Method and system for enterprise network single-sign-on by a manageability engine
First Claim
Patent Images
1. A secure access method using a manageability engine comprising:
- receiving an authentication response from a user during a pre-boot operation;
employing a protocol to register with a key distribution center (KDC); and
receiving single-sign-on credentials in the form of a key encryption key (KEK), wherein the KEK is later used to obtain a credential used to establish secure access to Enterprise servers.
1 Assignment
0 Petitions
Accused Products
Abstract
A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.
80 Citations
28 Claims
-
1. A secure access method using a manageability engine comprising:
-
receiving an authentication response from a user during a pre-boot operation; employing a protocol to register with a key distribution center (KDC); and receiving single-sign-on credentials in the form of a key encryption key (KEK), wherein the KEK is later used to obtain a credential used to establish secure access to Enterprise servers. - View Dependent Claims (2, 3, 4)
-
-
5. A manageability engine (ME) secure access method comprising:
-
receiving user authentication credentials from a pre-boot authentication module (PBAM); requesting a key encryption key (KEK) from an Enterprise; receiving the KEK if the user is authenticated by the Enterprise and securely storing the KEK; enabling a BIOS to proceed with booting of an operating system (OS); receiving a request for the KEK from a shim used to intercept an OS login process; retrieving the KEK from secure storage; and sending the KEK to the OS, wherein the shim, upon receipt of the KEK suppresses the OS login prompt and completes booting of the OS; wherein when the OS requires access to the Enterprise server, the OS retrieves the KEK from the ME to obtain a ticket specific to the Enterprise server. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An article comprising:
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for receiving an authentication response from a user during a pre-boot operation;
employing a protocol to register with a key distribution center (KDC); and receiving single-sign-on credentials in the form of a key encryption key (KEK), wherein the KEK is later used to obtain a credential used to establish secure access to Enterprise servers. - View Dependent Claims (16, 17, 18)
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for receiving an authentication response from a user during a pre-boot operation;
-
19. An article comprising:
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for receiving user authentication credentials from a pre-boot authentication module (PBAM);
requesting a key encryption key (KEK) from an Enterprise; receiving the KEK if the user is authenticated by the Enterprise and securely storing the KEK; enabling a BIOS to proceed with booting of an operating system (OS); receiving a request for the KEK from a shim used to intercept an OS login process; retrieving the KEK from secure storage; and sending the KEK to the OS, wherein the shim, upon receipt of the KEK suppresses the OS login prompt and completes booting of the OS; wherein when the OS requires access to the Enterprise server, the OS retrieves the KEK from the ME to obtain a ticket specific to the Enterprise server. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for receiving user authentication credentials from a pre-boot authentication module (PBAM);
Specification