Hardware-based device authentication
First Claim
1. A method comprising:
- identifying an opportunity for a computing device to participate in a secure session with a particular domain;
receiving a domain identifier of the particular domain;
identifying, using a secured microcontroller of the computing device, a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device, wherein the secured microcontroller is independent of an operating system of the computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system;
deriving a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain; and
transmitting the secure identifier over a secured channel to the particular domain.
11 Assignments
0 Petitions
Accused Products
Abstract
An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.
-
Citations
34 Claims
-
1. A method comprising:
-
identifying an opportunity for a computing device to participate in a secure session with a particular domain; receiving a domain identifier of the particular domain; identifying, using a secured microcontroller of the computing device, a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device, wherein the secured microcontroller is independent of an operating system of the computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system; deriving a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain; and transmitting the secure identifier over a secured channel to the particular domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
identifying an opportunity for a secure session between a particular domain and a client device, wherein the secure session is based, at least in part, on identity verification of the client device; communicating a domain identifier of the particular domain to the client device; receiving a secure identifier from the client device, wherein the secure identifier is a unique identifier for the client device corresponding to a pairing of the client device and the particular domain and derived based on a persistent, private identifier embedded in hardware of the client device, wherein the secure identifier is derived by a secured microcontroller of the client device independent of an operating system of the client device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system; and applying security policies for transactions involving the client device and the particular domain based at least in part on the secure identifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify an opportunity for a computing device to participate in a secure session with a particular domain; receive a domain identifier of the particular domain; identify, using a secured microcontroller of the computing device, a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device, wherein the secured microcontroller is independent of an operating system of the computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system; derive a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain; and send the secure identifier over a secured channel to the particular domain. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify an opportunity for a secure session between a particular domain and a client device, wherein the secure session is based, at least in part, on identity verification of the client device; send a domain identifier of the particular domain to the client device; receive a secure identifier from the client device, wherein the secure identifier is a unique identifier for the client device corresponding to a pairing of the client device and the particular domain and derived based on a persistent, private identifier embedded in hardware of the client device, wherein the secure identifier is derived by a secured microcontroller of the client device independent of an operating system of the client device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system; and apply security policies for transactions involving the client device and the particular domain based at least in part on the secure identifier.
-
-
30. A system comprising:
-
a system processor device; system memory accessible to the system processor device; a management controller of a computing device, the management controller comprising; secure management controller memory isolated from the system processor and system memory and storing a secured, persistent hardware identifier; a management microcontroller adapted to execute instructions to; identify an opportunity to participate in a secure session with a particular domain; receive a domain identifier of the particular domain; derive a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain; and cause the secure identifier to be sent over a secured channel to the particular domain. - View Dependent Claims (31, 32, 33, 34)
-
Specification