METHOD FOR SECURING A COMPUTING DEVICE WITH A TRUSTED PLATFORM MODULE-TPM

US 20120151223A1
Filed: 09/20/2011
Published: 06/14/2012
Est. Priority Date: 09/20/2010
Status: Abandoned Application

First Claim

Patent Images

1. Method for securing, including pre-boot validation, of a computing device with data storage, power-on firmware—

BIOS, and a Trusted Platform Module—

TPM, said method comprising the steps of;

using a TPM to provide full data storage encryption, with the proviso that the OS startup part—

MBR of the data storage may or may not be encrypted;

storing appropriate keys for full data storage encryption in the TPM and requiring that resetting the TPM erases all the keys inside the TPM;

using the TPM and the previously stored keys for verifying the pre-boot integrity of the computing device firmware, in particular the BIOS, and the computing device MBR, and unique IDs of the computing device components used in this method, in particular the TPM, the BIOS and if present a geolocation and mobile data—

GPS/GSM module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products for securing a computing device with data storage, power-on firmware—BIOS, geolocation and mobile data module—GPS/GSM, and a Trusted Platform Module—TPM, including establishing a shared-secret between the BIOS and the TPM, requesting the TPM to generate suitable encryption keys, namely for encrypting the data storage, supplying the user of the computing device suitable keys for external storage, calculating a hash-based message authentication codes over the BIOS, MBR, unique ID of the TPM, unique ID of the GPS/GSM module and unique ID of the BIOS; using user provided password and/or token device; using mobile data messages to secure the device if misplaced.

133 Citations

27 Claims

1. Method for securing, including pre-boot validation, of a computing device with data storage, power-on firmware—
- BIOS, and a Trusted Platform Module—
  
  TPM, said method comprising the steps of;
  
  using a TPM to provide full data storage encryption, with the proviso that the OS startup part—
  
  MBR of the data storage may or may not be encrypted;
  
  storing appropriate keys for full data storage encryption in the TPM and requiring that resetting the TPM erases all the keys inside the TPM;
  
  using the TPM and the previously stored keys for verifying the pre-boot integrity of the computing device firmware, in particular the BIOS, and the computing device MBR, and unique IDs of the computing device components used in this method, in particular the TPM, the BIOS and if present a geolocation and mobile data—
  
  GPS/GSM module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. Method according to claim 1 for securing a computing device with data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said method comprising the steps of;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h1 and h2 with the private part of the endorsement key of the TPM—
      
      respectively s1 and s2; and
      
      storing s1 in the TPM;
      
      supplying the user of the computing device with h1 and s2, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM encrypting KDisk with KMaster, storing the encrypted KDisk in the TPM, disposing of KMaster.
  - 3. Method according to claim 1 for pre-boot validation for securing a computing device with data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said method comprising the steps of;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1′
      
      using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h1′
      
      with the private part of the endorsement key of the TPM—
      
      s1′
      
      ;
      
      the TPM retrieving a previously and similarly calculated HMAC and previously signed with the private part of the endorsement key of the TPM—
      
      s1;
      
      the TPM comparing s1′ and
      
      s1 and if matched continuing the method, otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster and allows the OS to start.
  - 4. Method according to claim 3, further comprising if signalled a component change the steps of:
    - the TPM calculating a hash-based message authentication code HMAC—
      
      h2′
      
      using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h2′
      
      with the private part of the endorsement key of the TPM—
      
      s2′
      
      ;
      
      the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM asking the user to provide the previously calculated, signed and externally stored hash-based message authentication code HMAC—
      
      s2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM comparing s2′ and
      
      s2 and if matched continuing the method, otherwise signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h1 with the private part of the endorsement key of the TPM—
      
      s1″
      
      ;
      
      the TPM comparing s1″ and
      
      s1 and if matched continuing the method, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.
  - 5. Method according to claim 1 for securing a computing device with data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said method comprising the steps of;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      user optionally providing a password, passphrase or pin from the user, herein referred as a password;
      
