Cryptography – Key management – Having particular key generator
Patent
1994-04-20
1995-05-30
Beausoliel, Jr., Robert W.
Cryptography
Key management
Having particular key generator
380 4, G06F 1100, H04K 100
Patent
active
054210062
ABSTRACT:
A method and device for reliably assessing the integrity of a computer system's software prevents execution of corrupted programs at time of system initialization, enhancing system security. Programs and data comprising the system's trusted software, including all startup processes, are verified before being utilized. Methods to verify the trusted software use a hierarchy of both modification detection codes and public-key digital signature codes. The top-level codes are placed in a protectable non-volatile storage area, and are used by the startup program to verify the integrity of subsequent programs. A trusted initialization program sets a hardware latch to protect the codes in the non-volatile memory from being overwritten by subsequent untrusted programs. The latch is only reset at system restart, when control returns to the bootstrap program. Software reconfiguration is possible with trusted programs that write new top-level codes while the latch is open. The mechanism itself is immune to malicious software attack when the write-protect latch is closed before running untrusted software. Preferred embodiments in an IBM-compatible personal computer uses the reset switch to initiate a trusted path between the user and a program. Damage from certain classes of computer virus and trojan horse attacks is prevented. A system recovery process is described. A related improved method for user authentication uses a read-and -write memory protection latch to prevent access to sensitive authentication data.
REFERENCES:
patent: 4309569 (1982-01-01), Merkle
patent: 4388695 (1983-06-01), Heinemann
patent: 4590552 (1986-05-01), Guttag
patent: 4651323 (1987-03-01), Goodman et al.
patent: 4661991 (1987-04-01), Logemann
patent: 4685056 (1987-08-01), Barnsdale, Jr. et al.
patent: 4698750 (1987-10-01), Wilkie et al.
patent: 4747040 (1988-05-01), Blanset et al.
patent: 4819267 (1989-04-01), Cargile et al.
patent: 4825358 (1989-04-01), Letwin et al.
patent: 4885788 (1989-12-01), Takaragi et al.
patent: 4908861 (1990-03-01), Brachtl et al.
patent: 4930073 (1990-05-01), Cina
patent: 4970504 (1990-11-01), Chen
patent: 4975950 (1990-12-01), Lentz
patent: 5022077 (1991-06-01), Bealkowski et al.
patent: 5050212 (1991-09-01), Dyson
patent: 5073934 (1991-12-01), Matyas et al.
patent: 5121345 (1992-06-01), Lentz
patent: 5138706 (1992-08-01), Melo et al.
patent: 5144659 (1992-09-01), Jones
patent: 5161122 (1992-11-01), Robertson
patent: 5175840 (1992-12-01), Sawase et al.
patent: 5204966 (1993-04-01), Wittenberg et al.
patent: 5265164 (1993-11-01), Matyas et al.
patent: 5278973 (1994-01-01), O'Brien et al.
Intel 386 SL Microprocessor SuperSet Programmer's Reference manual, 1990, ISBN 1-55512-129-2.
Compaq Computer Corporation, Security Standard for Hardware Configuration, pp. 1-6, 1990.
Flowchart of Operations of Computers According to the Security Standard for Hardware Configuraiton.
Chap. 13, Real Time Clock Interface, 386 SL Microprocessor Superset System Design Guide by Intel Corporation, pp. 13-1 to 13-2, 1990.
Using Password Security, Operations Guide for Compaq Deskpro 386s Personal Computer by Compaq Computer Corp., pp. 3-5 to 3-7, 1988.
Hanley Nora E.
Jablon David P.
Beausoliel, Jr. Robert W.
Compaq Computer Corp.
Palys Joseph E.
LandOfFree
Method and apparatus for assessing integrity of computer system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for assessing integrity of computer system , we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for assessing integrity of computer system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-369679