code or executable instructions that when executed may instruct or cause a controller or processor to perform methods discussed herein, such as an example of a method for a method for authentication using LOM credentials.
  • the computer-readable medium may be a non-transitory computer-readable media including all forms and types of computer-readable media except for a transitory, propagating signal.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method includes upon receiving a request from a user to perform an operation on a device that is running under an operating system, authenticating the user on the basis of credential data that is retrieved from a data storage unit that is associated with a lights-out management (LOM) capability of the device. If authentication of the user is successful, the user is enabled to perform the operation.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is a continuation of co-pending U.S. patent application Ser. No. 13/455,467, filed 25 Apr. 2012, the entire contents of which are hereby incorporated by reference as though fully set forth herein.
    • BACKGROUND
  • In a system that is configured for a lights-out management (LOM) or out-of-band (OOB) management capability, a device of the system may be operated remotely when the system device is powered down. For example, the lights-out management capability may be accessed by an authorized user via a data port of the system device. An authorized user may be authenticated by comparison of data (e.g. user name, identification, information, or password) that is provided by a user that is accessing device with credential data that is stored in a data storage device that is associated with the system device.
  • Many applications that run on a computing device, such as an operating system or network access, also require authentication of a user before permitting the user to access the application. For example, logging in to a network or communicating with the network may include application of a Secure Shell (SSH) protocol.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanied drawings in which:
  • FIG. 1 is a schematic illustration of an example of a system for application of authentication using lights-out management (LOM) credentials;
  • FIG. 2 is a schematic illustration of an example of a system device for application of authentication using LOM credentials;
  • FIG. 3 is a flowchart depicting an example of a method for authentication using LOM credentials; and
  • FIG. 4 is a flowchart depicting an example of application of a method for authentication using LOM credentials to communication using an SSH protocol.
    •  DETAILED DESCRIPTION
  • In accordance with an example of authentication using lights-out management (LOM) credentials, a system device (e.g. a network server or other computer) may include credential-related data that is stored on a non-volatile data storage device that is associated with the system device. For example, the non-volatile data storage device may be associated with a lights-out management (LOM, alternatively known as out-of-band, OOB, management) capability of the system device. For example, an LOM capability may enable an authorized user operating a remote device (e.g. that is capable of communicating with the system device via a network) to access and operate at least some capabilities of the system device, even when the system device is shut down. For example, an LOM capability may enable the authorized user to remotely access and manipulate the system device without starting an operating system on the system device. Communication between the remote device and the system device may be in accordance with a communications protocol.
  • Data that is related to the credentials of the authorized user may be stored on the non-volatile data storage device that is associated with the system device. For example, a suitable non-volatile storage device may include a solid-state data storage device that may be accessible when an electrical power line to the system device is disconnected (main power turned off). For example, the non-volatile data storage device may be integrated into a circuit board (e.g. a mother board or separate LOM-related card) that is associated with the system device or with the LOM capability of the system device.
  • A user of a remote device that is attempting to interact with the system device via the LOM capability of the system device may be required to submit authentication data. For example, an application running on the remote device that communicates with the system device via the LOM capability may require the user to enter authentication data via a user interface. If the submitted authentication data is compatible with the credentials that are store on the non-volatile data storage device, the user may be allowed access to the system device via the LOM capability.
  • An application that is running on the system device may also require authentication of a user that is attempting to operate the system. For example, authentication or verification of a user's identity may be required when starting or restarting an operating system (e.g. Linux or Windows), connecting to a network (e.g. using a Secure Shell (SSH) protocol), or starting an application that runs under an operating system. In accordance with an example of authentication using out-of-band credentials, credentials used to authenticate the user (e.g. user name, permissions, password, public key), and that are stored in the non-volatile data storage device, may be shared. Thus, the stored credentials may be utilized by an LOM capability to authenticate a user, and by an application running under an operating system.
  • A system may be configured for authentication using LOM credentials. FIG. 1 is a schematic illustration of an example of a system for application of authentication using LOM credentials.
