Method and system for enterprise network single-sign-on by a manageability engine
First Claim
Patent Images
1. A computing device for logging on to a manageability engine, the computing device comprising:
- a memory;
a main processor coupled to the memory to execute platform firmware, the platform firmware including a pre-boot authentication module to authenticate a user, wherein the pre-boot authentication module is separate from an operating system of the computing device; and
a manageability engine including an out-of-band processor separate from the main processor, wherein the manageability engine is to;
receive, by the out-of-band processor, user authentication credentials from the pre-boot authentication module;
open, by the manageability engine, an out-of-band network connection to a key distribution center of an enterprise network;
request, by the out-of-band processor independent of the main processor, a key encryption key from the key distribution center via the out-of-band network connection in response to receipt of the user authentication credentials;
receive, by the out-of-band processor independent of the main processor, the key encryption key from the key distribution center via the out-of-band network connection; and
securely store, by the out-of-band processor, the key encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.
17 Citations
16 Claims
-
1. A computing device for logging on to a manageability engine, the computing device comprising:
-
a memory; a main processor coupled to the memory to execute platform firmware, the platform firmware including a pre-boot authentication module to authenticate a user, wherein the pre-boot authentication module is separate from an operating system of the computing device; and a manageability engine including an out-of-band processor separate from the main processor, wherein the manageability engine is to; receive, by the out-of-band processor, user authentication credentials from the pre-boot authentication module; open, by the manageability engine, an out-of-band network connection to a key distribution center of an enterprise network; request, by the out-of-band processor independent of the main processor, a key encryption key from the key distribution center via the out-of-band network connection in response to receipt of the user authentication credentials; receive, by the out-of-band processor independent of the main processor, the key encryption key from the key distribution center via the out-of-band network connection; and securely store, by the out-of-band processor, the key encryption key. - View Dependent Claims (2, 3)
-
-
4. A method for logging on to a manageability engine, the method comprising:
-
executing, by a main processor of a computing device, platform firmware including a pre-boot authentication module to authenticate a user, wherein the pre-boot authentication module is separate from an operating system of the computing device; receiving, by an out-of-band processor of the computing device, user authentication credentials from the pre-boot authentication module, wherein the out-of-band processor is separate from the main processor of the computing device; opening, by a manageability engine of the computing device, an out-of-band network connection to a key distribution center of an enterprise network, wherein the manageability engine includes the out-of-band processor; requesting, by the out-of-band processor independent of the main processor, a key encryption key from the key distribution center via the out-of-band network connection in response to receiving the user authentication credentials; receiving, by the out-of-band processor independent of the main processor, the key encryption key from the key distribution center via the out-of-band network connection; and securely storing, by the out-of-band processor, the key encryption key. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A computing device for logging on to a manageability engine, the computing device comprising:
-
a memory; a main processor coupled to the memory to execute platform firmware, the platform firmware including a pre-boot authentication module to authenticate a user, wherein the pre-boot authentication module is separate from an operating system of the computing device; and a manageability engine including an out-of-band processor separate from the main processor, wherein the manageability engine is to; receive, by the out-of-band processor, user authentication credentials from the pre-boot authentication module; open, by the manageability engine, an out-of-band network connection to a key distribution center of an enterprise network; request, by the out-of-band processor independent of the main processor, a key encryption key from the key distribution center via the out-of-band network connection in response to receipt of the user authentication credentials; receive, by the out-of-band processor independent of the main processor, the key encryption key from the key distribution center via the out-of-band network connection; securely store, by the out-of-band processor, the key encryption key; and unlock, by the out-of-band processor, a platform resource in response to secure storage of the key encryption key. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification