Client Authentication And Data Management System
First Claim
1. A system for protecting computing devices and associated secure data stored in at least one secure data storage component from unauthorized access, the system comprising:
- at least one protected computing device configured for communication through a network with a storage controller to access the secure data, the protected computing device further configured for using a virtual machine stored thereon;
an authentication server configured for authenticating the protected computing device for access to the secure data; and
a control console configured for access to and exerting control over devices connected to the network, the devices including the at least one protected computing device and the authentication server,wherein a virtual machine manager associated with the virtual machine is launched during boot of the protected computing device, and wherein the virtual machine causes the computing device and the authentication server to authenticate to each other.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for performing an authenticated boot (310); performing a continuous data protection (350); performing automatic protection and optionally a consolidation; and performing other defenses and protection of a protected computing device (110a, 110b, 110c) (such as a computer system) are provided. The aspects include integrating security mechanisms (which may include a “call home” function (330), role and rule-based policies (225), validating technologies, encryption and decryption technologies, data compression technologies, protected and segmented boot technologies, and virtualization technologies. Booting and operating (either fully or in a restricted manner) are permitted only under a control of a specified role-set, rule-set, and/or a controlling supervisory process or server system(s). The methods and systems make advantageous use of hypervisors (220) and other virtual machine monitors or managers.
74 Citations
59 Claims
-
1. A system for protecting computing devices and associated secure data stored in at least one secure data storage component from unauthorized access, the system comprising:
-
at least one protected computing device configured for communication through a network with a storage controller to access the secure data, the protected computing device further configured for using a virtual machine stored thereon; an authentication server configured for authenticating the protected computing device for access to the secure data; and a control console configured for access to and exerting control over devices connected to the network, the devices including the at least one protected computing device and the authentication server, wherein a virtual machine manager associated with the virtual machine is launched during boot of the protected computing device, and wherein the virtual machine causes the computing device and the authentication server to authenticate to each other. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for protecting computing devices from unauthorized access, the method comprising:
-
initiating a boot command of a protected computing device, wherein the boot command is configured to initiate the launch of an operating system; intercepting the boot command; launching a virtual machine manager prior to the operating system launch; at the virtual machine, authenticating the protected computing device to an authentication server; receiving at the virtual machine, a response from the authentication server, the response indicating the authentication status of the protected computing device; and causing the protected computing device to enter a specified state based on the authentication status of the protected computing device. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for centralized network control of computing devices, the system comprising:
-
a plurality of protected computing devices configured for communication through a network, each protected computing device further configured for using a virtual machine; and a virtual machine manager configured to exercise control over each of the protected computing devices. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method for centralized network control of computing devices, the method comprising:
-
configuring one or more protected computing devices for communication through a network; and a hardware or software control element configured to exercise control over each of the protected computing devices wherein the control element is a virtual machine manager. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A data processing system for protecting client devices and associated secure data from unauthorized access, the system comprising:
-
a plurality of protected client devices configured for accessing secure data through a network, each protected client device further configured for using a virtual machine; and at least one authentication server configured for providing authentication to the protected client devices, wherein a plurality of virtual machine managers, each virtual machine manager corresponding to one of the protected client devices, are launched during boot of the corresponding protected client device, and wherein the virtual machine authenticates each protected client device to the authentication server. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
Specification