  • System 10 for application of authentication using LOM credentials includes a system device 12. For example, system device 12 may represent a computer or server. FIG. 2 is a schematic illustration of an example of a system device for application of authentication using LOM credentials.
  • System device 12 may include one or more of a processor 24, a data storage device 28, or a memory 32. Processor 24 of system device 12 may be configured to operate in accordance with stored programmed instructions. Processor 24 of system device 12 may be capable of executing an application for authentication using LOM credentials. Processor 24 may include a single processor, or two or more intercommunicating data processing units.
  • Processor 24 may communicate with memory 32. Memory 32 may include one or more volatile or nonvolatile memory devices. Memory 32 may be utilized to store, for example, programmed instructions for operation of processor 24, data or parameters for use by processor 24 during operation, or results of operation of processor 24.
  • Processor 24 may communicate with data storage device 28. Data storage device 28 may include one or more fixed or removable nonvolatile data storage devices. For example, data storage device 28 may include a computer readable medium for storing program instructions for operation of processor 24. In this example, the programmed instructions may take the form of communications module 30 for communicating with LOM enabling unit 14. It is noted that storage device 20 may be remote from processor 24 or from system device 12. In such cases storage device 20 may be a storage device of a remote server storing communications module 30 in the form of an installation package or packages that can be downloaded and installed for execution by processor 24. Data storage device 28 may be utilized to store data or parameters for use by processor 24 during operation, or results of operation of processor 24.
  • Processor 24 may communicate with an output device 18. For example, output device 18 may include a computer monitor or screen. Processor 24 may communicate with a screen of output device 18 to display a user interface or a notification that is visible to a user. In another example, output device 18 may include a printer, display panel, speaker, or another device capable of producing visible, audible, or tactile output.
  • Processor 24 may communicate with an input device 16. For example, input device 16 may include one or more of a keyboard, keypad, or pointing device for enabling a user to inputting data or instructions for operation of system device 12 or processor 24.
  • Processor 24 may include or communicate with LOM enabling unit 14. For example, LOM enabling unit 14 may be incorporated into system device 12 as part of a circuit board (e.g. a computer mother board) or as a separate unit, device, or circuit board. LOM enabling unit 14 includes LOM data storage unit 16. For example, LOM data storage unit 16 may include a solid state or other non-volatile data storage device. LOM enabling unit 14 and LOM data storage unit 16 may be configured to operate on minimal electrical power (e.g. on electrical power stored in a battery or capacitor), such that LOM enabling unit 14 and LOM data storage unit 16 may operate when electrical power to system device 12 is turned off.
  • System device 12 may connect to network 20. For example, system device 12 may communicate via network 20 with one or more other devices or systems, such as remote device 22. For example, remote device 22 may include one or more of a processor or computer, an input device, or an output device.
  • LOM enabling unit 14 may be accessible via network 20, e.g. to remote device 22. LOM enabling unit 14 may connect to network 20 via a dedicated communications channel (e.g. a dedicated port or cable), or via a communications channel that is common to system device 12 and to LOM enabling unit 14.
  • An authorized user that operates remote device 22 may access system device 12 via LOM enabling unit 14. For example, an authorized user operating remote device 22 may provide identification data via a user interface that is running on remote device 22. The provided identification data may be authenticated in accordance with data that is stored in LOM data storage unit 16. For example, a user name or password provided by the user via remote device 22 may be compared to, or analyzed in light of, data that is stored in LOM data storage unit 16. Data that is stored in LOM data storage unit 16 may include data that indicates which permissions are granted to each authorized user. For example, an indicated permission may indicate whether or not the authorized user is permitted to perform a particular operation on system device 12.
  • Access to system device 12 via LOM enabling unit 14 may enable performance of operations on system device 12 when power to system device 12 is turned off, or when no operating system is running on system device 12. Such operations may include, for example, powering on system device 12, installing or starting up an operating system on system device 12, or modifying system firmware.
  • System device 12 may be configured to operate in a manner that requires authentication. For example, system device 12 may be configured to access network 20 using an SSH protocol. Thus, when communicating via network 20, system device 12 may be required to provide information that is related to data such as, for example, an authorized party identification or a I public key, for establishing secure communications between system device 12 and another device, e.g. remote device 22. In accordance with an example of authentication using LOM credentials, credential data for providing such required information may be stored and retrieved from LOM data storage device.
