[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2017196319A1 - Electronic device access control - Google Patents

Electronic device access control Download PDF

Info

Publication number
WO2017196319A1
WO2017196319A1 PCT/US2016/031910 US2016031910W WO2017196319A1 WO 2017196319 A1 WO2017196319 A1 WO 2017196319A1 US 2016031910 W US2016031910 W US 2016031910W WO 2017196319 A1 WO2017196319 A1 WO 2017196319A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic device
access
security
electronic
coordinator
Prior art date
Application number
PCT/US2016/031910
Other languages
French (fr)
Inventor
John Norton
Original Assignee
Hewlett Packard Enterprise Development Lp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Enterprise Development Lp filed Critical Hewlett Packard Enterprise Development Lp
Priority to PCT/US2016/031910 priority Critical patent/WO2017196319A1/en
Publication of WO2017196319A1 publication Critical patent/WO2017196319A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains

Definitions

  • FIG. 1 is a block diagram of a security system to control access to an electronic device, according to an example
  • FIG. 2 is a block diagram of a security system to control access to an electronic device, according to another example
  • FIG. 3 is a flowchart illustrating a method of controlling access to an electronic device, according to an example
  • FIG. 4 is a flowchart illustrating a method of controlling access to an electronic device, according to another example.
  • FIG. 5 is a block diagram of a machine-readable medium encoded with instructions for controlling access to an electronic device, according to an example.
  • FIPS 140-2 defines four levels of security, in which level 1 provides the lowest level of security and level 4 provides the highest level of security.
  • the security standards include requirements that prevent unauthorized users from viewing, tampering, or damaging internal components (including data) of electronic devices.
  • FIPS e.g., level 2
  • tamper evidence e.g., tamper-evident coatings or seals, pick-resistant locks
  • access control solutions for individual electronic devices in a network of electronic devices, as well as manage and control access to the network of electronic devices.
  • Examples described herein provide solutions for managing and controlling access to electronic devices and cryptographic keys thereon, recording access events and monitoring software status, data fabric status, and machine state of electronic devices to detect, alert and respond to security threats.
  • a security system to control access to an electronic device includes an electronic lock, a controller coupled to the electronic lock, and a security coordinator coupled to the controller.
  • the controller is to receive access request to the electronic device and control movement of the electronic lock between a locked state and an unlocked state.
  • the security coordinator is to monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device.
  • a method of controlling access to an electronic device includes monitoring and recording access to the electronic device, and detecting an unauthorized access to the electronic device. In response to the detecting, the method also includes initiating a security operation to prevent access to components or cryptographic keys of the electronic device.
  • the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.
  • a non-transitory machine-readable medium stores instructions executable by a processing resource of a security system to control access to an electronic device.
  • the non-transitory machine-readable medium includes instructions to monitor access to the electronic device, receive an access request to the electronic device via a user interface, and authorize access to the electronic device based on an authentication of a user associated with the request.
  • the instructions to authorize access include instructions to control a lock mechanism to unlock the electronic device.
  • the non-transitory machine-readable medium also includes instructions to detect an unauthorized access to the electronic device and upon detection of the unauthorized access, trigger a security response.
  • FIG. 1 is a block diagram of a security system to control access to an electronic device, according to an example.
  • Security system 100 may be useful for controlling access to an electronic device.
  • system 100 and the various components described herein may be implemented in hardware and/or a combination of hardware and programming that configures hardware.
  • system 100 may be implemented in the electronic device, a management device separate from the electronic device, or may be implemented on a combination of the electronic device and the management device.
  • FIG. 1 and other Figures described herein different number of components or entities than depicted may be used.
  • System 100 may comprise an electronic lock 110, a controller 120, and a security coordinator 130.
  • Each of the components 1 10, 120, and 130 of the system 100 may include combination of hardware and programming that performs a designated function.
  • the hardware may include one or both of a processing resource and a machine-readable medium, while the programming includes instructions or code stored on the machine-readable medium and executable by the processing resource to perform the designated function.
  • a processing resource may be a microcontroller, a microprocessor, central processing unit (CPU) core(s), application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) and/or other hardware device suitable for retrieval and/or execution of instructions from the machine-readable medium, and the machine-readable medium may be random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory, a hard disk drive, etc.
  • RAM random access memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory a hard disk drive, etc.
  • Electronic lock 1 10 is associated with the electronic device, and can be activated or inactivated, based on signal (i.e., command or instruction) received from the controller 120.
  • signal i.e., command or instruction
  • lock 110 can be moved to a locked state or an unlocked state, to allow access or deny access, respectively, to the electronic device.
  • lock 110 can be electrically actuated to restrict or prevent access to the electronic device, based on authorization parameters.
  • lock 1 10 can include a physical locking mechanism to prevent access (e.g., opening, removal, sliding, propping, etc.) of the electronic device or its components.
  • location of the lock 110 can be determined based on a desired location of the cryptographic boundary for the electronic device. In other words, the location of the lock 110 is based on a circuitry, component, data, cryptographic key, module, etc. of the electronic device to be protected.
  • the electronic device is a rack mount device (e.g., rack mount servers, rack mount storage devices, rack mount storage devices, rack mount switches, rack mount power supply units (PSUs), rack mount power distribution units (PDUs), etc.)
  • lock 110 can be located on the slide/rail mount in the rack, the hood of the rack mount device, or on an internal enclosure of the rack mount device.
  • lock 110 can be located on a latch of the blade device, a hood of the blade device, or internal enclosure of the blade device.
  • Controller 120 can be located internal to the electronic device and coupled to the lock 1 10. Accordingly, controller 120 can be located inside the defined cryptographic boundary, as desired. Controller 120 can include a printed circuit board (PCB), signal and power interfaces, and an onboard backup power source. Controller 120 can be electrically and communicatively coupled to the lock 110 and other components of the electronic device via an inter-integrated circuit (I2C) bus, for example.
  • I2C inter-integrated circuit
  • Controller 120 can receive access request to the electronic device and control movement of the lock 1 10 between a locked state and an unlocked state.
  • controller 120 can receive a user request, via a user interface, to access the electronic device.
