BACKGROUND

[0001] Electronic devices such as rack mount devices and blade devices process and store customer data including sensitive and/or confidential information. Because of the risk of fraud and security breaches, great importance is placed on securing data from tampering and/or preventing access to discrete components of an integrated circuit of electronic devices. For example, the Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard designed to coordinate the requirements and standards for cryptography modules that include both hardware and software components.

BRIEF DESCRIPTION OF THE DRAWINGS

[0002] Some examples of the present application are described with respect to the following figures:

[0003] FIG. 1 is a block diagram of a security system to control access to an electronic device, according to an example;

[0004] FIG. 2 is a block diagram of a security system to control access to an electronic device, according to another example;

[0005] FIG. 3 is a flowchart illustrating a method of controlling access to an electronic device, according to an example;

[0006] FIG. 4 is a flowchart illustrating a method of controlling access to an electronic device, according to another example; and

[0007] FIG. 5 is a block diagram of a machine-readable medium encoded with instructions for controlling access to an electronic device, according to an example. DETAILED DESCRIPTION

[0008] Customer data security needs are increasing and access control (i.e., physical and electronic) to such electronic devices is a critical component of security. There are differing levels of security within the FIPS requirement that require an ever increasing amount of security and protection of data and cryptographic keys (i.e., string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa). For example, FIPS 140-2 defines four levels of security, in which level 1 provides the lowest level of security and level 4 provides the highest level of security. The security standards include requirements that prevent unauthorized users from viewing, tampering, or damaging internal components (including data) of electronic devices. FIPS (e.g., level 2) specifies enhanced security mechanism for a cryptographic module by requiring tamper evidence (e.g., tamper-evident coatings or seals, pick-resistant locks) which must be broken to attain physical access to the plain text cryptographic keys and critical security parameters within the module or electronic device, and a tamper-evident enclosure that is visually opaque.

[0009] Accordingly, it is desirable to implement access control solutions for individual electronic devices in a network of electronic devices, as well as manage and control access to the network of electronic devices. For example, it would be beneficial to implement an access control solution for each server in a rack, and to manage and control access on the datacenter level by interfacing with a datacenter management system. Examples described herein provide solutions for managing and controlling access to electronic devices and cryptographic keys thereon, recording access events and monitoring software status, data fabric status, and machine state of electronic devices to detect, alert and respond to security threats.

[0010] In one example, a security system to control access to an electronic device includes an electronic lock, a controller coupled to the electronic lock, and a security coordinator coupled to the controller. The controller is to receive access request to the electronic device and control movement of the electronic lock between a locked state and an unlocked state. The security coordinator is to monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device. [0011] In another example, a method of controlling access to an electronic device includes monitoring and recording access to the electronic device, and detecting an unauthorized access to the electronic device. In response to the detecting, the method also includes initiating a security operation to prevent access to components or cryptographic keys of the electronic device. The security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.

[0012] In another example, a non-transitory machine-readable medium stores instructions executable by a processing resource of a security system to control access to an electronic device. The non-transitory machine-readable medium includes instructions to monitor access to the electronic device, receive an access request to the electronic device via a user interface, and authorize access to the electronic device based on an authentication of a user associated with the request. The instructions to authorize access include instructions to control a lock mechanism to unlock the electronic device. The non-transitory machine-readable medium also includes instructions to detect an unauthorized access to the electronic device and upon detection of the unauthorized access, trigger a security response.

[0013] Referring now to the figures, FIG. 1 is a block diagram of a security system to control access to an electronic device, according to an example. Security system 100 may be useful for controlling access to an electronic device. According to various implementations, system 100 and the various components described herein may be implemented in hardware and/or a combination of hardware and programming that configures hardware. In various implementations, system 100 may be implemented in the electronic device, a management device separate from the electronic device, or may be implemented on a combination of the electronic device and the management device. Furthermore, in FIG. 1 and other Figures described herein, different number of components or entities than depicted may be used.

