Cryptographically signed filesystem

US 20030028761A1
Filed: 07/02/2002
Published: 02/06/2003
Est. Priority Date: 10/20/1999
Status: Active Grant

First Claim

Patent Images

1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:

providing a persistent storage device on said DVR;

providing a bootstrap code on said persistent storage device;

confirming the hash value of said bootstrap code;

wherein if said hash value is not confirmed, then disabling said DVR;

extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;

wherein if said digital signature is verified, then transferring control to said bootstrap code; and

wherein if said digital signature is not verified, then disabling said Dvr;

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system'"'"'s read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader'"'"'s hash value and a digital signature that is unique to the server. A root filesystem object is also created containing operational code and data for the client system'"'"'s functionality. A hash table file is stored in the bootstrap loader that contains the names of each file in the root filesystem along with their corresponding hash values. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The client performs a staged bootup sequence that confirms that the hash value is correct for each of the objects before they are executed. The digital signature of the bootstrap loader is verified. If a hash value or digital signature is incorrect, the client device is disabled or the file deleted or replaced. The server can update a client'"'"'s bootstrap loader and root filesystem at any time through the transmission of slices.

136 Citations

34 Claims

1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:
- providing a persistent storage device on said DVR;
  
  providing a bootstrap code on said persistent storage device;
  
  confirming the hash value of said bootstrap code;
  
  wherein if said hash value is not confirmed, then disabling said DVR;
  
  extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
  
  wherein if said digital signature is verified, then transferring control to said bootstrap code; and
  
  wherein if said digital signature is not verified, then disabling said Dvr;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The process of claim 1, further comprising the steps of:
    - providing a startup software resident in read only memory on said DVR;
      
      wherein said startup software is executed upon bootup of said DVR;
      
      providing a second stage loader software;
      
      wherein said startup software verifies the hash value of said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is valid, then transferring control to said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is not valid, then disabling said DVR; and
      
      wherein said second stage loader confirms the hash value of said bootstrap code.
  - 3. The process of claim 1, further comprising the steps of:
    - providing a root filesystem on said persistent storage device;
      
      providing a hash table file in said bootstrap code on said persistent storage device;
      
      wherein said hash table file contains the valid hash values of each file in said root filesystem; and
      
      performing a scan on each file in said root filesystem to validate that each file name and hash value of each file matches an entry in said hash table file.
  - 4. The process of claim 3, wherein if any files in said root filesystem are found to be invalid, then the invalid files are deleted.
  - 5. The process of claim 3, wherein if any files in said root filesystem are found to be invalid, then the invalid files are replaced with valid copies.
  - 6. The process of claim 2, further comprising the steps of:
    - calculating a hash value for said second stage loader; and
      
      storing said calculated hash value as part of said startup software in said read only memory on said DVR.
  - 7. The process of claim 1, further comprising the steps of:
    - providing means on a server for calculating a hash value for said bootstrap code;
      
      providing means on said server for creating a digital signature for said bootstrap code; and
      
      storing said bootstrap hash value and said bootstrap digital signature as part of said bootstrap code.
  - 8. The process of claim 7, further comprising the step of:
    - updating said DVR with said bootstrap code from said server.
  - 9. The process of claim 3, further comprising the steps of:
    - providing means on a server for creating a hash table file;
      
      providing means on said server for calculating a hash value for each file in said root filesystem;
      
      entering each file'"'"'s file name and hash value in said root filesystem into said hash table file; and
      
      providing means on said server for incorporating said hash table file into a bootstrap code.
  - 10. The process of claim 9, further comprising the step of:
    - updating said DVR with said hash table file and said root filesystem from said server.

