Browse Prior Art Database

Autonomic System Disablement based on Location

IP.com Disclosure Number: IPCOM000018727D
Original Publication Date: 2003-Aug-04
Included in the Prior Art Database: 2003-Aug-04
Document File: 1 page(s) / 35K

Publishing Venue

IBM

Abstract

There is a large concern on how to protect assets as more and more clients become mobile with wireless access capability. Many customers want to prevent a client from working when a system leaves the enterprise. Current solutions can allow a system to work or boot by authenticating to the user but are not location sensitive. Adding location sensitivity to the boot process will add additional security to the boot process.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 70% of the total text.

Page 1 of 1

Autonomic System Disablement based on Location

Today systems have the ability to do a PXE Boot which basically implies the client connects to the network and boots off a network downloadable image. Today the process to receive the PXE Boot code only authenticates to the hardware and/or user by the passing of tokens. This invention adds location sensitivity to the PXE Boot process. The PXE boot would only be successful if the client is within an allowable location.

We do this by one of two methods:

1) Client determination.

In TCPIP protocol, the max number of hops can be preset. Every time a packet goes though a router or bridge the HOP count is decremented. When it reaches zero, the packet is no longer passed on. One method is to set a max value of how many HOPS the PXE server must allow for the system to boot. If the PXE request requires more hops than the maximum , the system would not be within the allowable area. This method is limited and only allows a boot when the system is within the predefined campus and a PXE server is within a predefined number of HOPS.

2) PXE server determines client is outside of allowable area by determining path from client to PXE server and validating all routers and/or bridges are within the allowable area.

When a server receives a PXE request, it would have the client IP address. It can then ping the client to determine the exact path between the client and server. The return packet contains the exact IP address of all routers a...