APPROACHES FOR FIRMWARE TO TRUST AN APPLICATION

US 20120266259A1
Filed: 04/13/2011
Published: 10/18/2012
Est. Priority Date: 04/13/2011
Status: Active Grant

First Claim

Patent Images

1. A machine-readable medium storing one or more sequences of instructions, which when executed, cause:

in response to firmware, executing on a device, receiving an indication that an application, executing on the device, is requesting a service provided by the firmware, the firmware obtaining (a) an operating system signature associated with the application and (b) a firmware signature associated with the application,wherein the operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, and wherein the firmware signature is a signature that is used by the firmware to authenticate the application; and

upon the firmware determining that the operating system signature matches the firmware signature, the firmware storing trust data that permits the application to access the service provided by the firmware.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for determining whether firmware should trust an application sufficiently so as to provide a service to the application. Firmware, executing on a device, receives an indication that an application, also executing on the device, is requesting a service provided by the firmware. The firmware obtains (a) an operating system signature associated with the application and (b) a firmware signature associated with the application. The operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, while the firmware signature is a signature that is used by the firmware to authenticate the application. If the firmware determines that the operating system signature matches the firmware signature, then the firmware storing trust data that permits the application to access the service provided by the firmware. The firmware need not calculate a signature based on the in-memory image of the application.

Citations

25 Claims

1. A machine-readable medium storing one or more sequences of instructions, which when executed, cause:
- in response to firmware, executing on a device, receiving an indication that an application, executing on the device, is requesting a service provided by the firmware, the firmware obtaining (a) an operating system signature associated with the application and (b) a firmware signature associated with the application,wherein the operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, and wherein the firmware signature is a signature that is used by the firmware to authenticate the application; and
  
  upon the firmware determining that the operating system signature matches the firmware signature, the firmware storing trust data that permits the application to access the service provided by the firmware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The machine-readable medium of claim 1, wherein the firmware obtains the operating system signature and the firmware signature by extracting the operating system signature and the firmware signature from one or more signed containers embedded in the application.
  - 3. The machine-readable medium of claim 1, wherein the trust data further authorizes the application to access services provided by the firmware for a predetermined length of time or a predetermined number of subsequent service requests.
  - 4. The machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further cause:
    - in response to the firmware receiving a notification from the application that the application is finished using the service provided by the firmware, the firmware deleting the trust data to prevent the application from subsequently accessing the service provided by the firmware.
  - 5. The machine-readable medium of claim 1, wherein the operating system performs a first authentication of the application using the operating system signature, and wherein the firmware performs a second authentication of the application using the operating system signature and the firmware signature.
  - 6. The machine-readable medium of claim 1, wherein the firmware does not create either the operating system signature or the firmware signature.
  - 7. The machine-readable medium of claim 1, wherein if the operating system successfully authenticates the operating system signature, then the operating system allows the application to execute, and wherein if the operating system determines that the operating system signature is not valid or not present, then the operating system does not allow the application to execute.
  - 8. The machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further cause:
    - upon the firmware determining that the firmware signature associated with the application cannot be obtained or is not valid, the firmware determining to not provide the requested service to the application.
  - 9. The machine-readable medium of claim 1, wherein the firmware obtains the operating system signature and the firmware signature by extracting the operating system signature and the firmware signature from one or more signed containers embedded in the application, and wherein the one or more signed containers are signed using X.509 certificates or Unified Extensible Firmware Interface (UEFI) WIN_CERTIFICATE structures.

10. A computer, comprising:
- an application;
  
  an operating system; and
  
  firmware, wherein the firmware is configured to perform;
  
  in response to the firmware receiving an indication that the application is requesting a service provided by the firmware, the firmware obtaining (a) an operating system signature associated with the application and (b) a firmware signature associated with the application, wherein the operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, and wherein the firmware signature is a signature that is used by the firmware to authenticate the application; and
  
  upon the firmware determining that the operating system signature matches the firmware signature, the firmware storing trust data that permits the application to access the service provided by the firmware.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer of claim 10, wherein the firmware obtains the operating system signature and the firmware signature by extracting the operating system signature and the firmware signature from one or more signed containers embedded in the application.
  - 12. The computer of claim 10, wherein the trust data further authorizes the application to access services provided by the firmware for a predetermined length of time or a predetermined number of subsequent service requests.
  - 13. The computer of claim 10, wherein the firmware is further configured to perform:
    - in response to the firmware receiving a notification from the application that the application is finished using the service provided by the firmware, the firmware deleting the trust data to prevent the application from subsequently accessing the service provided by the firmware.
  - 14. The computer of claim 10, wherein the operating system performs a first authentication of the application using the operating system signature, and wherein the firmware performs a second authentication of the application using the operating system signature and the firmware signature.
  - 15. The computer of claim 10, wherein the firmware does not create either the operating system signature or the firmware signature.
  - 16. The computer of claim 10, wherein if the operating system successfully authenticates the operating system signature, then the operating system allows the application to execute, and wherein if the operating system determines that the operating system signature is not valid or not present, then the operating system does not allow the application to execute.
  - 17. The computer of claim 10, wherein the firmware is further configured to perform:
    - upon the firmware determining that the firmware signature associated with the application cannot be obtained or is not valid, the firmware determining to not provide the requested service to the application.
  - 18. The computer of claim 10, wherein the firmware obtains the operating system signature and the firmware signature by extracting the operating system signature and the firmware signature from one or more signed containers embedded in the application, and wherein the one or more signed containers are signed using X.509 certificates or Unified Extensible Firmware Interface (UEFI) WIN_CERTIFICATE structures.

19. A method for firmware to determine whether to provide services to an application, comprising:
- in response to the firmware, executing on a device, receiving an indication that the application, executing on the device, is requesting a service provided by the firmware, the firmware obtaining (a) an operating system signature associated with the application and (b) a firmware signature associated with the application,wherein the operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, and wherein the firmware signature is a signature that is used by the firmware to authenticate the application; and
  
  upon the firmware determining that the operating system signature matches the firmware signature, the firmware storing trust data that permits the application to access the service provided by the firmware.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein the firmware obtains the operating system signature and the firmware signature by extracting the operating system signature and the firmware signature from one or more signed containers embedded in the application.
  - 21. The method of claim 19, wherein the trust data further authorizes the application to access services provided by the firmware for a predetermined length of time or a predetermined number of subsequent service requests.
  - 22. The method of claim 19, further comprising:
    - in response to the firmware receiving a notification from the application that the application is finished using the service provided by the firmware, the firmware deleting the trust data to prevent the application from subsequently accessing the service provided by the firmware.
  - 23. The method of claim 19, wherein the operating system performs a first authentication of the application using the operating system signature, and wherein the firmware performs a second authentication of the application using the operating system signature and the firmware signature.
  - 24. The method of claim 19, wherein the firmware does not create either the operating system signature or the firmware signature.
  - 25. The method of claim 19, wherein if the operating system successfully authenticates the operating system signature, then the operating system allows the application to execute, and wherein if the operating system determines that the operating system signature is not valid or not present, then the operating system does not allow the application to execute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phoenix Technologies EMEA Limited
Original Assignee
Phoenix Technologies Limited (Pharaoh Acquisition LLC)
Inventors
LEWIS, Timothy A.

Granted Patent

US 8,918,907 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/51 at application loading time...

APPROACHES FOR FIRMWARE TO TRUST AN APPLICATION

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

APPROACHES FOR FIRMWARE TO TRUST AN APPLICATION

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links