Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020222774 - STORAGE OF NETWORK CREDENTIALS

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

What is Claimed is:

1. A computing apparatus, comprising:

a processor;

a first memory to store an operating system of the computing apparatus, wherein the operating system is to, responsive to power-on of the computing apparatus:

access an agent application in the first memory;

provision a wireless network credential using the agent application; and encrypt the wireless network credential using the agent application; and a second memory to store firmware for initiating the computing apparatus;

a third memory; and

a controller communicatively coupled to the first memory, the second memory, and the third memory, wherein the firmware is to, in response to receiving the encrypted wireless network credential from the first memory, store the encrypted wireless network credential in the third memory.

2. The computing apparatus of claim 1, wherein the operating system is to provision the agent application by a user with administrative privileges.

3. The computing apparatus of claim 1, wherein third memory is a flash memory.

4. The computing apparatus of claim 1, wherein the operating system is to execute instructions in the first memory to:

in response to receipt of a personal identifier, protect access to a subset of encryption keys used to encrypt the wireless network credential;

create the subset of encryption keys and store data indicative of the subset of encryption keys on the first memory; and

send the data indicative of the subset of encryption keys to the second memory.

5. The computing apparatus of claim 1, wherein the operating system is to access the agent application at boot-up of the operating system.

6. The computing apparatus of claim 1, wherein the operating system is to:

in response to receipt of a subset of encryption keys used to encrypt the wireless network credential from a storage location remote to the first memory, send data indicative of the subset of encryption keys to the second memory.

7. A non-transitory computer-readable storage medium comprising instructions that when executed cause a computing apparatus to:

provision, using an agent application installed on the computing apparatus, a wireless network credential;

encrypt, using the agent application, the wireless network credential;

responsive to a reboot of the computing apparatus, transfer the encrypted wireless network credential to firmware of the computing apparatus; and

store the encrypted wireless network credential, during reboot of the computing apparatus and using the firmware.

8. The non-transitory computer-readable storage medium of claim 7, wherein the wireless network credential is encrypted using:

a first key to sign provisioning commands to enable the agent application to transfer data to the firmware;

a second key to remove and deactivate the agent application from the computing apparatus; and

a third key to encrypt and decrypt a wireless network credential that is exchanged between an operating system of the computing apparatus and the firmware.

9. The non-transitory computer-readable storage medium of claim 8, including instructions that when executed cause the computing apparatus to:

encrypt an activation command with the first key and send the encrypted activation command to the firmware to activate the agent application;

provide an authorization value to the agent application to protect the third key; and responsive to receipt, by the agent application, of the authorization value, create the third key to transfer the encrypted wireless network credential to the firmware.

10. The non-transitory computer-readable storage medium of claim 8, including instructions that when executed cause the computing apparatus to:

responsive to receipt by the agent application, from the firmware, of an authorization value to protect the third key, create the third key to include the authorization value as a signature to protect the third key.

11. The non-transitory computer-readable storage medium of claim 7, including instructions that when executed cause the computing apparatus to, responsive to a reboot of the computing apparatus:

request access to a wireless network;

retrieve the encrypted wireless network credential; and

decrypt the wireless network credential.

12. A non-transitory computer-readable storage medium comprising instructions that when executed cause a computing apparatus to:

store a wireless network credential for the computing apparatus, in memory of a controller in the computing apparatus;

responsive to receipt of a request from an agent application installed on an operating system of the computing apparatus to update the wireless network credential, access an encrypted wireless network credential stored in the memory of the controller;

decrypt the encrypted wireless network credential; and

apply the decrypted wireless network credential to the operating system of the computing apparatus for access to a wireless communications network.

13. The non-transitory computer-readable storage medium of claim 12, wherein the agent application is to execute in the operating system of the computing apparatus and firmware is to execute in a system management mode driver of the computing apparatus.

14. The non-transitory computer-readable storage medium of claim 13, including instructions that when executed cause the computing apparatus to:

responsive to receipt by the system management mode driver of a request to update the wireless network credential, retrieve the wireless network credential;

send the wireless network credential to the agent application; and

decrypt the wireless network credential using the agent application.

15. The non-transitory computer-readable storage medium of claim 14, including instructions that when executed cause the computing apparatus to:

connect to the wireless communications network responsive to decrypting the wireless network credential and in accordance with a network credential update policy.