Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1999-01-21
2003-05-06
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S152000
Reexamination Certificate
active
06560706
ABSTRACT:
RELATED APPLICATIONS
This U.S. patent application is related to U.S. patent application Ser. No. 09/166,275 filed Oct. 5,1998 and entitled “A SYSTEM AND METHOD FOR VERIFYING THE INTEGRITY AND AUTHORIZATION OF SOFTWARE BEFORE EXECUTION IN A LOCAL PLATFORM” and U.S. patent application Ser. No. 09/224,003 filed Dec. 31, 1998 and entitled “SECURE TRANSFER OF TRUST IN A COMPUTER SYSTEM.”
FIELD OF THE INVENTION
The invention relates to the field of data security. More particularly, the invention relates to a scheme for verifying the integrity and authority of downloaded code used for boot and pre-boot operations of a system.
BACKGROUND OF THE INVENTION
In order to improve the effectiveness of networked computer systems or other electronic devices, organizations that have many networked devices typically have Information Technology (IT) departments staffed by computer technicians responsible for servicing the computer systems or other electronic devices that belong to the organization. To improve the effectiveness of the IT department, many organizations have a centralized platform that allows the technicians to access other devices on the network to perform maintenance operations. This reduces time wasted by the technicians traveling between jobs or facilities.
One important function included in remote maintenance operations includes the transfer of executable code, including boot code, to a device coupled to the network. Transfer of boot code over a network can also be part of a normal boot operation for networked devices. However, because boot code is the foundation for operation of a computer system or other electronic device, boot code security is an important factor in providing effective operation of an electronic device that receives boot code via a network connection.
Unfortunately, there currently exists no security scheme to ensure integrity of a boot image (e.g., check that the software is free from viruses or has not been tampered with before or during download) as well as authenticity (e.g., check that the boot image originated from an authorized source). Therefore, what is needed is a method and apparatus for ensuring system boot integrity and authorization.
SUMMARY OF THE INVENTION
A method and apparatus for ensuring system boot image integrity and authenticity is described. A first segment of a boot image is received from a remote device. The integrity of the segment is verified. Proper authorization of the segment is determined, at least in part, by a Remote-Boot Authorization Certificate that indicates an authorized source for the first segment of the boot image. If the segment passes the verification and authorization checks, a sequence of instructions represented by the first segment of the boot image is executed.
In one embodiment, a boot image sufficient to boot a networked device is received in several segments. Each segment is subjected to integrity and authorization verification. In one embodiment, the Remote-Boot Authorization Certificate and other parameters used for integrity and authorization verification can be modified by the remote device. The verification mechanism is integrated with a mechanism to configure the Remote-Boot Authorization Certificate.
REFERENCES:
patent: 4405829 (1983-09-01), Rivest et al.
patent: 5050212 (1991-09-01), Dyson
patent: 5287519 (1994-02-01), Dayan et al.
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5454000 (1995-09-01), Dorfman
patent: 5568552 (1996-10-01), Davis
patent: 5680547 (1997-10-01), Chang
patent: 5713009 (1998-01-01), DeRosa, Jr. et al.
patent: 5822565 (1998-10-01), DeRosa, Jr. et al.
patent: 5844986 (1998-12-01), Davis
patent: 5848231 (1998-12-01), Teitelbaum et al.
patent: 5881287 (1999-03-01), Mast
patent: 5919257 (1999-07-01), Trostle
patent: 5999711 (1999-12-01), Misra et al.
patent: 6009524 (1999-12-01), Olarig et al.
patent: 6034832 (2000-03-01), Ichimura et al.
patent: 6061794 (2000-05-01), Angelo et al.
patent: 6067640 (2000-05-01), Akiyama et al.
patent: 6185678 (2001-02-01), Arbaugh et al.
patent: 6189100 (2001-02-01), Barr et al.
Arbaugh et al, “Automated Recovery in a Secure Bootstrap Process”, p. 1-13.*
Dynamic Host Configuration Protocol, Droms, R. Network Working Group, Request for Comments: 1541, Obsoletes: 1531, Category: Standards Track, Oct. 1993, 48 total pages (through [p. 39]).
Carbajal John M.
Dittert Eric R.
Drews Paul C.
Blakely , Sokoloff, Taylor & Zafman LLP
Intel Corporation
Smithers Matthew
LandOfFree
Interface for ensuring system boot image integrity and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Interface for ensuring system boot image integrity and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Interface for ensuring system boot image integrity and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3008087