公开(公告)号：US20080052502A1

公开(公告)日：2008-02-28

申请号：US11466166

申请日：2006-08-22

申请人： Wei Liu ,  Kevin W. Deike ,  Manoj Gujarathi ,  Mukund P. Khatri ,  Charles T. Perusse ,  Theodore Webb

发明人： Wei Liu ,  Kevin W. Deike ,  Manoj Gujarathi ,  Mukund P. Khatri ,  Charles T. Perusse ,  Theodore Webb

IPC分类号： G06F15/177

CPC分类号： G06F9/4411 ,  G06F8/60

摘要： Installable device drivers may be stored on a partition, e.g., Utility Partition (UP) or other OEM partition, of an original equipment manufacturer (OEM) storage device, e.g., hard disk drive, by associating an INT13h Basic Input-Output System (BIOS) interrupt call, e.g., reading from floppy disk drive a: or drive b: a desired storage device driver during the normal course of installing an operating system (OS), e.g., Microsoft Windows, Linux, BSD, Unix, etc., on the information handling system, e.g., personal computer, server, blade server, storage array, workstation, etc. The run-time loading of a raw floppy image having OS installable drivers residing in the Utility Partition or other hidden partition on the hard disk may be presented as a virtual floppy disk drive to the OS installer, e.g., person (manual) or scripted (automated) process.

摘要翻译： 通过将INT13h基本输入输出系统（BIOS）关联，可安装设备驱动程序可以存储在原始设备制造商（OEM）存储设备（例如硬盘驱动器）的分区上，例如实用程序分区（UP）或其他OEM分区上 ）中断呼叫，例如从软盘驱动器a：或驱动器b读取：在安装操作系统（OS）（例如Microsoft Windows，Linux，BSD，Unix等）的正常过程期间所需的存储设备驱动程序 信息处理系统，例如个人计算机，服务器，刀片服务器，存储阵列，工作站等。具有驻留在实用程序分区中的OS可安装驱动程序或硬盘上的其他隐藏分区的原始软盘映像的运行时加载可以 作为虚拟软盘驱动器呈现给操作系统安装程序，例如人（手动）或脚本（自动）过程。

公开(公告)号：US09166798B2

公开(公告)日：2015-10-20

申请号：US14074940

申请日：2013-11-08

申请人： Muhammed Jaber ,  Sudhir Shetty ,  Theodore Webb, III ,  John Wilson

发明人： Muhammed Jaber ,  Sudhir Shetty ,  Theodore Webb, III ,  John Wilson

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L9/3215 ,  H04L2209/56

摘要： Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.

摘要翻译： 公开了用于减少与提供信息处理系统相关联的问题和缺点的系统和方法，包括但不限于与信息处理系统的裸机配置相关联的系统和方法。 系统可以包括处理器，以及每个通信地耦合到处理器的存储器和访问控制器。 访问控制器可以存储与企业私钥相关联的企业公钥和与系统相关联的平台私钥。 访问控制器可以被配置为：（i）至少基于与所述供应服务器相关联的企业公开证书，以及（ii）在所述访问之间建立非对称加密通信信道来认证从提供服务器通信地耦合到所述访问控制器的通信 至少基于与所述平台私钥相关联的平台公钥，所述平台私钥，所述企业公钥和所述企业私钥的所述配置服务器。