      user optionally providing an token device;
      
      the TPM storing indication if the user has provided a password, or if the user has provided a token device, or if has provided both—
      
      in TPMflags;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1 over the BIOS, TPMflags, MBR, unique ID of the TPM and unique ID of the BIOS using KOwner, with the proviso of KOwner being previous XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h2 over the BIOS, TPMflags, unique ID of the TPM and unique ID of the BIOS using KOwner, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM signing h1 and h2 with the private part of the endorsement key of the TPM—
      
      respectively s1 and s2; and
      
      storing s1 in the TPM;
      
      supplying the user of the computing device with h1 and s2, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM encrypting KDisk with KMaster;
      
      if the user has provided a token device, storing a first part of the encrypted KDisk in the TPM and storing a second part of the encrypted KDisk in the token device;
      
      if the user has not provided a token device, storing the encrypted KDisk in the TPM;
      
      the TPM disposing of KMaster.
  - 6. Method according to claim 1 for pre-boot validation for securing a computing device with data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said method comprising the steps of;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM retrieving a previously stored indication if the user has provided a password, or if the user has provided a token device, or if has provided both—
      
      TPMflags;
      
      if the necessary token device or password are not provided, stopping the boot process, otherwise continuing the method;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1′
      
      using KOwner over the BIOS, TPMflags, MBR, unique ID of the TPM and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM signing h1′
      
      with the private part of the endorsement key of the TPM—
      
      s1′
      
      ;
      
      the TPM retrieving a previously and similarly calculated HMAC and previously signed with the private part of the endorsement key of the TPM—
      
      s1;
      
      the TPM comparing s1′ and
      
      s1 and if matched continuing the method, otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster, and allows the OS to start.
  - 7. Method according to claim 6, further comprising if signalled a component change the steps of:
    - the TPM calculating a hash-based message authentication code HMAC—
      
      h2′
      
      using KOwner over the BIOS, TPMflags, unique ID of the TPM and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM signing h2′
      
      with the private part of the endorsement key of the TPM—
      
      s2′
      
      ;
      
      the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM asking the user to provide the previously calculated, signed and externally stored hash-based message authentication code HMAC—
      
      s2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM comparing s2′ and
      
      s2 and if matched continuing the method, otherwise signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h1 with the private part of the endorsement key of the TPM—
      
      s1″
      
      ;
      
      the TPM comparing s1″ and
      
      s1 and if matched continuing the method, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.
  - 8. Method according to claim 1 for securing a computing device with data storage, power-on firmware—
    - BIOS, geolocation and mobile data—
      
      GPS/GSM module, and a Trusted Platform Module—
      
      TPM, said method comprising the steps of;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      user optionally providing a password, passphrase or pin from the user, herein referred as a password;
      
      user optionally providing an token device;
      
      the TPM storing indication if the user has provided a password, or if the user has provided a token device, or if has provided both, storing indication if the computing device was reported misplaced or not, with the default value, which corresponds to indicating the computing device has not been misplaced—
      
      in TPMflags.the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h10 over the BIOS, GPS/GSM module firmware, TPMflags, MBR, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS using KOwner, with the proviso of KOwner being previous XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h20 over the BIOS, GPS/GSM module firmware, TPMflags, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS using KOwner, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating two other hash-based message authentication codes HMAC—
      
      h11 and h21, as in h10 and h20, but as if the computing device had been misplaced;
      
      the TPM signing h10, h11, h20 and h21 with the private part of the endorsement key of the TPM—
      
      respectively s10, s11, s20 and s21; and
      
      storing s10 and s11 in the TPM;
      
      supplying the user of the computing device with h10, s20 and s21, for external storage;
      
      the TPM deterministically deriving and storing a key—
      
      Kgsm, from KOwner;
      
      the TPM deterministically deriving a key pair—
      
      Ksig,gsm, from KOwner;
      
      the TPM encrypting h10 with Kgsm, signing the encrypted value with the private part of Ksig,gsm and concatenating the encrypted value with the signed value—
      