  • controller 120 can validate and/or authenticate the access request by verifying that the user is authorized to access the electronic device. In some examples, verification can be done by comparing the user access request to a database of authorized users, where the database or storage device storing the list of authorized user can be internal to or external to the controller 120.
  • Controller 120 can determine when to activate or deactivate the lock 1 10 based on whether or not the user is authorized to access the electronic device.
  • Security coordinator 130 is coupled to the controller 120 and can monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device.
  • an unauthorized access to the electronic device includes tampering with the electronic device, a physical or electrical intrusion, software or firmware attack, unauthorized data and component access, physical removal or attempted removal, a malicious attack, security breach, or any other security compromise to the electronic device.
  • Monitoring an access state of the electronic device includes determining whether the electronic device is locked/unlocked, forced/tampered, removed, online/offline, and other machine states to detect, alert, and respond to security threats.
  • Triggering a security operation in response to detection of an unauthorized access to the electronic device includes triggering a security alarm, initiating surveillance, or executing a cryptographic zeroisation.
  • a cryptographic zeroisation means erasing sensitive parameters (i.e., electronically stored data, cryptographic keys, critical security parameter, etc.) from a cryptographic module to prevent their disclosure.
  • Security coordinator 130 can manage a plurality of electronic devices coupled to the security coordinator 130 via respective controllers 120 of the electronic devices. Thus, security coordinator 130 can monitor the access states and trigger security operations for each electronic device.
  • security coordinator 130 can be external to the electronic devices and reside on the rack which houses the electronic devices.
  • the security coordinator 130 can be a top of rack (ToR) device that aggregates control functionality for each electronic device in the rack, and serves as a security manager between a management system (e.g., a datacenter management system) and the electronic devices.
  • the controller 120 for each electronic device can be coupled to or interface with the security coordinator 130 via a network infrastructure (e.g., an optical, electrical, or wireless connection).
  • a network infrastructure e.g., an optical, electrical, or wireless connection
  • the security coordinator 130 can be internal to an electronic device (e.g., a master device), which can serve as an aggregator for other electronic devices that are managed.
  • the security coordinator 130 can reside on an onboard administrator of the enclosure of the electronic device, and reside in one of the 'U' locations of the rack (i.e., compared to ToR).
  • the security coordinator 130 in addition to managing access to the electronic devices, can monitor software status, data fabric status, cryptographic keys, and machine state to detect, alert, and respond to security threats, as described herein. Security coordinator 130 can also push firmware updates and user access rights to respective controllers 120 of the electronic devices.
  • controller 120, and security coordinator 130 may access a data storage and/or other suitable database(s) (not shown).
  • Data storage and/or database may represent any memory accessible to the system 100 that can be used to store and retrieve data, and may comprise RAM, ROM, EEPROM, cache memory, floppy disks, hard disks, optical disks, tapes, solid state drives, flash drives, portable compact disks, and/or other storage media for storing computer-executable instructions and/or data.
  • System 120 may access data storage locally or remotely via a network.
  • FIG. 2 is a block diagram of a security system to control access to an electronic device, according to another example.
  • Security system 200 can be used for controlling access to a plurality of electronic devices 201 A and 201 B.
  • Electronic devices 201 A and 20 IB can include substantially similar components.
  • electronic device 201 A can include an electronic lock 1 10A, a controller 120A, and a user access interface 220A.
  • electronic device 20 IB can include an electronic lock 110B, a controller 120B, and a user access interface 220B.
  • Electronic devices 201A and 201B can be rack mount devices (e.g., servers, storage devices, networking devices, PDUs, PSUs, switches, etc.) or blade devices (e.g., servers, storage devices, networking devices, switches, etc.). Further electronic devices 201 A and 20 IB can reside on the same rack or on different racks within a datacenter, for example.
  • rack mount devices e.g., servers, storage devices, networking devices, PDUs, PSUs, switches, etc.
  • blade devices e.g., servers, storage devices, networking devices, switches, etc.
  • Further electronic devices 201 A and 20 IB can reside on the same rack or on different racks within a datacenter, for example.
  • Electronic locks 11 OA and 110B can be activated to prevent physical access to electronic devices 201 A and 20 IB, respectively, or physical access to components, data, or cryptographic keys therein.
  • the movement and/or position (i.e., state) of the electronic locks 1 10 and HOB can be controlled by controllers 120A and 120B, based on an authorization process.
  • controllers 120A and 120B can receive a user access request via respective user access interfaces 220A and 220B of the electronic devices 201 A and 202B.
  • controllers 120A and 120B can determine whether to allow access or deny access to the electronic devices 201 A and 202B, for example, by verifying whether the user is authorized.
  • Authorization can be verified by accessing a database or storage medium that includes authorized users.
  • User access interfaces 220A and 220B can be a biometric scanner, a radio frequency identification (RFID), a passcode keypad, a contactless tag reader (e.g., near field communication (NFC) tag reader), or an access request button.
  • RFID radio frequency identification
  • NFC near field communication
  • Controllers 120A and 120B of the electronic devices 201 A and 201 B are coupled to the security coordinator 130 via a network infrastructure 250.
  • Network infrastructure 250 can be a wired or wireless connection.
  • network infrastructure 250 can be an optical connector, an electrical connector, a wireless connector (e.g., local area network, Wi-Fi, wireless area network, etc.), or a combination thereof.
  • Network infrastructure 250 enables the security coordinator 130 to communicate with the plurality of electronic devices 201 A and 20 IB.
  • Security coordinator 130 manages the security of the electronic devices 201 A and 20 IB by managing and recording access events, monitoring and maintaining software status, data fabric status, cryptographic keys, and machine state to detect, alert, and respond to security threats. For example, security coordinator 130 can trigger a security operation in response to detection of an unauthorized access or security threat to the electronic devices 201 A and 201 B. A security operation can include sounding or signaling a security alarm, cryptographic zeroisation, or initiating a surveillance system. Security coordinator 130 can be coupled to a management system 260 via a network 240.
  • Management system 260 can be a datacenter management system, for example, that manages the resources of the datacenter (e.g., servers, storage devices, networking devices, switches, etc.).
  • Management system 260 can include an application programming interface (API) to interface with the security coordinator 130.
  • API application programming interface
  • Management system 260 can communicate with the security coordinator over the network 240.
  • Network 240 can be any wireless network infrastructure.
