Self-contained key management device
First Claim
Patent Images
1. An apparatus comprising:
- a data storage device configured to;
connect to be removable from a first server;
load an unified extensible firmware interface (“
UEFI”
) basic input/output system (“
BIOS”
) stored locally in the data storage device into the memory of the first server and executed at the first server, the UEFI BIOS configured to;
unlock a first secure area of the data storage device;
retrieve a first access key from the first secure area;
unlock a second secure area of the data storage device with the first access key;
retrieve a second access key from the second secure area; and
unlock a secure storage area of another data storage device with the second access key.
1 Assignment
0 Petitions
Accused Products
Abstract
A local key management system can be implemented with a unified extensible firmware interface (“UEFI”) basic input/output system (“BIOS”). The local key management system may be part of a removable data storage device that has a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The removable data storage device may also have a second secure area that stores a key to unlock a security enabled data storage device. The UEFI BIOS may be implemented to manage unlocking of security enabled data storage devices or data bands. The UEFI BIOS may also load a UEFI registration shell to manage registration of one or more security enabled drives or bands.
-
Citations
10 Claims
-
1. An apparatus comprising:
a data storage device configured to; connect to be removable from a first server; load an unified extensible firmware interface (“
UEFI”
) basic input/output system (“
BIOS”
) stored locally in the data storage device into the memory of the first server and executed at the first server, the UEFI BIOS configured to;unlock a first secure area of the data storage device; retrieve a first access key from the first secure area; unlock a second secure area of the data storage device with the first access key; retrieve a second access key from the second secure area; and unlock a secure storage area of another data storage device with the second access key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A memory device storing instructions that when executed cause a processor to perform a method comprising:
-
loading a unified extensible firmware interface (“
UEFI”
) basic input/output system (“
BIOS”
) and a key management module from a removable storage device to a server memory;executing the UEFI BIOS at the server to unlock a self-encrypting drive (SED) attached to the server; executing the key management module at the server to access a local key management server (LKMS) on the removable storage device; receiving a key from the LKMS at the UEFI BIOS; and unlocking the SED based on the key. - View Dependent Claims (9, 10)
-
Specification