Hardware platform authentication and multi-purpose validation
First Claim
Patent Images
1. A method for network authentication, comprising:
- authenticating a hardware platform of a device with a network authentication authority of a network of devices to produce a hardware platform network authentication, the network authentication produced independently of an operating system of the device, the hardware platform having multiple partitions that execute on the hardware platform;
validating one or more partitions of the authenticated hardware platform; and
controlling network access of the one or more partitions with the authenticated hardware platform based at least in part on a result of the validating of the partition.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses enable authentication of a hardware platform on a network. The authenticated hardware platform can validate the credentials of virtual machines executing on the hardware platform. The authentication of the hardware platform on the network enables network access to the validated virtual machines. The network access of the virtual machines is managed by the hardware platform, including allowing differentiated access based on, for example, the security posture of each virtual machine.
173 Citations
20 Claims
-
1. A method for network authentication, comprising:
-
authenticating a hardware platform of a device with a network authentication authority of a network of devices to produce a hardware platform network authentication, the network authentication produced independently of an operating system of the device, the hardware platform having multiple partitions that execute on the hardware platform; validating one or more partitions of the authenticated hardware platform; and controlling network access of the one or more partitions with the authenticated hardware platform based at least in part on a result of the validating of the partition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article of manufacture comprising a machine readable medium having content stored thereon to provide instructions to cause a device to perform operations, including:
-
transmitting to a network authentication authority for authentication credentials associated with a hardware component of the device, the hardware component being a component of a hardware platform on which multiple partitions execute, the hardware component being inaccessible by a host operating system of the device, the credentials provided for authentication on behalf of multiple partitions executing on the hardware platform; receiving an authentication message and a network access assignment in response to providing the authentication credentials; validating a partition of the hardware platform with the hardware component, the validated partition to access the network with the network access assignment of the hardware component; and managing the network access of the partition with the hardware component based at least in part on a network security policy. - View Dependent Claims (11, 12, 13)
-
-
14. An authentication agent comprising:
-
a hardware authentication module to identify authentication credentials associated with a hardware platform of a device and present the credentials to a network authentication entity to authenticate the hardware platform on behalf of multiple partitions executing on the hardware platform; and a partition authentication module coupled to the hardware authentication module, the partition authentication module to receive credentials from the multiple partitions executing on the hardware platform and validate the partitions without presenting the partition credentials to the network authentication entity, to enable the partitions to obtain network access via an authentication of the hardware platform. - View Dependent Claims (15, 16, 17)
-
-
18. A system comprising:
-
a hardware platform on which to execute multiple virtual machines; an authentication agent coupled to the hardware platform, the authentication agent having a hardware authentication module to authenticate the hardware platform with a network authenticator on behalf of the virtual machines that execute on the hardware platform, and a partition authentication module to validate the virtual machines to the authentication agent, to enable the virtual machines to obtain network access via an authentication of the hardware platform; a non-volatile memory coupled to the authentication agent to store credentials associated with the hardware platform; and a network interface coupled to the hardware platform and the authentication agent, the network interface to interface the hardware platform to a network. - View Dependent Claims (19, 20)
-
Specification