Memory device with secure boot updates and self recovery
US-2024406008-A1 · Dec 5, 2024 · US
Unlocking machine-readable storage devices using a user token
US2019251263A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019251263-A1 |
| Application number | US-201616316583-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 29, 2016 |
| Priority date | Jul 29, 2016 |
| Publication date | Aug 15, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One example of a system includes a plurality of machine-readable storage devices, a machine-readable storage medium, and platform firmware. Each machine-readable storage device is to be unlocked for read and/or write access via a passphrase for each machine-readable storage device. The machine-readable storage medium stores an encrypted passphrase for each machine-readable storage device. The platform firmware is to receive a user token, derive a key from the user token, decrypt the encrypted passphrase stored in the machine-readable storage medium for each machine-readable storage device using the key, and unlock each machine-readable storage device using the decrypted passphrase for each machine-readable storage device.
First claim
Opening claim text (preview).
1 . A system comprising: a plurality of machine-readable storage devices, each machine-readable storage device to be unlocked for read and/or write access via a passphrase for each machine-readable storage device; a machine-readable storage medium storing an encrypted passphrase for each machine-readable storage device; and platform firmware to receive a user token, derive a key from the user token, decrypt the encrypted passphrase stored in the machine-readable storage medium for each machine-readable storage device using the key, and unlock each machine-readable storage device using the decrypted passphrase for each machine-readable storage device. 2 . The system of claim 1 , wherein the platform firmware comprises the machine-readable storage medium. 3 . The system of claim 1 , further comprising: a key management service comprising the machine-readable storage medium, wherein the platform firmware is to transmit the key to the key management service and in response the key management service is to transmit the decrypted passphrase for each machine-readable storage device to the platform firmware. 4 . The system of claim 1 , wherein the platform firmware comprises a basic input/output system (BIOS) or unified extensible firmware interface (UEFI). 5 . The system of claim 1 , wherein each machine-readable storage device comprises a non-volatile dual in-line memory module (NV-DIMM). 6 . The system of claim 1 , wherein each encrypted passphrase is encrypted using symmetric encryption or asymmetric encryption, and wherein the platform firmware decrypts a private decryption key using the key and decrypts the encrypted passphrases using the private decryption key when each encrypted passphrase is encrypted using asymmetric encryption. 7 . The system of claim 1 , wherein the machine-readable storage medium stores a plurality of encrypted passphrases for each machine-readable storage device, each of the plurality of encrypted passphrases for each machine-readable storage device corresponding to a different user token. 8 . The system of claim 1 , wherein the user token unlocks an operating system at boot time. 9 . A system comprising: a machine-readable storage medium storing instructions and an encrypted passphrase for each of a plurality of machine-readable storage devices; and a processor to execute the instructions to: receive a user token; derive a key from the user token; decrypt the encrypted passphrase for each machine-readable storage device using the key; and unlock each of the plurality of machine-readable storage devices using the decrypted passphrase corresponding to each machine-readable storage device. 10 . The system of claim 9 , wherein the machine-readable storage medium stores identifying information for each machine-readable storage device associated with the encrypted passphrase for each machine-readable storage device. 11 . The system of claim 9 , wherein the user token comprises a password, a passphrase, a digital certificate, or a biometric token. 12 . The system of claim 9 , wherein each machine-readable storage device comprises a non-volatile dual in-line memory module (NV-DIMM), a hard disk drive, a solid state drive, or a flash memory card. 13 . A method to unlock a plurality of machine-readable storage devices, the method comprising: receiving a user token; deriving a key from the user token; decrypting a plurality of encrypted passphrases using the key, each of the plurality of passphrases to unlock a machine-readable storage device for read and/or write access; and unlocking each of the plurality of machine-readable storage devices using the decrypted passphrase for each machine-readable storage device. 14 . The method of claim 13 , wherein decrypting the plurality of encrypted passphrases comprises: transmitting the key to a key management service; and receiving the plurality of decrypted passphrases from the key management service. 15 . The method of claim 13 , wherein deriving the key from the user token comprises deriving the key using a hash function.
Assignees
Inventors
Classifications
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
- G06F21/572Primary
Secure firmware programming, e.g. of basic input output system [BIOS] · CPC title
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
- G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019251263A1 cover?
- One example of a system includes a plurality of machine-readable storage devices, a machine-readable storage medium, and platform firmware. Each machine-readable storage device is to be unlocked for read and/or write access via a passphrase for each machine-readable storage device. The machine-readable storage medium stores an encrypted passphrase for each machine-readable storage device. The p…
- Who is the assignee on this patent?
- Hewlett Packard Development Co
- What technology area does this patent fall under?
- Primary CPC classification G06F21/572. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Aug 15 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).