  • Management system 260 can receive access state information, software status, and network activity related to the electronic devices 201 A and 20 IB, from the security coordinator 130. Management system 260 can also transmit access keys (e.g., user access credentials), tamper response commands, shut down commands, and other management commands to the security coordinator 130. Accordingly, management system 260 can manage and communicate with a plurality of security coordinators 130. Management system 260 allows an administrator to remotely manage a pool of resources (e.g., compute, storage, networking, etc.) in the datacenter.
  • resources e.g., compute, storage, networking, etc.
  • FIG. 3 is a flowchart illustrating a method of controlling access to an electronic device, according to an example.
  • Method 300 may be performed by a system that includes a physical processing resource implementing or executing machine-readable instructions stored on a machine-readable medium. Additionally or alternatively, the system performing method 300 may include electronic circuitry. For example, at least some portions of method 300 may be performed by system 100 of FIG. 1, system 200 of FIG. 2, or system 500 of FIG. 5. In some implementations, the blocks of method 300 may be executed substantially concurrently, may be ongoing, and/or may repeat. In some implementations, method 300 may include more or fewer blocks than are shown in FIG. 3.
  • Method 300 includes monitoring and recording access to an electronic device, at 310.
  • controller 120 and/or the security coordinator 130 can monitor and record access to an electronic device to detect, alert, and respond to security threats to the electronic device. Monitoring and recording can include monitoring access state (e.g., locked/unlocked, forced/tampered, removed, etc.), monitoring software status, data status, cryptographic keys, and machine state.
  • Method 300 includes detecting an unauthorized access to the electronic device, at 320.
  • controller 120 and/or security coordinator 130 can detect an unauthorized access to the electronic device. The unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components thereof.
  • Method 300 includes, in response to the detection, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, where the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 330.
  • cryptographic zeroisation may be executed to erase sensitive data and cryptographic keys, in response to the unauthorized access.
  • a security alarm can be raised (e.g., sound, signals, indicators, etc.) and a surveillance system can be triggered to capture video feeds around and within the electronic device.
  • FIG. 4 is a flowchart illustrating a method of controlling access to an electronic device, according to another example.
  • Method 400 may be performed by a system that includes a physical processing resource implementing or executing machine-readable instructions stored on a machine-readable medium. Additionally or alternatively, the system performing method 400 may include electronic circuitry. For example, at least some portions of method 400 may be performed by system 100 of FIG. 1, system 200 of FIG. 2, or system 500 of FIG. 5. In some implementations, the blocks of method 400 may be executed substantially concurrently, may be ongoing, and/or may repeat. In some implementations, method 400 may include more or fewer blocks than are shown in FIG. 4.
  • Method 400 includes monitoring and recording access to an electronic device, at 410.
  • Monitoring and recording access to the electronic device can include monitoring access state (e.g., locked/unlocked, forced/tampered, removed, online/offline etc.), monitoring software status, data status, cryptographic keys, and machine state.
  • monitoring access state e.g., locked/unlocked, forced/tampered, removed, online/offline etc.
  • monitoring software status e.g., data status, cryptographic keys, and machine state.
  • Method 400 includes receiving an access request to the electronic device, at 420.
  • an access request can be received from the user via the user access interface 220.
  • User access interface 220 can be a biometric scanner, a keypad, a contactless tag (e.g., RFID or NFC tag), etc.
  • Method 400 includes authorizing the access based on a comparison of the request to a database of authorized users, where authorization of the request includes controlling movement of a lock mechanism associated with the electronic device from a locked state to an unlocked state, at 430.
  • the user access request received via the interface 220 can be verified/authenticated by accessing a database of users with permission to access the electronic device.
  • the electronic lock 1 10 can be deactivated or moved to an unlocked state to permit access for the authorized user.
  • Method 400 includes detecting an unauthorized access to the electronic device, at 440.
  • the unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components thereof.
  • Method 400 includes, in response to the detection, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, where the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 450.
  • the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 450.
  • cryptographic zeroisation may be executed to erase sensitive data and cryptographic keys, in response to the unauthorized access.
  • a security alarm can be raised (e.g., sound, signals, indicators, etc.) and a surveillance system can be triggered to capture video feeds around and within the electronic device.
  • FIG. 5 is a block diagram of a machine-readable medium encoded with instructions for controlling access to an electronic device, according to an example.
  • the system 500 may serve as a form or part of the system 100 of FIG. 1 or the system 200 of FIG. 2.
  • processing resource 510 may be a
  • the processing resource 302 may include one or more hardware devices, including electronic circuitry, for implementing functionality described herein.
  • the machine-readable medium 520 may be any medium suitable for storing executable instructions, such as RAM, ROM, EEPROM, flash memory, a hard disk drive, an optical disc, or the like.
  • the machine-readable medium 520 may be a tangible, non-transitory medium.
  • the machine-readable medium 520 may be disposed within the system 500, as shown in FIG. 5, in which case the executable instructions may be deemed installed or embedded on the system 500.
  • the machine-readable medium 520 may be a portable (e.g., external) storage medium, and may be part of an installation package.
  • the machine-readable medium 520 may be encoded with a set of executable instructions 521, 522, 523, 524, and 525. It should be understood that part or all of the executable instructions and/or electronic circuits included within one box may, in alternate implementations, be included in a different box shown in the figures or in a different box not shown.
  • Access monitoring instructions 521 when executed, cause the processing resource 510 to monitor access to the electronic device. For example, access to the electronic device may be monitored and recorded, such as access state,
  • Access request receiving instructions 522 when executed, cause the processing resource 510 to receive an access request to the electronic device via a user interface.
  • an access request can be received via a biometric scanner, a keypad, or a contactless tag (e.g., RFID, NFC tag).
  • Access authorizing instructions 523 when executed, cause the processing resource 510 to authorize access to the electronic device based on an authentication of a user associated with the request. Access authorization also includes controlling the lock to unlock the electronic device to allow access.
  • Unauthorized access detecting instructions 524 when executed, cause the processing resource 510 to detect an unauthorized access to the electronic device.
  • the unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components of the electronic device.
  • Security response triggering instructions 525 when executed, cause the processing resource 510 to, upon detection of the unauthorized access, trigger a security response.
  • the security response can include activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

