Method and system for verifying binding of an initial trusted device to a secured processing system

US 20060090070A1
Filed: 10/21/2004
Published: 04/27/2006
Est. Priority Date: 10/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method of securing a processing system, said processing system including multiple devices that verify the identity of a particular processing system prior to initializing to a functioning state, said method comprising:

first generating a binding of a given one of said devices to said processing system in conformity with system identifying information provided by said processing system and a first private information known only to said given device;

second generating a proof of said binding in conformity with said system identifying information, a second private information known only to said given device, and a unique device identifier;

transmitting said proof of binding from said processing system to a credential provider;

determining at said credential provider whether or not said proof of binding indicates that said generated binding is valid; and

in response to determining that said generated binding is valid, issuing a platform credential for said processing system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for verifying binding of an initial trusted device to a secured processing system binds an initial device or replacement when no binding information is available from another device in the system. A platform credential is issued only when a valid binding is verified, by sending a proof of binding to a credential provider, such as the manufacturer. The method secures against security breaches that can occur when a device is removed from the system during the binding process. The binding information is generated in the device upon installation and includes system identification information so that at each initialization, upon return of binding information from the system to the device, the device can ensure that it is installed in the proper system and abort operation if the system does not match.

40 Citations

View as Search Results

25 Claims

1. A method of securing a processing system, said processing system including multiple devices that verify the identity of a particular processing system prior to initializing to a functioning state, said method comprising:
- first generating a binding of a given one of said devices to said processing system in conformity with system identifying information provided by said processing system and a first private information known only to said given device;
  
  second generating a proof of said binding in conformity with said system identifying information, a second private information known only to said given device, and a unique device identifier;
  
  transmitting said proof of binding from said processing system to a credential provider;
  
  determining at said credential provider whether or not said proof of binding indicates that said generated binding is valid; and
  
  in response to determining that said generated binding is valid, issuing a platform credential for said processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein said second private information includes said first private information.
  - 3. The method of claim 1, further comprising in response to receiving said proof of binding at said credential provider, invalidating an existing credential of said processing system.
  - 4. The method of claim 1, further comprising transmitting said platform credential to said processing system.
  - 5. The method of claim 1, further comprising storing said platform credential on a server, whereby authenticity and security of said processing system can be verified by accessing said platform credential on said server.
  - 6. The method of claim 1, wherein said first generating comprises:
    - hashing said system identifying information with a device-generated secret to produce a hashed result;
      
      signing said hashed result with a device-specific key to produce a signed result; and
      
      binding said given device to said particular system by sending said signed result to another portion of said processing system, whereby said given device will initialize only in said particular system in response to a return and verification of said signed result to said device.
  - 7. The method of claim 6, wherein said second generating comprises:
    - hashing a combination of at least said system identifying information and a unique device identifier; and
      
      signing a result of said hashing with a device-specific key to produce a signed result.
  - 8. The method of claim 1, further comprising:
    - setting a state of said given device to indicate a binding process is in progress prior to performing said binding;
      
      second receiving verification that said proof of binding has been verified by said credential provider;
      
      only in response to receiving said verification, setting said state to indicate said given device is bound.
  - 9. The method of claim 1, further comprising:
    - second determining whether or not said system includes a functioning trusted device;
      
      in response to determining that said system does not include a functioning trusted device, performing said first generating, second generating, transmitting, receiving, determining and issuing.
  - 10. The method of claim 1, further comprising:
    - receiving at a server, a service request indicating that a predecessor of said given device has failed, and wherein said second determining is performed in response to receiving said service request at said server;
      
      in response to determining that said system does not include a functioning trusted device, initiating shipment of said given device as a replacement for said predecessor; and
      
      generating a service record associated with said given device within a database of said server.
  - 11. The method of claim 10, wherein said determining whether or not said generated binding is valid is performed in conformity with information stored in said service record, whereby identity of said given device as said shipped device is verified prior to issuing said platform credential.

