TRUSTED HOST PLATFORM
First Claim
1. A method of provisioning a secured storage device for use with a trusted host platform that enables the trusted host platform to access both a first secured network and a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform otherwise unsecure from both the first security network and the second security network, the method comprising:
- determining a first enrollment agent for a first security domain, the first enrollment agent authorized to access the first security domain;
determining a second enrollment agent for a second security domain, the second enrollment agent authorized to access the second security domain;
requesting, by the first enrollment agent through the trusted host platform, authentication and authorization materials from a first certificate authority associated with the first security domain;
requesting, by the second enrollment agent through trusted host platform, authentication and authorization materials from a second certificate authority associated with the second security domain;
receiving, at the trusted host platform, the authentication and authorization materials from the first certificate authority, the authentication and authorization materials for providing access to the first secured network;
receiving, at the trusted host platform, the authentication and authorization materials from the second certificate authority, the authentication and authorization materials for providing access to the second secured network;
storing at least a portion of the received authentication and authorization materials from the first certificate authority on the trusted host platform;
storing at least a portion of the received authentication and authorization materials from the second certificate authority on the trusted host platform;
storing at least a portion of the received authentication and authorization materials from the first certificate authority onto the secured storage device operably coupled to the trusted host platform; and
storing at least a portion of the received authentication and authorization materials from the second certificate authority onto the secured storage device operably coupled to the trusted host platform.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of provisioning a secured storage device for use with a trusted host platform enables the trusted host platform to access both a first secured network operating in a first security domain and a second secured network operating in a second security domain without exposing the first and second security domains to one another. An enrollment agent provides access to a certificate authority associated with the first security domain to obtain authentication and authorization materials for a user authorized to access the first secured network. Likewise, an enrollment agent provides access to a certificate authority associated with the second security domain to obtain authentication and authorization materials for the user when the user is authorized to access the second secured network. According to various embodiments of the invention, a portion of the authentication and authorization materials from each of the respective security domains is stored on the trusted host platform and a portion of the authentication and authorization materials from each of the respective security domains is stored on a secure storage device associated with the user and operable with the trusted host platform.
-
Citations
9 Claims
-
1. A method of provisioning a secured storage device for use with a trusted host platform that enables the trusted host platform to access both a first secured network and a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform otherwise unsecure from both the first security network and the second security network, the method comprising:
-
determining a first enrollment agent for a first security domain, the first enrollment agent authorized to access the first security domain;
determining a second enrollment agent for a second security domain, the second enrollment agent authorized to access the second security domain;
requesting, by the first enrollment agent through the trusted host platform, authentication and authorization materials from a first certificate authority associated with the first security domain;
requesting, by the second enrollment agent through trusted host platform, authentication and authorization materials from a second certificate authority associated with the second security domain;
receiving, at the trusted host platform, the authentication and authorization materials from the first certificate authority, the authentication and authorization materials for providing access to the first secured network;
receiving, at the trusted host platform, the authentication and authorization materials from the second certificate authority, the authentication and authorization materials for providing access to the second secured network;
storing at least a portion of the received authentication and authorization materials from the first certificate authority on the trusted host platform;
storing at least a portion of the received authentication and authorization materials from the second certificate authority on the trusted host platform;
storing at least a portion of the received authentication and authorization materials from the first certificate authority onto the secured storage device operably coupled to the trusted host platform; and
storing at least a portion of the received authentication and authorization materials from the second certificate authority onto the secured storage device operably coupled to the trusted host platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification