1. Field of the Invention
The present invention is generally related to user authentication. More particularly, the present invention is related to a method and system for enterprise network single-sign-on using a manageability engine.
2. Description
Intel® Anti-Theft™ Technology for data protection (AT-d) is a platform capability that adds Full Disk Encryption (FDE) to a chipset and its surrounding components. All data on an AT-d-protected drive are encrypted, including OS (Operating System) and user data. Areas that remain unencrypted include manageability engine (ME) metadata and pre-boot authentication metadata areas. Fully encrypting the drive protects sensitive data included in paging and configuring files, and it prevents offline attacker manipulation of system files by a tool kit.
Fully encrypting the drive also presents challenges. For example, the disk drives are off limits to a user until the user is authenticated. Current practices rely on an Operating System (OS) to perform initial authentication, but with FDE, the OS is encrypted, making it difficult to authenticate the user through the OS. Thus, user authentication must occur before any pre-boot service that requires drive access.