Example implementations relate to access control. For example, a security system to control access to an electronic device includes an electronic lock, a controller coupled to the electronic lock, and a security coordinator coupled to the controller. The controller is to receive access request to the electronic device and control movement of the electronic lock between a locked state and an unlocked state. The security coordinator is to monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device.

Description

ELECTRONIC DEVICE ACCESS CONTROL
BACKGROUND
[0001] Electronic devices such as rack mount devices and blade devices process and store customer data including sensitive and/or confidential information. Because of the risk of fraud and security breaches, great importance is placed on securing data from tampering and/or preventing access to discrete components of an integrated circuit of electronic devices. For example, the Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard designed to coordinate the requirements and standards for cryptography modules that include both hardware and software components.
BRIEF DESCRIPTION OF THE DRAWINGS
[0002] Some examples of the present application are described with respect to the following figures:
[0003] FIG. 1 is a block diagram of a security system to control access to an electronic device, according to an example;
[0004] FIG. 2 is a block diagram of a security system to control access to an electronic device, according to another example;
[0005] FIG. 3 is a flowchart illustrating a method of controlling access to an electronic device, according to an example;
[0006] FIG. 4 is a flowchart illustrating a method of controlling access to an electronic device, according to another example; and
[0007] FIG. 5 is a block diagram of a machine-readable medium encoded with instructions for controlling access to an electronic device, according to an example. DETAILED DESCRIPTION
[0008] Customer data security needs are increasing and access control (i.e., physical and electronic) to such electronic devices is a critical component of security. There are differing levels of security within the FIPS requirement that require an ever increasing amount of security and protection of data and cryptographic keys (i.e., string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa). For example, FIPS 140-2 defines four levels of security, in which level 1 provides the lowest level of security and level 4 provides the highest level of security. The security standards include requirements that prevent unauthorized users from viewing, tampering, or damaging internal components (including data) of electronic devices. FIPS (e.g., level 2) specifies enhanced security mechanism for a cryptographic module by requiring tamper evidence (e.g., tamper-evident coatings or seals, pick-resistant locks) which must be broken to attain physical access to the plain text cryptographic keys and critical security parameters within the module or electronic device, and a tamper-evident enclosure that is visually opaque.
[0009] Accordingly, it is desirable to implement access control solutions for individual electronic devices in a network of electronic devices, as well as manage and control access to the network of electronic devices. For example, it would be beneficial to implement an access control solution for each server in a rack, and to manage and control access on the datacenter level by interfacing with a datacenter management system. Examples described herein provide solutions for managing and controlling access to electronic devices and cryptographic keys thereon, recording access events and monitoring software status, data fabric status, and machine state of electronic devices to detect, alert and respond to security threats.
[0010] In one example, a security system to control access to an electronic device includes an electronic lock, a controller coupled to the electronic lock, and a security coordinator coupled to the controller. The controller is to receive access request to the electronic device and control movement of the electronic lock between a locked state and an unlocked state. The security coordinator is to monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device. [0011] In another example, a method of controlling access to an electronic device includes monitoring and recording access to the electronic device, and detecting an unauthorized access to the electronic device. In response to the detecting, the method also includes initiating a security operation to prevent access to components or cryptographic keys of the electronic device. The security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.
[0012] In another example, a non-transitory machine-readable medium stores instructions executable by a processing resource of a security system to control access to an electronic device. The non-transitory machine-readable medium includes instructions to monitor access to the electronic device, receive an access request to the electronic device via a user interface, and authorize access to the electronic device based on an authentication of a user associated with the request. The instructions to authorize access include instructions to control a lock mechanism to unlock the electronic device. The non-transitory machine-readable medium also includes instructions to detect an unauthorized access to the electronic device and upon detection of the unauthorized access, trigger a security response.
[0013] Referring now to the figures, FIG. 1 is a block diagram of a security system to control access to an electronic device, according to an example. Security system 100 may be useful for controlling access to an electronic device. According to various implementations, system 100 and the various components described herein may be implemented in hardware and/or a combination of hardware and programming that configures hardware. In various implementations, system 100 may be implemented in the electronic device, a management device separate from the electronic device, or may be implemented on a combination of the electronic device and the management device. Furthermore, in FIG. 1 and other Figures described herein, different number of components or entities than depicted may be used.
[0014] System 100 may comprise an electronic lock 110, a controller 120, and a security coordinator 130. Each of the components 1 10, 120, and 130 of the system 100 may include combination of hardware and programming that performs a designated function. For example, the hardware may include one or both of a processing resource and a machine-readable medium, while the programming includes instructions or code stored on the machine-readable medium and executable by the processing resource to perform the designated function. A processing resource may be a microcontroller, a microprocessor, central processing unit (CPU) core(s), application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) and/or other hardware device suitable for retrieval and/or execution of instructions from the machine-readable medium, and the machine-readable medium may be random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory, a hard disk drive, etc.
[0015] Electronic lock 1 10 is associated with the electronic device, and can be activated or inactivated, based on signal (i.e., command or instruction) received from the controller 120. Thus, lock 110 can be moved to a locked state or an unlocked state, to allow access or deny access, respectively, to the electronic device.
Accordingly, lock 110 can be electrically actuated to restrict or prevent access to the electronic device, based on authorization parameters. In some examples, lock 1 10 can include a physical locking mechanism to prevent access (e.g., opening, removal, sliding, propping, etc.) of the electronic device or its components.
[0016] In example implementations, location of the lock 110 can be determined based on a desired location of the cryptographic boundary for the electronic device. In other words, the location of the lock 110 is based on a circuitry, component, data, cryptographic key, module, etc. of the electronic device to be protected. In one example, where the electronic device is a rack mount device (e.g., rack mount servers, rack mount storage devices, rack mount storage devices, rack mount switches, rack mount power supply units (PSUs), rack mount power distribution units (PDUs), etc.), lock 110 can be located on the slide/rail mount in the rack, the hood of the rack mount device, or on an internal enclosure of the rack mount device. In another example, where the electronic device is a blade device (e.g., blade server, blade storage, blade switch, fabric attached memory, etc.), lock 110 can be located on a latch of the blade device, a hood of the blade device, or internal enclosure of the blade device.
