System and method for verifying the integrity and authorization of software before execution in a local platform

US 6,463,535 B1
Filed: 10/05/1998
Issued: 10/08/2002
Est. Priority Date: 10/05/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

providing information to a platform operating in a pre-boot operational state, the information including (1) an image of a boot application to be executed by the platform during a boot procedure, and (2) a signed manifest separate from the boot application, the signed manifest including (i) a secure hash value that includes a plurality of hash values having a one-to-one correspondence with a plurality of sub-images forming the image of the boot application, (ii) a manifest digital signature that includes the plurality of hash values collectively signed with a private key of a selected signatory, and (iii) a certificate chain;

verifying integrity of the boot application downloaded to the platform; and

upon determining that an authorization check enable flag of the platform is enabled, determining whether the boot application is authorized to be executed by the platform by (1) accessing contents from each digital certificate of the certificate chain to obtain a public key of a signatory, (2) comparing a subject public key within each digital certificate with a public key of the signatory of the manifest digital signature, and (3) authorizing execution of the boot application if the subject public key matches the public key of the signatory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to verify integrity of information and selectively determine whether the information is authorized to be executed by the platform. The information is downloaded to a platform operating in a pre-boot operational state.

Citations

10 Claims

1. A method comprising:
- providing information to a platform operating in a pre-boot operational state, the information including (1) an image of a boot application to be executed by the platform during a boot procedure, and (2) a signed manifest separate from the boot application, the signed manifest including (i) a secure hash value that includes a plurality of hash values having a one-to-one correspondence with a plurality of sub-images forming the image of the boot application, (ii) a manifest digital signature that includes the plurality of hash values collectively signed with a private key of a selected signatory, and (iii) a certificate chain;
  
  verifying integrity of the boot application downloaded to the platform; and
  
  upon determining that an authorization check enable flag of the platform is enabled, determining whether the boot application is authorized to be executed by the platform by (1) accessing contents from each digital certificate of the certificate chain to obtain a public key of a signatory, (2) comparing a subject public key within each digital certificate with a public key of the signatory of the manifest digital signature, and (3) authorizing execution of the boot application if the subject public key matches the public key of the signatory.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the selected signatory is the first source.
  - 3. The method of claim 2, wherein the certificate chain of the signed manifest includes a first digital certificate, the first digital certificate includes a public key of the first source, a public key of an issuer of the first digital certificate and a digital signature of the first digital certificate digitally signed by a second source.
  - 4. The method of claim 3, wherein the certificate chain further includes a second digital certificate, the second digital certificate including a public key of the second source, a public key of an issuer of the second digital certificate and a digital signature of the second digital certificate digitally signed by a third source.
  - 5. The method of claim 2 wherein the integrity of the information is verified by (i) accessing the contents of a first digital certificate of the certificate chain to obtain a public key of the first source, (ii) verifying the manifest digital signature with the public key of the first source, (iii) accessing contents of the signed manifest to obtain the secure hash value, (iv) performing a hash operation on the image of the boot application in accordance with a predetermined hash function, used to produce the secure hash value, to produce a resultant hash value, and (v) comparing the secure hash value with the resultant hash value.
  - 6. The method of claim 5, wherein the integrity of the information is deemed to be maintained if the secure hash value matches the resultant hash value.
  - 7. The method of claim 1 wherein the certificate chain of the signed manifest includes a plurality of successive digital certificates of which a R+1^thdigital certificate includes a public key of a signatory of a digital signature in a R^thdigital certificate, where R is a positive whole number.

8. A platform comprising:
- a processor; and
  
  a persistent storage device in communication with the processor, the persistent storage device including an authorization certificate including a public key of a source downloading a boot image to the platform, an authorization check enable flag to signal a verification function to verify that the source is authorized to download the boot image; and
  
  a verification function being software to be executed by the processor to verify whether the downloaded boot image has been modified, the verification function being configured to receive information from a first source while the platform is in a pre-boot operational state, the information to include (1) an image of a boot application to be executed by the platform during a boot procedure, and (2) a signed manifest separate from the boot application, the signed manifest to include (i) a secure hash value to include a plurality of hash values to have a one-to-one correspondence with a plurality of sub-images to form the image of the boot application, (ii) a manifest digital signature to include the plurality of hash values to be collectively signed with a private key of a selected signatory, and (iii) a certificate chain, and when the authorization check enable flag is enabled, determine. whether the boot application is authorized for execution by the platform by (1) accessing contents from each digital certificate of the certificate chain to obtain a public key of a signatory, (2) comparing a subject public key within each digital certificate with a public key of the signatory of the manifest digital signature, and (3) authorizing execution of the boot application if the subject public key matches the public key of the signatory.
- View Dependent Claims (9, 10)
- - 9. The platform of claim 8, wherein the persistent storage device includes a flash memory.
  - 10. The platform of claim 8, wherein the persistent storage device includes a battery backed random access memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Drews, Paul C.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
SONG, HOSUK

Application Number

US09/166,275
Time in Patent Office

1,464 Days
Field of Search

713/1-2, 713/187-189, 713/200-201, 713/176-177, 713/191
US Class Current

713/176
CPC Class Codes

G06F 21/575   Secure boot

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 9/4416   Network booting; Remote ini...

System and method for verifying the integrity and authorization of software before execution in a local platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for verifying the integrity and authorization of software before execution in a local platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links