1. Field of the Invention
The present invention relates generally to network computing systems, and more particularly, to a secure method for remotely waking up a computer on a network.
2. Background of the Invention
Computer networks are commonly used in offices or corporate environments to interconnect personal computers. Well-known local area networks (LANs), such as Ethernet, Token Ring, and ARCnet, are widely used to interconnect a group of computers and other devices that are dispersed over a relatively limited area, such as an office or building, and new LANs continue to be developed. These local area networks provide an efficient and economical way for personal computers to share information and peripherals.
Of course, computer networks are not limited to the confines of an office or building. Smaller networks are commonly interconnected into wide area networks (WANs), such as the Internet, to provide a communications link over a larger area. The Internet is actually a collection of networks that share the same namespace (a set of names in which all names are unique) and use the well-known transmission control protocol/internet protocol (TCP/IP). The Internet currently connects over four hundred networks and tens of thousands of nodes in over forty-two countries. It is estimated that the Internet is now accessed by more than 10 million people every day.
As is well known in the art, the transmission of data packets across networks is governed by a set of rules called xe2x80x9ctransport protocolsxe2x80x9d. In order for two computers in a local area network to communicate with one another, each computer must use the proper transport protocol for the particular network. During the last decade, many different transport protocols have evolved for use in different networks. For example, TCP/IP is the transport protocol widely used in UNIX based networks and with Ethernet 802.3 LANs; IPX/SPX is the transport protocol used by Novell Corporation""s NetWare developed by IBM to operate underneath Microsoft""s NetBIOS network interface; DECnet is the transport protocol used by Digital Equipment Corporation for linking computer systems to DECnet-based networks; AppleTalk is the transport protocol developed by Apple Computer, Inc. for linking systems to Apple Macintosh network systems; and XNS is the transport protocol developed by Xerox Corporation that was used in early Ethernet networks. The transport protocols, which are all well known in the art, are often implemented as software drivers which can be loaded into and out of a computer system.
In order to connect to a network, a computer is usually provided with one or more network interface cards (NICs) that provide a data link to the network. Each network interface card has a unique address, referred to herein as its xe2x80x9cdestination addressxe2x80x9d, which enables each computer to be individually addressed by any other computer in the network. The destination address is typically, but not always, a 12 digit hexadecimal number (e.g., 00AA00123456) that is programmed into memory located on the network interface card and is generally hidden from the user""s view. Users are not expected to know and remember the destination address of every computer in the network. Instead, every computer generally has a computer name (commonly corresponding to the user""s name and/or machine location) that is more widely known. When a user desires to send a message to another computer, the transport protocol in the network is responsible for converting the name of the other computer into the corresponding destination address to establish a communications link between the two computers.
Because wide area networks often include a collection of a wide variety of machines, organizations and individuals, these networks must provide the means to exchange data between dissimilar machines and across many different transport protocols. Each transport protocol has its own version of addressing information that enables it to exchange electronic mail, data files, programs, etc. between one LAN and another LAN. As a data packet is transmitted across different networks, the addressing information for one transport protocol is replaced by the addressing information for the next transport protocol. Over the Internet, this LAN addressing information is abstracted from the Internet address.
The address of an individual, computer, or organization on the Internet has several layers or components including the domain name or user name, the underlying identifiers used by the transport protocol(s) that govern the data exchange, and the actual destination address. Each transport protocol is designed to extract the appropriate destination address to ensure that each message packet is routed to its intended recipient.
To illustrate the distinctions between the various layers of addressing information, consider an individual computer user in Atlanta that wishes to send an e-mail message to a destination computer in Seattle where the computer in Atlanta is connected to an Internet service provider and the computer in Seattle is connected to a corporate local area network. Generally, the user in Atlanta will know, or can readily obtain, the recipient""s computer (e.g., www.recipient.com), but will not know the recipient""s Internet address or actual destination address. Nonetheless, the transport protocols will abstract the destination address from the message packet as it is transmitted across the network.
Therefore, the user in Atlanta will simply type the recipient""s computer name, www.recipient.com, as the address of the destination computer. The message packet will be sent via the Internet, where the TCP/IP transport protocol will convert the computer name into a more primitive Internet address, which is a 32-bit value that identifies the host""s network ID and host ID within the network, e.g., 123.234.5.6. The message packet is then routed to the corporate LAN in Seattle, where a component in the LAN, typically a network router, switch, or server, converts the Internet address into the destination address of the recipient""s network interface card, e.g., 00AA00123456.
Meanwhile, the network interface card of the destination computer is designed to continually monitor incoming packets over the network. When the network interface card detects an incoming packet containing its destination address, the network interface card will determine that it is the intended recipient of the packet, and will forward information content of the packet to the destination computer""s core, thereby completing the communications link.
In normal operations, in which both the source computer and the destination computer are operating in full power mode, all of these address conversions occur automatically and completely invisible to the user, and the communications link is readily established between the two computers. However, efforts are now being made to extend the use of network computing to power management applications, in which one or more of the computers may be operating in a low power mode. In particular, there is increasing demand for power management systems that minimize the energy consumption of computer systems, yet still allow the possibility for receiving remote communications from other computers via a network. These power management systems must provide a mechanism for remotely xe2x80x9cwakingxe2x80x9d a computer system from a low power mode to permit the computer system to receive network communications.