[0017] Controller 120 can be located internal to the electronic device and coupled to the lock 1 10. Accordingly, controller 120 can be located inside the defined cryptographic boundary, as desired. Controller 120 can include a printed circuit board (PCB), signal and power interfaces, and an onboard backup power source. Controller 120 can be electrically and communicatively coupled to the lock 110 and other components of the electronic device via an inter-integrated circuit (I2C) bus, for example.
[0018] Controller 120 can receive access request to the electronic device and control movement of the lock 1 10 between a locked state and an unlocked state. For example, controller 120 can receive a user request, via a user interface, to access the electronic device. In response to the access request, controller 120 can validate and/or authenticate the access request by verifying that the user is authorized to access the electronic device. In some examples, verification can be done by comparing the user access request to a database of authorized users, where the database or storage device storing the list of authorized user can be internal to or external to the controller 120. Controller 120 can determine when to activate or deactivate the lock 1 10 based on whether or not the user is authorized to access the electronic device.
[0019] Security coordinator 130 is coupled to the controller 120 and can monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device. As used herein, an unauthorized access to the electronic device includes tampering with the electronic device, a physical or electrical intrusion, software or firmware attack, unauthorized data and component access, physical removal or attempted removal, a malicious attack, security breach, or any other security compromise to the electronic device. Monitoring an access state of the electronic device includes determining whether the electronic device is locked/unlocked, forced/tampered, removed, online/offline, and other machine states to detect, alert, and respond to security threats. Triggering a security operation in response to detection of an unauthorized access to the electronic device includes triggering a security alarm, initiating surveillance, or executing a cryptographic zeroisation. As used herein a cryptographic zeroisation means erasing sensitive parameters (i.e., electronically stored data, cryptographic keys, critical security parameter, etc.) from a cryptographic module to prevent their disclosure.
[0020] Security coordinator 130 can manage a plurality of electronic devices coupled to the security coordinator 130 via respective controllers 120 of the electronic devices. Thus, security coordinator 130 can monitor the access states and trigger security operations for each electronic device. In certain implementations, security coordinator 130 can be external to the electronic devices and reside on the rack which houses the electronic devices. In such an implementation, for example, the security coordinator 130 can be a top of rack (ToR) device that aggregates control functionality for each electronic device in the rack, and serves as a security manager between a management system (e.g., a datacenter management system) and the electronic devices. Thus, in this example, the controller 120 for each electronic device can be coupled to or interface with the security coordinator 130 via a network infrastructure (e.g., an optical, electrical, or wireless connection). In other implementations, the security coordinator 130 can be internal to an electronic device (e.g., a master device), which can serve as an aggregator for other electronic devices that are managed. For example, the security coordinator 130 can reside on an onboard administrator of the enclosure of the electronic device, and reside in one of the 'U' locations of the rack (i.e., compared to ToR).
[0021] In various examples, the security coordinator 130, in addition to managing access to the electronic devices, can monitor software status, data fabric status, cryptographic keys, and machine state to detect, alert, and respond to security threats, as described herein. Security coordinator 130 can also push firmware updates and user access rights to respective controllers 120 of the electronic devices.
[0022] In performing their respective functions, electronic lock 110. controller 120, and security coordinator 130 may access a data storage and/or other suitable database(s) (not shown). Data storage and/or database may represent any memory accessible to the system 100 that can be used to store and retrieve data, and may comprise RAM, ROM, EEPROM, cache memory, floppy disks, hard disks, optical disks, tapes, solid state drives, flash drives, portable compact disks, and/or other storage media for storing computer-executable instructions and/or data. System 120 may access data storage locally or remotely via a network.
[0023] FIG. 2 is a block diagram of a security system to control access to an electronic device, according to another example. Security system 200 can be used for controlling access to a plurality of electronic devices 201 A and 201 B. Electronic devices 201 A and 20 IB can include substantially similar components. For example, electronic device 201 A can include an electronic lock 1 10A, a controller 120A, and a user access interface 220A. Similarly, electronic device 20 IB can include an electronic lock 110B, a controller 120B, and a user access interface 220B. Electronic devices 201A and 201B can be rack mount devices (e.g., servers, storage devices, networking devices, PDUs, PSUs, switches, etc.) or blade devices (e.g., servers, storage devices, networking devices, switches, etc.). Further electronic devices 201 A and 20 IB can reside on the same rack or on different racks within a datacenter, for example.
[0024] Electronic locks 11 OA and 110B can be activated to prevent physical access to electronic devices 201 A and 20 IB, respectively, or physical access to components, data, or cryptographic keys therein. The movement and/or position (i.e., state) of the electronic locks 1 10 and HOB can be controlled by controllers 120A and 120B, based on an authorization process. For example, controllers 120A and 120B can receive a user access request via respective user access interfaces 220A and 220B of the electronic devices 201 A and 202B. In response to the user access request, controllers 120A and 120B can determine whether to allow access or deny access to the electronic devices 201 A and 202B, for example, by verifying whether the user is authorized. Authorization can be verified by accessing a database or storage medium that includes authorized users.
[0025] User access interfaces 220A and 220B can be a biometric scanner, a radio frequency identification (RFID), a passcode keypad, a contactless tag reader (e.g., near field communication (NFC) tag reader), or an access request button. Thus, the user access request is received by the controllers 120A and 120B via the user access interfaces 220A and 220B of the electronic devices 201 A and 201 B.
[0026] Controllers 120A and 120B of the electronic devices 201 A and 201 B are coupled to the security coordinator 130 via a network infrastructure 250. Network infrastructure 250 can be a wired or wireless connection. For example, network infrastructure 250 can be an optical connector, an electrical connector, a wireless connector (e.g., local area network, Wi-Fi, wireless area network, etc.), or a combination thereof. Network infrastructure 250 enables the security coordinator 130 to communicate with the plurality of electronic devices 201 A and 20 IB.
[0027] Security coordinator 130 manages the security of the electronic devices 201 A and 20 IB by managing and recording access events, monitoring and maintaining software status, data fabric status, cryptographic keys, and machine state to detect, alert, and respond to security threats. For example, security coordinator 130 can trigger a security operation in response to detection of an unauthorized access or security threat to the electronic devices 201 A and 201 B. A security operation can include sounding or signaling a security alarm, cryptographic zeroisation, or initiating a surveillance system. Security coordinator 130 can be coupled to a management system 260 via a network 240.
[0028] Management system 260 can be a datacenter management system, for example, that manages the resources of the datacenter (e.g., servers, storage devices, networking devices, switches, etc.). Management system 260 can include an application programming interface (API) to interface with the security coordinator 130. Management system 260 can communicate with the security coordinator over the network 240. Network 240 can be any wireless network infrastructure.
