System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS with Secure Storage, and Authenticating the CPU/OS to a Third Party
First Claim
Patent Images
1. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a software identity register, a method for booting the operating system comprising:
- computing a cryptographic function of at least a portion of the operating system; and
setting the software identity register to a result of the computed cryptographic function if atomic execution of a boot block of the operating system does not fail, and otherwise setting the software identity register to a value indicating that the atomic execution of the boot block failed.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with certain aspects, an operating system is booted for execution on a central processing unit (CPU). An atomic operation is executed, and if the atomic operation completes correctly then a software identity register of the CPU is set to an identity of the operating system.
90 Citations
11 Claims
-
1. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a software identity register, a method for booting the operating system comprising:
-
computing a cryptographic function of at least a portion of the operating system; and
setting the software identity register to a result of the computed cryptographic function if atomic execution of a boot block of the operating system does not fail, and otherwise setting the software identity register to a value indicating that the atomic execution of the boot block failed. - View Dependent Claims (2)
-
-
3. A computer comprising:
-
a memory;
a central processing unit (CPU) coupled to the memory, the CPU having a software identity register;
an operating system stored in the memory, the operating system having a block of code; and
the operating system being booted for execution on the CPU according to a sequence that begins with an atomic operation, wherein in an event that the atomic operation completes correctly, the software identity register is set to the identity of the operating system. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
10. A central processing unit comprising:
-
software identity register;
a boot log; and
processing means to process an atomic operation such that in an event that the atomic operation completes correctly, the software identity register is set to an identity of software code and the identity is appended to the boot log.
-
-
11. For execution on a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a software identity register, a computer program stored on one or more computer-readable storage media of the computer system, the program comprising:
-
executing an atomic operation to set an identity of the operating system into the software identity register of the CPU, wherein in an event that the atomic operation completes correctly, the software identity register contains the identity of the operating system and in an event that the atomic operation fails to complete correctly, the software identity register contains a value other than the identity of the operating system; and
examining a content of the software identity register to verify the identity of the operating system.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsEngland, Paul, Lampson, Butler, Detreville, John
-
Application NumberUS11/615,195Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current380/255CPC Class CodesG06F 21/1011 to devicesG06F 21/445 by mutual authentication, e...G06F 21/57 Certifying or maintaining t...G06F 21/575 Secure bootG06F 2221/2103 Challenge-responseG06F 2221/2113 Multi-level security, e.g. ...G06F 2221/2129 Authenticate client device ...G06F 9/4406 Loading of operating systemG06F 9/468 Specific access rights for ...
