(12) United States Patent
`NOV0a et al.
`
`USOO6493.824B1
`(10) Patent No.:
`US 6,493,824 B1
`(45) Date of Patent:
`Dec. 10, 2002
`
`(54) SECURE SYSTEM FOR REMOTELY
`SSNS.A."MPUTER IN A POWER-
`
`(75) Inventors: Manuel Novoa, Houston, TX (US);
`Adrian Crisan, Cypress, TX (US)
`
`OTHER PUBLICATIONS
`IBM, Wakwon Lan-an Administrator's perspective, IBM
`White paper, 1997.*
`SCYLD Computing, Corporation, Using Wake-On-LAN
`with Linux, Http://www.SCYld.com/expert/wake-on-lan,
`
`s
`
`s
`
`1999-2002.*
`
`(73) Assignee: Compaq Information Technologies
`Group, L.P., Houston, TX (US)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(*) Notice:
`
`(21) Appl. No.: 09/253,637
`(22) Filed:
`Feb. 19, 1999
`(51) Int. Cl. .............................. H04L 9/12; H04L 9/18
`(52) U.S. Cl. ....................... 713/162; 709/203; 709/208;
`709/217; 709/220; 709/228; 713/160; 713/161;
`713/178; 713/179
`(58) Field of Search ................................. 709/250, 245,
`709/229, 225; 713/200, 201
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,634,073. A 5/1997 Collins et al. .............. 305.82s
`5,680,547 A 10/1997 Chang ................... 30s/20ool
`5,727,221. A 3/1998 Walsh et al................. 395/750
`5,751,951 A 5/1998 Osborne et al. ......... 395/2008
`5,802,305 A 9/1998 McKaughan et al. ... 395/200.57
`5,826,015 A * 10/1998 Schmidt
`5,915,119 A
`6/1999 Cone
`5,938,771 A : 8/1999 Williams et al.
`4. A : 1838 Aslo et al. .............. 713/178
`6.2s6. 111 B1 * 9/2001 Snover
`6,292.831 B1 * 9/2001 Cheng
`6,311,276 B1 * 11/2001 Connery et al.
`
`* cited by examiner
`Primary Examiner-Gail Hayes
`Assistant Examiner-Taghi T. Arani
`(74) Attorney, Agent, or Firm-Conley, Rose & Tayon,
`P.C.; Michael F. Heim; Daniel J. Krueger
`(57)
`ABSTRACT
`A Secure System and method is provided for remotely
`waking a computer from a power down State. In one
`embodiment, a network interface card receives incoming
`data packets via a network connector. A control module is
`coupled to the network connector and is configured to Search
`the incoming packets for a wake-up pattern. The control
`module also verifies that the packet's destination address
`matches the destination address of the network interface
`card. If the destination addresses match and a wake-up
`pattern is found, the control module decrypts an encrypted
`value from the incoming packet and compares the result to
`an expected value. A Successful comparison causes the
`control module to assert a Signal to wake up the host
`computer. Preferably, a Standard public/private key pair
`encryption Scheme is used, and the Source of the data packet
`encrypts the expected value with a private key. All comput
`ers which may receive wake-up packets are provided with a
`public key with which to decrypt values contained in a
`Security field of any wake-up packets. A Successful decryp
`tion Serves to certify that the wake-up packet was transmit
`ted from an authorized Source. For added Security, the
`expected value and public/private keys may be changed on
`a regular basis, or even every time a valid wake-up packet
`is received. The new value may be provided in the wake-up
`packet, to be Stored by the network card for the next use.
`
`11 Claims, 3 Drawing Sheets
`
`POWER DOWN
`402
`RECEIVE
`NCOMING
`PACKET
`OSCARD
`404
`WAKE UPNNO, INCOMING
`PATTERN
`PACKET
`
`
`
`Sonos Ex. 1016, p. 1
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 10, 2002
`
`Sheet 1 of 3
`
`US 6,493,824 B1
`
`Sga
`Stra
`St 2S
`See as
`St 2S
`St 2S
`S2, 2S
`SZ St
`s Sa
`
`Sa
`Seas
`St 2
`S
`as
`N
`as
`Sa 2S
`S2, 2S
`S. St.
`St.
`
`
`
`Sonos Ex. 1016, p. 2
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 10, 2002
`
`Sheet 2 of 3
`
`US 6,493,824 B1
`
`OIN | " " " | OIN
`
`èHEHLO}}EHLO
`
`
`
`
`
`Z 'S)l=? „MESTOTLIVRES ETNo.va
`
`
`
`Sonos Ex. 1016, p. 3
` Sonos v. Google
` IPR2021-00964
`
`

`

`US. Patent
`
`Dec. 10, 2002
`
`Sheet 3 0f 3
`
`US 6,493,824 B1
`
`Dm<oQo
`
`OZEOOZ
`
`meo<m
`
`ziOommiOa
`
`Nov
`
`m>Eomm
`
`QZEOQZ
`
`meo<m
`
`wow
`
`n5wx<>>
`
`mzmMHh<a
`
`wow
`
`mow
`
`Ozmmmmoo<
`
`w.0."—
`
`ha>momo
`
`>tm:0mm
`
`QJEm
`
`er
`
`QMHOMQXm
`
`mm34<>
`
`mm>vrv
`
`zmx<22
`
`meDQEOO
`
`mrv
`
`mmmoomm
`
`meo<m
`
`mrv
`
`6528‘E032’moEmEzaam
`
`xm0>>hmz
`
`MADQOE
`
`mokomzzoo
`
`m.0.“—
`
`KMIHO
`
`mmMHDQEOO
`
`<m3m
`
`Sonos Ex. 1016, p. 4
`
`Sonos v. Google
`|PR2021-00964
`
`Sonos Ex. 1016, p. 4
` Sonos v. Google
` IPR2021-00964
`
`
`
`
`
`
`
`
`
`
`

`

`US 6,493,824 B1
`
`1
`SECURE SYSTEM FOR REMOTELY
`WAKING ACOMPUTER IN A POWER
`DOWN STATE
`
`2
`the user's name and/or machine location) that is more
`widely known. When a user desires to Send a message to
`another computer, the transport protocol in the network is
`responsible for converting the name of the other computer
`into the corresponding destination address to establish a
`communications link between the two computers.
`Because wide area networks often include a collection of
`a wide variety of machines, organizations and individuals,
`these networks must provide the means to exchange data
`between dissimilar machines and acroSS many different
`transport protocols. Each transport protocol has its own
`version of addressing information that enables it to exchange
`electronic mail, data files, programs, etc. between one LAN
`and another LAN. As a data packet is transmitted acroSS
`different networks, the addressing information for one trans
`port protocol is replaced by the addressing information for
`the next transport protocol. Over the Internet, this LAN
`addressing information is abstracted from the Internet
`address.
`The address of an individual, computer, or organization
`on the Internet has Several layerS or components including
`the domain name or user name, the underlying identifiers
`used by the transport protocol(s) that govern the data
`eXchange, and the actual destination address. Each transport
`protocol is designed to extract the appropriate destination
`address to ensure that each message packet is routed to its
`intended recipient.
`To illustrate the distinctions between the various layers of
`addressing information, consider an individual computer
`user in Atlanta that wishes to Send an e-mail message to a
`destination computer in Seattle where the computer in
`Atlanta is connected to an Internet Service provider and the
`computer in Seattle is connected to a corporate local area
`network. Generally, the user in Atlanta will know, or can
`readily obtain, the recipients computer (e.g.,
`www.recipient.com), but will not know the recipient's Inter
`net address or actual destination address. Nonetheless, the
`transport protocols will abstract the destination address from
`the message packet as it is transmitted acroSS the network.
`Therefore, the user in Atlanta will Simply type the recipi
`ent's computer name, www.recipient.com, as the address of
`the destination computer. The message packet will be sent
`via the Internet, where the TCP/IP transport protocol will
`convert the computer name into a more primitive Internet
`address, which is a 32-bit value that identifies the hosts
`network ID and host ID within the network, e.g.,
`123.234.5.6. The message packet is then routed to the
`corporate LAN in Seattle, where a component in the LAN,
`typically a network router, Switch, or Server, converts the
`Internet address into the destination address of the recipi
`ent’s network interface card, e.g., 00AAO0123456.