Management system 260 can receive access state information, software status, and network activity related to the electronic devices 201 A and 20 IB, from the security coordinator 130. Management system 260 can also transmit access keys (e.g., user access credentials), tamper response commands, shut down commands, and other management commands to the security coordinator 130. Accordingly, management system 260 can manage and communicate with a plurality of security coordinators 130. Management system 260 allows an administrator to remotely manage a pool of resources (e.g., compute, storage, networking, etc.) in the datacenter.
[0029] FIG. 3 is a flowchart illustrating a method of controlling access to an electronic device, according to an example. Method 300 may be performed by a system that includes a physical processing resource implementing or executing machine-readable instructions stored on a machine-readable medium. Additionally or alternatively, the system performing method 300 may include electronic circuitry. For example, at least some portions of method 300 may be performed by system 100 of FIG. 1, system 200 of FIG. 2, or system 500 of FIG. 5. In some implementations, the blocks of method 300 may be executed substantially concurrently, may be ongoing, and/or may repeat. In some implementations, method 300 may include more or fewer blocks than are shown in FIG. 3.
[0030] Method 300 includes monitoring and recording access to an electronic device, at 310. For example, controller 120 and/or the security coordinator 130 can monitor and record access to an electronic device to detect, alert, and respond to security threats to the electronic device. Monitoring and recording can include monitoring access state (e.g., locked/unlocked, forced/tampered, removed, etc.), monitoring software status, data status, cryptographic keys, and machine state. [0031] Method 300 includes detecting an unauthorized access to the electronic device, at 320. For example, controller 120 and/or security coordinator 130 can detect an unauthorized access to the electronic device. The unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components thereof.
[0032] Method 300 includes, in response to the detection, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, where the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 330. For example, cryptographic zeroisation may be executed to erase sensitive data and cryptographic keys, in response to the unauthorized access. Further, a security alarm can be raised (e.g., sound, signals, indicators, etc.) and a surveillance system can be triggered to capture video feeds around and within the electronic device.
[0033] FIG. 4 is a flowchart illustrating a method of controlling access to an electronic device, according to another example. Method 400 may be performed by a system that includes a physical processing resource implementing or executing machine-readable instructions stored on a machine-readable medium. Additionally or alternatively, the system performing method 400 may include electronic circuitry. For example, at least some portions of method 400 may be performed by system 100 of FIG. 1, system 200 of FIG. 2, or system 500 of FIG. 5. In some implementations, the blocks of method 400 may be executed substantially concurrently, may be ongoing, and/or may repeat. In some implementations, method 400 may include more or fewer blocks than are shown in FIG. 4.
[0034] Method 400 includes monitoring and recording access to an electronic device, at 410. Monitoring and recording access to the electronic device can include monitoring access state (e.g., locked/unlocked, forced/tampered, removed, online/offline etc.), monitoring software status, data status, cryptographic keys, and machine state.
[0035] Method 400 includes receiving an access request to the electronic device, at 420. For example, an access request can be received from the user via the user access interface 220. User access interface 220 can be a biometric scanner, a keypad, a contactless tag (e.g., RFID or NFC tag), etc. [0036] Method 400 includes authorizing the access based on a comparison of the request to a database of authorized users, where authorization of the request includes controlling movement of a lock mechanism associated with the electronic device from a locked state to an unlocked state, at 430. For example, the user access request received via the interface 220 can be verified/authenticated by accessing a database of users with permission to access the electronic device. The electronic lock 1 10 can be deactivated or moved to an unlocked state to permit access for the authorized user.
[0037J Method 400 includes detecting an unauthorized access to the electronic device, at 440. For example, the unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components thereof.
[0038] Method 400 includes, in response to the detection, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, where the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 450. For example, cryptographic zeroisation may be executed to erase sensitive data and cryptographic keys, in response to the unauthorized access. Further, a security alarm can be raised (e.g., sound, signals, indicators, etc.) and a surveillance system can be triggered to capture video feeds around and within the electronic device.
[0039] FIG. 5 is a block diagram of a machine-readable medium encoded with instructions for controlling access to an electronic device, according to an example. The system 500 may serve as a form or part of the system 100 of FIG. 1 or the system 200 of FIG. 2.
[0040] In some implementations, processing resource 510 may be a
microcontroller, a microprocessor, CPU core(s), an ASIC, an FPGA, and/or other hardware device suitable for retrieval and/or execution of instructions stored on the machine-readable medium 520. Additionally or alternatively, the processing resource 302 may include one or more hardware devices, including electronic circuitry, for implementing functionality described herein.
[0041] The machine-readable medium 520 may be any medium suitable for storing executable instructions, such as RAM, ROM, EEPROM, flash memory, a hard disk drive, an optical disc, or the like. In some example implementations, the machine-readable medium 520 may be a tangible, non-transitory medium. The machine-readable medium 520 may be disposed within the system 500, as shown in FIG. 5, in which case the executable instructions may be deemed installed or embedded on the system 500. Alternatively, the machine-readable medium 520 may be a portable (e.g., external) storage medium, and may be part of an installation package.
[0042] As described further herein below, the machine-readable medium 520 may be encoded with a set of executable instructions 521, 522, 523, 524, and 525. It should be understood that part or all of the executable instructions and/or electronic circuits included within one box may, in alternate implementations, be included in a different box shown in the figures or in a different box not shown.
[0043] Access monitoring instructions 521 , when executed, cause the processing resource 510 to monitor access to the electronic device. For example, access to the electronic device may be monitored and recorded, such as access state,
software/firmware status, data status, and machine state. Access request receiving instructions 522, when executed, cause the processing resource 510 to receive an access request to the electronic device via a user interface. For example, an access request can be received via a biometric scanner, a keypad, or a contactless tag (e.g., RFID, NFC tag). Access authorizing instructions 523, when executed, cause the processing resource 510 to authorize access to the electronic device based on an authentication of a user associated with the request. Access authorization also includes controlling the lock to unlock the electronic device to allow access.
Unauthorized access detecting instructions 524, when executed, cause the processing resource 510 to detect an unauthorized access to the electronic device. For example, the unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components of the electronic device. Security response triggering instructions 525, when executed, cause the processing resource 510 to, upon detection of the unauthorized access, trigger a security response. For example, the security response can include activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.
[0044] In the foregoing description, numerous details are set forth to provide an understanding of the subject matter disclosed herein. However, implementation may be practiced without some or all of these details. Other implementations may include modifications and variations from the details discussed above. It is intended that the following claims cover such modifications and variations.

