Computer system apparatus and method for improved assurance of authentication
First Claim
Patent Images
1. A method comprising the steps of:
- initiating the operation of a computer system having trusted computing platform capabilities;
executing code stored accessibly to the computer system to transition the computer system first to a state of presenting a secure virtual machine;
retrieving while in the secure virtual machine state data stored in a platform configuration register;
then locking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated;
initiating authentication of a file while the computer system is in an insecure machine state;
responding to initiation of authentication by transitioning the computer system to a secure machine state;
announcing to a user entry into the secure machine state; and
deriving from the locked data keys for authentication of the file.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system, method of operation, and program product which gives a clear indication to a user when a computer system has transitioned to a trusted state.
-
Citations
12 Claims
-
1. A method comprising the steps of:
-
initiating the operation of a computer system having trusted computing platform capabilities;
executing code stored accessibly to the computer system to transition the computer system first to a state of presenting a secure virtual machine;
retrieving while in the secure virtual machine state data stored in a platform configuration register;
thenlocking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated;
initiating authentication of a file while the computer system is in an insecure machine state;
responding to initiation of authentication by transitioning the computer system to a secure machine state;
announcing to a user entry into the secure machine state; and
deriving from the locked data keys for authentication of the file. - View Dependent Claims (2, 3, 4)
-
-
5. Apparatus comprising:
-
a computer system having a trusted platform module;
memory associated with said computer system for storing code accessibly to said computer system;
code stored in said memory and effective, on execution by said computer system, to cause said computer system on initiation of operation to transition first to a state presenting a secure virtual machine;
said code, when executing on said computer system while in the secure virtual machine state, retrieving data stored in a platform configuration register and then locking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated;
said code, when executing on said computer system while in an insecure state, responding to a user request for initiation of authentication of a file by transitioning the computer system to a secure machine state, announcing to the user entry into the secure machine state, and deriving from the locked data keys for authentication of the file. - View Dependent Claims (6, 7, 8)
-
-
9. Apparatus comprising:
-
a computer readable medium; and
code stored on said medium accessibly to a computer system having trusted computing platform capabilities and effective, when executing on said computer system, to cause the code and the computer system together to;
initiate the operation of the computer system;
transition the computer system first to a state of presenting a secure virtual machine;
retrieve while in the secure virtual machine state data stored in a platform configuration register;
thenlock the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated;
initiate authentication of a file while the computer system is in an insecure machine state;
respond to initiation of authentication by transitioning the computer system to a secure machine state;
announce to a user entry into the secure machine state; and
derive from the locked data keys for authentication of the file. - View Dependent Claims (10, 11, 12)
-
Specification