Method for securing communications in a pre-boot environment
First Claim
Patent Images
1. A method comprising:
- providing a communication link between a first electronic system and a second electronic system; and
securing the communication link, during a pre-boot operational state prior to completion of booting of an operating system of the first electronic system, to protect integrity of data transferred over the communication link between the first electronic system and the second electronic system.
1 Assignment
0 Petitions
Accused Products
Abstract
Briefly, one embodiment of the present invention relates to a method comprising the act of providing a communication link between a first electronic system and a second electronic system. Prior to booting of an operating system of the first electronic system, the communication link is secured to protect the integrity of data transferred over the communication link.
192 Citations
19 Claims
-
1. A method comprising:
-
providing a communication link between a first electronic system and a second electronic system; and
securing the communication link, during a pre-boot operational state prior to completion of booting of an operating system of the first electronic system, to protect integrity of data transferred over the communication link between the first electronic system and the second electronic system. - View Dependent Claims (2, 3, 4, 5, 6)
determining whether a security association is pre-loaded into the non-volatile memory of the first electronic system; - and
providing the security association to a selected Internet Protocol Security (IPSEC) module, loaded in the non-volatile memory, the IPSEC module, when executed, secures packets of data transferred over the communication link.
-
-
4. The method of claim 3, wherein prior to providing the security association, the method further comprises
determining whether a key management protocol is loaded in the non-volatile memory when the security associated is absent from the first electronic system; - and
negotiating the security association if the key management protocol is loaded in the non-volatile memory.
- and
-
5. The method of claim 4, wherein the determining of the security association further includes
checking whether a keying material is loaded in the non-volatile memory when the key management protocol is absent from the non-volatile memory; -
using the keying material to produce portions of the security association if the keying material is loaded in the non-volatile memory; and
obtaining the keying material from an input device to produce portions of the security association if the keying material is not loaded in the non-volatile memory.
-
-
6. The method of claim 5, wherein the keying material undergoes a hash function to produce a unique security parameter index, the security parameter index being a portion of the security association.
-
7. A layered machine readable medium having embodied thereon a computer program for processing by an electronic system including non-volatile memory, the computer program comprising:
-
a first software layer to establish communications with a remotely located electronic system;
a second software layer to ensure that the communications with the remotely located electronic system are secure; and
a third software layer to control access of information within the non-volatile memory. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A network comprising:
-
a communication link;
a first electronic system coupled to the communication link, the first electronic system to secure the communication link in a pre-boot environment in order to protect integrity of data transferred over the communication link, the pre-boot environment includes a state existing prior to completion of booting of an operating system of the first electronic system; and
a second electronic system coupled to the communication link to transfer data to the first electronic system over the secure communication link. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A network comprising:
-
a communication link;
a first electronic system coupled to the communication link, the first electronic system to secure the communication link in a pre-boot environment in order to protect integrity of data transferred over the communication link, the first electronic system includes a computer that comprises a processor, and a storage device including a non-volatile memory including a communication application and a security communication protocol, the security communication protocol, when executed, produces a packet of information including an Internet Protocol (IP) header, an initialization vector used by a Data Encryption Standard, a payload, a security parameter index being a parameter of a security association and a padding; and
a second electronic system coupled to the communication link to transfer data to the first electronic system over the secure communication link.
-
Specification