Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Refreshing Boot Credentials for Computer Disks

IP.com Disclosure Number: IPCOM000201301D
Original Publication Date: 2010-Nov-10
Included in the Prior Art Database: 2010-Nov-10
Document File: 1 page(s) / 63K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

Boot-sector encryption solutions lock disks against unauthorized access. These products currently work using stored credentials. However OS logon solutions use domain credentials. Hence the users may suffer from credential shear that causes problems due to the various parts of a computer system not all using the same credentials. A method for Single Sign On (SSO) is desired. At present solutions use stored credentials in fixed known memory locations on the disk. The software refreshes these credentials at computers logon, after the disk has been unlocked. The current domain credentials cannot be accessed by the disk security product itself, before OS boot, as the OS contains the network code to interact with the domain security server.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 81% of the total text.

Page 01 of 1

(This page contains 01 pictures or other non-text object)

(This page contains 00 pictures or other non-text object)

Refreshing Boot Credentials for Computer Disks

Idea: Peter Chambers, GB-Romsey

Boot-sector encryption solutions lock disks against unauthorized access. These products currently work using stored credentials. However OS logon solutions use domain credentials. Hence the users may suffer from credential shear that causes problems due to the various parts of a computer system not all using the same credentials. A method for Single Sign On (SSO) is desired.

At present solutions use stored credentials in fixed known memory locations on the disk. The software refreshes these credentials at computers logon, after the disk has been unlocked. The current domain credentials cannot be accessed by the disk security product itself, before OS boot, as the OS contains the network code to interact with the domain security server.

A solution is proposed to provide a protocol and proxy entity to allow a simple boot-time client to refresh and validate domain level security credentials without having to boot the OS, which normally provides access to network based security protocols. Therefore the boot software comes with a full network stack which can listen to a broadcast. In the case that the user enters credentials that do not match stale or absent ones then the protocol obtains new credentials form a trusted source associated with the network OS. These can then be u...