Dynamic platform reconfiguration by multi-tenant service providers

US 8,918,641 B2
Filed: 05/26/2011
Issued: 12/23/2014
Est. Priority Date: 05/26/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request at a manageability engine in a platform from a service provider'"'"'s remote server to activate a feature of the platform coupled to said manageability engine;

in response to said request, requesting in a secure fashion, proof of the service provider'"'"'s authority to modify the platform including a certificate from a permit server that this service provider is authorized by a manufacturer of the manageability engine to use the platform feature;

checking the certificate to prevent another service provider from using the platform feature;

sending a request for verification of the service provider'"'"'s authority to use the feature of the platform coupled to a processor;

verifying that the service provider is authorized by a manufacturer of the processor to use the feature;

activating the feature only for use by the service provider; and

requesting, said proof using a cryptographic scheme enabling remote authentication of hardware devices, while preserving a privacy of a device owner, and using an embedded private key within said manageability engine to indicate that the service provider is certified by the manufacturer of the manageability engine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A manageability engine or adjunct processor on a computer platform may receive a request for activation and use of features embedded within that platform from a service provider authorized by the manageability engine'"'"'s manufacturer. The manageability engine may initiate a request for authority through the service provider to a permit server. The permit server may provide, through the service provider, proof of the service provider'"'"'s authority, together with a certificate identifying the service provider. Then the manageability engine may enable activation of the features on the platform coupled to the manageability engine, but only by the one particular service provider who has been authorized.

Citations

26 Claims

1. A method comprising:
- receiving a request at a manageability engine in a platform from a service provider'"'"'s remote server to activate a feature of the platform coupled to said manageability engine;
  
  in response to said request, requesting in a secure fashion, proof of the service provider'"'"'s authority to modify the platform including a certificate from a permit server that this service provider is authorized by a manufacturer of the manageability engine to use the platform feature;
  
  checking the certificate to prevent another service provider from using the platform feature;
  
  sending a request for verification of the service provider'"'"'s authority to use the feature of the platform coupled to a processor;
  
  verifying that the service provider is authorized by a manufacturer of the processor to use the feature;
  
  activating the feature only for use by the service provider; and
  
  requesting, said proof using a cryptographic scheme enabling remote authentication of hardware devices, while preserving a privacy of a device owner, and using an embedded private key within said manageability engine to indicate that the service provider is certified by the manufacturer of the manageability engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 including checking whether the service provider'"'"'s authority has been revoked.
  - 3. The method of claim 1 wherein said requesting proof includes generating an unactivated key in said manageability engine.
  - 4. The method of claim 1 wherein said requesting proof includes using a signed key incorporated into the manageability engine by the manufacturer.
  - 5. The method of claim 1 wherein said requesting proof includes providing proof that the manageability engine is legitimate.
  - 6. The method of claim 1 wherein requesting includes supplying a certificate signing request to a service provider including signed attributes attesting to the legitimacy of the manageability engine'"'"'s key.
  - 7. The method of claim 1 including said manageability engine, in response to said request, receiving a permit and activating a key to enable the service provider to use the feature.
  - 8. The method of claim 1 including, in response to said request, receiving in said manageability engine a service provider'"'"'s public key or one-time password seed via a secure channel.
  - 9. The method of claim 8 including storing in said manageability engine a different public key or seed for each of at least two service providers and using said key or seed to identify a service provider that requests reactivation of said feature.

10. One or more non-transitory computer readable medium storing instructions to enable a processor to perform a sequence comprising:
- receiving a request at a manageability engine in a platform from a service provider'"'"'s remote server to activate a feature of the platform coupled to said manageability engine;
  
  in response to said request, requesting in a secure fashion, proof of the service provider'"'"'s authority to modify the platform including a certificate from a permit server that this service provider is authorized by a manufacturer of the manageability engine to use the platform feature;
  
  checking the certificate to prevent another service provider from using the platform feature;
  
  sending a request for verification of the service provider'"'"'s authority to use the feature of the platform coupled to a processor;
  
  verifying that the service provider is authorized by a manufacturer of the processor to use the feature;
  
  activating the feature only for use by the service provider; and
  
  requesting said proof using a cryptographic scheme enabling remote authentication of hardware devices, while preserving a privacy of a device owner, and using an embedded private key within said manageability engine to indicate that the service provider is certified by the manufacturer of the manageability engine.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The medium of claim 10 further storing instructions to receive a request at said processor from a service provider'"'"'s server to activate the feature of the platform coupled to said processor.
  - 12. The medium of claim 10 further storing instructions to use a signed key incorporated into said processor by the processor manufacturer.
  - 13. The medium of claim 10 further storing instructions to provide proof that the processor is legitimate.
  - 14. The medium of claim 10 further storing instructions to supply a certificate signing request to a service provider, including signed attributes attesting to the legitimacy of the processor'"'"'s key.
  - 15. The medium of claim 10 further storing instructions to receive a permit and activate a key to enable the service provider to use the feature.
  - 16. The medium of claim 10 further storing instructions to receive, in said processor, a service provider'"'"'s public key or one-time password seed via a secure channel.
  - 17. The medium of claim 16 further storing instructions to store, in said processor, a different public key or seed for each of at least two service providers and use each key or seed to identify a service provider that requests reactivation of said feature.
  - 18. The medium of claim 10 further storing instructions to decide whether the service provider'"'"'s authorization has been revoked.

19. An apparatus comprising:
- a hardware processor to receive a request at a manageability engine in a platform from a service provider'"'"'s remote server to activate a feature of the platform coupled to said manageability engine;
  
  in response to said request, request in a secure fashion, proof of the service provider'"'"'s authority to modify the platform including a certificate from a permit server that this service provider is authorized by a manufacturer of the manageability engine to use the platform feature;
  
  check the certificate to prevent another service provider from using the platform feature;
  
  send a request for verification of the service provider'"'"'s authority to use the feature of the platform coupled to a processor;
  
  verify that the service provider is authorized by a manufacturer of the processor to use the feature;
  
  activate the feature only for use by the service provider; and
  
  request said proof using a cryptographic scheme enabling remote authentication of hardware devices, while preserving a privacy of a device owner, and use an embedded private key within said manageability engine to indicate that the service provider is certified by the manufacturer of the manageability engine; and
  
  a memory coupled to said hardware processor.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The apparatus of claim 19 wherein said processor is the manageability engine.
  - 21. The apparatus of claim 19, said processor to check whether the service provider'"'"'s authority has been revoked.
  - 22. The apparatus of claim 19, said processor to provide proof that said processor is authentic.
  - 23. The apparatus of claim 19, said processor to supply a certificate signing request to a service provider, including signed attributes attesting to the legitimacy of the processor'"'"'s key.
  - 24. The apparatus of claim 19, said processor to receive a permit and activate a key to enable the service provider to use the feature.
  - 25. The apparatus of claim 19, said processor to receive a service provider'"'"'s public key or one-time password seed via a secure channel.
  - 26. The apparatus of claim 25, said processor to store, in the manageability engine, a different public key or seed for each of at least two service providers and use said key or seed to identify the service provider that requests reactivation of said feature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Smith, Ned M., Bakshi, Sanjay, Sugumar, Suresh
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US13/116,698
Publication Number

US 20120303952A1
Time in Patent Office

1,307 Days
Field of Search

713/156, 713/157, 713/158, 713/159, 713/189, 713/155, 713/168, 713/171, 713/175, 713/176, 726/5, 726/25, 726/27, 726/1, 726/4, 726/8, 726/28, 726/34, 726/36, 380/279, 717/100, 717/178
US Class Current

713/158
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/629   to features or functions of...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Dynamic platform reconfiguration by multi-tenant service providers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic platform reconfiguration by multi-tenant service providers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links