The present disclosure relates generally to information handling systems, and more particularly to a system for sharing credentials for pre-boot authentication.
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Some information handling systems such as, for example, mobile computing systems, desktop computing systems, and/or other computing systems known in the art, include security systems that utilize credential authentication for gaining access to computing system functionality. For example, computing systems that utilize the MICROSOFT® WINDOWS® 10 operating system may include a biometric credential authentication system such as a fingerprint credential reader that operates with a fingerprint management application to allow a user to provide a finger scan for authentication to access the operating system. However, the use of such operating system biometric credential authentication systems can raise some issues. For example, the fingerprint management application provided in the WINDOWS® 10 operating system does not provide native support for pre-boot authentication, and thus conventional systems do not allow a fingerprint credential provided to the fingerprint management application for use in authenticating to the operating system to be used for authentication in a pre-boot environment.
In previous operating system versions (e.g., WINDOWS® 8), is was possible to provide a third party application to enroll and authenticate fingerprint credentials outside of the fingerprint management application that is native to the operating system, allowing those fingerprint credentials to be used for both operating system and pre-boot authentication. However, the fingerprint authentication application provided in the WINDOWS® 10 operating system has been designated by MICROSOFT® as the only application that may enroll and authenticate a fingerprint credential in a manner that enables full-featured authentication (e.g., authentication using Next Generation Credentials (NGC) proposed by MICRSOFT®). As such, pre-boot authentication (e.g., prior to the decryption and use of the storage system to complete the boot process) must be disregarded and all hardware security left to the operating system, which is undesirable for security reasons, an additional fingerprint credential must be provisioned for authentication in the pre-boot environment, which is undesirable for users who would like to provide a single finger scan to authenticate to their computing devices, or the computing system must operate with non-full-featured authentication (e.g., without the use of NGCs).
Accordingly, it would be desirable to provide a pre-boot authentication credential sharing system.