System and method for secure provisioning of an information handling system

US 9,660,816 B2
Filed: 09/24/2015
Issued: 05/23/2017
Est. Priority Date: 10/17/2008
Status: Active Grant

First Claim

Patent Images

1. An information handling system comprising:

a processor device; and

an access controller device communicatively coupled to the processor device and configured to establish an asymmetrically cryptographic communications channel between the access controller device and a provisioning server device based on;

an enterprise private key;

an enterprise public key associated with the enterprise private key and stored on the access controller device prior to shipment of the information handling system;

a platform private key associated with the information handling system; and

a platform public key associated with the platform private key and encrypted using the enterprise public key by a supplier information handling system associated with a supplier different than the information handling system, the platform public key provided by the supplier of the information handling system to an enterprise associated with the enterprise public key, the access controller device is further configured to decrypt communications from the provisioning server device using the platform private key.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.

Citations

18 Claims

1. An information handling system comprising:
- a processor device; and
  
  an access controller device communicatively coupled to the processor device and configured to establish an asymmetrically cryptographic communications channel between the access controller device and a provisioning server device based on;
  
  an enterprise private key;
  
  an enterprise public key associated with the enterprise private key and stored on the access controller device prior to shipment of the information handling system;
  
  a platform private key associated with the information handling system; and
  
  a platform public key associated with the platform private key and encrypted using the enterprise public key by a supplier information handling system associated with a supplier different than the information handling system, the platform public key provided by the supplier of the information handling system to an enterprise associated with the enterprise public key, the access controller device is further configured to decrypt communications from the provisioning server device using the platform private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The information handling system of claim 1, wherein the access controller device is further configured to enable the information handling system to receive provisioning information from the provisioning server device via the asymmetrically cryptographic communications channel.
  - 3. The information handling system of claim 1, wherein the access controller device is further configured to encrypt communications to the provisioning server device using the enterprise public key.
  - 4. The information handling system of claim 1, wherein the access controller device is further configured to provision the information handling system via communications received via the asymmetrically cryptographic communications channel.
  - 5. The information handling system of claim 1, wherein the access controller device is further configured to establish a second asymmetrically cryptographic communications channel between the access controller device and the provisioning server device based on permanent cryptographic credentials generated by the provisioning server device after establishment of the asymmetrically cryptographic communications channel.
  - 6. The information handling system of claim 5, wherein the permanent cryptographic credentials comprise at least one of unique certificates and private-public key pairs maintained by the enterprise.
  - 7. The information handling system of claim 5, wherein the access controller device is further configured to provision the information handling system based on communications received via the asymmetrically cryptographic communications channel and the second asymmetrically cryptographic communications channel.

8. A non-transitory computer-readable medium, comprising instructions that, when executed by a processor device, are configured to establish an asymmetrically cryptographic communications channel between an access controller device associated with an information handling system and a provisioning server device based on:
- an enterprise private key;
  
  an enterprise public key associated with the enterprise private key and stored on the access controller device prior to shipment of the information handling system;
  
  a platform private key associated with the information handling system; and
  
  a platform public key associated with the platform private key and encrypted using the enterprise public key by a supplier information handling system associated with a supplier different than the information handling system, the platform public key provided by the supplier of the information handling system to an enterprise associated with the enterprise public key, wherein the processor device is further configured to decrypt communications from the provisioning server device using the platform private key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the processor device is further configured to enable the information handling system to receive provisioning information from the provisioning server device via the asymmetrically cryptographic communications channel.
  - 10. The non-transitory computer-readable medium of claim 8, wherein the processor device is further configured to encrypt communications to the provisioning server device using the enterprise public key.
  - 11. The non-transitory computer-readable medium of claim 8, wherein the processor device is further configured to provision the information handling system via communications received via the asymmetrically cryptographic communications channel.
  - 12. The non-transitory computer-readable medium of claim 8, wherein the processor device is further configured to establish a second asymmetrically cryptographic communications channel between the access controller device and the provisioning server device based on permanent cryptographic credentials generated by the provisioning server device after establishment of the asymmetrically cryptographic communications channel.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the permanent cryptographic credentials comprise at least one of unique certificates and private-public key pairs maintained by the enterprise.
  - 14. The non-transitory computer-readable medium of claim 12, wherein the processor device is further configured to provision the information handling system based on communications received via the asymmetrically cryptographic communications channel and the second asymmetrically cryptographic communications channel.

15. A method comprising:
- receiving from an enterprise, by a supplier of an information handling system, an enterprise public key associated with an enterprise private key;
  
  storing, by the supplier on an access controller device associated with the information handling system, the enterprise public key prior to shipment of the information handling system;
  
  configuring, by the supplier, the information handling system to establish an asymmetrically cryptographic communications channel between the access controller device and a provisioning server device based on;
  
  the enterprise private key;
  
  the enterprise public key;
  
  a platform private key associated with the information handling system; and
  
  a platform public key associated with the platform private key and encrypted using the enterprise public key and a supplier information handling system associated with the supplier different than the information handling system; and
  
  a platform public key associated with the platform private key and encrypted using the enterprise public key;
  
  configuring, by the supplier, the information handling system to decrypt communications from the provisioning server device using the platform private key; and
  
  providing, by the supplier to the enterprise, the information handling system.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising configuring, by the supplier, the information handling system to establish a second asymmetrically cryptographic communications channel between the access controller device and the provisioning server device based on permanent cryptographic credentials generated by the provisioning server device after establishment of the asymmetrically cryptographic communications channel.
  - 17. The method of claim 16, wherein the permanent cryptographic credentials comprise at least one of unique certificates and private-public key pairs maintained by the enterprise.
  - 18. The method of claim 16, further comprising configuring, by the supplier, the information handling system to be provisioned based on communications received via the asymmetrically cryptographic communications channel and the second asymmetrically cryptographic communications channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Jaber, Muhammed, Wilson, John, Shetty, Sudhir, Webb, III, Theodore
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US14/863,759
Publication Number

US 20160013947A1
Time in Patent Office

607 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3215   using a plurality of channe...

H04L 9/3263   involving certificates, e.g...

System and method for secure provisioning of an information handling system

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure provisioning of an information handling system

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links