      SMSDATA;
      
      supplying the user of the computing device with a file—
      
      FileR comprising the SMSDATA value and the public part of Ksig,gsm, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h10;
      
      the TPM encrypting KDisk with KMaster;
      
      if the user has provided a token device, storing a first part of the encrypted KDisk in the TPM and storing a second part of the encrypted KDisk in the token device;
      
      if the user has not provided a token device, storing the encrypted KDisk in the TPM;
      
      the TPM disposing of KMaster.
  - 9. Method according to claim 8, further comprising, if the computing device is signalled misplaced, the steps of:
    - a central server retrieving the file FileR and the owner password from the user, and thus obtaining SMSDATA, the public part of Ksig.gsm and Kgsm;
      
      the central server sending a message containing h10 encrypted with Kgsm and signed with the private part of Ksig.gsm;
      
      the TPM receiving the message through the GPS/GSM module;
      
      the TPM verifying the signature, continuing if verified;
      
      ignoring the message and stopping if not;
      
      the TPM decrypting h10 with Kgsm, signing h10 with the private part of its endorsement key—
      
      obtaining s10;
      
      the TPM verifying if s10 matches the one stored inside the TPM, continuing if verified;
      
      ignoring the message and stopping if not;
      
      the TPM changes its internal information such that the equipment has been misplaced and starts sending frequent messages with the device location.
  - 10. Method according to claim 9, wherein the frequent messages containing the misplaced computing device location contain the device location encrypted with Kgsm, concatenated with the phone number, if existing, of the GPS/GSM module, signed with the private part of Ksig,gsm, and further comprising the step of:
    - the central server receiving the message and verifying the signature, ignoring the message if not verified;
      
      otherwise recording or notifying, or recording and notifying of the received device location.
  - 11. Method according to claim 10, for marking the computed device as recovered and stopping the central server from recording or notifying the computing device location, further comprising the steps of:
    - the TPM encrypting stop information using Kgsm, concatenating it with the phone number, if existing, of the GPS/GSM module, and signing with the private part of Ksig,gsm;
      
      the central server receiving the message and verifying the signature, ignoring the message if not verified;
      
      otherwise stopping the recordal or notification of the device location.
  - 12. Method according to claim 1 for pre-boot validation for securing a computing device with data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said method comprising the steps of;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM retrieving a previously stored indication if the user has provided a password, or if the user has provided a token device, or if has provided both—
      
      TPMflags;
      
      if the necessary token device or password are not provided, stopping the boot process, otherwise continuing the method;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h10′
      
      using KOwner over the BIOS, GPS/GSM module firmware, TPMflags, MBR, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h20′
      
      using KOwner over the BIOS, GPS/GSM module firmware, TPMflags, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating two other hash-based message authentication codes HMAC—
      
      h11′ and
      
      h21′
      
      , as in h10′ and
      
      h20′
      
      , but as if the computing device had been misplaced;
      
      the TPM signing h10′
      
      , h11′
      
      , h20′ and
      
      h21′
      
      with the private part of the endorsement key of the TPM—
      
      respectively s10′
      
      , s11′
      
      , s20′ and
      
      s21′
      
      ;
      
      the TPM retrieving the previously and similarly calculated HMAC codes and previously signed with the private part of the endorsement key of the TPM—
      
      s10 and s11;
      
      the TPM comparing s10′
      
      with s10,i. if matched continuing the method,ii. then otherwise, the TPM comparing s11′
      
      with s11,1. if matched signaling the computing device has been misplaced and stopping the boot process;
      
      2. otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h10;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster, and allows the OS to start.
  - 13. Method according to claim 12, further comprising if signalled a component change the steps of:
    - the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h10, s20, s21 corresponding to h10′
      
      , s20′
      
      , s21′
      
      ;
      
      the TPM comparing s20′ and
      
      s20 andi. if matched, continuing the method,ii. otherwise, the TPM comparing s21′ and
      
      s21 and1. if matched, signaling the computing device has been misplaced and stopping the boot process,2. otherwise, signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h10 with the private part of the endorsement key of the TPM—
      
      s10″
      
      ;
      
      the TPM comparing s10″ and
      
      s10 and if matched continuing the method, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.