11. A process for a cryptographically signed filesystem that ensures that an authorized subset of a central database is replicated in any number of client devices in a computer environment, comprising the steps of:
- providing a central database resident on a server;
  
  wherein said database contains database objects;
  
  calculating hash values for each database object;
  
  wherein each database object has its corresponding hash values stored within said database object;
  
  creating a digital signature for database objects that form a bootstrap code database object;
  
  wherein said digital signature is stored within said bootstrap code database object;
  
  assembling a hash table file for a root filesystem database object and incorporating said hash table file into said bootstrap code database object;
  
  wherein each filename and hash value in said root filesystem is entered in said hash table file;
  
  gathering objects to be replicated into distribution packages called slices;
  
  wherein a slice is a subset of said central database which is relevant to clients within a specific domain;
  
  transmitting slices to a client device; and
  
  accepting said slices on a client device;
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The process of claim 11, wherein said client device assembles said slices into database objects, and wherein said client device stores said database objects onto a persistent storage device.
  - 13. The process of claim 12, further comprising the steps of:
    - confirming the hash value of a bootstrap code database object on said persistent storage device;
      
      wherein if said hash value is not confirmed, then disabling said client device;
      
      extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
      
      wherein if said digital signature is verified, then transferring control to said bootstrap code; and
      
      wherein if said digital signature is not verified, then disabling said client device.
  - 14. The process of claim 13, further comprising the steps of:
    - providing a startup software resident in read only memory on said client device;
      
      wherein said startup software is executed upon bootup of said client device;
      
      providing a second stage loader software;
      
      wherein said startup software verifies the hash value of said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is valid, then transferring control to said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is not valid, then disabling said client device; and
      
      wherein said second stage loader confirms the hash value of said bootstrap code.
  - 15. The process of claim 13, further comprising the steps of:
    - performing a scan on each file in a root filesystem database object on said persistent storage device to validate that each file name and hash value of each file matches an entry in said hash table file.
  - 16. The process of claim 15, wherein if any files in said root filesystem are found to be invalid, then the invalid files are deleted.
  - 17. The process of claim 15, wherein if any files in said root filesystem are found to be invalid, then the invalid files are replaced with valid copies.

18. An apparatus for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising:
- a persistent storage device on said DVR;
  
  a bootstrap code on said persistent storage device;
  
  a module for confirming the hash value of said bootstrap code;
  
  wherein if said hash value is not confirmed, then disabling said DVR;
  
  a module for extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
  
  wherein if said digital signature is verified, then transferring control to said bootstrap code; and
  
  wherein if said digital signature is not verified, then disabling said DVR.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The apparatus of claim 18, further comprising:
    - a startup software resident in read only memory on said DVR;
      
      wherein said startup software is executed upon bootup of said DVR;
      
      a second stage loader software;
      
      wherein said startup software verifies the hash value of said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is valid, then transferring control to said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is not valid, then disabling said DVR; and
      
      wherein said second stage loader confirms the hash value of said bootstrap code.
  - 20. The apparatus of claim 18, further comprising:
    - a root filesystem on said persistent storage device;
      
      a hash table file in said bootstrap code on said persistent storage device;
      
      wherein said hash table file contains the valid hash values of each file in said root filesystem; and
      
      a module for performing a scan on each file in said root filesystem to validate that each file name and hash value of each file matches an entry in said hash table file.
  - 21. The apparatus of claim 20, wherein if any files in said root filesystem are found to be invalid, then the invalid files are deleted.
  - 22. The apparatus of claim 20, wherein if any files in said root filesystem are found to be invalid, then the invalid files are replaced with valid copies.
  - 23. The apparatus of claim 19, further comprising:
    - a module for calculating a hash value for said second stage loader; and
      
      a module for storing said calculated hash value as part of said startup software in said read only memory on said DVR.
  - 24. The apparatus of claim 18, further comprising:
    - means on a server for calculating a hash value for said bootstrap code;
      
      means on said server for creating a digital signature for said bootstrap code; and
      
      a module for storing said bootstrap hash value and said bootstrap digital signature as part of said bootstrap code.
  - 25. The apparatus of claim 24, further comprising:
    - a module for updating said DVR with said bootstrap code from said server.
  - 26. The apparatus of claim 20, further comprising:
    - means on a server for creating a hash table file;
      
      means on said server for calculating a hash value for each file in said root filesystem;
      
      a module for entering each file'"'"'s file name and hash value in said root filesystem into said hash table file; and
      
      means on said server for incorporating said hash table file into a bootstrap code.
  - 27. The apparatus of claim 26, further comprising:
    - a module for updating said DVR with said hash table file and said root filesystem from said server.