  • For example, list of remote users or devices that are authorized to access system device 12 via LOM enabling unit 14 may partially or completely overlap a list of remote users or devices with which secure communication is authorized. Thus, single list of such authorized remote users or devices may be stored in LOM data storage unit 16. In this manner, a remote user or device may be entered once, thus enabling entry of such credential data only once.
  • In operation, system device 12 may execute a method for authentication using LOM credentials.
  • FIG. 3 is a flowchart depicting an example of a method for authentication using LOM credentials. Authentication method 100 may be executed by a processor of a system capable of authentication using LOM credentials. Authentication method 100 may be executed upon a request or command that is issued by a user, or automatically issued by another application.
  • It should be understood with respect to all flowcharts referenced herein that the division of an illustrated method into discrete operations represented by blocks of the flowchart has been selected for convenience and clarity only. Alternative division of the illustrated method into discrete operations is possible with equivalent results. Such alternative division of the illustrated method into discrete operations should be understood as representing other examples of the illustrated method.
  • Similarly, it should be understood that, unless indicated otherwise, the illustrated order of execution of the operations represented by blocks of any flowchart referenced herein has been selected for convenience and clarity only. Operations of the illustrated method may be executed in an alternative order, or concurrently, with equivalent results. Such reordering of operations of the illustrated method should be understood as representing other examples of the illustrated method.
  • Authentication method 100 may be executed when user data is received that requires authentication (block 110). For example, user data may be received when a user requests to perform an operation related to a system device of a system that implements authentication using LOM credentials. An appropriate application may be configured to authenticate the user and verify that the user is authorized to perform the operation.
  • LOM credential data may be received from an LOM data storage unit (block 120). For example, the LOM data storage unit may include a table of users and data related to the users. The data related to the users may include data that may be utilized to authenticate a user or data that indicates whether the user is authorized to perform the requested operation.
  • The user data may be compared with the LOM credential data to verify whether the user data is authenticated (block 130). For example, authentication may verify the user's identity and may indicate if the user is authorized to perform the requested operation.
  • If the user data is authenticated, the operation may be performed (block 140). For example, the user may be granted access to data stored by the system device, to communicate with the system device, or to perform an operation on the system device.
  • If the user data is not authenticated, the request to perform the operation is denied (block 150). A notification may be sent to the user of the denial.
  • A particular example of application of authentication method 100 may be applied with respect to secure communications, e.g. via an SSH protocol. FIG. 4 is a flowchart depicting an example of application of a method for authentication using LOM credentials to communication using an SSH protocol.
  • SSH authentication method 200 may be executed when user data for SSH communication is to be updated (block 210). For example, user data may be updated when an operating system on a system device (e.g. a server) is booted or initialized, at predetermined or periodic intervals, in response to a predetermined condition, or upon a user request.
  • Credential data may be retrieved from an LOM data storage unit (block 220). For example, the credential data may be in the form of a table. Credential data in the table may include user identification data associated with a list of public keys for use in secure communications with each of the users.
  • A list of users that are authorized to securely communicate with the system device may be updated in accordance with the retrieved data (block 230). For example, the credential data stored on the LOM data storage unit may be updated whenever a new user receives authorization to securely communicate with the system device, or when authorization is cancelled for a user. A current list of users that is utilized by the system device, e.g. in a memory that is associated with the system device, may be updated in accordance with the retrieved credential data. For example, a user appears in the credential data table but not in the current list may be added to the current list. A user that appears in the current list but not in the credential data may be removed from the current list.
  • Public keys for the users in the current list may be installed (block 240). Installing the public keys may enable secure communications (e.g. via an SSH protocol) between the system device and each user that is associated with an installed public key.
  • In accordance with an example of a method for authentication using LOM credentials, a computer program application stored in a computer-readable medium (e.g., register memory, processor cache, RAM, ROM, hard drive, flash memory, CD ROM, magnetic media, etc.) may include code or executable instructions that when executed may instruct or cause a controller or processor to perform methods discussed herein, such as an example of a method for a method for authentication using LOM credentials. The computer-readable medium may be a non-transitory computer-readable media including all forms and types of computer-readable media except for a transitory, propagating signal.

