Methods and apparatus for securing communications between a node and a server based on hardware metadata gathered by an in-memory process
First Claim
1. A method for securing communications between a boot node and a server, comprising:
- receiving a microkernel at said boot node from said server;
executing said microkernel in a memory of said boot node to dynamically gather hardware-related metadata for said boot node, wherein said hardware-related metadata comprises information about physical characteristics of said boot node;
generating a unique identifier for said boot node using said hardware-related metadata;
generating a public/private key pair for said boot node using said unique identifier;
storing said generated public/private key pair with said associated unique identifier in a key management system; and
securing communications between said boot node and said server using said public/private key pair retrieved from said key management system using said associated unique identifier for said boot node.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for securing communications between a node and a server, for example, during a boot process. In accordance with an aspect of the invention, a method is provided for securing communications between a node and a server, comprising: dynamically gathering hardware-related metadata for the node using a process running in memory; generating a unique identifier for the node using the hardware-related metadata; generating a public/private key pair for the node using the unique identifier; and securing communications between the node and the server using the public/private key pair. The process comprises, for example, an in-memory microkernel executing on a boot node. The hardware-related metadata comprises, for example, information about physical characteristics of the node. The unique identifier for the node can optionally be further based on information obtained from a Trusted Processing Module. The node can be authenticated using the public/private key pair.
-
Citations
18 Claims
-
1. A method for securing communications between a boot node and a server, comprising:
-
receiving a microkernel at said boot node from said server; executing said microkernel in a memory of said boot node to dynamically gather hardware-related metadata for said boot node, wherein said hardware-related metadata comprises information about physical characteristics of said boot node; generating a unique identifier for said boot node using said hardware-related metadata; generating a public/private key pair for said boot node using said unique identifier; storing said generated public/private key pair with said associated unique identifier in a key management system; and securing communications between said boot node and said server using said public/private key pair retrieved from said key management system using said associated unique identifier for said boot node. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for securing communications between a boot node and a server, the apparatus comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps; receive a microkernel at said boot node from said server; execute said microkernel in a memory of said boot node to dynamically gather hardware-related metadata for said boot node, wherein said hardware-related metadata comprises information about physical characteristics of said boot node; generate a unique identifier for said boot node using said hardware-related metadata; generate a public/private key pair for said boot node using said unique identifier; store said generated public/private key pair with said associated unique identifier in a key management system; and secure communications between said boot node and said server using said public/private key pair retrieved from said key management system using said associated unique identifier for said boot node. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory machine-readable recordable storage medium for securing communications between a boot node and a server, wherein one or more software programs when executed by one or more processing devices implement the following steps:
-
receiving a microkernel at said boot node from said server; executing said microkernel in a memory of said boot node to dynamically gather hardware-related metadata for said boot node, wherein said hardware-related metadata comprises information about physical characteristics of said boot node; generating a unique identifier for said boot node using said hardware-related metadata; generating a public/private key pair for said boot node using said unique identifier; storing said generated public/private key pair with said associated unique identifier in a key management system; and securing communications between said boot node and said server using said public/private key pair retrieved from said key management system using said associated unique identifier for said boot node. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification