Method and system for authenticated boot operations in a computer system of a networked computing environment

US 6,684,326 B1
Filed: 03/31/1999
Issued: 01/27/2004
Est. Priority Date: 03/31/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for performing an authenticated boot of a computer system in a networked computing environment, the method comprising:

(a) integrating boot manager services into a power on self test (POST) routine;

(b) providing a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine, including reading an initial program load device list of available boot devices during the BIOS routine, determining whether a selected device of the available boot devices contains an image of an operating system, proceeding to a next device until the image is located, determining whether the image is bootable, proceeding to the next device until the image is bootable, and retrieving a boot record for the image, signing the boot record using a private key for the computer system, and sending the signed boot record to a server system; and

(c) authorizing booting with the selected operating system through authentication by the server system of the digital signature.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system aspects for performing an authenticated boot of a computer system in a networked computing environment are provided. The aspects include integration of boot manager services into a power on self test (POST) routine of a client system. The client system provides a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine. Booting is authorized with the operating system through authentication by a server system of the digital signature.

247 Citations

16 Claims

1. A method for performing an authenticated boot of a computer system in a networked computing environment, the method comprising:
- (a) integrating boot manager services into a power on self test (POST) routine;
  
  (b) providing a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine, including reading an initial program load device list of available boot devices during the BIOS routine, determining whether a selected device of the available boot devices contains an image of an operating system, proceeding to a next device until the image is located, determining whether the image is bootable, proceeding to the next device until the image is bootable, and retrieving a boot record for the image, signing the boot record using a private key for the computer system, and sending the signed boot record to a server system; and
  
  (c) authorizing booting with the selected operating system through authentication by the server system of the digital signature.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising booting the computer system upon receipt of an approved status for the signed boot record from the server system.

3. The method of claim further comprising halting booting of the computer system upon receipt of a disapproved status for the'"'"'signed boot record from the server system.

4. A data processing system with authenticated boot capabilities, the system comprising:
- at least one client system utilizing boot manager services during a power on self test (POST) routine to select an operating system and provide a digital signature for the operating system selected; and
  
  a server system coupled to the at least one client system for verifying the digital signature and approving the selected operating system to provide authentication for the boot operation in the at least one client system.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The system of claim 4, wherein the at least one client system provides a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine.
  - 6. The system of claim 5, wherein the BIOS routine reads an initial program load device list of available boot devices.
  - 7. The system of claim 5, wherein the at least one client system further determines whether a selected device of the available boot devices contains an image of an operating system, and proceeds to a next device until the image is located.
  - 8. The system of claim 7, wherein the at least one client system further determines whether the image is bootable, and proceeds to the next device until the image is bootable.
  - 9. The system of claim 8, wherein the at least one client system provides a digital signature by retrieving a boot record for the image, signing the boot record using a private key for the computer system, and sending the signed boot record to the server system.
  - 10. The system of claim 9, wherein the at least one client system boots upon receipt of an approved status for the signed boot record from the server system.
  - 11. The system of claim 10, wherein the at least one client system halts booting upon receipt of a disapproved status for the signed boot record from the server system.

12. A method for performing an authenticated boot of a computer system in a networked computing environment, the method comprising:
- utilizing digital signature encryption in a client system to encrypt a boot record;
  
  sending the encrypted boot record to a server system; and
  
  determining authentication of the encrypted boot record in the server system to control booting operations in the client system.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein determining authentication of the encrypted boot record further comprises decrypting the encrypted boot record and comparing the decrypted boot record to a list of authorized operating system boot records.
  - 14. The method of claim 13, wherein when the encrypted boot record matches an authorized boot record in the server system, the booting operations proceed in the client system.
  - 15. The method of claim 14, wherein when the encrypted boot record does not match an authorized boot record in the server system, the booting operations are halted in the client system.
  - 16. The method of claim 12, wherein the client system utilize s RSA encryption algorithms for the digital signature encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Cromer, Daryl C., Dayan, Richard A.
Primary Examiner(s)
Lee, Thomas
Assistant Examiner(s)
Cao, Chun

Application Number

US09/282,725
Time in Patent Office

1,763 Days
Field of Search

713/1, 713/2, 713/201, 713/150, 713/156, 380/23, 380/25
US Class Current

713/2
CPC Class Codes

G06F 21/575 Secure boot

H04L 63/123 received data contents, e.g...

Method and system for authenticated boot operations in a computer system of a networked computing environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

247 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticated boot operations in a computer system of a networked computing environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

247 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links