14. A system for securing, including pre-boot validation, of a computing device comprising data storage, power-on firmware—
- BIOS, and a Trusted Platform Module—
  
  TPM, said system comprising data processor means for;
  
  using a TPM to provide full data storage encryption, with the proviso that the OS startup part—
  
  MBR of the data storage may or may not be encrypted;
  
  storing appropriate keys for full data storage encryption in the TPM and requiring that resetting the TPM erases all the keys inside the TPM;
  
  using the TPM and the previously stored keys for verifying the pre-boot integrity of the computing device firmware, in particular the BIOS, and the computing device MBR, and unique IDs of the computing device components used in this system, in particular the TPM, the BIOS and if present a geolocation and mobile data—
  
  GPS/GSM module.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. System according to claim 14 for securing a computing device comprising data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said system comprising data processor means for;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h1 and h2 with the private part of the endorsement key of the TPM—
      
      respectively s1 and s2; and
      
      storing s1 in the TPM;
      
      supplying the user of the computing device with h1 and s2, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM encrypting KDisk with KMaster, storing the encrypted KDisk in the TPM, disposing of KMaster.
  - 16. System according to claim 14 for pre-boot validation for securing a computing device comprising data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said system comprising data processor means for;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1′
      
      using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h1′
      
      with the private part of the endorsement key of the TPM—
      
      s1′
      
      ;
      
      the TPM retrieving a previously and similarly calculated HMAC and previously signed with the private part of the endorsement key of the TPM—
      
      s1;
      
      the TPM comparing s1′ and
      
      s1 and if matched continuing, otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster and allows the OS to start.
  - 17. System according to claim 16, further comprising if signalled a component change, data processor means for:
    - the TPM calculating a hash-based message authentication code HMAC—
      
      h2′
      
      using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h2′
      
      with the private part of the endorsement key of the TPM—
      
      s2′
      
      ;
      
      the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM asking the user to provide the previously calculated, signed and externally stored hash-based message authentication code HMAC—
      
      s2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM comparing s2′ and
      
      s2 and if matched continuing, otherwise signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h1 with the private part of the endorsement key of the TPM—
      
      s1″
      
      ;
      
      the TPM comparing s1″ and
      
      s1 and if matched continuing, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.
  - 18. System according to claim 14 for securing a computing device comprising data storage, power-on firmware—
    - BIOS, geolocation and mobile data—
      
      GPS/GSM module, and a Trusted Platform Module—
      
      TPM, said system comprising data processor means for;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      user optionally providing a password, passphrase or pin from the user, herein referred as a password;
      
      user optionally providing an token device;
      
      the TPM storing indication if the user has provided a password, or if the user has provided a token device, or if has provided both, storing indication if the computing device was reported misplaced or not, with the default value, which corresponds to indicating the computing device has not been misplaced—
      
      in TPMflags.the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h10 over the BIOS, GPS/GSM module firmware, TPMflags, MBR, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS using KOwner, with the proviso of KOwner being previous XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h20 over the BIOS, GPS/GSM module firmware, TPMflags, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS using KOwner, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating two other hash-based message authentication codes HMAC—
      
      h11 and h21, as in h10 and h20, but as if the computing device had been misplaced;
      
      the TPM signing h10, h11, h20 and h21 with the private part of the endorsement key of the TPM—
      
      respectively s10, s11, s20 and s21; and
      
      storing s10 and s11 in the TPM;
      
      supplying the user of the computing device with h10, s20 and s21, for external storage;
      
      the TPM deterministically deriving and storing a key—
      
      Kgsm, from KOwner;
      
      the TPM deterministically deriving a key pair—
      
      Ksig,gsm, from KOwner;
      
      the TPM encrypting h10 with Kgsm, signing the encrypted value with the private part of Ksig,gsm and concatenating the encrypted value with the signed value—
      
