US 12,355,878 B2
Secret management in distributed systems through onboarding
Eric Joseph Bruno, Shirley, NY (US); Bradley K. Goodman, Nashua, NH (US); and Joseph Caisse, Burlington, MA (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Aug. 31, 2023, as Appl. No. 18/459,100.
Prior Publication US 2025/0080344 A1, Mar. 6, 2025
Int. Cl. H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0894 (2013.01) [H04L 9/0891 (2013.01); H04L 9/3073 (2013.01); H04L 9/3265 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for managing a secret in a distributed system, the method comprising:
identifying, by an orchestrator tasked with managing an endpoint device, a recovery for the secret to the endpoint device;
based on the identified recovery for the secret and by the orchestrator:
obtaining a symmetric key retained in a storage system that:
is separate from the orchestrator and, that
comprises an access management system that restricts access to the symmetric key;
obtaining a public key of a device keypair maintained by the endpoint device;
decrypting an encrypted copy of the secret using the symmetric key to obtain the secret, the encrypted copy of the secret being obtained by the orchestrator from an ownership voucher used by the orchestrator to onboard a second endpoint device that maintained the secret;
re-encrypting the secret using the public key to obtain a re-encrypted secret; and
restoring the secret to the endpoint device using the re-encrypted secret.