Computer system apparatus and method for improved assurance of authentication
First Claim
Patent Images
1. A method comprising the steps of:
- initiating the operation of a computer system having trusted computing platform capabilities;
executing code stored accessibly to the computer system to transition the computer system first to a state of presenting a secure virtual machine;
said code, when executing on said computer system while in the secure virtual machine state, retrieving data stored in a platform configuration register and then locking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated;
said code, when executing on said computer system while in an insecure state, responding to a user request for initiation of authentication of a file by transitioning the computer system to a secure machine state, announcing to the user entry into the secure machine state, and deriving from the locked data keys for authentication of the file.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system, method of operation, and program product which gives a clear indication to a user when a computer system has transitioned to a trusted state.
-
Citations
12 Claims
-
1. A method comprising the steps of:
-
initiating the operation of a computer system having trusted computing platform capabilities; executing code stored accessibly to the computer system to transition the computer system first to a state of presenting a secure virtual machine; said code, when executing on said computer system while in the secure virtual machine state, retrieving data stored in a platform configuration register and then locking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated; said code, when executing on said computer system while in an insecure state, responding to a user request for initiation of authentication of a file by transitioning the computer system to a secure machine state, announcing to the user entry into the secure machine state, and deriving from the locked data keys for authentication of the file. - View Dependent Claims (2, 3, 4)
-
-
5. Apparatus comprising:
-
a computer system having a trusted platform module; memory associated with said computer system for storing code accessibly to said computer system; code stored in said memory and effective, on execution by said computer system, to cause said computer system on initiation of operation to transition first to a state presenting a secure virtual machine; said code, when executing on said computer system while in the secure virtual machine state, retrieving data stored in a platform configuration register and then locking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated; said code, when executing on said computer system while in an insecure state, responding to a user request for initiation of authentication of a file by transitioning the computer system to a secure machine state, announcing to the user entry into the secure machine state, and deriving from the locked data keys for authentication of the file. - View Dependent Claims (6, 7, 8)
-
-
9. Apparatus comprising:
-
a computer readable medium, and code stored on said medium accessibly to a computer system having trusted computing platform capabilities and effective, when executing on said computer system, to cause the code and the computer system together to; initiate the operation of the computer system; transition the computer system first to a state of presenting a secure virtual machine; said code, when executing on said computer system while in the secure virtual machine state, retrieving data stored in a platform configuration register and then locking the retrieved data against subsequent access by any virtual machine instantiation subsequently initiated; said code, when executing on said computer system while in an insecure state, responding to a user request for initiation of authentication of a file by transitioning the computer system to a secure machine state, announcing to the user entry into the secure machine state, and deriving from the locked data keys for authentication of the file. - View Dependent Claims (10, 11, 12)
-
Specification