[0014] System 100 may comprise an electronic lock 110, a controller 120, and a security coordinator 130. Each of the components 1 10, 120, and 130 of the system 100 may include combination of hardware and programming that performs a designated function. For example, the hardware may include one or both of a processing resource and a machine-readable medium, while the programming includes instructions or code stored on the machine-readable medium and executable by the processing resource to perform the designated function. A processing resource may be a microcontroller, a microprocessor, central processing unit (CPU) core(s), application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) and/or other hardware device suitable for retrieval and/or execution of instructions from the machine-readable medium, and the machine-readable medium may be random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory, a hard disk drive, etc.

[0015] Electronic lock 1 10 is associated with the electronic device, and can be activated or inactivated, based on signal (i.e., command or instruction) received from the controller 120. Thus, lock 110 can be moved to a locked state or an unlocked state, to allow access or deny access, respectively, to the electronic device.

Accordingly, lock 110 can be electrically actuated to restrict or prevent access to the electronic device, based on authorization parameters. In some examples, lock 1 10 can include a physical locking mechanism to prevent access (e.g., opening, removal, sliding, propping, etc.) of the electronic device or its components.

[0016] In example implementations, location of the lock 110 can be determined based on a desired location of the cryptographic boundary for the electronic device. In other words, the location of the lock 110 is based on a circuitry, component, data, cryptographic key, module, etc. of the electronic device to be protected. In one example, where the electronic device is a rack mount device (e.g., rack mount servers, rack mount storage devices, rack mount storage devices, rack mount switches, rack mount power supply units (PSUs), rack mount power distribution units (PDUs), etc.), lock 110 can be located on the slide/rail mount in the rack, the hood of the rack mount device, or on an internal enclosure of the rack mount device. In another example, where the electronic device is a blade device (e.g., blade server, blade storage, blade switch, fabric attached memory, etc.), lock 110 can be located on a latch of the blade device, a hood of the blade device, or internal enclosure of the blade device.

[0017] Controller 120 can be located internal to the electronic device and coupled to the lock 1 10. Accordingly, controller 120 can be located inside the defined cryptographic boundary, as desired. Controller 120 can include a printed circuit board (PCB), signal and power interfaces, and an onboard backup power source. Controller 120 can be electrically and communicatively coupled to the lock 110 and other components of the electronic device via an inter-integrated circuit (I2C) bus, for example.

[0018] Controller 120 can receive access request to the electronic device and control movement of the lock 1 10 between a locked state and an unlocked state. For example, controller 120 can receive a user request, via a user interface, to access the electronic device. In response to the access request, controller 120 can validate and/or authenticate the access request by verifying that the user is authorized to access the electronic device. In some examples, verification can be done by comparing the user access request to a database of authorized users, where the database or storage device storing the list of authorized user can be internal to or external to the controller 120. Controller 120 can determine when to activate or deactivate the lock 1 10 based on whether or not the user is authorized to access the electronic device.

[0019] Security coordinator 130 is coupled to the controller 120 and can monitor an access state of the electronic device and trigger a security operation in response to detection of an unauthorized access to the electronic device. As used herein, an unauthorized access to the electronic device includes tampering with the electronic device, a physical or electrical intrusion, software or firmware attack, unauthorized data and component access, physical removal or attempted removal, a malicious attack, security breach, or any other security compromise to the electronic device. Monitoring an access state of the electronic device includes determining whether the electronic device is locked/unlocked, forced/tampered, removed, online/offline, and other machine states to detect, alert, and respond to security threats. Triggering a security operation in response to detection of an unauthorized access to the electronic device includes triggering a security alarm, initiating surveillance, or executing a cryptographic zeroisation. As used herein a cryptographic zeroisation means erasing sensitive parameters (i.e., electronically stored data, cryptographic keys, critical security parameter, etc.) from a cryptographic module to prevent their disclosure.

