Encryption key retrieval

US 9,525,675 B2
Filed: 12/26/2014
Issued: 12/20/2016
Est. Priority Date: 12/26/2014
Status: Active Grant

First Claim

Patent Images

1. At least one computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:

receive a request to access an electronic device;

collect authentication data at a secondary electronic device, wherein the secondary electronic device is separate from the electronic device;

verify the authentication data;

receive an authentication key from a network element that is physically separate from the electronic device and the secondary electronic device; and

communicate the authentication key to the electronic device, wherein the authentication key is not persistently stored in the electronic device and the secondary electronic device, wherein the electronic device requires pre-boot authentication before an operating system on the electronic device is allowed to run and the authentication key provides the pre-boot verification.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for an electronic device that can be configured to include an authentication module. The authentication module can be configured to receiving a request to access an electronic device, where the electronic device is separate from the authentication module, collect authentication data, communicate the authentication data to a network element, receive an authentication key, and communicate the authentication key to the electronic device.

Citations

24 Claims

1. At least one computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
- receive a request to access an electronic device;
  
  collect authentication data at a secondary electronic device, wherein the secondary electronic device is separate from the electronic device;
  
  verify the authentication data;
  
  receive an authentication key from a network element that is physically separate from the electronic device and the secondary electronic device; and
  
  communicate the authentication key to the electronic device, wherein the authentication key is not persistently stored in the electronic device and the secondary electronic device, wherein the electronic device requires pre-boot authentication before an operating system on the electronic device is allowed to run and the authentication key provides the pre-boot verification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 24)
- - 2. The at least one computer-readable medium of claim 1, wherein the authentication data is verified by the secondary electronic device.
  - 3. The at least one computer-readable medium of claim 1, wherein the authentication data includes authentication information about a user of the electronic device and about the secondary electronic device, wherein the authentication data is verified by the network element.
  - 4. The at least one computer-readable medium of claim 1, wherein a primary function of the secondary electronic device does not include receiving the authentication key.
  - 5. The at least one computer-readable medium of claim 1, wherein the authentication key expires after a predetermined amount of time or a predetermined number of uses.
  - 6. The at least one computer-readable medium of claim 1, wherein the authentication key is used to access protected data on the electronic device.
  - 7. The at least one computer-readable medium of claim 1, wherein the authentication key is used to access pre-operating system protected data on the electronic device.
  - 24. The at least one computer-readable medium of claim 1, wherein the authentication key must be reacquired each time the electronic device restarts.

8. An electronic device comprising:
- a hardware processor; and
  
  a verification engine configured to;
  
  request an authentication key from a secondary electronic device, wherein the secondary electronic device previously received the authentication key from a network element that is physically separate from the electronic device and the secondary electronic device;
  
  receive the authentication key from the secondary electronic device, wherein the secondary electronic device is separate from the electronic device; and
  
  verify the authentication key and the secondary electronic device, wherein the authentication key is not persistently stored in the electronic device and the secondary electronic device, wherein the electronic device requires pre-boot authentication before an operating system on the electronic device is allowed to run and the authentication key provides the pre-boot verification.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The electronic device of claim 8, wherein the verification engine accesses a whitelist and a blacklist to verify the secondary electronic device.
  - 10. The electronic device of claim 8, wherein the secondary electronic device is physically separate from the electronic device.
  - 11. The electronic device of claim 8, wherein the authentication key is used to access protected data on the electronic device.
  - 12. The electronic device of claim 8, wherein the authentication key is used to access pre-operating system protected data on the electronic device and the authentication key expires after a predetermined amount of time.
  - 13. The electronic device of claim 8, wherein the secondary electronic device receives the authentication key from a network element.
  - 14. The electronic device of claim 8, wherein the authentication key is required for pre-boot authorization.

15. A method comprising:
- receiving a request to access an electronic device that is separate from a secondary electronic device;
  
  collecting authentication data at the secondary electronic device;
  
  verifying the authentication data;
  
  receiving an authentication key from a network element that is physically separate from the electronic device and the secondary electronic device; and
  
  communicating the authentication key to the electronic device, wherein the authentication key is not persistently stored in the electronic device and the secondary electronic device, wherein the electronic device requires pre-boot authentication before an operating system on the electronic device is allowed to run and the authentication key provides the pre-boot verification.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein the authentication data includes authentication information about a user of the electronic device and about the secondary electronic device.
  - 17. The method of claim 15, wherein the authentication data is verified by the network element.
  - 18. The method of claim 15, wherein verifying the authentication data includes comparing the authentication data to a whitelist and a blacklist.
  - 19. The method of claim 15, wherein the authentication key is used to access protected data on the electronic device.
  - 20. The method of claim 15, wherein the authentication key is used to access pre-operating system protected data on the electronic device.
  - 21. The method of claim 15, wherein the authentication key is required for pre-boot authorization.

22. A system for receiving an authentication key, the system comprising:
- a hardware processor; and
  
  an authentication engine configured for;
  
  receiving a request to access an electronic device, wherein the electronic device is separate from the authentication module;
  
  collecting authentication data;
  
  communicating the authentication data to a network element that is physically separate from the electronic device and the secondary electronic device;
  
  receiving an authentication key; and
  
  communicating the authentication key to the electronic device, wherein the authentication key is not persistently stored in the electronic device and the secondary electronic device, wherein the electronic device requires pre-boot authentication before an operating system on the electronic device is allowed to run and the authentication key provides the pre-boot verification.
- View Dependent Claims (23)
- - 23. The system of claim 22, wherein the authentication data includes authentication information about a user of the electronic device and about a secondary electronic device that includes the authentication engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Zimmer, Vincent J., Muttik, Igor, Poornachandran, Rajesh, Yao, Jiewen Jacques, Atreya, Mohan, Selvaraje, Gopinatth
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US14/583,421
Publication Number

US 20160191481A1
Time in Patent Office

725 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

Encryption key retrieval

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption key retrieval

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links