Cryptographically signed filesystem
First Claim
1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:
- providing a persistent storage device on said DVR;
providing a bootstrap code on said persistent storage device;
confirming the hash value of said bootstrap code;
wherein if said hash value is not confirmed, then disabling said DVR;
extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
wherein if said digital signature is verified, then transferring control to said bootstrap code; and
wherein if said digital signature is not verified, then disabling said Dvr;
13 Assignments
0 Petitions
Accused Products
Abstract
A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system'"'"'s read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader'"'"'s hash value and a digital signature that is unique to the server. A root filesystem object is also created containing operational code and data for the client system'"'"'s functionality. A hash table file is stored in the bootstrap loader that contains the names of each file in the root filesystem along with their corresponding hash values. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The client performs a staged bootup sequence that confirms that the hash value is correct for each of the objects before they are executed. The digital signature of the bootstrap loader is verified. If a hash value or digital signature is incorrect, the client device is disabled or the file deleted or replaced. The server can update a client'"'"'s bootstrap loader and root filesystem at any time through the transmission of slices.
136 Citations
34 Claims
-
1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:
-
providing a persistent storage device on said DVR;
providing a bootstrap code on said persistent storage device;
confirming the hash value of said bootstrap code;
wherein if said hash value is not confirmed, then disabling said DVR;
extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
wherein if said digital signature is verified, then transferring control to said bootstrap code; and
wherein if said digital signature is not verified, then disabling said Dvr;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A process for a cryptographically signed filesystem that ensures that an authorized subset of a central database is replicated in any number of client devices in a computer environment, comprising the steps of:
-
providing a central database resident on a server;
wherein said database contains database objects;
calculating hash values for each database object;
wherein each database object has its corresponding hash values stored within said database object;
creating a digital signature for database objects that form a bootstrap code database object;
wherein said digital signature is stored within said bootstrap code database object;
assembling a hash table file for a root filesystem database object and incorporating said hash table file into said bootstrap code database object;
wherein each filename and hash value in said root filesystem is entered in said hash table file;
gathering objects to be replicated into distribution packages called slices;
wherein a slice is a subset of said central database which is relevant to clients within a specific domain;
transmitting slices to a client device; and
accepting said slices on a client device;
- View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising:
-
a persistent storage device on said DVR;
a bootstrap code on said persistent storage device;
a module for confirming the hash value of said bootstrap code;
wherein if said hash value is not confirmed, then disabling said DVR;
a module for extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
wherein if said digital signature is verified, then transferring control to said bootstrap code; and
wherein if said digital signature is not verified, then disabling said DVR. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for a cryptographically signed filesystem that ensures that an authorized subset of a central database is replicated in any number of client devices in a computer environment, comprising:
-
a central database resident on a server;
wherein said database contains database objects;
a module for calculating hash values for each database object;
wherein each database object has its corresponding hash values stored within said database object;
a module for creating a digital signature for database objects that form a bootstrap code database object;
wherein said digital signature is stored within said bootstrap code database object;
a module for assembling a hash table file for a root filesystem database object and incorporating said hash table file into said bootstrap code database object;
wherein each filename and hash value in said root filesystem is entered in said hash table file;
a module for gathering objects to be replicated into distribution packages called slices;
wherein a slice is a subset of said central database which is relevant to clients within a specific domain;
a module for transmitting slices to a client device; and
a module for accepting said slices on a client device;
- View Dependent Claims (29, 30, 31, 32, 33, 34)
-
Specification