Managing data center orchestration using service plans and manifests
US-2024385850-A1 · Nov 21, 2024 · US
Field replaceable unit authentication system
US9652253B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9652253-B2 |
| Application number | US-201514856231-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 16, 2015 |
| Priority date | Sep 16, 2015 |
| Publication date | May 16, 2017 |
| Grant date | May 16, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A field replaceable unit authentication system provides for a field replaceable unit device to be positioned in a chassis. A trusted platform module is included in the field replaceable unit device. A network operating system engine may be provided in the field replaceable unit device and coupled to the trusted platform module. The network operating system engine participates in a boot process with a booting subsystem to generate current boot metric data that is provided for storage in the trusted platform module. A platform management controller in the field replaceable unit device retrieves the current boot metric data from the trusted platform module, authenticates the trusted platform module, and compares the current boot metric data to previously stored boot metric data to determine whether to authenticate the network operating system engine. If authenticated, the network operating system engine then authenticates the platform management controller.
First claim
Opening claim text (preview).
What is claimed is: 1. A field replaceable unit authentication system, comprising: a chassis; at least one connector located in the chassis; and a field replaceable unit device located in the chassis and coupled to the at least one connector, wherein the field replaceable unit device includes: a trusted platform module; a network operating system engine that is coupled to the trusted platform module and that is configured to participate in a boot process that generates current boot metric data that is provided for storage in the trusted platform module; and a platform management controller that is coupled to the trusted platform module and the network operating system engine, wherein the platform management controller is configured to retrieve the current boot metric data from the trusted platform module, authenticate the trusted platform module, and compare the current boot metric data to previously stored boot metric data to determine whether to authenticate the network operating system engine. 2. The field replaceable unit authentication system of claim 1 , wherein the platform management controller is configured, in response to determining to authenticate the network operating system engine, to assign at least one authentication role to the network operating system engine. 3. The field replaceable unit authentication system of claim 1 , wherein the platform management controller is configured, in response to determining to not authenticate the network operating system engine, to cease providing power to the network operating system engine. 4. The field replaceable unit authentication system of claim 1 , wherein the network operating system engine is configured, in response to being authenticated by the platform management controller, to authenticate the platform management controller. 5. The field replaceable unit authentication system of claim 4 , wherein the network operating system is configured, in response to being authenticated by the platform management controller and authenticating the platform management controller, to determine that a device has been coupled to the field replaceable unit device through the at least one connector and, in response, authenticate the device. 6. The field replaceable unit authentication system of claim 4 , wherein the authentication of the platform management controller by the network operating system engine includes the network operating system engine sending the platform management controller an authentication message that is encrypted with a field replaceable unit public key for the field replaceable unit device, and the platform management controller decrypting the authentication message with a field replaceable unit private key for the field replaceable unit device. 7. The field replaceable unit authentication system of claim 1 , wherein the trusted platform module is configured to encrypt the current boot metric data with a trusted platform module private key to provide encrypted current boot metric data, and wherein the platform management controller is configured to decrypt the encrypted current boot metric data with a trusted platform module public key. 8. An information handling system (IHS), comprising: a booting subsystem; a trusted platform module that is coupled to the booting subsystem and that is configured to couple to a network operating system engine, wherein the trusted platform module is configured to receive and store current boot metric data that is generated when the booting subsystem and the network operating system engine perform a boot process; and a platform management controller that is coupled to the trusted platform module, wherein the platform management controller is configured to retrieve the current boot metric data from the trusted platform module in response to the booting subsystem and the network operating system engine performing the boot process, authenticate the trusted platform module, and compare the current boot metric data to previously stored boot metric data to determine whether to authenticate the network operating system engine. 9. The IHS of claim 8 , wherein the platform management controller is configured, in response to determining to authenticate the network operating system engine, to assign at least one authentication role to the network operating system engine. 10. The IHS of claim 8 , wherein the platform management controller is configured, in response to determining to not authenticate the network operating system engine, to cease providing power to the network operating system engine. 11. The IHS of claim 8 , wherein the platform management controller is configured, following a determination to authenticate the network operating system engine, to receive an authentication message from the network operating system engine and, in response, provide an authentication response to the network operating system engine. 12. The IHS of claim 8 , wherein the trusted platform module is configured to encrypt the current boot metric data with a trusted platform module private key to provide encrypted current boot metric data, and wherein the platform management controller is configured to decrypt the encrypted current boot metric data with a trusted platform module public key. 13. The IHS of claim 8 , wherein the booting subsystem includes a Basic Input/Output System (BIOS) and a boot loader. 14. A method for authentication in a field replaceable unit, comprising: performing a boot process in a field replaceable unit device; generating current boot metric data during the performance of the boot process; storing, in a trusted platform module in the field replaceable unit device, the current boot metric data; retrieving, by a platform management controller in the field replaceable unit device from the trusted platform module, the current boot metric data; authenticating, by the platform management controller, the trusted platform module; and comparing, by the platform management controller, the current boot metric data to previously stored boot metric data to determine whether to authenticate a network operating system engine that participated in the performance of the boot process. 15. The method of claim 14 , further comprising: assigning, by the platform management controller in response to determining to authenticate the network operating system engine, at least one authentication role to the network operating system engine. 16. The method of claim 14 , further comprising: ceasing, by the platform management controller in response to determining to not authenticate the network operating system engine, the provisioning of power to the network operating system engine. 17. The method of claim 14 , further comprising: authenticating, by the network operating system engine in response to being authenticated by the platform management controller, the platform management controller. 18. The method of claim 17 , further comprising: determining, by the network operating system engine in response to being authenticated by the platform management controller and authenticating the platform management controller, that a device has been coupled to the field replaceable unit device; and authenticating, by the network operating system engine, the device. 19. The method of claim 17 , wherein the authentication of the platform management controller by the network operating system engine includes: sending, by the network operating system engine to the platform management controller, an authentication message that is encrypted with a field replac
Assignees
Inventors
Classifications
using a plurality of keys or algorithms · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
- G06F9/4416Primary
Network booting; Remote initial program loading [RIPL] · CPC title
- H04L9/006Primary
involving public key infrastructure [PKI] trust models (network architecture or network communication protocol for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9652253B2 cover?
- A field replaceable unit authentication system provides for a field replaceable unit device to be positioned in a chassis. A trusted platform module is included in the field replaceable unit device. A network operating system engine may be provided in the field replaceable unit device and coupled to the trusted platform module. The network operating system engine participates in a boot process …
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F9/4416. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 16 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).