Apparatus and method for host abstracted networked authorization
First Claim
1. An information handling system, comprising:
- a host processing system including a processor and a shared secret, wherein the shared secret is embedded in a hardware device of the host processing system; and
an authentication processing system including a secure processor, a copy of the shared secret, and a first authenticator to execute on the secure processor stored at a storage device of the information handling system, wherein the copy of the shared secret is embedded in a hardware device of the authentication processing system;
wherein the authentication processing system authenticates to the host processing system based upon the shared secret;
wherein the first authenticator operates as a first master authenticator to;
establish a first authentication area;
determine that a first device is a first trusted slave device of the first master authenticator;
determine that the first device is within the first authentication area; and
authenticate the first device on the first authentication area based upon the determination that the first device is within the first authentication area;
determine that a second device is a second trusted slave device of the first master authenticator;
determine that the second device is not within the first authentication area;
prevent the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area; and
wherein the first authenticator operates as a slave authenticator to;
determine that the information handling system is within a second authentication area of a third device; and
authenticate the information handling system on the third device based upon the determination that the information handling system is within the second authentication area.
14 Assignments
0 Petitions
Accused Products
Abstract
An information handling system includes a host processing system and an authentication processing system. The authentication processing system authenticates to the host processing system based upon a shared secret. An authentication module of the authentication processing system operates as a master authentication module to establish an authentication area, determine that a first device is a first trusted device of the authentication module, determine that the first device is within the authentication area, authenticate the first device on the authentication area based upon the determination that the first device is within the authentication area, determine that a second device is a second trusted device of the authentication module, determine that the second device is not within the authentication area, and prevent the second device from authenticating on the authentication area based upon the determination that the second device is not within the authentication area.
-
Citations
20 Claims
-
1. An information handling system, comprising:
-
a host processing system including a processor and a shared secret, wherein the shared secret is embedded in a hardware device of the host processing system; and an authentication processing system including a secure processor, a copy of the shared secret, and a first authenticator to execute on the secure processor stored at a storage device of the information handling system, wherein the copy of the shared secret is embedded in a hardware device of the authentication processing system; wherein the authentication processing system authenticates to the host processing system based upon the shared secret; wherein the first authenticator operates as a first master authenticator to; establish a first authentication area; determine that a first device is a first trusted slave device of the first master authenticator; determine that the first device is within the first authentication area; and authenticate the first device on the first authentication area based upon the determination that the first device is within the first authentication area; determine that a second device is a second trusted slave device of the first master authenticator; determine that the second device is not within the first authentication area; prevent the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area; and wherein the first authenticator operates as a slave authenticator to; determine that the information handling system is within a second authentication area of a third device; and authenticate the information handling system on the third device based upon the determination that the information handling system is within the second authentication area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
authenticating a first authentication processing system of a first information handling system to a host processing system of the first information handling system based upon a shared secret of the host processing system and a copy of the shared secret of the first authentication processing system, wherein the shared secret is embedded in a hardware device of the host processing system and the copy of the shared secret is embedded in a hardware device of the authentication processing system; establishing, by a first master authenticator of the first authentication processing system, a first authentication area; determining that a first device is a first trusted slave device of the first master authenticator; determining that the first device is within the first authentication area; authenticating, by the first master authenticator, the first device on the first authentication area based upon the determination that the first device is within the first authentication area; determining that a second device is a second trusted slave device of the first authentication processing system; determining that the second device is not within the first authentication area; preventing, by the first master authenticator, the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area; determining, by a slave authenticator of the first authentication processing system, that the information handling system is within a second authentication area of a third device; and authenticating, by the slave authenticator, the information handling system on the second authentication area based upon the determination that the information handling system is within the second authentication area. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium including code when executed by at least one processor, causes the at least one processor to perform a method comprising:
-
authenticating a first authentication processing system of a first information handling system to a host processing system of the first information handling system based upon a shared secret of the host processing system and a copy of the shared secret of the first authentication processing system, wherein the shared secret is embedded in a hardware device of the host processing system and the copy of the shared secret is embedded in a hardware device of the authentication processing system; establishing, by a first master authenticator of the host processing system, a first authentication area; determining that a first device is a first trusted slave device of the first master authenticator; determining that the first device is within the first authentication area; authenticating, by the first master authenticator, the first device on the first authentication area based upon the determination that the first device is within the first authentication area; determining that a second device is a second trusted slave device of the first authentication processing system; determining that the second device is not within the first authentication area; preventing, by the first master authenticator, the second device from authenticating on the first authentication area based upon the determination that the second device is not within the first authentication area; determining, by a slave authenticator of the first authentication processing system, that the information handling system is within a second authentication area of a third device; and authenticating, by the slave authenticator, the information handling system on the second authentication area based upon the determination that the information handling system is within the second authentication area. - View Dependent Claims (18, 19, 20)
-
Specification