      SMSDATA;
      
      supplying the user of the computing device with a file—
      
      FileR comprising the SMSDATA value and the public part of Ksig,gsm, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h10;
      
      the TPM encrypting KDisk with KMaster;
      
      if the user has provided a token device, storing a first part of the encrypted KDisk in the TPM and storing a second part of the encrypted KDisk in the token device;
      
      if the user has not provided a token device, storing the encrypted KDisk in the TPM;
      
      the TPM disposing of KMaster.
  - 19. System according to claim 14 for pre-boot validation for securing a computing device comprising data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said system comprising data processor means for;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM retrieving a previously stored indication if the user has provided a password, or if the user has provided a token device, or if has provided both—
      
      TPMflags;
      
      if the necessary token device or password are not provided, stopping the boot process, otherwise continuing;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h10′
      
      using KOwner over the BIOS, GPS/GSM module firmware, TPMflags, MBR, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h20′
      
      using KOwner over the BIOS, GPS/GSM module firmware, TPMflags, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating two other hash-based message authentication codes HMAC—
      
      h11′ and
      
      h21′
      
      , as in h10′ and
      
      h20′
      
      , but as if the computing device had been misplaced;
      
      the TPM signing h10′
      
      , h11′
      
      , h20′ and
      
      h21′
      
      with the private part of the endorsement key of the TPM—
      
      respectively s10′
      
      , s11′
      
      , s20′ and
      
      s21′
      
      ;
      
      the TPM retrieving the previously and similarly calculated HMAC codes and previously signed with the private part of the endorsement key of the TPM—
      
      s10 and s11;
      
      the TPM comparing s10′
      
      with s10,i. if matched continuing,ii. then otherwise, the TPM comparing s11′
      
      with s11,1. if matched signaling the computing device has been misplaced and stopping the boot process;
      
      2. otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h10;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster, and allows the OS to start.
  - 20. System according to claim 19, further comprising if signalled a component change, data processor means for:
    - the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h10, s20, s21 corresponding to h10′
      
      , s20′
      
      , s21′
      
      ;
      
      the TPM comparing s20′ and
      
      s20 andi. if matched, continuing,ii. otherwise, the TPM comparing s21′ and
      
      s21 and1. if matched, signaling the computing device has been misplaced and stopping the boot process,2. otherwise, signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h10 with the private part of the endorsement key of the TPM—
      
      s10″
      
      ;
      
      the TPM comparing s10″ and
      
      s10 and if matched continuing, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.

21. A computer program product stored on a computer readable medium for securing, including pre-boot validation, of a computing device comprising data storage, power-on firmware—
- BIOS, and a Trusted Platform Module—
  
  TPM, said computer program product comprising program instructions for;
  
  using a TPM to provide full data storage encryption, with the proviso that the OS startup part—
  
  MBR of the data storage may or may not be encrypted;
  
  storing appropriate keys for full data storage encryption in the TPM and requiring that resetting the TPM erases all the keys inside the TPM;
  
  using the TPM and the previously stored keys for verifying the pre-boot integrity of the computing device firmware, in particular the BIOS, and the computing device MBR, and unique IDs of the computing device components used, in particular the TPM, the BIOS and if present a geolocation and mobile data—
  
