System and method for authenticating an operating system
First Claim
1. In a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key, a method comprising:
- forming an OS certificate containing the identity from the software identity register; and
signing the OS certificate using the private key.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authenticating an operating system includes, in accordance with one aspect, a method in a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key. The method comprises forming an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key. In accordance with another aspect, the signed identity is submitted to a recipient to prove an identity of the operating system to the recipient.
286 Citations
52 Claims
-
1. In a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key, a method comprising:
-
forming an OS certificate containing the identity from the software identity register; and
signing the OS certificate using the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computer system having a processor and an operating system (OS), the processor having both a private key of a public/private key pair and a software identity register that holds an identity of the operating system, a method comprising:
-
obtaining the identity of the operating system; and
signing the identity using the processor private key. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a client having a processor and an operating system (OS), the processor having a private key, a manufacturer certificate supplied by a manufacturer of the processor, and a software identity register that holds an identity of the operating system, the client being configured to submit a request over a network;
a computer system having a server to serve content to the client, the computer system being configured to receive the request over the network, generate a challenge nonce, and return the challenge nonce to the client; and
the client being further configured to form an OS certificate containing both the identity from the software identity register and the challenge nonce, and to sign the OS certificate using the private key, the client returning the OS certificate and the processor manufacturer certificate to the computer system for evaluation to determine whether to reject or fulfill the request. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. For execution on a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key, a computer program stored on one or more computer-readable storage media of the computer system;
- the program comprising;
forming an OS certificate containing the identity from the software identity register; and
signing the OS certificate using the processor private key. - View Dependent Claims (27, 28, 29, 30, 31, 32)
- the program comprising;
-
33. In a system having a client and a computer, in which the client has a processor and an operating system (OS) and the processor further includes a private key, a manufacturer certificate supplied by a manufacturer of the processor, and a software identity register that holds an identity of the operating system, a computer program stored on one or more computer-readable storage media resident at the client and computer for establishing a chain of trust between the client and the computer, the program comprising:
-
submitting a request from the client to the computer, the request specifying a particular content;
generating, at the computer, a challenge nonce;
returning the challenge nonce from the computer to the client;
forming, at the client, an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key;
passing the OS certificate and the processor manufacturer certificate from the client to the computer; and
evaluating, at the computer, the OS certificate and the processor manufacturer to determine whether to reject or fulfill the request. - View Dependent Claims (34, 35, 36)
-
-
37. In a computer system having a cryptographic mechanism, an operating system (OS), and a software identity register that holds an identity of the operating system, the cryptographic mechanism having a private key of a pair of private and public keys, a method comprising:
-
obtaining the identity of the operating system; and
signing the identity using the private key of the cryptographic mechanism. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
-
44. One or more computer readable media having stored thereon a plurality of instructions that, when executed in a computer system having a cryptographic mechanism and an operating system (OS), causes the computer system to:
-
form an OS certificate containing an identity of the operating system from a software identity register; and
sign the OS certificate using a private key of a pair of private and public keys of the cryptographic mechanism. - View Dependent Claims (45, 46, 47, 48)
-
-
49. A system comprising:
-
a first processor, wherein the first processor comprises a central processing unit (CPU); and
a second processor having a key pair including a private key and a public key, wherein the private key is to be used by the second processor to sign an identity of an operating system being executed by the first processor. - View Dependent Claims (50, 51, 52)
-
Specification