Claims (17)

1-19. (canceled)
20. A method comprising:
retrieving, by a lights-out management (LOM) enabling unit, a LOM credential from a LOM data storage unit of the LOM enabling unit while a system device including the LOM enabling unit is in a powered-down state, wherein the LOM credential indicates which permissions are granted a user from a group of users;
authenticating, by the LOM enabling unit, the user based on the LOM credential retrieved from the LOM data storage unit; and
updating a current table of authorized users based on the authenticating by the LOM enabling unit, wherein the current table of authorized users is stored on the LOM data storage unit, and the updating is performed upon booting an operating system of the system device.
21. The method of claim 20, comprising:
receiving, by an application executing on the system device using a processor that is separate from the LOM enabling unit, a request from the user to perform an operation on the system device;
in response to receiving the request, retrieving, by the application, the LOM credential from the LOM data storage unit;
authenticating, by the application, the user based on the LOM credential that is retrieved from the LOM data storage unit; and
fulfilling or enabling the user to fulfill the request based on the authenticating by the application.
22. The method of claim 20, wherein the credential data comprises data of a type selected from a group of credential data types consisting of: user identification, password, permission, and a public key.
23. The method of claim 20, wherein updating the current table based on the authenticating by the LOM enabling unit comprises adding the user to the current table when the user is not included in the current table and the authenticating by the LOM enabling unit is successful.
24. The method of claim 20, wherein updating the current table based on the authenticating by the LOM enabling unit comprises removing the user from the current table when the user is included in the current table and the authenticating by the LOM enabling unit is not successful.
25. The method of claim 20, comprising issuing a notification if the authentication of the user is not successful.
26. A non-transitory computer-readable storage medium having stored thereon instructions that when executed by hardware will cause the hardware to perform a method comprising:
retrieving, by a lights-out management (LOM) enabling unit, a LOM credential from a LOM data storage unit of the LOM enabling unit while a system device including the LOM enabling unit is in a powered-down state, wherein the LOM credential indicates which permissions are granted a user from a group of users;
authenticating, by the LOM enabling unit, the user based on the LOM credential retrieved from the LOM data storage unit; and
updating a current table of authorized users based on the authenticating by the LOM enabling unit, wherein the current table of authorized users is stored on the LOM data storage unit, and the updating is performed upon booting an operating system of the system device.
27. The non-transitory computer-readable storage medium of claim 26, the method comprising:
receiving, by an application executing on the system device and not executing on the LOM enabling unit, a request from the user to perform an operation on the system device;
in response to receiving the request, retrieving, by the application, the LOM credential from the LOM data storage unit;
authenticating, by the application, the user based on the LOM credential that is retrieved from the LOM data storage unit; and
enabling the request to be fulfilled based on the authenticating by the application.
28. The non-transitory computer-readable storage medium of claim 26, wherein the credential data comprises data of a type selected from a group of credential data types consisting of: user identification, password, permission, and a public key.
29. The non-transitory computer-readable storage medium of claim 26, wherein updating the current table based on the authenticating by the LOM enabling unit comprises adding a given user to the current table when the given user is not included in the current table and the authenticating by the LOM enabling unit is successful.
30. The non-transitory computer-readable storage medium of claim 26, wherein updating the current table based on the authenticating by the LOM enabling unit comprises removing the user from the current table when the user is included in the current table and the authenticating by the LOM enabling unit is not successful.
31. The non-transitory computer-readable storage medium of claim 26, the method comprising issuing a notification if the authentication of the user is not successful.
32. A system comprising:
a light-out management (LOM) enabling unit including a data storage unit, wherein the LOM enabling unit is to:
retrieve a LOM credential from the data storage unit while system is in a powered-down state, wherein the LOM credential indicates which permissions are granted a user from a group of users; and
authenticate the user based on the LOM credential retrieved from the data storage unit by the LOM enabling unit; and
a processing unit in communication with a computer-readable medium, the processing unit running under an operating system, wherein the computer-readable medium contains a set of instructions that, when executed by the processing unit, cause the processing unit to:
receive a request from the user to perform an operation on the system;
retrieve the LOM credential from the data storage unit;
authenticate the user based on the LOM credential that is retrieved from the LOM data storage unit by the processing unit; and
enable the request to be fulfilled based on the authenticating by the processing unit.
33. The system of claim 32, wherein the processing unit is configured to communicate with a remote device via a network.
34. The system of claim 33, wherein the processing unit is configured to communicate via the network using a Secure Shell (SSH) protocol.
35. The system of claim 34, wherein to enable communication via the SSH protocol, the processing unit is configured to obtain a public key from the LOM credential retrieved by the processing unit.
US14/946,759 2012-04-25 2015-11-19 Authentication using lights-out management credentials Abandoned US20160080359A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/946,759 US20160080359A1 (en) 2012-04-25 2015-11-19 Authentication using lights-out management credentials

