PROVISIONING OF OPERATING SYSTEMS TO USER TERMINALS
First Claim
1. A method for provisioning an operating system image from a server to an untrusted user terminal via a data communications network, the method comprising:
- creating a connection to a user terminal of a trusted device having a tamper-resistant storage, wherein the tamper-resistant storage comprises bootloader logic for controlling booting of a user terminal and security data;
booting the user terminal via said bootloader logic on the trusted device;
establishing a connection, under control of the bootloader logic, to the server via the network and authenticating the server using said security data on the trusted device;
receiving an operating system boot image from the server via said connection; and
using the boot image to provision an operating system image from the server p) to the user terminal for executing the operating system at the user terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for provisioning an operating system image from a server (2) to an untrusted user terminal (4) via a data communications network (3). A trusted device (5) such as a pocket USB device has tamper-resistant storage (9) containing bootloader logic, for controlling booting of a user terminal, and security data. On connection of the trusted device (5) to an untrusted user terminal (4), the user terminal is booted via the bootloader logic on the trusted device. Under control of the bootloader logic, a connection is established to the server (2) via the network (3) and the server is authenticated using the security data on the trusted device (5). An operating system boot image is received from the server (2) via this connection. The boot image is used to provision an operating system image from the server (2) to the user terminal (4) for execution of the operating system at the user terminal (4).
48 Citations
21 Claims
-
1. A method for provisioning an operating system image from a server to an untrusted user terminal via a data communications network, the method comprising:
-
creating a connection to a user terminal of a trusted device having a tamper-resistant storage, wherein the tamper-resistant storage comprises bootloader logic for controlling booting of a user terminal and security data; booting the user terminal via said bootloader logic on the trusted device; establishing a connection, under control of the bootloader logic, to the server via the network and authenticating the server using said security data on the trusted device; receiving an operating system boot image from the server via said connection; and using the boot image to provision an operating system image from the server p) to the user terminal for executing the operating system at the user terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A device for controlling provisioning of an operating system image from a server to an untrusted user terminal via a data communications network, the device comprising:
-
a terminal interface for connecting the device to a user terminal; and a tamper-resistant storage containing bootloader logic and security data, wherein when the device to the user terminal is connected to the terminal interface, the bootloader logic is adapted, to execute a method comprising; booting the user terminal; establishing a connection to the server via the network and authenticating the the server using said security data on the trusted device; receiving an operating system boot image from the server via said connection; and using the boot image to provision an operating system image from the server the user terminal for executing the operating system at the user terminal. - View Dependent Claims (17, 18, 19, 20)
-
-
21. An apparatus for provisioning an operating system image to an untrusted user terminal via a data communications network, the apparatus comprising:
-
a server for providing access to the operating system image via the network; and a device for controlling the provisioning of the operating system image from the server to an untrusted user terminal upon connection of the device to the user terminal.
-
Specification