SYSTEM AND METHOD FOR RECOVERY KEY MANAGEMENT

US 20150058640A1
Filed: 10/30/2014
Published: 02/26/2015
Est. Priority Date: 02/06/2009
Status: Active Grant

First Claim

Patent Images

1. A method for providing security to the configuration of an information handling system, comprising:

providing a security layer, wherein the security layer is operable to monitor a hardware configuration of the information handling system, wherein the security layer includes a device within the information handling system that authenticates a key;

storing the key to a storage location local to the information handling system; and

comparing a first hash code to a second hash code, wherein the first hash code represents a previous hardware or software configuration of the information handling system and the second hash code represents a current hardware or software configuration of the information handling system.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security.

Citations

20 Claims

1. A method for providing security to the configuration of an information handling system, comprising:
- providing a security layer, wherein the security layer is operable to monitor a hardware configuration of the information handling system, wherein the security layer includes a device within the information handling system that authenticates a key;
  
  storing the key to a storage location local to the information handling system; and
  
  comparing a first hash code to a second hash code, wherein the first hash code represents a previous hardware or software configuration of the information handling system and the second hash code represents a current hardware or software configuration of the information handling system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method for providing security to the configuration of an information handling system of claim 1, wherein the security layer is configured according to the Trusted Platform Module specification.
  - 3. The method for providing security to the configuration of an information handling system of claim 1, wherein the storage location is directly coupled to the motherboard of the information handling system.
  - 4. The method for providing security to the configuration of an information handling system of claim 3, wherein the storage location is flash memory.
  - 5. The method for providing security to the configuration of an information handling system of claim 1, wherein the storage location is coupled to the information handling system through a USB port.
  - 6. The method for providing security to the configuration of an information handling system of claim 5, wherein the USB port is external to the computer system.
  - 7. The method for providing security to the configuration of an information handling system of claim 5, wherein the USB port is internal to the computer system.
  - 8. The method for providing security to the configuration of an information handling system of claim 1, wherein the step of storing the key to the storage location comprises the step of storing the key to a designated partition on the storage location.
  - 9. The method for providing security to the configuration of an information handling system of claim 8, further comprising the step of:
    - hiding the designated partition following the step of storing the key to the designated partition.
  - 10. The method for providing security to the configuration of an information handling system of claim 1, wherein the step of storing the key to the storage location comprises the step of cryptographically wrapping the key prior to storage of the key to the storage location.

11. A method for managing the security layer of a computer system, wherein the computer system includes a security layer that requires authentication of a key, comprising:
- identifying a change to a configuration of the computer system;
  
  determining through a hash analysis when a new key is needed for the authentication of the computer system, wherein the hash analysis compares a first hash code representing a previous hardware or software configuration of the computer system and a second hash code representing a current hardware or software configuration of the computer system; and
  
  when it is determined that the new key is needed for authentication of the computer system, providing the new key through a storage location associated with the computer system.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method for managing the security layer of a computer system of claim 11, wherein the storage location includes a partition that is designated for storage of the new key.
  - 13. The method for managing the security layer of a computer system of claim 11, wherein the step of providing the new key comprises the step of providing the new key through a remote administrator.
  - 14. The method for managing the security layer of a computer system of claim 11, wherein the step of providing the new key comprises the step of cryptographically unwrapping the new key before providing the new key for authentication.
  - 15. The method for managing the security layer of a computer system of claim 11, wherein the storage location is flash memory internal to the computer system.

16. A method for storing a recovery key in a computer system, comprising:
- enabling a security layer on the computer system, wherein the security layer is operable to store cryptographic keys;
  
  accessing the computer system through a remote access controller;
  
  establishing a flag in the BIOS of the computer system, wherein the flag permits a recovery key to be stored in a memory element of the computer system; and
  
  saving the recovery key in the memory element;
  
  comparing a first hash code to a second hash code to determine if a new recovery key is needed, wherein the first hash code represents a previous hardware or software configuration of the information handling system and the second hash code represents a current hardware or software configuration of the information handling system.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method for storing a recovery key in a computer system of claim 16, wherein the memory element is partitioned and the recovery key is stored to a designated partition in the memory element.
  - 18. The method for storing a recovery key in a computer system of claim 17, further comprising using a memory map to hide the designated partition.
  - 19. The method for storing a recovery key in a computer system of claim 16, further comprising wrapping the recovery key cryptographically prior to saving the recovery key.
  - 20. The method for storing a recovery key in a computer system of claim 16, wherein accessing the computer system occurs as part of a boot process of the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Balakrishnan, Viswanathan, Bhadri, Santosh, Khatri, Mukund P., Marks, Kevin T., Subramaniam, Narayanan, Balakrishnan, Venkatesan

Granted Patent

US 9,520,998 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 11/1402   Saving, restoring, recoveri...

G06F 21/575   Secure boot

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3236   using cryptographic hash fu...

SYSTEM AND METHOD FOR RECOVERY KEY MANAGEMENT

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR RECOVERY KEY MANAGEMENT

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links