12. A system comprising:
- a plurality of devices intercommunicating and constituting a processing system, said devices each including a memory for storing system program instructions and data and a processor for executing said system program instructions, and wherein said system program instructions include program instructions for first generating a binding of a given one of said devices to said processing system in conformity with system identifying information provided by said processing system and a first private information known only to said given device, second generating a proof of said binding in conformity with said system identifying information, a second private information known only to said given device, and a unique device identifier, transmitting said proof of binding from said processing system to a credential provider; and
  
  a credential provider server coupled via a network to said processing system, said credential provider server including a server processor for executing server program instructions and a memory for storing said sever program instructions, and wherein said server program instructions comprise program instructions for receiving said proof of binding at said credential provider, determining at said credential provider whether or not said proof of binding indicates that said generated binding is valid, and in response to determining that said generated binding is valid, issuing a platform credential for said processing system.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein said second private information includes said first private information.
  - 14. The system of claim 12, wherein said server program instructions further comprise program instructions for in response to said receiving, invalidating an existing credential of said processing system.
  - 15. The system of claim 12, wherein said server program instructions further comprise program instructions for transmitting said platform credential to said processing system.
  - 16. The system of claim 12, wherein said server program instructions further comprise program instructions for storing said platform credential on said server, whereby authenticity and security of said processing system can be verified by accessing said platform credential on said server.
  - 17. The system of claim 12, wherein said system program instructions for first generating comprise program instructions for:
    - receiving in said given device, a system-specific identifier associated with a particular system;
      
      hashing said system-specific identifier with a device-generated secret to produce a hashed result;
      
      signing said hashed result with a device-specific key to produce a signed result; and
      
      binding said given device to said particular system by sending said signed result to another portion of said processing system, whereby said given device will initialize only in said particular system in response to a return and verification of said signed result to said device.
  - 18. The system of claim 17, wherein said system program instructions for second generating comprise program instructions for:
    - hashing a combination of at least said system identifying information and a unique device identifier; and
      
      signing a result of said hashing with a device-specific key to produce a signed result.
  - 19. The system of claim 12, wherein said system program instructions further comprise program instructions for:
    - setting a state of said given device to indicate a binding process is in progress prior to performing said binding;
      
      second receiving verification that said proof of binding has been verified by said credential provider;
      
      only in response to receiving said verification, setting said state to indicate said given device is bound.
  - 20. The system of claim 12, wherein said system program instructions further comprise program instructions for:
    - second determining whether or not said system includes a functioning trusted device;
      
      in response to determining that said system does not include a functioning trusted device, executing said system program instructions for first generating, second generating and transmitting.
  - 21. The system of claim 20, wherein said server program instructions further comprise program instructions for:
    - second receiving at said server, a service request indicating that a predecessor of said given device has failed, and wherein said second determining is performed in response to said second receiving at said server;
      
      in response to determining that said system does not include a functioning trusted device, initiating shipment of said given device as a replacement for said predecessor; and
      
      generating a service record associated with said given device within a database of said server.
  - 22. The system of claim 21, wherein said program instructions for determining determine whether or not said generated binding is valid in conformity with information stored in said service record, whereby identity of said given device as said shipped device is verified prior to issuing said platform credential.

23. A computer program product comprising signal-bearing media encoding server program instructions for execution within a server certifying security of a processing system that includes multiple secured devices, said server program instructions comprising program instructions for:
- receiving from said processing system an signed result of a system-specific identifier and a device-specific identifier, signed by a device-specific key;
  
  determining from said signed result, whether or not a valid binding of one of said multiple secured devices has been completed; and
  
  responsive to determining that a valid binding was accomplished, issuing a credential certifying said processing system as secured.

24. A computer program product comprising signal-bearing media encoding program instructions for execution within a processing system that includes multiple secured devices, said program instructions comprising program instructions for:
- receiving in a given one of said devices, a system-specific identifier associated with a particular system;
  
  generating binding information in conformity with information known only to said given device and said received system-specific identifier; and
  
  transmitting information in conformity with said generated binding information to a credential provider, whereby said binding may be validated contingent to issuing a valid platform credential for said processing system.
- View Dependent Claims (25)
- - 25. The computer program product of claim 24, wherein said program instructions further comprise program instructions for:
    - setting a state of said given device to indicate a binding process is in progress prior to performing said binding;
      
      second receiving verification that said proof of binding has been verified by said credential provider;
      
      only in response to receiving said verification, setting said state to indicate said given device is bound.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Bade, Steven A., Challener, David Carroll

Granted Patent

US 7,143,287 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Method and system for verifying binding of an initial trusted device to a secured processing system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for verifying binding of an initial trusted device to a secured processing system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links