System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS with Secure Storage, and Authenticating the CPU/OS to a Third Party
First Claim
1. A method for establishing a chain of trust between a subscriber unit and a content provider, the subscriber unit having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, the method comprising:
- submitting a request from the subscriber unit to the content provider, the request specifying a particular content;
generating, at the content provider, a challenge nonce;
returning the challenge nonce from the content provider to the subscriber unit;
forming, at the subscriber unit, an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key and signing the OS certificate using the CPU private key;
passing the OS certificate and the CPU manufacturer certificate from the subscriber unit to the content provider; and
evaluating, at the content provider, the OS certificate and the CPU manufacturer at the content provider to determine whether to reject or fulfill the request.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.
-
Citations
24 Claims
-
1. A method for establishing a chain of trust between a subscriber unit and a content provider, the subscriber unit having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, the method comprising:
-
submitting a request from the subscriber unit to the content provider, the request specifying a particular content;
generating, at the content provider, a challenge nonce;
returning the challenge nonce from the content provider to the subscriber unit;
forming, at the subscriber unit, an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key and signing the OS certificate using the CPU private key;
passing the OS certificate and the CPU manufacturer certificate from the subscriber unit to the content provider; and
evaluating, at the content provider, the OS certificate and the CPU manufacturer at the content provider to determine whether to reject or fulfill the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a system having a subscriber unit and a content provider, in which the subscriber unit has a central processing unit (CPU) and an operating system (OS) and the CPU further includes a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, a computer program architecture stored on one or more computer-readable storage media resident at the subscriber unit and content provider for establishing a chain of trust between the subscriber unit and the content provider, the program comprising:
-
submitting a request from the subscriber unit to the content provider, the request specifying a particular content;
generating, at the content provider, a challenge nonce;
returning the challenge nonce from the content provider to the subscriber unit;
forming, at the subscriber unit, an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key and signing the OS certificate using the CPU private key;
passing the OS certificate and the CPU manufacturer certificate from the subscriber unit to the content provider; and
evaluating, at the content provider, the OS certificate and the CPU manufacturer at the content provider to determine whether to reject or fulfill the request.
-
-
12. A method for associating a level of trust with a user computer by a third party, the user computer having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of an operating system executing on the CPU, the method comprising:
-
establishing a secure connection between the user computer and the third party;
generating, at the third party, a challenge nonce;
transmitting, by the third party, the challenge nonce to the user computer over the secure connection;
signing, by the user computer, an OS certificate and the challenge nonce using the CPU private key;
transmitting, by the user computer, the signed OS certificate and the signed challenge nonce to the third party over the secure connection; and
associating, by the third party, the level of trust for the user computer using the signed OS certificate. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification