US Patent No. 10,169,602


Patent No. 10,169,602
Issue Date January 01, 2019
Title Method For Local Key Management Setup And Recovery
Inventorship Chitrak Gupta, Bangalore (IN)
Rama Rao Bisa, Kandukur (IN)
Sushma Basavarajaiah, Bangalore (IN)
Mukund P. Khatri, Austin, TX (US)
Assignee Dell Products, L.P., Round Rock, TX (US)

Claim of US Patent No. 10,169,602

1. A method in an information handling system (IHS) for local key management setup and recovery, the method comprising:receiving, from a first requesting device, a lock request to secure one or more drives;
in response to receiving the lock request, querying, by a service processor executing a security manager, for one or more key identifiers associated with the first requesting device, wherein the security manager is a module operating on the service processor;
in response to receiving at least one key identifier at the security manager, dynamically, generating, via the service processor, a first public-private key and a first public certificate associated with the at least one key identifier;
automatically transmitting the first public certificate to the first requesting device;
invoking the first public-private key to secure the one or more drives;
encrypting the public-private key to create a recovery key;
generating a recovery certificate associated with the recovery key;
archiving the recovery key and the recovery certificate in one or more of (i) at least one recovery server and (ii) at least one recovery database;
assigning a lifecycle period to the first public-private key, wherein the lifecycle period designates a set time period of existence for the first public-private key and the recovery key;
determining when a remaining period of existence of the first public-private key is within a predetermined time before an end of the lifecycle period;
in response to the remaining period of existence being within the predetermined time, dynamically transmitting a reminder message that the public-private key will be updated;
in response to detecting a manual intervention prior to the expiry of the lifecycle period, providing a temporary period of additional time beyond the lifecycle period to unlock the one or more drives via the first public-private key;
detecting an expiry of the lifecycle period; and in response to detecting the expiry of the lifecycle period, dynamically generating a new public-private key and securing the one or more drives via the dynamically generated new public-private key.