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/455,467 US9218462B2 (en) 2012-04-25 2012-04-25 Authentication using lights-out management credentials
US14/946,759 US20160080359A1 (en) 2012-04-25 2015-11-19 Authentication using lights-out management credentials

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/455,467 Continuation US9218462B2 (en) 2012-04-25 2012-04-25 Authentication using lights-out management credentials

Publications (1)

Publication Number Publication Date
US20160080359A1 true US20160080359A1 (en) 2016-03-17

Family

ID=49478564

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/455,467 Active 2032-09-18 US9218462B2 (en) 2012-04-25 2012-04-25 Authentication using lights-out management credentials
US14/946,759 Abandoned US20160080359A1 (en) 2012-04-25 2015-11-19 Authentication using lights-out management credentials

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/455,467 Active 2032-09-18 US9218462B2 (en) 2012-04-25 2012-04-25 Authentication using lights-out management credentials

Country Status (1)

Country Link
US (2) US9218462B2 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9218462B2 (en) * 2012-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp Authentication using lights-out management credentials
JP6201835B2 (en) * 2014-03-14 2017-09-27 ソニー株式会社 Information processing apparatus, information processing method, and computer program
US10205785B2 (en) * 2014-09-11 2019-02-12 Dell Products L.P. Systems and methods for providing virtual crash cart access to an information handling system
US10616054B2 (en) * 2017-10-27 2020-04-07 Ncr Corporation Media player with a wireless access point for supportability
US11233850B2 (en) * 2018-04-17 2022-01-25 Hewlett Packard Enterprise Development Lp Replicating data over a public network
CN111245830B (en) * 2020-01-10 2021-12-24 成都中科合迅科技有限公司 Non-centralized user authentication and authorization method for asymmetric encryption
US11580225B2 (en) 2020-01-29 2023-02-14 Hewlett Packard Enterprise Development Lp Determine whether to perform action on computing device based on analysis of endorsement information of a security co-processor
US11057381B1 (en) * 2020-04-29 2021-07-06 Snowflake Inc. Using remotely stored credentials to access external resources

Citations (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6668322B1 (en) * 1999-08-05 2003-12-23 Sun Microsystems, Inc. Access management system and method employing secure credentials
US20050071677A1 (en) * 2003-09-30 2005-03-31 Rahul Khanna Method to authenticate clients and hosts to provide secure network boot
US20060026418A1 (en) * 2004-07-29 2006-02-02 International Business Machines Corporation Method, apparatus, and product for providing a multi-tiered trust architecture
US7024695B1 (en) * 1999-12-30 2006-04-04 Intel Corporation Method and apparatus for secure remote system management
US20060095967A1 (en) * 2004-10-29 2006-05-04 David Durham Platform-based identification of host software circumvention
US20060224897A1 (en) * 2005-04-01 2006-10-05 Satoshi Kikuchi Access control service and control server
US20070033273A1 (en) * 2005-04-15 2007-02-08 White Anthony R P Programming and development infrastructure for an autonomic element
US20070130481A1 (en) * 2005-12-01 2007-06-07 Shuta Takahashi Power control method and system
US20070168574A1 (en) * 2005-09-28 2007-07-19 Dell Products L.P. System and method for securing access to general purpose input/output ports in a computer system
US20070204332A1 (en) * 2006-02-24 2007-08-30 Dell Products L.P. Authentication of baseboard management controller users in a blade server system
US20070297396A1 (en) * 2006-06-22 2007-12-27 Avigdor Eldar Secure and automatic provisioning of computer systems having embedded network devices
US20070299846A1 (en) * 2006-06-22 2007-12-27 Sun Microsystems, Inc. System and method for meta-data driven instrumentation
US20080040522A1 (en) * 2006-08-10 2008-02-14 Avocent Huntsville Corporation Rack interface pod with intelligent platform control
US20080060068A1 (en) * 2006-08-31 2008-03-06 Mabayoje Bukie O Methods and arrangements for remote communications with a trusted platform module
US20080082828A1 (en) * 2006-09-29 2008-04-03 Infineon Technologies Ag Circuit arrangement and method for starting up a circuit arrangement
US20080244257A1 (en) * 2007-03-30 2008-10-02 Kushagra Vaid Server active management technology (AMT) assisted secure boot
US20090217374A1 (en) * 2008-02-26 2009-08-27 Wei Liu License Scheme for Enabling Advanced Features for Information Handling Systems
US20100131648A1 (en) * 2008-11-25 2010-05-27 Dehaan Michael Paul Methods and systems for providing power management services in a software provisioning environment
US20110067095A1 (en) * 2009-09-14 2011-03-17 Interdigital Patent Holdings, Inc. Method and apparatus for trusted authentication and logon
US20110106883A1 (en) * 2008-07-01 2011-05-05 Ajay Gupta Remote computing services
US7945776B1 (en) * 2006-09-29 2011-05-17 Emc Corporation Securing a passphrase
US20110202983A1 (en) * 2009-08-19 2011-08-18 Solarflare Communications Incorporated Remote functionality selection
US20120117381A1 (en) * 2010-05-28 2012-05-10 Dell Products, Lp System and Method for Component Authentication of a Secure Client Hosted Virtualization in an Information Handling System
US8181235B2 (en) * 2009-04-03 2012-05-15 Nec Corporation Authentication device, server system, and method of authenticating server between a plurality of cells and authentication program thereof
US8201266B2 (en) * 2008-05-21 2012-06-12 International Business Machines Corporation Security system to prevent tampering with a server blade
US20120331119A1 (en) * 2011-06-21 2012-12-27 Sriranjan Bose Rack server management
US8417938B1 (en) * 2009-10-16 2013-04-09 Verizon Patent And Licensing Inc. Environment preserving cloud migration and management
US8417774B2 (en) * 2006-12-06 2013-04-09 Fusion-Io, Inc. Apparatus, system, and method for a reconfigurable baseboard management controller
US20130139233A1 (en) * 2011-11-29 2013-05-30 American Megatrends, Inc. System and method for controlling user access to a service processor
US20130139234A1 (en) * 2011-11-29 2013-05-30 American Megatrends, Inc. System and method for remote management of a plurality of target computers from a common graphical interface
US20130204984A1 (en) * 2012-02-08 2013-08-08 Oracle International Corporation Management Record Specification for Management of Field Replaceable Units Installed Within Computing Cabinets
US20130262642A1 (en) * 2012-03-30 2013-10-03 Intel Corporation Remote management for a computing device
US8635705B2 (en) * 2009-09-25 2014-01-21 Intel Corporation Computer system and method with anti-malware
US8756667B2 (en) * 2008-12-22 2014-06-17 Lenovo (Singapore) Pte. Ltd. Management of hardware passwords
US8977733B1 (en) * 2011-07-01 2015-03-10 Cisco Technology, Inc. Configuring host network parameters without powering on a host server
US9218462B2 (en) * 2012-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp Authentication using lights-out management credentials

