| CPC G06F 21/45 (2013.01) [H04L 9/3263 (2013.01); G06F 2221/2103 (2013.01); G06F 2221/2141 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
receiving from a user a request to start a secure session with an information handling system to gain access to an account via a last resort access process;
requesting from the user an entity identifier, which is a unique identifier associated with a secure platform private key stored on a secure platform associated with the information handling system, and a client nonce value;
responsive to receiving from the user the client nonce value and the entity identifier, in which the entity identifier was obtained by the user following authentication to a last resort access keys storage maintained by a provider that was involved in a last resort access initialization process that established an asymmetric key pair comprising the secure platform private key and a secure platform public key, in which an encrypted form of the secure platform public having been encrypted using a public key of the user is stored in the last resort access keys storage, responding with a secure platform nonce value and an authentication challenge code; and
responsive to receiving from the user a session code generated by the provider, the authentication challenge code in an encrypted form having been encrypted using the secure platform public key of the user, and the entity identifier:
using the session code to authorize usage of secure platform private key corresponding to the entity identifier;
using the secure platform private key to decrypt the authentication challenge code in encrypted form;
responsive to the decrypted authentication challenge code matching the authentication challenge code, granting the secure session for the user; and
responsive to the decrypted authentication challenge code not matching the authentication challenge code, denying the secure session for the user.
|