  GPS/GSM module.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. A computer program product stored on a computer readable medium according to claim 21 for securing a computing device comprising data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said computer program product comprising program instructions for;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h1 and h2 with the private part of the endorsement key of the TPM—
      
      respectively s1 and s2; and
      
      storing s1 in the TPM;
      
      supplying the user of the computing device with h1 and s2, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM encrypting KDisk with KMaster, storing the encrypted KDisk in the TPM, disposing of KMaster.
  - 23. A computer program product stored on a computer readable medium according to claim 21 for pre-boot validation for securing a computing device comprising data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said computer program product comprising program instructions for;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h1′
      
      using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h1′
      
      with the private part of the endorsement key of the TPM—
      
      s1′
      
      ;
      
      the TPM retrieving a previously and similarly calculated HMAC and previously signed with the private part of the endorsement key of the TPM—
      
      s1;
      
      the TPM comparing s1′ and
      
      s1 and if matched continuing, otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h1;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster and allows the OS to start.
  - 24. A computer program product stored on a computer readable medium according to claim 23, further comprising program instructions for, if signalled a component change:
    - the TPM calculating a hash-based message authentication code HMAC—
      
      h2′
      
      using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM signing h2′
      
      with the private part of the endorsement key of the TPM—
      
      s2′
      
      ;
      
      the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h1 using KOwner over the BIOS, MBR, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM asking the user to provide the previously calculated, signed and externally stored hash-based message authentication code HMAC—
      
      s2 using KOwner over the BIOS, unique ID of the TPM and unique ID of the BIOS;
      
      the TPM comparing s2′ and
      
      s2 and if matched continuing, otherwise signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h1 with the private part of the endorsement key of the TPM—
      
      s1″
      
      ;
      
      the TPM comparing s1″ and
      
      s1 and if matched continuing, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.
  - 25. A computer program product stored on a computer readable medium according to claim 21 for securing a computing device comprising data storage, power-on firmware—
    - BIOS, geolocation and mobile data—
      
      GPS/GSM module, and a Trusted Platform Module—
      
      TPM, said computer program product comprising program instructions for;
      
      establishing a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      providing an operating system—
      
      OS installed on said data storage;
      
      enabling the TPM by the operating system, including setting, or resetting, the Owner Password of the TPM;
      
      the OS requesting the TPM to generate an encryption key for the data storage—
      
      KDisk;
      
      the TPM generating the encryption key for the data storage—
      
      KDisk;
      
      the TPM encrypting the data storage with KDisk, but not encrypting an OS startup part—
      
      MBR of the data storage;
      
      supplying the user of the computing device with KDisk, for external storage;
      
      user optionally providing a password, passphrase or pin from the user, herein referred as a password;
      
      user optionally providing an token device;
      
      the TPM storing indication if the user has provided a password, or if the user has provided a token device, or if has provided both, storing indication if the computing device was reported misplaced or not, with the default value, which corresponds to indicating the computing device has not been misplaced—
      
      in TPMflags.the TPM deterministically deriving a key—
      
      KOwner, from the Owner password of the TPM;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h10 over the BIOS, GPS/GSM module firmware, TPMflags, MBR, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS using KOwner, with the proviso of KOwner being previous XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h20 over the BIOS, GPS/GSM module firmware, TPMflags, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS using KOwner, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating two other hash-based message authentication codes HMAC—
      
      h11 and h21, as in h10 and h20, but as if the computing device had been misplaced;
      
      the TPM signing h10, h11, h20 and h21 with the private part of the endorsement key of the TPM—
      
      respectively s10, s11, s20 and s21; and
      
      storing s10 and s11 in the TPM;
      
      supplying the user of the computing device with h10, s20 and s21, for external storage;
      
      the TPM deterministically deriving and storing a key—
      
      Kgsm, from KOwner;
      
      the TPM deterministically deriving a key pair—
      
      Ksig,gsm, from KOwner;
      
      the TPM encrypting h10 with Kgsm, signing the encrypted value with the private part of Ksig,gsm and concatenating the encrypted value with the signed value—
      
      SMSDATA;
      
      supplying the user of the computing device with a file—
      
      FileR comprising the SMSDATA value and the public part of Ksig,gsm, for external storage;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h10;
      
      the TPM encrypting KDisk with KMaster;
      
      if the user has provided a token device, storing a first part of the encrypted KDisk in the TPM and storing a second part of the encrypted KDisk in the token device;
      
      if the user has not provided a token device, storing the encrypted KDisk in the TPM;
      
      the TPM disposing of KMaster.
  - 26. A computer program product stored on a computer readable medium according to claim 21 for pre-boot validation for securing a computing device comprising data storage, power-on firmware—
    - BIOS, and a Trusted Platform Module—
      
