Providing a booting key to a remote system
First Claim
Patent Images
1. A policy server comprising:
- one or more processors; and
a memory storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
predetermining, based on a security threat level, a number of user devices;
receiving, at the policy server, a verification that the predetermined number of user devices provided secret information for booting a remote system; and
providing, from the policy server and in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key to the remote system in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server, wherein the policy server and the key server are separate machines, wherein communication between the policy server, the key server, and the remote system occurs via a first encrypted tunnel connecting the policy server to the key server and a second encrypted tunnel connecting the key server to the remote system, wherein the policy server and the key server are part of a first running instance of a fully encrypted system, wherein a second running instance of the fully encrypted system is used to decrypt the first running instance, wherein the first running instance and the second running instance are part of a plurality of running instances of the fully encrypted system, and wherein, if all of the plurality of running instances are offline, one of the plurality of running instances is decrypted manually.
8 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.
108 Citations
21 Claims
-
1. A policy server comprising:
-
one or more processors; and a memory storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; predetermining, based on a security threat level, a number of user devices; receiving, at the policy server, a verification that the predetermined number of user devices provided secret information for booting a remote system; and providing, from the policy server and in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key to the remote system in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server, wherein the policy server and the key server are separate machines, wherein communication between the policy server, the key server, and the remote system occurs via a first encrypted tunnel connecting the policy server to the key server and a second encrypted tunnel connecting the key server to the remote system, wherein the policy server and the key server are part of a first running instance of a fully encrypted system, wherein a second running instance of the fully encrypted system is used to decrypt the first running instance, wherein the first running instance and the second running instance are part of a plurality of running instances of the fully encrypted system, and wherein, if all of the plurality of running instances are offline, one of the plurality of running instances is decrypted manually. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory machine-readable medium storing instructions that, when executed by the one or more processors of a machine, cause the one or more processors to perform operations comprising:
-
predetermining, based on a security threat level, a number of user devices; receiving, at a policy server, a verification that the predetermined number of user devices provided secret information for booting a remote system; and providing, from the policy server and in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key to the remote system in response to the message and causing the remote system to complete a booting procedure, in response to the message, wherein the policy server and the key server are separate machines, wherein communication between the policy server, the key server, and the remote system occurs via a first encrypted tunnel connecting the policy server to the key server and a second encrypted tunnel connecting the key server to the remote system, wherein the policy server and the key server are part of a first running instance of a fully encrypted system, wherein a second running instance of the fully encrypted system is used to decrypt the first running instance, wherein the first running instance and the second running instance are part of a plurality of running instances of the fully encrypted system, and wherein, if all of the plurality of running instances are offline, one of the plurality of running instances is decrypted manually. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
predetermining, based on a security threat level, a number of user devices; receiving, at one or more processors of a policy server, a verification that the predetermined number of user devices provided secret information for booting a remote system; and providing, from the policy server and in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key to the remote system in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server, wherein the policy server and the key server are separate machines, wherein communication between the policy server, the key server, and the remote system occurs via a first encrypted tunnel connecting the policy server to the key server and a second encrypted tunnel connecting the key server to the remote system, wherein the policy server and the key server are part of a first running instance of a fully encrypted system, wherein a second running instance of the fully encrypted system is used to decrypt the first running instance, wherein the first running instance and the second running instance are part of a plurality of running instances of the fully encrypted system, and wherein, if all of the plurality of running instances are offline, one of the plurality of running instances is decrypted manually. - View Dependent Claims (21)
-
Specification