28. An apparatus for a cryptographically signed filesystem that ensures that an authorized subset of a central database is replicated in any number of client devices in a computer environment, comprising:
- a central database resident on a server;
  
  wherein said database contains database objects;
  
  a module for calculating hash values for each database object;
  
  wherein each database object has its corresponding hash values stored within said database object;
  
  a module for creating a digital signature for database objects that form a bootstrap code database object;
  
  wherein said digital signature is stored within said bootstrap code database object;
  
  a module for assembling a hash table file for a root filesystem database object and incorporating said hash table file into said bootstrap code database object;
  
  wherein each filename and hash value in said root filesystem is entered in said hash table file;
  
  a module for gathering objects to be replicated into distribution packages called slices;
  
  wherein a slice is a subset of said central database which is relevant to clients within a specific domain;
  
  a module for transmitting slices to a client device; and
  
  a module for accepting said slices on a client device;
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The apparatus of claim 28, wherein said client device assembles said slices into database objects, and wherein said client device stores said database objects onto a persistent storage device.
  - 30. The apparatus of claim 29, further comprising:
    - a module for confirming the hash value of a bootstrap code database object on said persistent storage device;
      
      wherein if said hash value is not confirmed, then disabling said client device;
      
      a module for extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
      
      wherein if said digital signature is verified, then transferring control to said bootstrap code; and
      
      wherein if said digital signature is not verified, then disabling said client device.
  - 31. The apparatus of claim 30, further comprising:
    - a startup software resident in read only memory on said client device;
      
      wherein said startup software is executed upon bootup of said client device;
      
      a second stage loader software;
      
      wherein said startup software verifies the hash value of said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is valid, then transferring control to said second stage loader;
      
      wherein if said second stage loader'"'"'s hash value is not valid, then disabling said client device; and
      
      wherein said second stage loader confirms the hash value of said bootstrap code.
  - 32. The apparatus of claim 30, further comprising:
    - a module for performing a scan on each file in a root filesystem database object on said persistent storage device to validate that each file name and hash value of each file matches an entry in said hash table file.
  - 33. The apparatus of claim 32, wherein if any files in said root filesystem are found to be invalid, then the invalid files are deleted.
  - 34. The apparatus of claim 32, wherein if any files in said root filesystem are found to be invalid, then the invalid files are replaced with valid copies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TiVo Solutions Inc. (Adeia Inc.)
Original Assignee
TiVo Inc. (Adeia Inc.)
Inventors
Platt, David C.

Granted Patent

US 7,409,546 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 21/575   Secure boot

G06Q 20/3678   e-cash details, e.g. blinde...

G11B 2220/2545   CDs

G11B 2220/2562   DVDs [digital versatile dis...

G11B 2220/90   Tape-like record carriers

G11B 27/005   Reproducing at a different ...

G11B 27/032   on tapes G11B27/036, G11B27...

G11B 27/036   Insert-editing

G11B 27/34   Indicating arrangements in...

H04N 21/2407   Monitoring of transmitted c...

H04N 21/25891   being end-user preferences ...

H04N 21/262   Content or additional data ...

H04N 21/4143   embedded in a Personal Comp...

H04N 21/4147   PVR [Personal Video Recorde...

H04N 21/42204   User interfaces specially a...

H04N 21/426   Internal components of the ...

H04N 21/4316   for displaying supplemental...

H04N 21/4532   involving end-user characte...

H04N 21/454   Content or additional data ...

H04N 21/47 : End-user applications

H04N 21/482 : End-user interface for prog...

H04N 5/775 : between a recording apparat...

H04N 5/781 : on disks or drums

H04N 5/782 : on tape

H04N 5/783 : Adaptations for reproducing...

H04N 9/7921 : for more than one processin...

H04N 9/8042 : involving data reduction

H04N 9/8063 : using time division multipl...

H04N 9/8205 : involving the multiplexing ...

View All

Cryptographically signed filesystem

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographically signed filesystem

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links