Method and system for enterprise network single-sign-on by a manageability engine

摘要

A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.

主权项

1. A computing device for logging on to a manageability engine, the computing device comprising:
a memory; a main processor coupled to the memory to execute platform firmware, the platform firmware including a pre-boot authentication module to authenticate a user, wherein the pre-boot authentication module is separate from an operating system of the computing device; and a manageability engine including an out-of-band processor separate from the main processor, wherein the manageability engine is to:
receive, by the out-of-band processor, user authentication credentials from the pre-boot authentication module;open, by the manageability engine, an out-of-band network connection to a key distribution center of an enterprise network;request, by the out-of-band processor independent of the main processor, a key encryption key from the key distribution center via the out-of-band network connection in response to receipt of the user authentication credentials;receive, by the out-of-band processor independent of the main processor, the key encryption key from the key distribution center via the out-of-band network connection; andsecurely store, by the out-of-band processor, the key encryption key.