Man-In-The-Middle Extender Defense In Data Communications
US-2024356933-A1 · Oct 24, 2024 · US
System and method for secure provisioning of an information handling system
US9166798B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9166798-B2 |
| Application number | US-201314074940-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 8, 2013 |
| Priority date | Oct 17, 2008 |
| Publication date | Oct 20, 2015 |
| Grant date | Oct 20, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.
First claim
Opening claim text (preview).
What is claimed is: 1. An information handling system comprising: a processor; a memory communicatively coupled to the processor; and an access controller communicatively coupled to the processor, the access controller having stored thereon an enterprise public key associated with an enterprise private key and a platform private key associated with the information handling system, the enterprise public key stored on the access controller prior to shipment of the information handling system to an enterprise associated with the enterprise public key, the access controller configured to: establish an asymmetrically cryptographic communications channel between the access controller and a provisioning server based on keys, comprising a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key, the platform public key encrypted using the enterprise public key and provided to the enterprise by a supplier; and enable the information handling system to receive provisioning information from the provisioning server via the established communications channel, the provisioning information used to configure the information handling system. 2. The information handling system of claim 1 , the access controller further configured to encrypt communications to the provisioning server using the enterprise public key. 3. The information handling system of claim 1 , the access controller further configured to decrypt communications from the provisioning server using the platform private key. 4. The information handling system of claim 1 , the access controller further configured to provision the information handling system via communications received via the asymmetrically cryptographic communications channel. 5. The information handling system of claim 1 , the access controller further configured to establish a second asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on enterprise-provided credentials other than the enterprise public key and the enterprise private key. 6. The information handling system of claim 5 , the access controller further configured to provision the information handling system via communications received via the second asymmetrically cryptographic communications channel. 7. A non-transitory computer-readable medium, comprising instructions that, when executed by a processor, are configured to: store an enterprise public key associated with an enterprise private key and a platform private key on an access controller associated with an information handling system, the enterprise public key stored on the access controller prior to shipment of the information handling system to an enterprise associated with the enterprise public key by a supplier; communicate a platform public key associated with the platform private key from a supplier to the enterprise, the platform public key encrypted by the supplier using the enterprise public key; and store a set of computer-readable instructions on the access controller, the set of computer-readable instructions configured to: establish an asymmetrically cryptographic communications channel between the access controller and a provisioning server based on keys, comprising the platform public key, the platform private key, the enterprise public key, and the enterprise private key; and enable the information handling system to receive provisioning information from the provisioning server via the established communications channel, the provisioning information used to configure the information handling system. 8. The non-transitory computer-readable medium of claim 7 , the set of instructions stored on the access controller further configured to encrypt communications to the provisioning server using the enterprise public key. 9. The non-transitory computer-readable medium of claim 7 , the set of instructions stored on the access controller further configured to decrypt communications from the provisioning server using the platform private key. 10. The non-transitory computer-readable medium of claim 7 , the set of instructions stored on the access controller further configured to provision the information handling system via communications received via the asymmetrically cryptographic communications channel. 11. The non-transitory computer-readable medium of claim 7 , the set of instructions stored on the access controller further configured to establish a second asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on enterprise-provided credentials other than the enterprise public key and the enterprise private key. 12. The non-transitory computer-readable medium of claim 11 , the set of instructions stored on the access controller further configured to provision the information handling system via communications received via the second asymmetrically cryptographic communications channel. 13. The non-transitory computer-readable medium of claim 7 , the instructions further configured to receive the enterprise public key from the enterprise. 14. A method for secure provisioning of an information handling system, comprising: providing a supplier of an information handling system with an enterprise public key associated with an enterprise private key; receiving from the supplier a platform public key associated with a platform private key, the platform public key encrypted using the enterprise public key; storing the enterprise private key and the platform public key on computer-readable media associated with a provisioning server; and establishing an asymmetrically cryptographic communications channel between the provisioning server and the access controller based on keys, comprising the platform public key, the platform private key, the enterprise public key, and the enterprise private key, the enterprise public key stored on the access controller prior to shipment of the information handling system to an enterprise; and enabling the information handling system to receive provisioning information from the provisioning server via the established communications channel, the provisioning information used to configure the information handling system. 15. The method of claim 14 , further comprising encrypting communications to the information handling system using the platform public key. 16. The method of claim 14 , further comprising decrypting communications from the information handling system using the enterprise private key. 17. The method of claim 14 , further comprising provisioning the information handling system via communications received via the asymmetrically cryptographic communications channel. 18. The method of claim 14 , further comprising: generating credentials other than the enterprise public key and the enterprise private key; and establishing a second asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on the generated credentials. 19. The method of claim 14 , further comprising provisioning the information handling system via communications received via the second asymmetrically cryptographic communications channel.
Assignees
Inventors
Classifications
- H04L9/3263Primary
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using a plurality of channels (network architectures or network communication protocols using different networks H04L63/18) · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9166798B2 cover?
- Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store a…
- Who is the assignee on this patent?
- Jaber Muhammed, Shetty Sudhir, Webb Iii Theodore, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 20 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).