Trusted container
First Claim
Patent Images
1. A method comprising:
- deriving, using a secured microcontroller of a client computing device, a secure identifier comprising a one-time password unique to a pairing of the client computing device and a particular domain comprising at least one second computing device, the secure identifier derived based at least in part on seed data received from the particular domain, the seed data separate from a domain identifier of the particular domain and unique to the pairing of the client computing device and the particular domain, the seed data stored in a secured memory of the client computing device inaccessible to an operating system of the client computing device;
identifying, in the secured memory of the client computing device, security posture data corresponding to attributes of the client computing device; and
sending the secure identifier and the security posture data together in a secured container to a management device of the particular domain.
11 Assignments
0 Petitions
Accused Products
Abstract
A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.
-
Citations
20 Claims
-
1. A method comprising:
-
deriving, using a secured microcontroller of a client computing device, a secure identifier comprising a one-time password unique to a pairing of the client computing device and a particular domain comprising at least one second computing device, the secure identifier derived based at least in part on seed data received from the particular domain, the seed data separate from a domain identifier of the particular domain and unique to the pairing of the client computing device and the particular domain, the seed data stored in a secured memory of the client computing device inaccessible to an operating system of the client computing device; identifying, in the secured memory of the client computing device, security posture data corresponding to attributes of the client computing device; and sending the secure identifier and the security posture data together in a secured container to a management device of the particular domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
derive, using a secured microcontroller of a client computing device, a secure identifier comprising a one-time password unique to a pairing of the client computing device and a particular domain comprising at least one second computing device, the secure identifier derived based at least in part on seed data received from the particular domain, the seed data separate from a domain identifier of the particular domain and unique to the pairing of the client computing device and the particular domain, the seed data stored in a secured memory of the client computing device inaccessible to an operating system of the client computing device; identify, in the secured memory of the client computing device, security posture data corresponding to attributes of the client computing device; and send the secure identifier and the security posture data together in a secured container to a management device of the particular domain. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a system processor device; system memory accessible to the system processor device; secure management controller memory isolated from the system processor device and the system memory and adapted to store; persistent authentication data; and security posture data corresponding to attributes of a client computing device; a secure management microcontroller; and a management engine adapted, when executed by the secure management microcontroller, to; derive, using the secure management microcontroller, a secure identifier comprising a one-time password unique to a pairing of the client computing device and a particular domain comprising at least one second computing device, the secure identifier derived based at least in part on seed data received from the particular domain, the seed data separate from a domain identifier of the particular domain and unique to the pairing of the client computing device and the particular domain, the seed data stored in the secure management microcontroller memory; and send the secure identifier and the security posture data together in a secured container to a management device of the particular domain. - View Dependent Claims (20)
-
Specification