[0020] Security coordinator 130 can manage a plurality of electronic devices coupled to the security coordinator 130 via respective controllers 120 of the electronic devices. Thus, security coordinator 130 can monitor the access states and trigger security operations for each electronic device. In certain implementations, security coordinator 130 can be external to the electronic devices and reside on the rack which houses the electronic devices. In such an implementation, for example, the security coordinator 130 can be a top of rack (ToR) device that aggregates control functionality for each electronic device in the rack, and serves as a security manager between a management system (e.g., a datacenter management system) and the electronic devices. Thus, in this example, the controller 120 for each electronic device can be coupled to or interface with the security coordinator 130 via a network infrastructure (e.g., an optical, electrical, or wireless connection). In other implementations, the security coordinator 130 can be internal to an electronic device (e.g., a master device), which can serve as an aggregator for other electronic devices that are managed. For example, the security coordinator 130 can reside on an onboard administrator of the enclosure of the electronic device, and reside in one of the 'U' locations of the rack (i.e., compared to ToR).

[0021] In various examples, the security coordinator 130, in addition to managing access to the electronic devices, can monitor software status, data fabric status, cryptographic keys, and machine state to detect, alert, and respond to security threats, as described herein. Security coordinator 130 can also push firmware updates and user access rights to respective controllers 120 of the electronic devices.

[0022] In performing their respective functions, electronic lock 110. controller 120, and security coordinator 130 may access a data storage and/or other suitable database(s) (not shown). Data storage and/or database may represent any memory accessible to the system 100 that can be used to store and retrieve data, and may comprise RAM, ROM, EEPROM, cache memory, floppy disks, hard disks, optical disks, tapes, solid state drives, flash drives, portable compact disks, and/or other storage media for storing computer-executable instructions and/or data. System 120 may access data storage locally or remotely via a network.

[0023] FIG. 2 is a block diagram of a security system to control access to an electronic device, according to another example. Security system 200 can be used for controlling access to a plurality of electronic devices 201 A and 201 B. Electronic devices 201 A and 20 IB can include substantially similar components. For example, electronic device 201 A can include an electronic lock 1 10A, a controller 120A, and a user access interface 220A. Similarly, electronic device 20 IB can include an electronic lock 110B, a controller 120B, and a user access interface 220B. Electronic devices 201A and 201B can be rack mount devices (e.g., servers, storage devices, networking devices, PDUs, PSUs, switches, etc.) or blade devices (e.g., servers, storage devices, networking devices, switches, etc.). Further electronic devices 201 A and 20 IB can reside on the same rack or on different racks within a datacenter, for example.

[0024] Electronic locks 11 OA and 110B can be activated to prevent physical access to electronic devices 201 A and 20 IB, respectively, or physical access to components, data, or cryptographic keys therein. The movement and/or position (i.e., state) of the electronic locks 1 10 and HOB can be controlled by controllers 120A and 120B, based on an authorization process. For example, controllers 120A and 120B can receive a user access request via respective user access interfaces 220A and 220B of the electronic devices 201 A and 202B. In response to the user access request, controllers 120A and 120B can determine whether to allow access or deny access to the electronic devices 201 A and 202B, for example, by verifying whether the user is authorized. Authorization can be verified by accessing a database or storage medium that includes authorized users.

[0025] User access interfaces 220A and 220B can be a biometric scanner, a radio frequency identification (RFID), a passcode keypad, a contactless tag reader (e.g., near field communication (NFC) tag reader), or an access request button. Thus, the user access request is received by the controllers 120A and 120B via the user access interfaces 220A and 220B of the electronic devices 201 A and 201 B.

[0026] Controllers 120A and 120B of the electronic devices 201 A and 201 B are coupled to the security coordinator 130 via a network infrastructure 250. Network infrastructure 250 can be a wired or wireless connection. For example, network infrastructure 250 can be an optical connector, an electrical connector, a wireless connector (e.g., local area network, Wi-Fi, wireless area network, etc.), or a combination thereof. Network infrastructure 250 enables the security coordinator 130 to communicate with the plurality of electronic devices 201 A and 20 IB.

[0027] Security coordinator 130 manages the security of the electronic devices 201 A and 20 IB by managing and recording access events, monitoring and maintaining software status, data fabric status, cryptographic keys, and machine state to detect, alert, and respond to security threats. For example, security coordinator 130 can trigger a security operation in response to detection of an unauthorized access or security threat to the electronic devices 201 A and 201 B. A security operation can include sounding or signaling a security alarm, cryptographic zeroisation, or initiating a surveillance system. Security coordinator 130 can be coupled to a management system 260 via a network 240.

[0028] Management system 260 can be a datacenter management system, for example, that manages the resources of the datacenter (e.g., servers, storage devices, networking devices, switches, etc.). Management system 260 can include an application programming interface (API) to interface with the security coordinator 130. Management system 260 can communicate with the security coordinator over the network 240. Network 240 can be any wireless network infrastructure.

Management system 260 can receive access state information, software status, and network activity related to the electronic devices 201 A and 20 IB, from the security coordinator 130. Management system 260 can also transmit access keys (e.g., user access credentials), tamper response commands, shut down commands, and other management commands to the security coordinator 130. Accordingly, management system 260 can manage and communicate with a plurality of security coordinators 130. Management system 260 allows an administrator to remotely manage a pool of resources (e.g., compute, storage, networking, etc.) in the datacenter.

[0029] FIG. 3 is a flowchart illustrating a method of controlling access to an electronic device, according to an example. Method 300 may be performed by a system that includes a physical processing resource implementing or executing machine-readable instructions stored on a machine-readable medium. Additionally or alternatively, the system performing method 300 may include electronic circuitry. For example, at least some portions of method 300 may be performed by system 100 of FIG. 1, system 200 of FIG. 2, or system 500 of FIG. 5. In some implementations, the blocks of method 300 may be executed substantially concurrently, may be ongoing, and/or may repeat. In some implementations, method 300 may include more or fewer blocks than are shown in FIG. 3.

[0030] Method 300 includes monitoring and recording access to an electronic device, at 310. For example, controller 120 and/or the security coordinator 130 can monitor and record access to an electronic device to detect, alert, and respond to security threats to the electronic device. Monitoring and recording can include monitoring access state (e.g., locked/unlocked, forced/tampered, removed, etc.), monitoring software status, data status, cryptographic keys, and machine state. [0031] Method 300 includes detecting an unauthorized access to the electronic device, at 320. For example, controller 120 and/or security coordinator 130 can detect an unauthorized access to the electronic device. The unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components thereof.

[0032] Method 300 includes, in response to the detection, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, where the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 330. For example, cryptographic zeroisation may be executed to erase sensitive data and cryptographic keys, in response to the unauthorized access. Further, a security alarm can be raised (e.g., sound, signals, indicators, etc.) and a surveillance system can be triggered to capture video feeds around and within the electronic device.

[0033] FIG. 4 is a flowchart illustrating a method of controlling access to an electronic device, according to another example. Method 400 may be performed by a system that includes a physical processing resource implementing or executing machine-readable instructions stored on a machine-readable medium. Additionally or alternatively, the system performing method 400 may include electronic circuitry. For example, at least some portions of method 400 may be performed by system 100 of FIG. 1, system 200 of FIG. 2, or system 500 of FIG. 5. In some implementations, the blocks of method 400 may be executed substantially concurrently, may be ongoing, and/or may repeat. In some implementations, method 400 may include more or fewer blocks than are shown in FIG. 4.

[0034] Method 400 includes monitoring and recording access to an electronic device, at 410. Monitoring and recording access to the electronic device can include monitoring access state (e.g., locked/unlocked, forced/tampered, removed, online/offline etc.), monitoring software status, data status, cryptographic keys, and machine state.