公开(公告)号：US20140025947A1

公开(公告)日：2014-01-23

申请号：US13551033

申请日：2012-07-17

申请人： Muhammed Jaber ,  Jon Hass ,  Theodore Webb

发明人： Muhammed Jaber ,  Jon Hass ,  Theodore Webb

IPC分类号： G06F21/24

CPC分类号： G06F21/62 ,  G06F21/572 ,  G06F21/6218 ,  G06F2221/2143

摘要： A computer-implemented method comprises a service processor: establishing a kill switch encryption key (KSEK) to provide data security for data within storage devices of configurable components within a system; automatically encrypting, with the KSEK, data that is written to one of the storage devices; configuring the configurable components to prevent access to the stored data unless a valid copy of the KSEK is received from the service processor along with the request for the data; automatically decrypting, with the KSEK, the KSEK-encrypted data that is read from storage device; and in response to receiving a verified request to decommission the system, performing the decommissioning by deleting/erasing the KSEK from a secure storage at which the only instance of the KSEK is maintained. Deletion of the KSEK results in a permanent loss of access to the stored encrypted data within the system because the stored encrypted data cannot be decrypted without the KSEK.

摘要翻译： 计算机实现的方法包括服务处理器：建立杀死开关加密密钥（KSEK）以为系统内可配置组件的存储设备内的数据提供数据安全性; 使用KSEK自动加密写入其中一个存储设备的数据; 配置可配置组件以防止对存储的数据的访问，除非从服务处理器接收到有效的KSEK副本以及数据的请求; 使用KSEK自动解密从存储设备读取的KSEK加密数据; 并且响应于接收到验证的请求以使系统停止，通过从保持KSEK的唯一实例的安全存储器中删除/擦除KSEK来执行退役。 由于存储的加密数据无法在没有KSEK的情况下被解密，所以删除KSEK导致对系统内存储的加密数据的永久丢失。

公开(公告)号：US07757072B2

公开(公告)日：2010-07-13

申请号：US11466166

申请日：2006-08-22

申请人： Wei Liu ,  Kevin W. Deike ,  Manoj Gujarathi ,  Mukund P. Khatri ,  Charles T. Perusse, Jr. ,  Theodore Webb

发明人： Wei Liu ,  Kevin W. Deike ,  Manoj Gujarathi ,  Mukund P. Khatri ,  Charles T. Perusse, Jr. ,  Theodore Webb

IPC分类号： G06F15/177

CPC分类号： G06F9/4411 ,  G06F8/60

摘要： Installable device drivers may be stored on a partition, e.g., Utility Partition (UP) or other OEM partition, of an original equipment manufacturer (OEM) storage device, e.g., hard disk drive, by associating an INT13h Basic Input-Output System (BIOS) interrupt call, e.g., reading from floppy disk drive a: or drive b: a desired storage device driver during the normal course of installing an operating system (OS), e.g., Microsoft Windows, Linux, BSD, Unix, etc., on the information handling system, e.g., personal computer, server, blade server, storage array, workstation, etc. The run-time loading of a raw floppy image having OS installable drivers residing in the Utility Partition or other hidden partition on the hard disk may be presented as a virtual floppy disk drive to the OS installer, e.g., person (manual) or scripted (automated) process.

摘要翻译： 通过将INT13h基本输入输出系统（BIOS）关联，可安装设备驱动程序可以存储在原始设备制造商（OEM）存储设备（例如硬盘驱动器）的分区上，例如实用程序分区（UP）或其他OEM分区上 ）中断呼叫，例如从软盘驱动器a：或驱动器b读取：在安装操作系统（OS）（例如Microsoft Windows，Linux，BSD，Unix等）的正常过程期间所需的存储设备驱动程序 信息处理系统，例如个人计算机，服务器，刀片服务器，存储阵列，工作站等。具有驻留在实用程序分区中的OS可安装驱动程序或硬盘上其他隐藏分区的原始软盘映像的运行时加载可以 作为虚拟软盘驱动器呈现给操作系统安装程序，例如人（手动）或脚本（自动）过程。

公开(公告)号：US20140068250A1

公开(公告)日：2014-03-06

申请号：US14074940

申请日：2013-11-08

申请人： Muhammed Jaber ,  Sudhir Shetty ,  Theodore Webb, III ,  John Wilson

发明人： Muhammed Jaber ,  Sudhir Shetty ,  Theodore Webb, III ,  John Wilson

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L9/3215 ,  H04L2209/56

摘要： Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.

