Client-side boot domains and boot rules
First Claim
1. A computerized method for establishing a boot domain on a client computer comprising:
- selecting a boot certificate associated with the boot domain;
creating a verified operating system identity from the boot certificate; and
loading each one of a plurality of operating system components in accordance with a set of boot rules based on the boot certificate, wherein each of the plurality of operating system components is associated with a component certificate and the set of boot rules comprises;
verifying that each component certificate is signed by a boot authority that issued the boot certificate;
verifying that each component certificate is valid as of an issue date for the boot certificate; and
verifying that each component is not listed in a revocation list associated with the boot certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
Each software component loaded for a verified operating system on a client computer must satisfy a set of boot rules for a boot certificate. A verified operating system identifier is created from the boot certificate. The boot certificate is published and signed by a boot authority that attests to the validity of the operating system booted under the boot certificate. Each software component for the operating system is associated with a component certificate published and signed by the same boot authority that signed the boot certificate. The boot rules determine the validity of the software component based on the contents of the component and boot certificates. The client computer transmits the verified operating system identity and the boot certificate to a server computer, such as a content provider, and the content provider determines whether to trust the verified operating system with its content. Downloaded data is secured on permanent storage through a key derived from the verified operating system identifier. The boot certificate, component certificates, and secured content define the boot domain.
182 Citations
17 Claims
-
1. A computerized method for establishing a boot domain on a client computer comprising:
-
selecting a boot certificate associated with the boot domain;
creating a verified operating system identity from the boot certificate; and
loading each one of a plurality of operating system components in accordance with a set of boot rules based on the boot certificate, wherein each of the plurality of operating system components is associated with a component certificate and the set of boot rules comprises;
verifying that each component certificate is signed by a boot authority that issued the boot certificate;
verifying that each component certificate is valid as of an issue date for the boot certificate; and
verifying that each component is not listed in a revocation list associated with the boot certificate. - View Dependent Claims (2, 3)
obtaining a new component certificate to replace an component certificate that is expired as of the issue date of the boot certificate.
-
-
3. The method of claim 1, further comprising:
-
obtaining a new component to replace a component that is listed in the revocation list associated with the boot certificate; and
obtaining the associated component certificate for the new component.
-
-
4. A computerized method for establishing a boot domain on a client computer comprising:
-
selecting a boot certificate associated with the boot domain;
creating a verified operating system identity from the boot certificate;
loading each one of a plurality of operating system components in accordance with a set of boot rules based on the boot certificate;
securing data for use in the boot domain using a key based on the verified identity of the operating system;
obtaining a new boot certificate;
creating a new verified operating system identity from the new boot certificate; and
re-securing the data in the boot domain with the new verified operating system identity. - View Dependent Claims (5, 6, 7)
creating an unverified operating system identity when one of the plurality of operating system components fails the set of boot rules.
-
-
6. The method of claim 4,
wherein re-securing the data in the boot domain comprises: -
verifying that the new boot certificate is issued by a boot authority that is the same as the boot authority that issued the boot certificate;
verifying that the new boot certificate is issued at a later date than the boot certificate;
verifying that the data in the boot domain has not expired;
unsealing the data in the boot domain with the verified operating system identity;
copying the data; and
sealing the copy of the data with the new verified operating system identity.
-
-
7. The method of claim 4, wherein the actions are performed in the order recited.
-
8. A computerized system comprising:
-
a processing unit;
a system memory coupled to the processing unit through a system bus;
a computer-readable medium coupled to the processing unit through a system bus;
a boot manager executed from the computer-readable medium by the processing unit, wherein the boot manager causes the processing unit to request a boot certificate selection from a user of the computerized system;
a boot loader executed from the computer-readable medium by the processing unit, wherein the boot loader causes the processing unit to boot subsequent software components based on a set of boot rules for the boot certificate, wherein the boot loader further causes the processing unit to create a verified operating system identity from the boot certificate when the boot rules are satisfied, a wide area network connection coupled to the processing unit; and
a verified operating system booted in accordance with the boot rules, wherein the verified operating system causes the processing unit to transmit the verified operating system identity and the boot certificate to a server computer, wherein the verified operating system further causes the processing unit to secure data downloaded from the server computer through the verified operating system identity. - View Dependent Claims (9)
-
-
10. A computer-readable medium having computer-executable modules stored thereon, the modules comprising:
-
a boot manager for determining a boot certificate associated with one of a plurality of boot domains; and
a boot loader for loading each one of a plurality of operating system components in accordance with a set of boot rules for the boot certificate and further for creating a verified operating system identity from the boot certificate, wherein each of the plurality of operating system components is associated with a component certificate and the set of boot rules comprises;
verifying that each component certificate is signed by a boot authority that issued the boot certificate;
verifying that each component certificate is valid as of an issue date for the boot certificate; and
verifying that each component is not listed in a revocation list associated with the boot certificate. - View Dependent Claims (11, 12)
-
-
13. A method of transferring data between a client and a server computer comprising:
-
obtaining, by the client computer, a boot certificate;
loading, by the client computer, a plurality of operating system components as specified by the boot certificate to boot a verified operating system on the client computer;
creating, by the client computer, a verified operating system identity for the verified operating system from the boot certificate;
transmitting, by the client computer, the verified operating system identity and the boot certificate to the server computer;
determining, by the server computer, what data is available to the client computer based on the verified operating system identity and the boot certificate;
downloading, by the server computer, the available data to the client computer; and
securing, by the client computer, the downloaded data on the client computer through the verified operating system identity. - View Dependent Claims (14, 15)
-
-
16. A computer-readable medium having computer-executable instructions stored thereon to establish a boot domain on a computer, the instructions comprising:
-
obtaining a boot certificate associated with the boot domain;
booting an operating system specified in the boot certificate, wherein booting the operating system comprises;
determining a set of boot rules associated with the boot certificate; and
evaluating each one of a plurality of components for the operating system for compliance with the boot rules;
creating a verified operating system identity from the boot certificate;
loading each one of the plurality of components that is in compliance with the boot rules;
obtaining a new boot certificate;
creating a new verified operating system identity from the new boot certificate; and
re-securing the data in the boot domain with the new verified operating system identity. - View Dependent Claims (17)
creating an unverified operating system identity when one of the plurality of components is not in compliance with the boot rules.
-
Specification