System and method for secure initial program load for diskless workstations

US 5,349,643 A
Filed: 05/10/1993
Issued: 09/20/1994
Est. Priority Date: 05/10/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method executed by a computer system comprised of a client and a server in a network for providing a secure operating system comprisingstoring a shared key at said client;

communicating signals across said network comprising a request including said shared key from said client to said server interconnected by said network for activating said operating system at said client;

authenticating said request at said server;

communicating signals across said network comprising a response from said server to said client in response to said authenticated said request, said response from said server including at least a portion of said operating system;

authenticating said at least a portion of said operating system at said client with said shared key; and

activating said operating system at said client in response to said response from said server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client workstation generates a network request for an initial program load. The request is serviced by a server which preferably includes in the reply to the client the addresses of an authentication server (AS), client, and a secure initial program load server (SECIPL). The client then requests an SECIPL service ticket from the AS, also sending a common identifier known to the AS and the client, preferably stored in the client ROM. This identifier is utilized by the AS to validate the ticket request as originating from a bona fide client, whereupon the ticket is provided by the AS to the client, the SECIPL service ticket is then presented by the client to the SECIPL server which then authenticates that the ticket is bona fide and was received by the client from the AS. The SECIPL then provides a secure kernel to the client, either encrypted with a key known to the SECIPL and client, or otherwise secured by a cryptographic checksum utilizing a key known to the client and the SECIPL. In this manner, the client workstation is thereby assured that an authenticated boot image has been received through potentially non-secure communication links.

Citations

24 Claims

1. A method executed by a computer system comprised of a client and a server in a network for providing a secure operating system comprisingstoring a shared key at said client;
- communicating signals across said network comprising a request including said shared key from said client to said server interconnected by said network for activating said operating system at said client;
  
  authenticating said request at said server;
  
  communicating signals across said network comprising a response from said server to said client in response to said authenticated said request, said response from said server including at least a portion of said operating system;
  
  authenticating said at least a portion of said operating system at said client with said shared key; and
  
  activating said operating system at said client in response to said response from said server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein said authenticating said request is a precondition to said communicating said response.
  - 3. The method of claim 1 further including the step of authenticating at said client said response from said server.
  - 4. The method of claim 3 wherein said authenticating said response is a precondition to said activating said operating system.
  - 5. The method of claim 1 wherein said response from said server comprises said at least a portion of said operating system encrypted prior to said communicating said response and decrypted prior to said activating said operating system.
  - 6. The method of claim 5 wherein said operating system is decrypted and encrypted by said client and said server, respectively.
  - 7. The method of claim 1 wherein said response further comprises a cryptographic checksum of said at least a portion of said operating system verifiable by said client.

8. A method executed by a computer system for providing a secure operating environment at a client station, comprisingstoring a service key at a secure boot server;
- generating a request for a secure boot image from said client to a boot server;
  
  receiving a response from said boot server by said client;
  
  communicating a request encoded by a key known by said client and an authentication server, corresponding in part to said boot server response, by said client to said authentication server for a token for said secure boot image comprised of at least said service key and a shared key;
  
  storing said shared key at said client;
  
  communicating said token from said authentication server to said client in response to said request;
  
  communicating said token from said client to said secure boot server;
  
  verifying said token with said service key at said secure boot server;
  
  communicating to said client from said secure boot server, in response to said verifying, at least a portion of an operating system authenticatable by said client with said shared key;
  
  authenticating said at last a portion of said operating system by said client with said shared key; and
  
  executing by said client said at least a portion of said operating system in response to said authenticating.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8 wherein said response from said boot server includes an address of said boot server.
  - 10. The method to claim 9 wherein said response from said boot server further includes an address of said authentication server.
  - 11. The method of claim 10 wherein said request by said client to said authentication server includes a unique principal name of said boot server known to said client and to said authentication server and stored in non-volatile memory of said client.

12. A method executed by a computer system including at least one client workstation interconnected to a network for providing an authenticated operating system at said client workstation comprisingspecifying a first key, a service key, and a shared key;
- transmitting onto said network a first request from said client workstation for an operating environment;
  
  authenticating said first request received from said network with said first key;
  
  transmitting a token corresponding to said first key, said service key and said shared key onto said network, and to said client in response to said authenticating said receiving first request;
  
  transmitting onto said network a second request functionally related to said token from said client workstation for said operating environment;
  
  authenticating said second request received from said network with said service key;
  
  transmitting information at least partially encrypted with said shared key onto said network and to said client workstation in response to said authenticating said received second request;
  
  decrypting said at least partially encrypted information at said client with said shared key; and
  
  executing said operating environment at said client workstation in response to said decrypting of said at least partially encrypted information.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12 wherein said authenticating said received first request is by an authorization server attached to said network.
  - 14. The method of claim 13 wherein said token is transmitted from said authentication server.
  - 15. The method of claim 13 wherein said authenticating said received second request is by a secure initial program load (SECIPL) server attached to said network.
  - 16. The method of claim 15 wherein said at least partially encrypted information is transmitted from said SECIPL server to said client workstation.
  - 17. The method of claim 16 wherein said at least partially encrypted information comprises at least part of an encrypted operating system decryptable by said client workstation.
  - 18. The method of claim 16 wherein said at least partially encrypted information comprises a cryptographic checksum, decryptable by said client, of at least a part of an operating system transmitted from said SECIPL server to said client.

19. A system for providing a secure operating system for a client in a network environment, comprisingauthentication server means interconnected to said network for authenticating a request from said client for said operating system and providing to said client an indicator of authenticating;
- secure program load server means interconnected to said network for determining said client has received said indicator and transmitting encrypted data including at least a portion of an operating system on said network to said client in response to said determining; and
  
  said network to said client in response to said determining; and
  
  client workstation means interconnected to said network for executing said secure operating system in response to unencrypting of said data by said client.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19 wherein said client workstation means includes means for transmitting said request onto said network.
  - 21. The system of claim 20 wherein said client workstation means further includes means for receiving said indicator from said network.
  - 22. The system of claim 21 wherein said client means further includes means for transmitting on said network to said secure program load means information in response to said client workstation means receiving said indicator, from which said determining by said secure program load means is performed.
  - 23. The system of claim 19 wherein said encrypted data is a cryptographic checksum corresponding to said operating system.

24. A system for providing a secure operating system for a client in a network environment, comprisingauthentication server means interconnected to said network for authenticating a request from said client for said operating system and providing to said client an indicator of authenticating;
- secure program load server means interconnected to said network for determining said client has received said indicator and transmitting at least a portion of an operating system and a cryptographic checksum of said portion of said operating system on said network to said client in response to said determining; and
  
  client workstation means interconnected to said network for executing said secure operating system in response to authenticating said portion of said operating system with said cryptographic checksum by said client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Mott, James M., Cox, James O.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/058,842
Time in Patent Office

498 Days
Field of Search

380/4, 380/25, 380/49, 340/825.34
US Class Current

713/155
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/33   using certificates

G06F 21/575   Secure boot

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/1097   Boot, Start, Initialise, Power

G06F 2221/2151   Time stamp

G06F 9/4416   Network booting; Remote ini...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

System and method for secure initial program load for diskless workstations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure initial program load for diskless workstations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links