| CPC H04L 63/0876 (2013.01) | 16 Claims |
|
1. An Information Handling System (IHS), comprising:
a host processor module configured to host at least one smart device;
a secure control module configured to host a baseboard management controller;
wherein the baseboard management controller comprises at least one processor coupled to at least one memory, the at least one memory having program instructions stored thereon that, upon execution by the at least one processor, cause the baseboard management controller to:
validate identities and determine capabilities of the at least one smart device using Security Protocol and Data Model (SPDM) messages;
send a network access identity inside a secure session to the at least one smart device using at least one SPDM SET_CERTIFICATE message comprising an alias certificate with IEEE 802.1X credentials, the at least one SPDM SET_CERTIFICATE message configured to cause the at least one smart device to store the alias certificate in a free certificate chain slot other than slot zero;
receive a request from the at least one smart device for a secure network connection with security based at least in part on the alias certificate, wherein the secure network connection is requested to be on a controlled port or controlled Network Controller Sideband Interface (NC-SI) channel, and wherein the request includes the network access identity;
determine if the request from the at least one smart device for the secure network connection is approved, based at least in part on performing authentication server functions;
in response to a determination that the request from the at least one smart device for the secure network connection is approved, set the controlled port or controlled NC-SI channel to an authorized state; and
send a message to the at least one smart device indicating that the controlled port or NC-SI channel is authorized for network access by the at least one smart device.
|