Claims

CLAIMS What is claimed is:
1. A security system to control access to an electronic device, comprising: an electronic lock;
a controller coupled to the electronic lock, the controller to:
receive access request to the electronic device; and
control movement of the electronic lock between a locked state and an unlocked state; and
a security coordinator coupled to the controller, the security coordinator to: monitor an access state of the electronic device; and
trigger a security operation in response to detection of an unauthorized access to the electronic device.
2. The security system of claim 1 , wherein the security coordinator is to manage user access to the electronic device, record access events at the electronic device, and monitor and maintain software status of the electronic device.
3. The security system of claim 1, wherein unauthorized access to the electronic device includes physical tampering and electronic threats to the electronic device.
4. The security system of claim 1 , wherein the security operation includes a security alarm, a surveillance action, or an active cryptographic zeroisation, in response to the unauthorized access.
5. The security system of claim 1 , comprising a user interface to request access to the electronic device, wherein the user interface includes at least one of a biometric scanner, a radio frequency identification (RFID), a passcode keypad, a contactless tag reader, and an access request button.
6. The security system of claim 1, wherein the electronic device includes a rack mount device and wherein the electronic lock is located on a slide of the rack, a rail of the rack, a hood of the rack mount device, or an internal enclosure of the rack mount device.
7. The security system of claim 1 , wherein the electronic device includes a blade device and wherein the electronic lock is located on a latch of the blade device, a hood of the blade device, or an internal enclosure of the blade device.
8. The security system of claim 1 , wherein the controller is internal to the electronic device and comprises power and signal interfaces and an onboard power backup.
9. The security system of claim 1 , comprising a network infrastructure to communicatively couple the security coordinator to a plurality of electronic devices including the electronic device, wherein the security coordinator is to manage the plurality of electronic devices.
10. The security system of claim 1, comprising a management system communicatively coupled to a plurality of security coordinators including the security coordinator, each security coordinator to manage a plurality of electronic devices, wherein the management system is to:
receive access state information, software status, and network activity status of the electronic devices from the security coordinators; and send access credentials and security response commands to the security
coordinators.
11. A method of controlling access to an electronic device, comprising:
monitoring and recording access to the electronic device;
detecting an unauthorized access to the electronic device; and
in response to the detecting, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, wherein the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.
12. The method of claim 11, comprising:
receiving an access request to the electronic device; and
authorizing the access request based on a comparison of the request to a
database of authorized users, wherein authorizing the access request includes controlling movement of a lock mechanism associated with the electronic device from a locked state to an unlocked state.
13. The method of claim 11, wherein unauthorized access to the electronic device includes physical and firmware attacks to the electronic device.
14. A non-transitory machine-readable medium storing instructions executable by a processing resource of a security system to control access to an electronic device, the non-transitory machine-readable medium comprising:
instructions to monitor access to the electronic device;
instructions to receive an access request to the electronic device via a user interface;
instructions to authorize access to the electronic device based on an
authentication of a user associated with the request, wherein instructions to authorize access include instructions to control a lock mechanism to unlock the electronic device;
instructions to detect an unauthorized access to the electronic device; and instructions to, upon detection of the unauthorized access, trigger a security response.
15. The non-transitory machine-readable medium of claim 14, wherein the security response includes at least one of a cryptographic zeroisation, initiating a surveillance system, and a security alarm, and wherein the unauthorized access includes at least one of a physical tampering and an electronic threat to the electronic device.
PCT/US2016/031910 2016-05-11 2016-05-11 Electronic device access control WO2017196319A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2016/031910 WO2017196319A1 (en) 2016-05-11 2016-05-11 Electronic device access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2016/031910 WO2017196319A1 (en) 2016-05-11 2016-05-11 Electronic device access control