[0035] Method 400 includes receiving an access request to the electronic device, at 420. For example, an access request can be received from the user via the user access interface 220. User access interface 220 can be a biometric scanner, a keypad, a contactless tag (e.g., RFID or NFC tag), etc. [0036] Method 400 includes authorizing the access based on a comparison of the request to a database of authorized users, where authorization of the request includes controlling movement of a lock mechanism associated with the electronic device from a locked state to an unlocked state, at 430. For example, the user access request received via the interface 220 can be verified/authenticated by accessing a database of users with permission to access the electronic device. The electronic lock 1 10 can be deactivated or moved to an unlocked state to permit access for the authorized user.

[0037J Method 400 includes detecting an unauthorized access to the electronic device, at 440. For example, the unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components thereof.

[0038] Method 400 includes, in response to the detection, initiating a security operation to prevent access to components or cryptographic keys of the electronic device, where the security operation includes activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm, at 450. For example, cryptographic zeroisation may be executed to erase sensitive data and cryptographic keys, in response to the unauthorized access. Further, a security alarm can be raised (e.g., sound, signals, indicators, etc.) and a surveillance system can be triggered to capture video feeds around and within the electronic device.

[0039] FIG. 5 is a block diagram of a machine-readable medium encoded with instructions for controlling access to an electronic device, according to an example. The system 500 may serve as a form or part of the system 100 of FIG. 1 or the system 200 of FIG. 2.

[0040] In some implementations, processing resource 510 may be a

microcontroller, a microprocessor, CPU core(s), an ASIC, an FPGA, and/or other hardware device suitable for retrieval and/or execution of instructions stored on the machine-readable medium 520. Additionally or alternatively, the processing resource 302 may include one or more hardware devices, including electronic circuitry, for implementing functionality described herein.

[0041] The machine-readable medium 520 may be any medium suitable for storing executable instructions, such as RAM, ROM, EEPROM, flash memory, a hard disk drive, an optical disc, or the like. In some example implementations, the machine-readable medium 520 may be a tangible, non-transitory medium. The machine-readable medium 520 may be disposed within the system 500, as shown in FIG. 5, in which case the executable instructions may be deemed installed or embedded on the system 500. Alternatively, the machine-readable medium 520 may be a portable (e.g., external) storage medium, and may be part of an installation package.

[0042] As described further herein below, the machine-readable medium 520 may be encoded with a set of executable instructions 521, 522, 523, 524, and 525. It should be understood that part or all of the executable instructions and/or electronic circuits included within one box may, in alternate implementations, be included in a different box shown in the figures or in a different box not shown.

[0043] Access monitoring instructions 521 , when executed, cause the processing resource 510 to monitor access to the electronic device. For example, access to the electronic device may be monitored and recorded, such as access state,

software/firmware status, data status, and machine state. Access request receiving instructions 522, when executed, cause the processing resource 510 to receive an access request to the electronic device via a user interface. For example, an access request can be received via a biometric scanner, a keypad, or a contactless tag (e.g., RFID, NFC tag). Access authorizing instructions 523, when executed, cause the processing resource 510 to authorize access to the electronic device based on an authentication of a user associated with the request. Access authorization also includes controlling the lock to unlock the electronic device to allow access.

Unauthorized access detecting instructions 524, when executed, cause the processing resource 510 to detect an unauthorized access to the electronic device. For example, the unauthorized access can be one or more of a physical or software/firmware intrusion, a removal, tampering, unauthorized data access, disabling of the electronic device or components of the electronic device. Security response triggering instructions 525, when executed, cause the processing resource 510 to, upon detection of the unauthorized access, trigger a security response. For example, the security response can include activating a cryptographic zeroisation, initiating a surveillance system, or triggering an alarm.

[0044] In the foregoing description, numerous details are set forth to provide an understanding of the subject matter disclosed herein. However, implementation may be practiced without some or all of these details. Other implementations may include modifications and variations from the details discussed above. It is intended that the following claims cover such modifications and variations.