Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1999-12-10
2004-06-29
Barron, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S002000, C713S175000, C713S176000, C713S190000
Reexamination Certificate
active
06757824
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to computer operating systems, and more particularly to verifying components loaded by an operating system.
COPYRIGHT NOTICE/PERMISSION
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. The following notice applies to the software and data as described below and in the drawings hereto: Copyright © 1997, Microsoft Corporation, All Rights Reserved.
BACKGROUND OF THE INVENTION
More and more content is being delivered in digital form, and more and more digital content is being delivered online over private and public networks, such as Intranets, the Internet and cable TV networks. For a client, digital form allows more sophisticated content, while online delivery improves timeliness and convenience. For a publisher, digital content also reduces delivery costs. Unfortunately, these worthwhile attributes are often outweighed in the minds of publishers by the corresponding disadvantage that online information delivery makes it relatively easy to obtain pristine digital content and to pirate the content at the expense and harm of the publisher.
To prevent their content from being stolen or misused, content providers will download content only to trusted software, and therefore only to subscriber computers that can prove that the software executing on the subscriber computer is trusted. This trust concept is predicated on having a trusted operating system executing on the computer, which, by its nature, only loads trusted components and provides some kind of secure storage. The problem then becomes one of identifying an operating system with such peculiarity that the content provider can make an intelligent decision whether to trust its content to the operating system.
The related application titled “System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS with Secure Storage, and Authenticating the CPU/OS to a Third Party” discloses one embodiment of a unique operating system identifier that is a cryptographic digest of all the software components loaded by the operating system. However, computers contain a myriad different hardware components, and the corresponding supporting software components are frequently updated to add enhancements and fix problems, resulting in a virtually unlimited number of operating system identities. While the content provider can maintain a list of those identities it trusts, or delegate the maintenance of such a list to a third-party, what is needed in the art is a way to reduce the number of trusted operating system identities without limiting the choices of software components available to a user.
SUMMARY OF THE INVENTION
The above-mentioned shortcomings, disadvantages and problems are addressed by the present invention, which will be understood by reading and studying the following specification.
Each software component loaded for a verified operating system on a client computer must satisfy a set of boot rules for a boot certificate. The appropriate boot certificate is selected by the user or by default upon each boot of the computer. A verified operating system identifier is created from the boot certificate. The boot certificate is published and signed by a boot authority that attests to the validity of the operating system booted under the boot certificate. Each software component for the operating system is associated with a component certificate published and signed by the same boot authority that signed the boot certificate. The boot rules determine the validity of the software component based on the contents of the component and boot certificates.
The client computer transmits the verified operating system identity and the boot certificate to a server computer, such as a content provider, and the content provider determines whether to trust the verified operating system with its content. Downloaded data is secured on permanent storage through a key derived from the verified operating system identifier. The boot certificate, component certificates, and secured content define the boot domain.
A combination of two or more boot components can be used to boot a verified operating system. Updating of the boot and component certificates, the underlying components, and the changing of the verified operating system identity and its affect on the boot domain are also described.
Because a content provider must only decide which boot authorities, and which boot certificates from those authorities, to trust, the content provider must keep track of only a small number of identities. The client computer is restricted only in that components loaded into a verified operating system must be attested to by one of the boot authorities trusted by the content provider. The client computer can operate under an unverified operating system but data stored under a verified boot domain will not be accessible.
The present invention describes systems, clients, servers, methods, and computer-readable media of varying scope. In addition to the aspects and advantages of the present invention described in this summary, further aspects and advantages of the invention will become apparent by reference to the drawings and by reading the detailed description that follows.
REFERENCES:
patent: 4827508 (1989-05-01), Shear
patent: 4969189 (1990-11-01), Ohta et al.
patent: 4977594 (1990-12-01), Shear
patent: 5023907 (1991-06-01), Johnson et al.
patent: 5050213 (1991-09-01), Shear
patent: 5140634 (1992-08-01), Guillou et al.
patent: 5276311 (1994-01-01), Hennige
patent: 5335334 (1994-08-01), Takahashi et al.
patent: 5410598 (1995-04-01), Shear
patent: 5473690 (1995-12-01), Grimonprez et al.
patent: 5473692 (1995-12-01), Davis
patent: 5491827 (1996-02-01), Holtey
patent: 5544246 (1996-08-01), Mandelbaum et al.
patent: 5557518 (1996-09-01), Rosen
patent: 5654746 (1997-08-01), McMullan, Jr. et al.
patent: 5664016 (1997-09-01), Preneel et al.
patent: 5671280 (1997-09-01), Rosen
patent: 5721781 (1998-02-01), Deo et al.
patent: 5745886 (1998-04-01), Rosen
patent: 5757919 (1998-05-01), Herbert et al.
patent: 5796824 (1998-08-01), Hasebe et al.
patent: 5812662 (1998-09-01), Hsu et al.
patent: 5812980 (1998-09-01), Asai
patent: 5841869 (1998-11-01), Merklin et al.
patent: 5872847 (1999-02-01), Boyle et al.
patent: 5892900 (1999-04-01), Ginter
patent: 5892902 (1999-04-01), Clark
patent: 5892904 (1999-04-01), Atkinson et al.
patent: 5910987 (1999-06-01), Ginter et al.
patent: 5915019 (1999-06-01), Ginter et al.
patent: 5917912 (1999-06-01), Ginter et al.
patent: 5919257 (1999-07-01), Trostle
patent: 5920861 (1999-07-01), Hall et al.
patent: 5933498 (1999-08-01), Schneck et al.
patent: 5940504 (1999-08-01), Griswold
patent: 5943422 (1999-08-01), Van Wie et al.
patent: 5944821 (1999-08-01), Angelo
patent: 5949876 (1999-09-01), Ginter et al.
patent: 5953502 (1999-09-01), Helbig, Sr.
patent: 5958050 (1999-09-01), Griffin et al.
patent: 5963980 (1999-10-01), Coulier et al.
patent: 5982891 (1999-11-01), Ginter et al.
patent: 5991399 (1999-11-01), Graunke et al.
patent: 5991876 (1999-11-01), Johnson et al.
patent: 6006332 (1999-12-01), Rabne et al.
patent: 6009274 (1999-12-01), Fletcher et al.
patent: 6009401 (1999-12-01), Horstmann
patent: 6026166 (2000-02-01), LeBourgeois
patent: 6032257 (2000-02-01), Olarig et al.
patent: 6038551 (2000-03-01), Barlow et al.
patent: 6073124 (2000-06-01), Krishnan et al.
patent: 6092189 (2000-07-01), Fisher et al.
patent: 6105137 (2000-08-01), Graunke et al.
patent: 6112181 (2000-08-01), Shear et al.
patent: 6118873 (2000-09-01), Lotspiech et al.
patent: 6138119 (2000-10-01), Hall et al.
patent: 6148387 (2000-11-01), Galasso et al.
patent: 6148402 (2000-11-01), Campbell
patent: 6157721 (2000-12-01), Shear et al.
patent: 6175917 (2001-01-01), Arrow et
Barron Gilberto
Zand Kambiz
LandOfFree
Client-side boot domains and boot rules does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Client-side boot domains and boot rules, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Client-side boot domains and boot rules will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3327887