Generally stated, xe2x80x9cpower managementxe2x80x9d refers to a computer system""s ability to conserve or otherwise manage the power that it consumes. Although power management concerns were originally focused on battery-powered portable computers, these concerns now extend to AC-powered xe2x80x9cdesktopxe2x80x9d computer systems as well. In particular, government initiatives encourage computer manufacturers to develop energy-efficient computers.
Power management techniques include the ability to dynamically power down a computer or certain components within a computer when they are not in use, thereby conserving energy. A computer in this condition is referred to herein as being in a xe2x80x9cpower downxe2x80x9d state. Power is then restored to the computer or components when they are required for use. This process is often referred to as xe2x80x9cwakingxe2x80x9d the computer.
There are many ways in which a computer may exist in the power down state. Examples include hard off (power is disconnected), soft off (power is supplied only to components which monitor activity external to the system), hibernated power state (contents of memory are stored on disk and current state of computer is preserved while power consumption is reduced to a minimum level), suspend mode (all central processor activities are halted, but power to memory is maintained and dynamic RAM is refreshed), and sleep mode (the clock signal is reduced or halted to some or all of the system components during periods of inactivity). The sleep and suspend modes may each be invoked at various levels, depending on the particular implementation of these modes, and recovery from these modes is implementation specific.
In an effort to standardize power management using a computer""s operating system, Intel, Microsoft, and Toshiba have collaborated to produce the Advanced Configuration and Power Interface (ACPI) specification. Under ACPI, a computer system can be placed in one of five graduated reduced-power system states, which do not necessarily correspond (in functionality or in name) to the power down modes recited above. Nevertheless, these states also represent power down states of a computer.
When a computer is in a power down state, it may be configured to awaken if activity is detected, e.g. movement of a mouse or actuation of a power switch. The source of the triggering activity may come from a local mechanism (i.e. a switch or sensor of any kind such as a power switch, a reset switch, a pressable key, a pressure sensor, a mouse, a joystick, a touch pad, a microphone, or a motion sensor), or the trigger source may be remote. The ability to remotely awaken a computer increases its usability and maintainability. For example, a user can remotely retrieve files even when the computer was powered down, and a system administrator can perform system maintenance after hours without needing to physically visit each computer.
There are several existing power management systems which are designed to operate in a network environment. In one system for waking a computer from a local area network, a remote wake frame known as a xe2x80x9cmagic packetxe2x80x9d is defined that includes the destination address repeated 16 times consecutively anywhere within the packet. While the computer is in the power down state, its network interface card continually monitors all incoming message packets for one that has its destination address repeated 16 times. When the network interface card detects an incoming packet with this address sequence, the network interface card asserts a signal to wake the rest of the computer and then start the operating system. The operating system may optionally be started up in an xe2x80x9cadministration modexe2x80x9d with restricted access (e.g. the user may be locked out for the duration of a maintenance task).
In another prior system for waking a computer from a local area network, the computer""s network interface card is provided with a list of packets stored in memory. When an incoming packet of information is transmitted to a computer in the power down state, the network interface card compares the incoming packet to the list of packets that it has stored in memory. If the incoming packet matches one of the packets in the list of packets, then a signal is issued to wake the computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awakened.
Typically, upon receiving a xe2x80x9cwake-upxe2x80x9d packet, the network interface card asserts an interrupt or reset signal to awaken the computer. Depending on the power down state and the specific power management implementation, the computer responds by restarting a clock signal, restoring a memory state, performing an initialization process, or otherwise returning the system to a full power mode.
Security is an important consideration in computer networks, and the prior network-aware power management systems do not include any provisions for security. Computers in a power down state may prove to be vulnerable links in certain computer networks. For example, some proposed computer systems will respond to wake-up packets by retrieving their initial executable programs via the network. Skilled saboteurs may be able to use this system feature to gain access to a network or to simply cause mischief. Indeed, simply broadcasting wake-up packets in many existing networks can frustrate a company""s attempts to reduce power consumption.
Consequently, it is desirable for a computer system in a power down state to be able to discriminate between authorized wake-up packets and unauthorized wake-up packets.
Accordingly, there is provided herein a secure system and method for remotely waking a host computer from a power down state. In one embodiment, a network interface card receives incoming data packets via a network connector. A control module is coupled to the network connector and is configured to search the incoming packets for a wake-up pattern. The control module also verifies that the packet""s destination address matches the destination address of the network interface card. If the destination addresses match and a wake-up pattern is found, the control module decrypts an encrypted value from the incoming packet and compares the result to an expected value. A successful comparison causes the control module to assert a signal to wake up the host computer. Preferably, a standard public/private key pair encryption scheme is used, and the source of the data packet encrypts the expected value with a private key, All computers which may receive wake-up packets are provided with a public key with which to decrypt values contained in a security field of any wake-up packets. A successful decryption serves to certify that the wake-up packet was transmitted from an authorized source. For added security, the expected value and public/private keys may be changed on a regular basis, or even every time a valid wake-up packet is received. The new value may be provided in the wake-up packet, to be stored by the network card for the next use.
The present invention also contemplates a method which comprises: (i) receiving a data packet from a network; (ii) comparing a destination address of the data packet to a destination address of a network interface card; (iii) determining if a wake-up pattern is present in the data packet; (iv) decrypting an encrypted value from the data packet to obtain a decrypted value; and (v) asserting a wake-up signal if the destination addresses match, a wake-up pattern is present, and the decrypted value matches an expected value. Preferably, the encrypted value is produced according to a standard public key/private key encryption scheme.