Protected device management
First Claim
Patent Images
1. A computer-implemented method comprising:
- authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system;
intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by firmware in a secure partition of the system, and the secure partition is isolated from a host operating system of the system;
requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system;
authenticating the second credentials;
enabling access to the new device after authenticating the second credentials; and
delivering a hot plug event for the new device from the secure partition to the host operating system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments.
-
Citations
6 Claims
-
1. A computer-implemented method comprising:
-
authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system; intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by firmware in a secure partition of the system, and the secure partition is isolated from a host operating system of the system; requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system; authenticating the second credentials; enabling access to the new device after authenticating the second credentials; and delivering a hot plug event for the new device from the secure partition to the host operating system. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus comprising:
- at least one processor;
a secure partition isolated from a host operating system executing on the processor; and a memory comprising instructions for firmware executing in the secure partition to perform the following; authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system; intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by the secure partition; requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system; authenticating the second credentials; enabling access to the new device after authenticating the second credentials; and delivering a hot plug event for the new device from the secure partition to the host operating system.
- at least one processor;
-
6. A computer program product comprising:
- a non-transitory computer-readable storage medium; and
instructions in the computer-readable storage medium, wherein the instructions, when executed in a secure partition of a processing system, cause firmware executing in the secure partition to perform operations comprising; authenticating first credentials of a user of a system before access is allowed to any device of a plurality of devices attached to the system; intercepting an event indicating a hot-plug attachment of a new device to the system, wherein the intercepting is performed by the secure partition, and the secure partition is isolated from a host operating system of the system; requesting second credentials to access the new device using the firmware to establish trusted path connections to a display device to display a request for the second credentials and a user input device to receive the second credentials, wherein the second credentials are requested by the firmware without rebooting the system; authenticating the second credentials; enabling access to the new device after authenticating the second credentials; and delivering a hot plug event for the new device from the secure partition to the host operating system.
- a non-transitory computer-readable storage medium; and
Specification