Patent application number | Description | Published |
20100100733 | System and Method for Secure Provisioning of an Information Handling System - Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key. | 04-22-2010 |
20100146582 | ENCRYPTION MANAGEMENT IN AN INFORMATION HANDLING SYSTEM - A method of enforcing an encryption policy in an information handling system for receiving a request for access to data, automatically identifying from a plurality of encryption policies a particular encryption policy associated with the requested data, selecting an available encryption implementation module capable of enforcing the identified encryption policy, and initiating an encryption or decryption of the requested data using the selected encryption implementation module. | 06-10-2010 |
20100211687 | SYSTEMS AND METHODS FOR LOGGING USER INPUT DATA FOR SUBSEQUENT RETRIEVAL - An information handling system includes a processor, an authentication detection module, a user input device, and encoding module, and a buffer. The authentication detection module determines whether the information handling system is operating in an authenticated network communication session, The user input device receives user input data from a user, and the encoding module receives the user input data from the user input device and encodes the received user input data into a suitable format. The buffer logs the encoded user input data for later retrieval if the authentication detection module determines that the information handling system is not operating in an authenticated network communication session. | 08-19-2010 |
20130007455 | SYSTEM AND METHOD FOR ESTABLISHING PERPETUAL TRUST AMONG PLATFORM DOMAINS - A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption. | 01-03-2013 |
20130185564 | SYSTEMS AND METHODS FOR MULTI-LAYERED AUTHENTICATION/VERIFICATION OF TRUSTED PLATFORM UPDATES - In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system. The method may further include determining if the first cryptographic data matches the second cryptographic data and updating firmware in the information handling system with the unverified firmware component if the first cryptographic data matches the second cryptographic data, and the unverified firmware component includes a digital signature of a manufacturer. | 07-18-2013 |
20130191879 | METHODS AND SYSTEMS FOR INFORMATION ASSURANCE AND SUPPLY CHAIN SECURITY - In accordance with additional embodiments of the present disclosure, a method may include storing information regarding one or more components of the information handling system to a database, the database stored on a basic input/output system (BIOS) of the information handling system prior to shipment of an information handling system. The method may also include, between the time of shipment of the information handling system to receipt of the information handling system by an intended customer of the information handling system: logging events associated with one or more components of the information handling system, and storing information associated with the events in the database. The method may further include interfacing with an authorized user of the information associated with the events to allow the authorized user to access the information associated with the events. | 07-25-2013 |
20140025947 | SINGLE COMMAND FUNCTIONALITY FOR PROVIDING DATA SECURITY AND PREVENTING DATA ACCESS WITHIN A DECOMMISIONED INFORMATION HANDLING SYSTEM - A computer-implemented method comprises a service processor: establishing a kill switch encryption key (KSEK) to provide data security for data within storage devices of configurable components within a system; automatically encrypting, with the KSEK, data that is written to one of the storage devices; configuring the configurable components to prevent access to the stored data unless a valid copy of the KSEK is received from the service processor along with the request for the data; automatically decrypting, with the KSEK, the KSEK-encrypted data that is read from storage device; and in response to receiving a verified request to decommission the system, performing the decommissioning by deleting/erasing the KSEK from a secure storage at which the only instance of the KSEK is maintained. Deletion of the KSEK results in a permanent loss of access to the stored encrypted data within the system because the stored encrypted data cannot be decrypted without the KSEK. | 01-23-2014 |
20140068250 | SYSTEM AND METHOD FOR SECURE PROVISIONING OF AN INFORMATION HANDLING SYSTEM - Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key. | 03-06-2014 |
20140237262 | SYSTEM AND METHOD FOR ESTABLISHING PERPETUAL TRUST AMONG PLATFORM DOMAINS - A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption. | 08-21-2014 |
Patent application number | Description | Published |
20090241182 | System and Method for Implementing a One Time Password at an Information Handling System - A system and method are provided which substantially reduce the disadvantages and problems associated with previous methods and systems for generating an OTP at an information handling system. An OTP is generated at an information handling system hardware or firmware layer upon detection of a predetermined input trigger, such as a key combination. The OTP is provided for authentication independent of an operating system or applications running on the information handling system. | 09-24-2009 |
20090287916 | GRID COMPUTING RESOURCES AND A METHOD OF USE THEREOF - A method of using an information handling system can include communicating accessibility of a resource to a grid system, powering down the information handling system, receiving a wake request from the grid system, booting the information handling system into a grid mode where the resource is accessible to the grid system. Machine-executable code for an information handling system can include a method for indicating that a resource in the information handling system is accessible to a grid system, communicating that the resource is accessible to the grid system, and placing the information handling system into a low power state. An information handling system can include a processor that can indicate that a resource is accessible to a grid system, communicate to the grid system that the resource is accessible, and place the information handling system into a low power state. | 11-19-2009 |
20100107241 | SECURE CACHING OF SERVER CREDENTIALS - A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot. | 04-29-2010 |
20100191800 | SYSTEM AND METHOD FOR MANAGING FEATURE ENABLEMENT IN AN INFORMATION HANDLING SYSTEM - A system to manage a key license includes an information handling system having non-volatile memory accessible to a processor. The non-volatile memory stores feature enablement information related to a feature that the information handling system is adapted to provide. The non-volatile memory stores instructions that are accessible to the processor and executable by the processor to send the feature enablement information related to the feature to an external system after the information handling system is deployed, and to request the feature enablement information, or other feature enablement information related to the feature, from the external system in response to receiving a request for the information handling system to provide the feature. | 07-29-2010 |
20110083003 | System And Method For Safe Information Handling System Boot - Information handling system security is maintained by locking the information handling system from boot of an operating system with a service processor of the information handling system. The service processor obtains authorization for boot from a third party authentication service by providing authentication information to the authentication service and requiring a successful authentication for boot. For example, the service processor releases a token upon successful authentication to authorize boot. In one embodiment, the authentication service sends a token to the service processor for the service processor to use to authorize boot. | 04-07-2011 |
20120174201 | System and Method for Managing Feature Enablement in an Information Handling System - A system to manage a key license includes an information handling system having non-volatile memory accessible to a processor. The non-volatile memory stores feature enablement information related to a feature that the information handling system is adapted to provide. The non-volatile memory stores instructions that are accessible to the processor and executable by the processor to send the feature enablement information to an external system after the information handling system is deployed, and to request the feature enablement information, or other feature enablement information, from the external system in response to receiving a request for the information handling system to provide the feature. | 07-05-2012 |
20130097681 | SECURE CACHING OF SERVER CREDENTIALS - A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot. | 04-18-2013 |
20140068238 | Arbitrary Code Execution and Restricted Protected Storage Access to Trusted Code - A method comprises signing boot code with a public/private cryptographic key pair, and writing to storage the boot code, the public cryptographic key, and the signed boot code. | 03-06-2014 |