`Meanwhile, the network interface card of the destination
`computer is designed to continually monitor incoming pack
`ets over the network. When the network interface card
`detects an incoming packet containing its destination
`address, the network interface card will determine that it is
`the intended recipient of the packet, and will forward
`information content of the packet to the destination com
`puter's core, thereby completing the communications link.
`In normal operations, in which both the Source computer
`and the destination computer are operating in full power
`mode, all of these address conversions occur automatically
`and completely invisible to the user, and the communica
`tions link is readily established between the two computers.
`However, efforts are now being made to extend the use of
`network computing to power management applications, in
`
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`The present invention relates generally to network com
`puting Systems, and more particularly, to a Secure method for
`remotely waking up a computer on a network.
`2. Background of the Invention
`Computer networks are commonly used in offices or
`corporate environments to interconnect personal computers.
`Well-known local area networks (LANs), such as Ethernet,
`Token Ring, and ARCnet, are widely used to interconnect a
`group of computers and other devices that are dispersed over
`a relatively limited area, Such as an office or building, and
`new LANs continue to be developed. These local area
`networks provide an efficient and economical way for per
`Sonal computers to share information and peripherals.
`Of course, computer networks are not limited to the
`confines of an office or building. Smaller networks are
`commonly interconnected into wide area networks (WANs),
`Such as the Internet, to provide a communications link over
`a larger area. The Internet is actually a collection of net
`works that share the same namespace (a set of names in
`which all names are unique) and use the well-known trans
`mission control protocol/internet protocol (TCP/IP). The
`Internet currently connects over four hundred networks and
`tens of thousands of nodes in over forty-two countries. It is
`estimated that the Internet is now accessed by more than 10
`million people every day.
`AS is well known in the art, the transmission of data
`packets acroSS networks is governed by a set of rules called
`“transport protocols'. In order for two computers in a local
`area network to communicate with one another, each com
`puter must use the proper transport protocol for the particu
`lar network. During the last decade, many different transport
`protocols have evolved for use in different networks. For
`example, TCP/IP is the transport protocol widely used in
`UNIX based networks and with Ethernet 802.3 LANs;
`IPX/SPX is the transport protocol used by Novell Corpora
`tion's NetWare developed by IBM to operate underneath
`Microsoft's NetBIOS network interface; DECnet is the
`transport protocol used by Digital Equipment Corporation
`for linking computer Systems to DECnet-based networks,
`AppleTalk is the transport protocol developed by Apple
`Computer, Inc. for linking Systems to Apple Macintosh
`network systems; and XNS is the transport protocol devel
`oped by Xerox Corporation that was used in early Ethernet
`networks. The transport protocols, which are all well known
`in the art, are often implemented as Software drivers which
`can be loaded into and out of a computer System.
`In order to connect to a network, a computer is usually
`provided with one or more network interface cards (NICs)
`that provide a data link to the network. Each network
`interface card has a unique address, referred to herein as its
`"destination address', which enables each computer to be
`individually addressed by any other computer in the net
`work. The destination address is typically, but not always, a
`12 digit hexadecimal number (e.g., 00AAO0123456) that is
`programmed into memory located on the network interface
`card and is generally hidden from the user's view. Users are
`not expected to know and remember the destination address
`of every computer in the network. Instead, every computer
`generally has a computer name (commonly corresponding to
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Sonos Ex. 1016, p. 5
` Sonos v. Google
` IPR2021-00964
`
`

`

`3
`which one or more of the computers may be operating in a
`low power mode. In particular, there is increasing demand
`for power management Systems that minimize the energy
`consumption of computer Systems, yet still allow the poS
`Sibility for receiving remote communications from other
`computers via a network. These power management Systems
`must provide a mechanism for remotely “waking a com
`puter System from a low power mode to permit the computer
`System to receive network communications.
`Generally Stated, "power management” refers to a com
`puter System's ability to conserve or otherwise manage the
`power that it consumes. Although power management con
`cerns were originally focused on battery-powered portable
`computers, these concerns now extend to AC-powered
`"desktop' computer Systems as well. In particular, govern
`ment initiatives encourage computer manufacturers to
`develop energy-efficient computers.
