Browse Prior Art Database

Web based token to exchange ontime password

IP.com Disclosure Number: IPCOM000147471D
Original Publication Date: 2007-Mar-16
Included in the Prior Art Database: 2007-Mar-16
Document File: 1 page(s) / 22K

Publishing Venue

Lenovo

Abstract

Web based token to exchange ontime password

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 82% of the total text.

Page 1 of 1

Web based token to exchange ontime password

     The design of the password recovery applications requires a unique "touch" of each computer by an administrator to set a secret before distribution of the system. This secret is used to securely deploy the password reset technology. This reduces the attractiveness of this solution since it reduces the manageability of the product. This secret is used to guarantee that the system is talking to a qualified company server when it logs on and it is used to securely pass data down to the computer without the end user knowing it.

     To solve this problem , the user would go to a secure website For example, a signed ActiveX control could be downloaded. The signature guarantees that it came from the correct site, and the activeX control then sets up a secure connection to valid to a secure internal website. If a TPM is present, and an AIK (Attestation Identity Key) is generated and loaded into the TPM (nonvolatile memory ),the public portion of the EK(Endorsement Key) is sent back from the system to the secure internal website. This website would then encrypt the secret and the AIK with the public EK, locked to TPM PCR (Platform Configuration Register which are registers internal to the TPM) values that only occur early in the boot sequence. The encrypted packet is sent to the system. The system then uses BIOS to decrypt the packet (either through a reboot or a system suspend), reads the se...