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6081893A (en) * 1997-05-28 2000-06-27 Symantec Corporation System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record
US6487547B1 (en) * 1999-01-29 2002-11-26 Oracle Corporation Database appliance comprising hardware and software bundle configured for specific database applications
FR2800540B1 (en) * 1999-10-28 2001-11-30 Bull Cp8 SECURE TERMINAL PROVIDED WITH A CHIP CARD READER FOR COMMUNICATING WITH A SERVER VIA AN INTERNET-TYPE NETWORK
JP2005503047A (en) * 2001-02-06 2005-01-27 エン ガルデ システムズ、インコーポレイテッド Apparatus and method for providing a secure network
JP3813610B2 (en) * 2001-06-18 2006-08-23 富士通株式会社 Portable information processing apparatus and system lock program
US7093124B2 (en) * 2001-10-30 2006-08-15 Intel Corporation Mechanism to improve authentication for remote management of a computer system
US7260726B1 (en) * 2001-12-06 2007-08-21 Adaptec, Inc. Method and apparatus for a secure computing environment
US7035857B2 (en) * 2002-01-04 2006-04-25 Hewlett-Packard Development Company, L.P. Method and apparatus for increasing the functionality and ease of use of lights out management in a directory enabled environment
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US20040064457A1 (en) * 2002-09-27 2004-04-01 Zimmer Vincent J. Mechanism for providing both a secure and attested boot
US7200758B2 (en) * 2002-10-09 2007-04-03 Intel Corporation Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem
GB2399902A (en) * 2003-03-28 2004-09-29 Hewlett Packard Development Co Security in trusted computing systems
US20050138409A1 (en) * 2003-12-22 2005-06-23 Tayib Sheriff Securing an electronic device
US8146142B2 (en) 2004-09-03 2012-03-27 Intel Corporation Device introduction and access control framework
US7466713B2 (en) * 2004-10-29 2008-12-16 Avocent Fremont Corp. Service processor gateway system and appliance
US7698405B2 (en) * 2005-01-07 2010-04-13 Lantronix, Inc. MILARRS systems and methods
US7591014B2 (en) * 2005-03-04 2009-09-15 Microsoft Corporation Program authentication on environment
US9268971B2 (en) * 2005-09-21 2016-02-23 Broadcom Corporation Secure processor supporting multiple security functions
US7600005B2 (en) * 2005-11-23 2009-10-06 Sun Microsystems, Inc. Method and apparatus for provisioning heterogeneous operating systems onto heterogeneous hardware systems
US7852873B2 (en) * 2006-03-01 2010-12-14 Lantronix, Inc. Universal computer management interface
US7930425B2 (en) * 2006-12-11 2011-04-19 International Business Machines Corporation Method of effectively establishing and maintaining communication linkages with a network interface controller
US7917741B2 (en) * 2007-04-10 2011-03-29 Standard Microsystems Corporation Enhancing security of a system via access by an embedded controller to a secure storage device
US9158920B2 (en) * 2007-06-28 2015-10-13 Intel Corporation System and method for out-of-band assisted biometric secure boot
US8369254B2 (en) * 2007-06-28 2013-02-05 Intel Corporation Network interface apparatus
WO2009151445A1 (en) * 2008-06-10 2009-12-17 Hewlett-Packard Development Company, L.P. Method and apparatus for configuring a hypervisor during a downtime state
US8201239B2 (en) * 2008-06-23 2012-06-12 Intel Corporation Extensible pre-boot authentication
US20100275251A1 (en) * 2009-04-28 2010-10-28 Gross Curtis T Transferring credential information
US8289975B2 (en) * 2009-06-22 2012-10-16 Citrix Systems, Inc. Systems and methods for handling a multi-connection protocol between a client and server traversing a multi-core system
US20100333175A1 (en) * 2009-06-24 2010-12-30 Auto Electronica Inc Smart Net System and Method of Use
US8219792B2 (en) * 2009-10-06 2012-07-10 Dell Products L.P. System and method for safe information handling system boot
GB201005479D0 (en) * 2010-03-31 2010-05-19 Becrypt Ltd System and method for unattended computer system access
EP2572310B1 (en) * 2010-05-20 2018-12-19 High Sec Labs Ltd. Computer motherboard having peripheral security functions
US20120151223A1 (en) * 2010-09-20 2012-06-14 Conde Marques Ricardo Nuno De Pinho Coelho Method for securing a computing device with a trusted platform module-tpm
US8707402B1 (en) * 2011-06-22 2014-04-22 Amazon Technologies, Inc. Secure computer provisioning
CN103828292A (en) * 2011-09-30 2014-05-28 英特尔公司 Out-of-band remote authentication
CN104115157B (en) * 2011-12-30 2017-03-08 英特尔公司 Cross over the trusted application program migration of computer node