`Power management techniques include the ability to
`dynamically power down a computer or certain components
`within a computer when they are not in use, thereby con
`Serving energy. A computer in this condition is referred to
`herein as being in a “power down” state. Power is then
`restored to the computer or components when they are
`required for use. This proceSS is often referred to as “wak
`ing the computer.
`There are many ways in which a computer may exist in
`the power down state. Examples include hard off (power is
`disconnected), Soft off (power is Supplied only to compo
`nents which monitor activity external to the System), hiber
`nated power State (contents of memory are stored on disk
`and current State of computer is preserved while power
`consumption is reduced to a minimum level), Suspend mode
`(all central processor activities are halted, but power to
`memory is maintained and dynamic RAM is refreshed), and
`Sleep mode (the clock signal is reduced or halted to Some or
`all of the System components during periods of inactivity).
`The Sleep and Suspend modes may each be invoked at
`various levels, depending on the particular implementation
`of these modes, and recovery from these modes is imple
`mentation specific.
`In an effort to Standardize power management using a
`computer's operating System, Intel, MicroSoft, and Toshiba
`have collaborated to produce the Advanced Configuration
`and Power Interface (ACPI) specification. Under ACPI, a
`computer System can be placed in one of five graduated
`reduced-power System States, which do not necessarily cor
`respond (in functionality or in name) to the power down
`modes recited above. Nevertheless, these States also repre
`Sent power down States of a computer.
`When a computer is in a power down State, it may be
`configured to awaken if activity is detected, e.g. movement
`of a mouse or actuation of a power Switch. The Source of the
`triggering activity may come from a local mechanism (i.e. a
`Switch or Sensor of any kind Such as a power Switch, a reset
`Switch, a pressable key, a pressure Sensor, a mouse, a
`joystick, a touch pad, a microphone, or a motion sensor), or
`the trigger Source may be remote. The ability to remotely
`awaken a computer increases its usability and maintainabil
`ity. For example, a user can remotely retrieve files even
`when the computer was powered down, and a System
`administrator can perform System maintenance after hours
`without needing to physically visit each computer.
`There are Several existing power management Systems
`which are designed to operate in a network environment. In
`one System for waking a computer from a local area
`network, a remote wake frame known as a “magic packet'
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,493,824 B1
`
`15
`
`25
`
`4
`is defined that includes the destination address repeated 16
`times consecutively anywhere within the packet. While the
`computer is in the power down State, its network interface
`card continually monitors all incoming message packets for
`one that has its destination address repeated 16 times. When
`the network interface card detects an incoming packet with
`this address Sequence, the network interface card asserts a
`Signal to wake the rest of the computer and then Start the
`operating System. The operating System may optionally be
`Started up in an “administration mode” with restricted access
`(e.g. the user may be locked out for the duration of a
`maintenance task).
`In another prior System for waking a computer from a
`local area network, the computer's network interface card is
`provided with a list of packets stored in memory. When an
`incoming packet of information is transmitted to a computer
`in the power down State, the network interface card com
`pares the incoming packet to the list of packets that it has
`Stored in memory. If the incoming packet matches one of the
`packets in the list of packets, then a Signal is issued to wake
`the computer. Otherwise, the incoming packet is discarded
`and the sleeping computer is not awakened.
`Typically, upon receiving a “wake-up' packet, the net
`work interface card asserts an interrupt or reset Signal to
`awaken the computer. Depending on the power down State
`and the Specific power management implementation, the
`computer responds by restarting a clock signal, restoring a
`memory State, performing an initialization process, or oth
`erwise returning the System to a full power mode.
`Security is an important consideration in computer
`networks, and the prior network-aware power management
`Systems do not include any provisions for Security. Com
`puters in a power down State may prove to be Vulnerable
`links in certain computer networks. For example, Some
`proposed computer Systems will respond to wake-up packets
`by retrieving their initial executable programs via the net
`work. Skilled saboteurs may be able to use this system
`feature to gain access to a network or to Simply cause
`mischief. Indeed, Simply broadcasting wake-up packets in
`many existing networks can frustrate a company's attempts
`to reduce power consumption.
`Consequently, it is desirable for a computer System in a
`power down State to be able to discriminate between autho
`rized wake-up packets and unauthorized wake-up packets.