      TPM, said computer program product comprising program instructions for;
      
      having previously established a shared-secret between the BIOS and the TPM, such that the shared-secret proves that the BIOS is authenticated and authorised to use the TPM;
      
      having previously provided an operating system—
      
      OS, installed on said data storage;
      
      the TPM retrieving the Owner password of the TPM;
      
      the TPM deterministically deriving a key—
      
      KOwner, from the TPM Owner password;
      
      the TPM retrieving a previously stored indication if the user has provided a password, or if the user has provided a token device, or if has provided both—
      
      TPMflags;
      
      if the necessary token device or password are not provided, stopping the boot process, otherwise continuing;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h10′
      
      using KOwner over the BIOS, GPS/GSM module firmware, TPMflags, MBR, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating a hash-based message authentication code HMAC—
      
      h20′
      
      using KOwner over the BIOS, GPS/GSM module firmware, TPMflags, unique ID of the TPM, unique ID of the GPS/GSM module, and unique ID of the BIOS, with the proviso of KOwner being previously XOR-ed with the user input password if provided;
      
      the TPM calculating two other hash-based message authentication codes HMAC—
      
      h11′ and
      
      h21′
      
      , as in h10′ and
      
      h20′
      
      , but as if the computing device had been misplaced;
      
      the TPM signing h10′
      
      , h11′
      
      , h20′ and
      
      h21′
      
      with the private part of the endorsement key of the TPM—
      
      respectively s10′
      
      , s11′
      
      , s20′ and
      
      s21′
      
      ;
      
      the TPM retrieving the previously and similarly calculated HMAC codes and previously signed with the private part of the endorsement key of the TPM—
      
      s10 and s11;
      
      the TPM comparing s10′
      
      with s10,i. if matched continuing,ii. then otherwise, the TPM comparing s11′
      
      with s11,1. if matched signaling the computing device has been misplaced and stopping the boot process;
      
      2. otherwise signaling a component change for suitable action by the user;
      
      the TPM deterministically deriving a key—
      
      KMaster, from h10;
      
      the TPM decrypting the previously stored description key for the data storage—
      
      KDisk with KMaster.the TPM uses KDisk to decrypt the data storage, disposes of KMaster, and allows the OS to start.
  - 27. A computer program product stored on a computer readable medium according to claim 26, further comprising program instructions for, if signalled a component change:
    - the TPM asking the user to provide the previously calculated and externally stored hash-based message authentication code HMAC—
      
      h10, s20, s21 corresponding to h10′
      
      , s20′
      
      , s21′
      
      ;
      
      the TPM comparing s20′ and
      
      s20 andi. if matched, continuing,ii. otherwise, the TPM comparing s21′ and
      
      s21 and1. if matched, signaling the computing device has been misplaced and stopping the boot process,2. otherwise, signaling an unauthorized action and stopping the boot process;
      
      the TPM signing h10 with the private part of the endorsement key of the TPM—
      
      s10″
      
      ;
      
      the TPM comparing s10″ and
      
      s10 and if matched continuing, otherwise signaling an unauthorized action and stopping the boot process;
      
      resuming the pre-boot validation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Universidade de Lisboa
Original Assignee
Universidade de Lisboa
Inventors
ESTEVES VERISSIMO, Paulo Jorge, CONDE MARQUES, Ricardo Nuno DE PINHO COELHO

Application Number

US13/237,886
Publication Number

US 20120151223A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/575 Secure boot

G06F 21/6218 to a system of files or obj...

METHOD FOR SECURING A COMPUTING DEVICE WITH A TRUSTED PLATFORM MODULE-TPM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

133 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR SECURING A COMPUTING DEVICE WITH A TRUSTED PLATFORM MODULE-TPM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links