1. Field of the Invention
This invention relates to providing commands to a system of devices and more particularly relates to techniques for securely issuing commands across a network to client computer systems to initiate power-on or power-off sequences or execute other system and power management functions.
2. Description of the Related Art
Personal computer systems are well known in the art. They are widely used for providing computer power to many segments of today's modern society. A personal computer may take many forms, including a desktop unit, a standing unit, or a portable microcomputer unit. Typical personal computers are provided with a central processing unit and associated volatile and non-volatile memory, including random access memory and basic input/output system read only memory, a system monitor, a keyboard, one or more flexible diskette drives, a CD-ROM drive, a fixed disk storage drive (also known as a “hard drive”), a pointing device such as a mouse, and an optional network interface adapter. One of the distinguishing characteristics of these systems is the use of a motherboard or system planar to electrically connect these components together.
With personal computers being increasingly connected into networks to allow efficient transfers of data among computers, operations such as maintenance, updating of applications, and data collections are constant and required. Computer networks are also becoming more and more essential to their users. Consequently, it is desirable to minimize loss of productivity by increasing the availability of network resources.
Remote management of client computer systems is currently conducted on both large and medium networks. Management of computer networks is accomplished in many systems by a central network management station which has access to client computer systems in the network for management functions. However, in complex network environments, many of the client systems are turned off at night or at other times when they are not in use, either manually or automatically, by power management circuits. This prevents the network management station from gaining access to the client system, limiting the ability to effectively manage the network. Thus, technology has evolved which allows a remote network management station to wake-up a client system in the network to allow it to conduct network management processes or otherwise communicate with the client system. Such technology is referred to generally as Wake On LAN.
The Wake On LAN feature of network adapter cards in personal computers allows network administrators to remotely boot off-line client systems. One popular technology for implementing the Wake On LAN feature is referred to as the “Magic Packet” technology, developed by Advanced Micro Devices, Inc. One concern that the Wake On LAN feature creates is the potential for intruders acting remotely to power-up unattended systems, and attempt to penetrate them. This danger is more acute than that for on-line systems, from one point of view, because their powered down state can be used as evidence that they are not being monitored for intrusion. Thus, Wake On LAN protocols present an avenue for hackers to gain access through a network to sleeping devices.
The “Magic Packet” technology developed by AMD involves transmission of a special packet which is identified by 16 duplications of the media access control (MAC) address of the client system to be woken up without breaks or interruptions, inside a single packet. The network interface card is adapted to recognize this special packet, and signal the host system that it has received a Wake On LAN command.
One approach to providing security for the Wake On LAN feature involves transmitting a separate packet carrying a password. Before the network interface card issues a command to the host system, it must receive both the special Wake On LAN packet and the special password packet. This approach has a number of drawbacks, including the fact that packets can by snooped by other stations in the network, allowing the password to be learned by other parties. Also, the Wake On LAN packet sequence can be easily replayed by parties attempting to enter the system. In addition, the requirement of two packets requires complicated circuitry in the network interface card, increasing costs. Thus the password packet approach provides limited security at increased costs.
From the foregoing discussion, it should be apparent that a need exists for an apparatus, system, and method that render current Wake On LAN systems more secure. Beneficially, such an apparatus, system, and method would provide a secure means of confirming power control commands before the execution of said commands are carried out.