`SUMMARY OF THE INVENTION
`Accordingly, there is provided herein a Secure System and
`method for remotely waking a host computer from a power
`down State. In one embodiment, a network interface card
`receives incoming data packets via a network connector. A
`control module is coupled to the network connector and is
`configured to Search the incoming packets for a wake-up
`pattern. The control module also verifies that the packet's
`destination address matches the destination address of the
`network interface card. If the destination addresses match
`and a wake-up pattern is found, the control module decrypts
`an encrypted value from the incoming packet and compares
`the result to an expected value. A Successful comparison
`causes the control module to assert a Signal to wake up the
`host computer. Preferably, a Standard public/private key pair
`encryption Scheme is used, and the Source of the data packet
`encrypts the expected value with a private key, All comput
`erS which may receive wake-up packets are provided with a
`public key with which to decrypt values contained in a
`Security field of any wake-up packets. A Successful decryp
`tion Serves to certify that the wake-up packet was transmit
`
`Sonos Ex. 1016, p. 6
` Sonos v. Google
` IPR2021-00964
`
`

`

`US 6,493,824 B1
`
`S
`ted from an authorized Source. For added Security, the
`expected value and public/private keys may be changed on
`a regular basis, or even every time a valid wake-up packet
`is received. The new value may be provided in the wake-up
`packet, to be Stored by the network card for the next use.
`The present invention also contemplates a method which
`comprises: (i) receiving a data packet from a network; (ii)
`comparing a destination address of the data packet to a
`destination address of a network interface card; (iii) deter
`mining if a wake-up pattern is present in the data packet; (iv)
`decrypting an encrypted value from the data packet to obtain
`a decrypted value; and (v) asserting a wake-up signal if the
`destination addresses match, a wake-up pattern is present,
`and the decrypted value matches an expected value.
`Preferably, the encrypted value is produced according to a
`Standard public key/private key encryption Scheme.
`BRIEF DESCRIPTION OF THE DRAWINGS
`A better understanding of the present invention can be
`obtained when the following detailed description of the
`preferred embodiment is considered in conjunction with the
`following drawings, in which:
`FIG. 1 is an illustrative diagram of a simple computer
`network which Supports transmission of wake-up packets,
`and
`FIG. 2 is a block diagram of a computer System embody
`ing a preferred embodiment of the present invention;
`FIG. 3 is a block diagram of a preferred embodiment of
`a network interface card; and
`FIG. 4 illustrates a method for waking a remote computer
`from a power down State.
`While the invention is Susceptible to various modifica
`tions and alternative forms, specific embodiments thereof
`are shown by way of example in the drawings and will
`herein be described in detail. It should be understood,
`however, that the drawings and detailed description thereto
`are not intended to limit the invention to the particular form
`disclosed, but on the contrary, the intention is to cover all
`modifications, equivalents and alternatives falling within the
`Spirit and Scope of the present invention as defined by the
`appended claims.
`In addition, certain terms are used throughout the follow
`ing description and claims to refer to particular System
`components. This document does not intend to distinguish
`between components that differ in name but not function. In
`the following discussion and in the claims, the terms
`“including” and “comprising are used in an open-ended
`fashion, and thus should be interpreted to mean “including,
`but not limited to . . .
`. Also, the term “couple” or “couples”
`is intended to mean either an indirect or direct electrical
`connection. Thus, if a first device couples to a Second device,
`that connection may be through a direct electrical connec
`tion or through an indirect electrical connection via other
`devices and connections.
`
`DETAILED DESCRIPTION OF PREFERRED
`EMBODIMENTS
`Turning now to the figures, FIG. 1 shows an example of
`a computer network embodying a preferred embodiment of
`the invention, in which a central Server 12 is coupled to a
`first computer 18 and a second computer 20 by network
`connections 22. Computers 18, 20 may preferably be “cli
`ent” computers. Although a client/server configuration is
`shown, the computer network may also be an enterprise
`network, a peer network, or any other Suitable network
`configuration.
