Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-10-05
2002-10-08
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S187000
Reexamination Certificate
active
06463535
ABSTRACT:
BACKGROUND
1. Field
The present invention relates to the field of data security. More particularly, this invention relates to a scheme for verifying the integrity of downloaded software.
2. General Background
Computers have become a desirable product for both commercial and personal use, in part due to their versatility. While the purchase price of computers has decreased over the last few years, the total cost of computer ownership has remained generally constant. One reason is that computers need require occasional maintenance to repair or replace faulty hardware, reconfigure corrupted software, or perform other tasks. Normally, computer technicians, at a substantial cost, perform these tasks.
Currently, many companies employ one or more on-site computer technicians to install, support and maintain stand-alone computers. In fact, large companies have established Information Technology (IT) departments that feature computer technicians responsible for servicing thousands of stand-alone computers situated in multiple facilities. Thus, a significant portion of the technician's working time may be spent traveling from one job to another. To reduce overhead costs and improve efficiency, it is desirable to lessen the amount of time spent wasted by computer technicians traveling between jobs or facilities. This may be accomplished by implementing a centralized platform with multiple disk drives from which employees can remotely access information as needed. As a result, the computer technicians can diagnose and service problems with the centralized platform (e.g., drive errors) at one location, and thus, greatly reduce the amount of travel time.
As centralized platforms are adopted by more and more companies, the general architecture of computers may be altered to exclude disk drives, which are the least reliable component of a computer. This computer architecture alteration, however, poses a problem because most computers boot from a local disk drive.
To overcome this problem, a boot procedure of the computer may be modified so that boot software is downloaded over a network. In particular, during its boot sequence, the local platform would access a particular memory location on a disk drive remotely located at the centralized platform and retrieve a boot image from that memory location. The boot image would be downloaded into main memory of the computer and executed during the boot sequence. Unfortunately, there is currently no security scheme to ensure the integrity of the boot image (e.g., check that the software is free from viruses or has not been tampered with before or during download) as well as its authenticity (e.g., check that the boot image originated from its proper source). The present invention provides a scheme that overcomes these security flaws.
SUMMARY OF THE INVENTION
The present invention relates to a method for verifying integrity of information. The information is downloaded to a platform operating in a pre-boot operational state. Thereafter, a determination of whether the information is authorized to be executed by the platform is selectively performed.
REFERENCES:
patent: 4206315 (1980-06-01), Matyas et al.
patent: 4656474 (1987-04-01), Mollier et al.
patent: 4868877 (1989-09-01), Fischer
patent: 5005200 (1991-04-01), Fischer
patent: 5214702 (1993-05-01), Fischer
patent: 5218637 (1993-06-01), Angebaud
patent: 5349643 (1994-09-01), Cox et al.
patent: 5367573 (1994-11-01), Quimby
patent: 5444850 (1995-08-01), Chang
patent: 5465299 (1995-11-01), Matsumoto
patent: 5473692 (1995-12-01), Davis
patent: 5479509 (1995-12-01), Ugon
patent: 5537475 (1996-07-01), Micali
patent: 5568552 (1996-10-01), Davis
patent: 5574915 (1996-11-01), Lemon et al.
patent: 5778070 (1998-07-01), Mattison
patent: 5805706 (1998-09-01), Davis
patent: 5844986 (1998-12-01), Davis
patent: 5919257 (1999-07-01), Trostle
patent: 5935242 (1999-08-01), Madany et al.
patent: 5937063 (1999-08-01), Davis
patent: 5944821 (1999-08-01), Angelo
Schneier, Bruce, “Applied Cryptography: Protocols, Algorithms, and Source Code in C”, Oct. 1995, pp. 574-577.*
Arbaugh et al. A Secure and Reliable Bootstrap Architecture. Dec. 1996.*
Hains, David. LAN Security: Are You Taking It Seriously? International Journal of Information Resource Management vol. 3, issue 4; Bradford; 1992. Abstract.*
Braziller, Clay. Centralized boot systems tackle distributed network security needs. Computing Canada; Willowdale; Sep. 1993. Abstract.*
Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, Source Code in C., 2nd ed. Oct. 1995. section 2.6, pp. 34-41.*
Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Oct. 1995, pp. 574-577, Second Edition.
Blakely , Sokoloff, Taylor & Zafman LLP
Hayes Gail
Intel Corporation
Song Ho S.
LandOfFree
System and method for verifying the integrity and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for verifying the integrity and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for verifying the integrity and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2985491