Publications (1)

Publication Number Publication Date
WO2017196319A1 true WO2017196319A1 (en) 2017-11-16

Family

ID=60267514

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/031910 WO2017196319A1 (en) 2016-05-11 2016-05-11 Electronic device access control

Country Status (1)

Country Link
WO (1) WO2017196319A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110532745A (en) * 2019-07-22 2019-12-03 深圳壹账通智能科技有限公司 The tamper resistant method, device of data, equipment and storage medium in system
WO2021021070A1 (en) 2019-07-26 2021-02-04 Hewlett-Packard Development Company, L.P. Storage enclosures
CN112600670A (en) * 2020-12-25 2021-04-02 深圳深度探测科技有限公司 Centralized management system and management method for large number of scattered safety racks
US20210404216A1 (en) * 2020-06-26 2021-12-30 Hewlett Packard Enterprise Development Lp Security system having an electronic lock to control access to electronic devices
US11669647B1 (en) * 2019-10-30 2023-06-06 Amazon Technologies, Inc. Physical key cartridge for rack-mounted component
WO2023244302A1 (en) * 2022-06-14 2023-12-21 Microsoft Technology Licensing, Llc Devices, systems, and methods for locking a server in a rack

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080189797A1 (en) * 2007-02-07 2008-08-07 Roger Goza Computer Workstation and Method
US20090106563A1 (en) * 2007-10-17 2009-04-23 Spansion Llc Tamper reactive memory device to secure data from tamper attacks
US20110130873A1 (en) * 2009-11-27 2011-06-02 Rafael Yepez Self-service kiosk with multiple secure service areas
US20110199183A1 (en) * 2010-02-12 2011-08-18 Marsden Christopher D Lockable enclosure having improved access system
US20130021156A1 (en) * 2003-12-11 2013-01-24 Triteq Lock And Security, Llc Electronic Security System for Monitoring Mechanical Keys and Other Items

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130021156A1 (en) * 2003-12-11 2013-01-24 Triteq Lock And Security, Llc Electronic Security System for Monitoring Mechanical Keys and Other Items
US20080189797A1 (en) * 2007-02-07 2008-08-07 Roger Goza Computer Workstation and Method
US20090106563A1 (en) * 2007-10-17 2009-04-23 Spansion Llc Tamper reactive memory device to secure data from tamper attacks
US20110130873A1 (en) * 2009-11-27 2011-06-02 Rafael Yepez Self-service kiosk with multiple secure service areas
US20110199183A1 (en) * 2010-02-12 2011-08-18 Marsden Christopher D Lockable enclosure having improved access system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110532745A (en) * 2019-07-22 2019-12-03 深圳壹账通智能科技有限公司 The tamper resistant method, device of data, equipment and storage medium in system
WO2021021070A1 (en) 2019-07-26 2021-02-04 Hewlett-Packard Development Company, L.P. Storage enclosures
EP4004775A4 (en) * 2019-07-26 2023-04-26 Hewlett-Packard Development Company, L.P. Storage enclosures
US11669647B1 (en) * 2019-10-30 2023-06-06 Amazon Technologies, Inc. Physical key cartridge for rack-mounted component
US20210404216A1 (en) * 2020-06-26 2021-12-30 Hewlett Packard Enterprise Development Lp Security system having an electronic lock to control access to electronic devices
US11982108B2 (en) * 2020-06-26 2024-05-14 Hewlett Packard Enterprise Development Lp Security system having an electronic lock to control access to electronic devices
CN112600670A (en) * 2020-12-25 2021-04-02 深圳深度探测科技有限公司 Centralized management system and management method for large number of scattered safety racks
WO2023244302A1 (en) * 2022-06-14 2023-12-21 Microsoft Technology Licensing, Llc Devices, systems, and methods for locking a server in a rack

Similar Documents

Publication Publication Date Title
US11830306B2 (en) Systems and methods for controlling access to physical space
WO2017196319A1 (en) Electronic device access control
US9230380B2 (en) Lockable enclosure having improved access system
CN103370717A (en) Always-available embedded theft reaction subsystem
US9355278B2 (en) Server chassis physical security enforcement
WO2015148062A1 (en) Centralized security for a computing device
US20220327249A1 (en) Systems and methods for chassis intrusion detection
CN106150271A (en) A kind of anti-theft device, system and safety cabinet
CN116506579A (en) Data server monitoring method and monitoring system
WO2020134525A1 (en) Access control management method, apparatus and system
CN102592341A (en) Filing cabinet control-based data processing method, equipment, server and system
CN102884556B (en) Anti-theft alarm device
US11982108B2 (en) Security system having an electronic lock to control access to electronic devices
US9177161B2 (en) Systems and methods for secure access modules
US10229290B2 (en) Keyless method to secure physical access to information handling systems in a datacenter
KR101553231B1 (en) Security management system for switch apparatus
US9734366B2 (en) Tamper credential
CN118942174A (en) LED display screen box management method and related equipment thereof
JP2006227756A (en) Cooperation controller
CN104540137B (en) Gateway control apparatus, method and system
WO2017019075A1 (en) Lock control
Janko et al. User Authentication Based on Contactless High and Ultra-High Frequency RFID Tags

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16901834

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16901834

Country of ref document: EP

Kind code of ref document: A1