`
`6
`A System administrator operating at a terminal 14 with
`input device 16 can cause transmission of a network data
`packet to first and second computers 18, 20 to instruct either
`of the computers 18, 20 to awaken. Advanced Micro
`Devices (AMD) has proposed a “Magic Packet(TM) Tech
`nology' that Supports this ability, and MicroSoft has patented
`a "packet-matching method that also Supports this ability.
`In essence, network interface cards in computers 18, 20,
`after being placed in a remote boot mode, continually Scan
`incoming data packets for a predetermined Sequence even
`when the computers are in a power down State. Upon
`detection of a packet that qualifies as a wake-up packet, the
`network interface card Sends a signal to awaken the com
`puter. In one embodiment, the network interface card alerts
`a power management module to power up the computer.
`It can be appreciated that the ability to remotely awaken
`a computer provides certain advantageous capabilities. For
`example, a System administrator is able to perform system
`after-hours maintenance of each of the computers in the
`network from a central location. The administrator may
`further be provided with the ability to boot each of the
`computers from a master copy of the operating System as
`part of the System maintenance. Examples of when this
`could be desirable include: Virus Scanning, and executing
`automated maintenance Software. However, these capabili
`ties may also represent a Security Vulnerability. The pre
`ferred System ensures that only authorized users are able to
`remotely awaken a computer from a power down State.
`Referring now to FIG. 2, a representative computer Sys
`tem is illustrated. It is noted that many other representative
`configurations exist and that this embodiment is described
`for illustrative purposes. For the following discussion, the
`computer System of FIG. 2 is assumed to represent client
`computer 18, but one of skill in the art will recognize that the
`invention may be implemented as part of any computer
`connected to a network. The computer system 18 of FIG. 2
`includes a CPU 102 coupled to a bridge logic device 106 via
`a CPU bus 103. The bridge logic device 106 is sometimes
`referred to as a “North bridge” for no other reason than it
`often is depicted at the upper end of a computer System
`drawing. The North bridge 106 also couples to a main
`memory array 104 by a memory bus 105, and may further
`couple to a graphics controller 108 via an accelerated
`graphics port (AGP) bus 109. The North bridge 106 couples
`CPU 102, memory 104, and graphics controller 108 to each
`other and to various peripheral devices in the System through
`a primary expansion bus (BUSA) such as a PCI bus or an
`EISA bus. Various components that comply with the bus
`protocol of BUSA may reside on this bus, such as an audio
`device 114, an IEEE 1394 interface device 116, and a
`network interface card (NIC) 117. NIC 117 is coupled to a
`network 118 for communication with other computers. The
`System may include more than one network interface, as
`indicated by NIC 119. NIC 119 is shown coupled to a second
`network 120 for communication with other computers. The
`above components may be integrated onto the motherboard
`as presumed by FIG. 2, or they may be plugged into
`expansion slots 110 that are connected to BUS A.
`If other, Secondary, expansion buses are provided in the
`computer System 18, as is typically the case, another bridge
`logic device 112 is used to couple the primary expansion bus
`(BUS A) to the secondary expansion bus (BUS B). This
`bridge logic 112 is sometimes referred to as a “South bridge”
`reflecting its location vis-a-vis the North bridge 106 in a
`typical computer system drawing. The South Bridge 112
`commonly includes an interrupt controller 134, which is
`shown Separately in FIG. 2. An example of Such bridge logic
`
`1O
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Sonos Ex. 1016, p. 7
` Sonos v. Google
` IPR2021-00964
`
`

`

`US 6,493,824 B1
`
`15
`
`7
`is described in U.S. Pat. No. 5,634,073, assigned to Compaq
`Computer Corporation. Various components that comply
`with the bus protocol of BUS B may reside on this bus, such
`as hard disk controller 122, Flash ROM 124, and Super I/O
`controller 126. Slots 121 may also be provided for plug-in
`components that comply with the protocol of BUS B.
`The Super I/O controller 126 typically interfaces to basic
`input/output devices Such as a floppy disk drive 128, a
`keyboard 130, a mouse 132, a parallel port, a Serial port, and,
`if desired, various other input Switches Such as a power
`switch and a suspend Switch (not shown). The Super I/O
`controller 126 often includes a power management unit
`having the capability to handle power management func
`tions Such as reducing or terminating power to components
`Such as the floppy drive 130, and blocking the clock signals
`that drive components such as the bridge devices 106, 112
`thereby inducing a sleep mode in the expansion buses. The
`Super I/O controller 126 may further assert System Man
`agement Interrupt (SMI) signals to interrupt controller 134
`(which in turn communicates the interrupt to the CPU 102)
`to indicate Special conditions pertaining to input/output
`activities Such as sleep mode. The SMI is simply a particular
`interrupt which is reserved for System management
`functions, but which is otherwise handled in much the same
`manner as any conventional interrupt.
