System and method for secure initial program load for diskless workstations

Patent 5349643 Issued on September 20, 1994. Estimated Expiration Date:

May 10, 2013. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Operating system authenticator
Patent #: 3996449
Issued on: 12/07/1976
Inventor: Attanasio , et al.

Apparatus and methods for granting access to computers
Patent #: 4799258
Issued on: 01/17/1989
Inventor: Davies

Tamper-resistant method for authorizing access to data between a host and a predetermined number of attached workstations
Patent #: 4941175
Issued on: 07/10/1990
Inventor: Enescu, et al.

Method for loading data or program to a plurality of terminal stations
Patent #: 4958278
Issued on: 09/18/1990
Inventor: Meguro

Process and apparatus for the protection of secret elements in a network of encrypting devices with open key management
Patent #: 4969188
Issued on: 11/06/1990
Inventor: Schobi

Secure file handling in a computer operating system
Patent #: 4984272
Issued on: 01/08/1991
Inventor: McIlroy, et al.

Network license server
Patent #: 5023907
Issued on: 06/11/1991
Inventor: Johnson, et al.

Distributed security auditing subsystem for an operating system
Patent #: 5032979
Issued on: 07/16/1991
Inventor: Hecht, et al.

Extended multistation bus system and method
Patent #: 5053947
Issued on: 10/01/1991
Inventor: Heibel, et al.

Communication security accessing system and process
Patent #: 5056140
Issued on: 10/08/1991
Inventor: Kimbell

More ...

Inventors

Application

No. 058842 filed on 05/10/1993

US Classes:

713/155, Central trusted authority provides computer authentication713/162, Having particular address related cryptography713/164Security kernel or utility

Examiners

Primary: Cangialosi, Salvatore

Attorney, Agent or Firm

Carwell; Robert M.

International Class

H04L 009/12

Abstract

A client workstation generates a network request for an initial program load. The request is serviced by a server which preferably includes in the reply to the client the addresses of an authentication server (AS), client, and a secure initial program load server (SECIPL). The client then requests an SECIPL service ticket from the AS, also sending a common identifier known to the AS and the client, preferably stored in the client ROM. This identifier is utilized by the AS to validate the ticket request as originating from a bona fide client, whereupon the ticket is provided by the AS to the client, the SECIPL service ticket is then presented by the client to the SECIPL server which then authenticates that the ticket is bona fide and was received by the client from the AS. The SECIPL then provides a secure kernel to the client, either encrypted with a key known to the SECIPL and client, or otherwise secured by a cryptographic checksum utilizing a key known to the client and the SECIPL. In this manner, the client workstation is thereby assured that an authenticated boot image has been received through potentially non-secure communication links.