SYSTEM AND METHOD FOR RECOVERY KEY MANAGEMENT
First Claim
1. A method for providing security to the configuration of an information handling system, comprising:
- providing a security layer, wherein the security layer is operable to monitor a hardware configuration of the information handling system, wherein the security layer includes a device within the information handling system that authenticates a key;
storing the key to a storage location local to the information handling system; and
comparing a first hash code to a second hash code, wherein the first hash code represents a previous hardware or software configuration of the information handling system and the second hash code represents a current hardware or software configuration of the information handling system.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security.
-
Citations
20 Claims
-
1. A method for providing security to the configuration of an information handling system, comprising:
-
providing a security layer, wherein the security layer is operable to monitor a hardware configuration of the information handling system, wherein the security layer includes a device within the information handling system that authenticates a key; storing the key to a storage location local to the information handling system; and comparing a first hash code to a second hash code, wherein the first hash code represents a previous hardware or software configuration of the information handling system and the second hash code represents a current hardware or software configuration of the information handling system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for managing the security layer of a computer system, wherein the computer system includes a security layer that requires authentication of a key, comprising:
-
identifying a change to a configuration of the computer system; determining through a hash analysis when a new key is needed for the authentication of the computer system, wherein the hash analysis compares a first hash code representing a previous hardware or software configuration of the computer system and a second hash code representing a current hardware or software configuration of the computer system; and when it is determined that the new key is needed for authentication of the computer system, providing the new key through a storage location associated with the computer system. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for storing a recovery key in a computer system, comprising:
-
enabling a security layer on the computer system, wherein the security layer is operable to store cryptographic keys; accessing the computer system through a remote access controller; establishing a flag in the BIOS of the computer system, wherein the flag permits a recovery key to be stored in a memory element of the computer system; and saving the recovery key in the memory element; comparing a first hash code to a second hash code to determine if a new recovery key is needed, wherein the first hash code represents a previous hardware or software configuration of the information handling system and the second hash code represents a current hardware or software configuration of the information handling system. - View Dependent Claims (17, 18, 19, 20)
-
Specification