`The Super I/O controller 126 may incorporate a counter
`and a Real Time Clock (RTC) to track the activities of
`certain components Such as the hard disk 122 and the
`primary expansion bus, inducing a sleep mode or reduced
`power mode after a predetermined time of inactivity. The
`Super I/O controller 126 may also induce a low-power
`Suspend mode if the Suspend Switch is pressed, in which the
`power is completely shut off to all but a few selected
`devices. Exempted devices might be the Super I/O controller
`126 itself and NIC 119. An exemplary Super I/O controller
`is described in U.S. Pat. No. 5,727,221, entitled “Computer
`System power management interconnection circuitry and
`systems” by inventors J. Walsh and W. Kau, which is hereby
`incorporated by reference.
`Referring now to FIG. 3, a block diagram illustrates the
`network interface card 119 in more detail. The network
`interface card 119 includes a bus interface 302 for connect
`ing to the BUSA, and one or more network connectors 306
`for connecting to a network Such as the local area network
`120 or a wide area network. The network connector 306 may
`comprise, for example, a conventional BNC connector
`assembly or an AUI connector assembly for connecting to an
`Ethernet or ARCnet network, or an RJ-45 connector assem
`bly for connecting to an Ethernet or Token Ring network.
`Network interface card 119 also includes memory 304 and
`a control module 308. The memory 304 is used to store the
`destination address of the network interface card 119.
`Memory 304 may additionally store a list of packets for
`which the network interface card 119 should listen while the
`host computer 18 is in a power down state. For one
`embodiment, the creation and use of this list of packets, is
`described in more detail in U.S. Pat. No. 5,802,305 by
`McKaughan et al. which is entitled “System For Remotely
`Waking A Sleeping Computer In A Power Down State By
`Comparing Incoming Packet To The List Of Packets Storing
`On Network Interface Card”, and which is hereby incorpo
`rated by reference.
`Network interface card 119 further includes control mod
`ule 308 which screens the packets received from the network
`65
`120. During normal operations, the control module 308
`merely examines the packet's destination address, discards
`
`35
`
`40
`
`45
`
`8
`those packets having destination addresses which do not
`match the network interface card's address, and accepts
`those packets having destination addresses that do match.
`When the host computer 18 is in a power down state, the
`control module 308 examines the packets destination
`address, determines if the packet is a wake up packet, and
`determines if the wake up packet is valid (i.e. sent by an
`authorized Source) or invalid (i.e. sent by an unauthorized
`Source). The order of these operations can be rearranged.
`Valid wake up packets constructed in accordance with a
`preferred embodiment comprise (1) an address field, (2) a
`wake up pattern, and (3) a Security field. The address field
`contains an address value that matches the destination
`address of the network interface card. When the packet has
`only a single destination, the address value equals the
`destination address of the network interface card. However,
`as in the case of a broadcast packet which targets multiple
`computers, the address value can match the destination
`address without necessarily being equal to the destination
`address.
`In systems that utilize AMD's Magic Packet TM
`technology, the wake up pattern includes 16 consecutive
`repetitions of the network interface card's destination
`address Somewhere in the packet. Other Systems may use
`other wake up patterns, Such as any arbitrary pattern pro
`vided in a list of suitable wake up packets per U.S. Pat. No.
`5,802,305 which was incorporated above.
`The security field is included in the packet, preferably
`Subsequent to the wake up pattern. The Security field
`includes an encrypted value which is processed by the
`control module 308 to determine if a wake up packet is valid.
`In a preferred embodiment, a public/private key encryption
`Scheme is used, with the public key being Stored in memory
`304, and the private key being controlled and kept secure by
`a system administrator or other authorized user(s). The
`control module 308 decrypts the encrypted value using the
`public key.