Protected device management
First Claim
Patent Images
1. A computer-implemented method comprising:
- authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system;
intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by firmware in a secure partition of the system, and the secure partition is isolated from a host operating system of the system;
requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system;
authenticating the second credentials;
enabling access to the new device after authenticating the second credentials; and
delivering a hot plug event for the new device from the secure partition to the host operating system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments.
-
Citations
6 Claims
-
1. A computer-implemented method comprising:
-
authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system; intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by firmware in a secure partition of the system, and the secure partition is isolated from a host operating system of the system; requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system; authenticating the second credentials; enabling access to the new device after authenticating the second credentials; and delivering a hot plug event for the new device from the secure partition to the host operating system. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus comprising:
- at least one processor;
a secure partition isolated from a host operating system executing on the processor; and a memory comprising instructions for firmware executing in the secure partition to perform the following; authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system; intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by the secure partition; requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system; authenticating the second credentials; enabling access to the new device after authenticating the second credentials; and delivering a hot plug event for the new device from the secure partition to the host operating system.
- at least one processor;
-
6. A computer program product comprising:
- a non-transitory computer-readable storage medium; and
instructions in the computer-readable storage medium, wherein the instructions, when executed in a secure partition of a processing system, cause firmware executing in the secure partition to perform operations comprising; authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system; intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by the secure partition, and the secure partition is isolated from a host operating system of the system; requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system; authenticating the second credentials; enabling access to the new device after authenticating the second credentials; and delivering a hot plug event for the new device from the secure partition to the host operating system.
- a non-transitory computer-readable storage medium; and
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSK Hynix NAND Product Solutions Corporation (SK Hynix Inc.)
-
Original AssigneeIntel Corporation
-
InventorsSmith, Ned M., Moore, Victoria C., Grobman, Steven L.
-
Primary Examiner(s)SIMITOSKI, MICHAEL J
-
Application NumberUS14/466,447Publication NumberTime in Patent Office732 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 21/305 by remotely controlling dev...G06F 21/602 Providing cryptographic fac...G06F 21/74 operating in dual or compar...G06F 21/78 to assure secure storage of...G06F 21/85 interconnection devices, e....G06F 2221/2147 Locking filesG06F 2221/2149 Restricted operating enviro...G06F 3/0623 in relation to contentG06F 3/0632 by initialisation or re-ini...G06F 3/0671 In-line storage systemH04L 63/08 for authentication of entit...H04L 63/0807 using tickets, e.g. Kerbero...H04L 63/083 using passwords cryptograph...H04L 63/18 using different networks or...H04L 9/0894 Escrow, recovery or storing...H04L 9/321 involving a third party or ...