Patent Citations (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6668322B1 (en) * 1999-08-05 2003-12-23 Sun Microsystems, Inc. Access management system and method employing secure credentials
US7024695B1 (en) * 1999-12-30 2006-04-04 Intel Corporation Method and apparatus for secure remote system management
US20050071677A1 (en) * 2003-09-30 2005-03-31 Rahul Khanna Method to authenticate clients and hosts to provide secure network boot
US20060026418A1 (en) * 2004-07-29 2006-02-02 International Business Machines Corporation Method, apparatus, and product for providing a multi-tiered trust architecture
US20060095967A1 (en) * 2004-10-29 2006-05-04 David Durham Platform-based identification of host software circumvention
US20060224897A1 (en) * 2005-04-01 2006-10-05 Satoshi Kikuchi Access control service and control server
US20070033273A1 (en) * 2005-04-15 2007-02-08 White Anthony R P Programming and development infrastructure for an autonomic element
US20070168574A1 (en) * 2005-09-28 2007-07-19 Dell Products L.P. System and method for securing access to general purpose input/output ports in a computer system
US20070130481A1 (en) * 2005-12-01 2007-06-07 Shuta Takahashi Power control method and system
US20070204332A1 (en) * 2006-02-24 2007-08-30 Dell Products L.P. Authentication of baseboard management controller users in a blade server system
US7831997B2 (en) * 2006-06-22 2010-11-09 Intel Corporation Secure and automatic provisioning of computer systems having embedded network devices
US20070297396A1 (en) * 2006-06-22 2007-12-27 Avigdor Eldar Secure and automatic provisioning of computer systems having embedded network devices
US20070299846A1 (en) * 2006-06-22 2007-12-27 Sun Microsystems, Inc. System and method for meta-data driven instrumentation
US20080040522A1 (en) * 2006-08-10 2008-02-14 Avocent Huntsville Corporation Rack interface pod with intelligent platform control
US20080060068A1 (en) * 2006-08-31 2008-03-06 Mabayoje Bukie O Methods and arrangements for remote communications with a trusted platform module
US20080082828A1 (en) * 2006-09-29 2008-04-03 Infineon Technologies Ag Circuit arrangement and method for starting up a circuit arrangement
US7945776B1 (en) * 2006-09-29 2011-05-17 Emc Corporation Securing a passphrase
US8417774B2 (en) * 2006-12-06 2013-04-09 Fusion-Io, Inc. Apparatus, system, and method for a reconfigurable baseboard management controller
US20080244257A1 (en) * 2007-03-30 2008-10-02 Kushagra Vaid Server active management technology (AMT) assisted secure boot
US20090217374A1 (en) * 2008-02-26 2009-08-27 Wei Liu License Scheme for Enabling Advanced Features for Information Handling Systems
US8201266B2 (en) * 2008-05-21 2012-06-12 International Business Machines Corporation Security system to prevent tampering with a server blade
US20110106883A1 (en) * 2008-07-01 2011-05-05 Ajay Gupta Remote computing services
US20100131648A1 (en) * 2008-11-25 2010-05-27 Dehaan Michael Paul Methods and systems for providing power management services in a software provisioning environment
US8756667B2 (en) * 2008-12-22 2014-06-17 Lenovo (Singapore) Pte. Ltd. Management of hardware passwords
US8181235B2 (en) * 2009-04-03 2012-05-15 Nec Corporation Authentication device, server system, and method of authenticating server between a plurality of cells and authentication program thereof
US20110202983A1 (en) * 2009-08-19 2011-08-18 Solarflare Communications Incorporated Remote functionality selection
US20110067095A1 (en) * 2009-09-14 2011-03-17 Interdigital Patent Holdings, Inc. Method and apparatus for trusted authentication and logon
US8635705B2 (en) * 2009-09-25 2014-01-21 Intel Corporation Computer system and method with anti-malware
US8417938B1 (en) * 2009-10-16 2013-04-09 Verizon Patent And Licensing Inc. Environment preserving cloud migration and management
US20120117381A1 (en) * 2010-05-28 2012-05-10 Dell Products, Lp System and Method for Component Authentication of a Secure Client Hosted Virtualization in an Information Handling System
US20120331119A1 (en) * 2011-06-21 2012-12-27 Sriranjan Bose Rack server management
US8977733B1 (en) * 2011-07-01 2015-03-10 Cisco Technology, Inc. Configuring host network parameters without powering on a host server
US20130139234A1 (en) * 2011-11-29 2013-05-30 American Megatrends, Inc. System and method for remote management of a plurality of target computers from a common graphical interface
US20130139233A1 (en) * 2011-11-29 2013-05-30 American Megatrends, Inc. System and method for controlling user access to a service processor
US20130204984A1 (en) * 2012-02-08 2013-08-08 Oracle International Corporation Management Record Specification for Management of Field Replaceable Units Installed Within Computing Cabinets
US20130262642A1 (en) * 2012-03-30 2013-10-03 Intel Corporation Remote management for a computing device
US9218462B2 (en) * 2012-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp Authentication using lights-out management credentials

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FUJITSU, 'Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide', April 2009, Rev. A, Manual Code C120-E573-01EN, entire document, http://www.fujitsu.com/downloads/SPARCE/manuals/sparc-t5e/ilom3.0-concept-en-01.pdf *
Saito US pat pub US 2005/0129035 A1 *

Also Published As

Publication number Publication date
US9218462B2 (en) 2015-12-22
US20130291064A1 (en) 2013-10-31

Similar Documents

Publication Publication Date Title
US20160080359A1 (en) Authentication using lights-out management credentials
EP2973442B1 (en) Controlling physical access to secure areas via client devices in a networked environment
US8795388B2 (en) Method, apparatus and system for remote management of mobile devices
US11665151B2 (en) Utilizing caveats for wireless credential access
CN102449631B (en) For performing the system and method for bookkeeping
CN1968095B (en) Method and apparatus for login local machine
CA3096016C (en) Peripheral controller in an access control system
US20130019281A1 (en) Server Based Remote Authentication for BIOS
KR20190105776A (en) Electronic device and method for managing electronic key thereof
EP3788566B1 (en) Service kiosk device provisioning
US11798327B2 (en) Universal smart interface for electronic locks
WO2016072833A1 (en) System and method to disable factory reset
JP7276235B2 (en) Authentication system
US9727740B2 (en) Secure information access over network
US8185941B2 (en) System and method of tamper-resistant control
KR101549014B1 (en) External storage apparatus for executing user authentication using tag
JP6165458B2 (en) Mutual authentication system, user terminal, mutual authentication method, and program
CN109683972B (en) Information control method and device
WO2016107820A1 (en) A method for accessing a shared wireless device using a client wireless communications device, and devices for the same
CN113010875A (en) Information isolation method, memory card and mobile terminal
JP2006004126A (en) Security management system for personal computer and security management method for personal computer
JP2016099906A (en) Method for managing manager password, computer and computer program

Legal Events

Date Code Title Description
AS Assignment

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:AYVEZ, CEMIL J.;CISNEROS, JORGE DANIEL;PREIMESBERGER, LEE A.;REEL/FRAME:043339/0519

Effective date: 20120424

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.;REEL/FRAME:043608/0076

Effective date: 20151027

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载