Computing devices
First Claim
Patent Images
1. A computing device, comprising:
- a trusted execution environment;
a Basic Input/Output System (BIOS) configured to request a Key Encryption Key (KEK) from the trusted execution environment; and
a Self-Encrypting Storage (SES) associated with the KEK;
wherein the trusted execution environment is configured to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is configured to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.
16 Citations
25 Claims
-
1. A computing device, comprising:
-
a trusted execution environment; a Basic Input/Output System (BIOS) configured to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is configured to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is configured to provide the KEK to the SES to unlock the SES for access by the trusted execution environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A networked computing system, comprising:
-
a cloudlet, including; a trusted execution environment, a Basic Input/Output System (BIOS) configured to request a Key Encryption Key (KEK) from the trusted execution environment, and a Self-Encrypting Storage (SES) associated with the KEK, wherein the trusted execution environment is configured to provide the KEK to the BIOS, and the BIOS is configured to provide the KEK to the SES to unlock the SES for access by the trusted execution environment; and a cloudlet management center, remote from the cloudlet, in communication with the trusted execution environment. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. One or more non-transitory computer readable media having instructions thereon that, in response to execution by a Basic Input/Output System (BIOS) of a computing device, cause the computing device to:
-
request a Key Encryption Key (KEK) for a Self-Encrypting Storage (SES) of the computing device; receive, from a trusted execution environment of the computing device in response to verification of the BIOS, the KEK; and provide the KEK to unlock the SES, wherein the SES is to use the KEK to unlock a Media Encryption Key (MEK), and the MEK encrypts data stored in the SES. - View Dependent Claims (19, 20, 21)
-
-
22. A method of operating a computing device, including:
-
requesting, by a Basic Input/Output System (BIOS) of the computing device, a Key Encryption Key (KEK) for a Self-Encrypting Storage (SES) of the computing device; receiving, by the BIOS from a trusted execution environment of the computing device in response to verification of the BIOS, the KEK; and providing, by the BIOS, the KEK to unlock the SES for access by the trusted execution environment. - View Dependent Claims (23, 24, 25)
-
Specification