摘要翻译： 公开了用于减少与提供信息处理系统相关联的问题和缺点的系统和方法，包括但不限于与信息处理系统的裸机配置相关联的系统和方法。 系统可以包括处理器，以及每个通信地耦合到处理器的存储器和访问控制器。 访问控制器可以存储与企业私钥相关联的企业公钥和与系统相关联的平台私钥。 访问控制器可以被配置为：（i）至少基于与所述供应服务器相关联的企业公开证书，以及（ii）在所述访问之间建立非对称加密通信信道来认证从提供服务器通信地耦合到所述访问控制器的通信 至少基于与所述平台私钥相关联的平台公钥，所述平台私钥，所述企业公钥和所述企业私钥的所述配置服务器。

公开(公告)号：US20100100733A1

公开(公告)日：2010-04-22

申请号：US12253838

申请日：2008-10-17

申请人： Muhammed Jaber ,  Sudhir Shetty ,  Theodore Webb, III ,  John Wilson

发明人： Muhammed Jaber ,  Sudhir Shetty ,  Theodore Webb, III ,  John Wilson

IPC分类号： H04L9/14

CPC分类号： H04L9/3263 ,  H04L9/3215 ,  H04L2209/56

摘要： Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.

摘要翻译： 公开了用于减少与提供信息处理系统相关联的问题和缺点的系统和方法，包括但不限于与信息处理系统的裸机配置相关联的系统和方法。 系统可以包括处理器，以及每个通信地耦合到处理器的存储器和访问控制器。 访问控制器可以存储与企业私钥相关联的企业公钥和与系统相关联的平台私钥。 访问控制器可以被配置为：（i）至少基于与所述供应服务器相关联的企业公开证书，以及（ii）在所述访问之间建立非对称加密通信信道来认证从提供服务器通信地耦合到所述访问控制器的通信 至少基于与所述平台私钥相关联的平台公钥，所述平台私钥，所述企业公钥和所述企业私钥的所述配置服务器。

公开(公告)号：US08938626B2

公开(公告)日：2015-01-20

申请号：US13551033

申请日：2012-07-17

申请人： Muhammed Jaber ,  Jon Hass ,  Theodore Webb

发明人： Muhammed Jaber ,  Jon Hass ,  Theodore Webb

IPC分类号： G06F21/00 ,  G06F21/62

CPC分类号： G06F21/62 ,  G06F21/572 ,  G06F21/6218 ,  G06F2221/2143

摘要： A computer-implemented method comprises a service processor: establishing a kill switch encryption key (KSEK) to provide data security for data within storage devices of configurable components within a system; automatically encrypting, with the KSEK, data that is written to one of the storage devices; configuring the configurable components to prevent access to the stored data unless a valid copy of the KSEK is received from the service processor along with the request for the data; automatically decrypting, with the KSEK, the KSEK-encrypted data that is read from storage device; and in response to receiving a verified request to decommission the system, performing the decommissioning by deleting/erasing the KSEK from a secure storage at which the only instance of the KSEK is maintained. Deletion of the KSEK results in a permanent loss of access to the stored encrypted data within the system because the stored encrypted data cannot be decrypted without the KSEK.

摘要翻译： 计算机实现的方法包括服务处理器：建立杀死开关加密密钥（KSEK）以为系统内可配置组件的存储设备内的数据提供数据安全性; 使用KSEK自动加密写入其中一个存储设备的数据; 配置可配置组件以防止对存储的数据的访问，除非从服务处理器接收到有效的KSEK副本以及数据的请求; 使用KSEK自动解密从存储设备读取的KSEK加密数据; 并且响应于接收到验证的请求以使系统停止，通过从保持KSEK的唯一实例的安全存储器中删除/擦除KSEK来执行退役。 由于存储的加密数据无法在没有KSEK的情况下被解密，所以删除KSEK导致对系统内存储的加密数据的永久丢失。