Apparatus and method for host abstracted networked authorization

US 9,876,792 B2
Filed: 10/30/2014
Issued: 01/23/2018
Est. Priority Date: 10/30/2014
Status: Active Grant

First Claim

Patent Images

1. An information handling system, comprising:

a host processing system including a processor and a shared secret, wherein the shared secret is embedded in a hardware device of the host processing system; and

an authentication processing system including a secure processor, a copy of the shared secret, and a first authenticator to execute on the secure processor stored at a storage device of the information handling system, wherein the copy of the shared secret is embedded in a hardware device of the authentication processing system;

wherein the authentication processing system authenticates to the host processing system based upon the shared secret;

wherein the first authenticator operates as a first master authenticator to;

establish a first authentication area;

determine that a first device is a first trusted slave device of the first master authenticator;

determine that the first device is within the first authentication area; and

authenticate the first device on the first authentication area based upon the determination that the first device is within the first authentication area;

determine that a second device is a second trusted slave device of the first master authenticator;

determine that the second device is not within the first authentication area;

prevent the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area; and

wherein the first authenticator operates as a slave authenticator to;

determine that the information handling system is within a second authentication area of a third device; and

authenticate the information handling system on the third device based upon the determination that the information handling system is within the second authentication area.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information handling system includes a host processing system and an authentication processing system. The authentication processing system authenticates to the host processing system based upon a shared secret. An authentication module of the authentication processing system operates as a master authentication module to establish an authentication area, determine that a first device is a first trusted device of the authentication module, determine that the first device is within the authentication area, authenticate the first device on the authentication area based upon the determination that the first device is within the authentication area, determine that a second device is a second trusted device of the authentication module, determine that the second device is not within the authentication area, and prevent the second device from authenticating on the authentication area based upon the determination that the second device is not within the authentication area.

Citations

20 Claims

1. An information handling system, comprising:
- a host processing system including a processor and a shared secret, wherein the shared secret is embedded in a hardware device of the host processing system; and
  
  an authentication processing system including a secure processor, a copy of the shared secret, and a first authenticator to execute on the secure processor stored at a storage device of the information handling system, wherein the copy of the shared secret is embedded in a hardware device of the authentication processing system;
  
  wherein the authentication processing system authenticates to the host processing system based upon the shared secret;
  
  wherein the first authenticator operates as a first master authenticator to;
  
  establish a first authentication area;
  
  determine that a first device is a first trusted slave device of the first master authenticator;
  
  determine that the first device is within the first authentication area; and
  
  authenticate the first device on the first authentication area based upon the determination that the first device is within the first authentication area;
  
  determine that a second device is a second trusted slave device of the first master authenticator;
  
  determine that the second device is not within the first authentication area;
  
  prevent the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area; and
  
  wherein the first authenticator operates as a slave authenticator to;
  
  determine that the information handling system is within a second authentication area of a third device; and
  
  authenticate the information handling system on the third device based upon the determination that the information handling system is within the second authentication area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The information handling system of claim 1, wherein the first authenticator further operates as the first master authenticator to:
    - determine that the second device moved to within the first authentication area; and
      
      authenticate the second device on the first authentication area based upon the determination that the second device moved to within the first authentication area.
  - 3. The information handling system of claim 1, wherein the first authenticator further operates as the first master authenticator to:
    - determine that a fourth device is not a fourth trusted device of the first authenticator;
      
      prevent the fourth device from authenticating on the first authentication area based upon the determination that the fourth device is not a fourth trusted device of the first authenticator.
  - 4. The information handling system of claim 1, wherein the first authentication area is based upon a radius from the information handling system.
  - 5. The information handling system of claim 1, wherein the first authentication area is based upon a location relative to the information handling system.
  - 6. The information handling system of claim 5, wherein the location is determined based upon a location device of the information handling system.
  - 7. The information handling system of claim 1, wherein in authenticating the information handling system on the third device, the first authenticator further operates as the slave authenticator to authenticate the information handling system on a second master authenticator of the third device.
  - 8. The information handling system of claim 7, wherein the processor of the host processing system operates to:
    - receive secure information from the third device via an I/O device of the host processing system based upon the authentication to the second authentication area; and
      
      send the secure information to the first device using the I/O device based upon the first device being authenticated to the first authentication area.

9. A method, comprising:
- authenticating a first authentication processing system of a first information handling system to a host processing system of the first information handling system based upon a shared secret of the host processing system and a copy of the shared secret of the first authentication processing system, wherein the shared secret is embedded in a hardware device of the host processing system and the copy of the shared secret is embedded in a hardware device of the authentication processing system;
  
  establishing, by a first master authenticator of the first authentication processing system, a first authentication area;
  
  determining that a first device is a first trusted slave device of the first master authenticator;
  
  determining that the first device is within the first authentication area;
  
  authenticating, by the first master authenticator, the first device on the first authentication area based upon the determination that the first device is within the first authentication area;
  
  determining that a second device is a second trusted slave device of the first authentication processing system;
  
  determining that the second device is not within the first authentication area;
  
  preventing, by the first master authenticator, the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area;
  
  determining, by a slave authenticator of the first authentication processing system, that the information handling system is within a second authentication area of a third device; and
  
  authenticating, by the slave authenticator, the information handling system on the second authentication area based upon the determination that the information handling system is within the second authentication area.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - determining that the second device moved to within the first authentication area; and
      
      authenticating, by the first master authenticator, the second device on the first authentication area based upon the determination that the second device moved to within the first authentication area.
  - 11. The method of claim 9, further comprising:
    - determining that a fourth device is not a third trusted device of the first authentication processing system;
      
      preventing, by the first master authenticator, the fourth device from authenticating on the first authentication area based upon the determination that the fourth device is not a third trusted device of the first authentication processing system.
  - 12. The method of claim 9, wherein the first authentication area is based upon a radius from the information handling system.
  - 13. The method of claim 9, wherein the first authentication area is based upon a location relative to the information handling system.
  - 14. The method of claim 13, wherein the location is determined based upon a location device of the information handling system.
  - 15. The method of claim 9, wherein in authenticating the information handling system on the third device, the method further comprises:
    - authenticating, by the slave authenticator, the information handling system on a second master authenticator of the third device.
  - 16. The method of claim 15, further comprising:
    - receiving secure information from the third device based upon the authentication to the second authentication area; and
      
      sending the secure information to the first device based upon the first device being authenticated to the first authentication area.

17. A non-transitory computer-readable medium including code when executed by at least one processor, causes the at least one processor to perform a method comprising:
- authenticating a first authentication processing system of a first information handling system to a host processing system of the first information handling system based upon a shared secret of the host processing system and a copy of the shared secret of the first authentication processing system, wherein the shared secret is embedded in a hardware device of the host processing system and the copy of the shared secret is embedded in a hardware device of the authentication processing system;
  
  establishing, by a first master authenticator of the host processing system, a first authentication area;
  
  determining that a first device is a first trusted slave device of the first master authenticator;
  
  determining that the first device is within the first authentication area;
  
  authenticating, by the first master authenticator, the first device on the first authentication area based upon the determination that the first device is within the first authentication area;
  
  determining that a second device is a second trusted slave device of the first authentication processing system;
  
  determining that the second device is not within the first authentication area;
  
  preventing, by the first master authenticator, the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area;
  
  determining, by a slave authenticator of the first authentication processing system, that the information handling system is within a second authentication area of a third device; and
  
  authenticating, by the slave authenticator, the information handling system on the second authentication area based upon the determination that the information handling system is within the second authentication area.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable medium of claim 17, the method further comprising:
    - determining that the second device moved to within the first authentication area; and
      
      authenticating the second device on the first authentication area based upon the determination that the second device moved to within the first authentication area.
  - 19. The computer-readable medium of claim 17, the method further comprising:
    - determining that a fourth device is not a third trusted device of the first authentication processing system;
      
      preventing the fourth device from authenticating on the first authentication area based upon the determination that the fourth device is not a third trusted device of the first authentication processing system.
  - 20. The computer-readable medium of claim 17, wherein in authenticating the information handling system on the third device, the method further comprises:
    - authenticating, by the slave authenticator, the information handling system on a second master authenticator of the third device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Robison, Jr., Charles D., Aurongzeb, Deeder M., Schuckle, Richard W., Hamlin, Daniel L.
Primary Examiner(s)
McNally, Michael S
Assistant Examiner(s)
LIN, AMIE CHINYU

Application Number

US14/528,498
Publication Number

US 20160127364A1
Time in Patent Office

1,181 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 67/125   involving control of end-de...

Apparatus and method for host abstracted networked authorization

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for host abstracted networked authorization

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links