Operating system upgrades in a trusted operating system environment
First Claim
Patent Images
1. A method comprising:
- receiving a request to upgrade a current trusted core of an operating system to a new trusted core, wherein the current trusted core is installed on a computing device; and
allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core can be trusted and further only if the new trusted core has a strictly increasing version number relative to the current trusted core and is signed by a certification authority that also signed the current trusted core.
3 Assignments
0 Petitions
Accused Products
Abstract
Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core. In accordance with one implementation, the new trusted core is allowed to access only selected application data previously securely stored by the current trusted core.
155 Citations
42 Claims
-
1. A method comprising:
-
receiving a request to upgrade a current trusted core of an operating system to a new trusted core, wherein the current trusted core is installed on a computing device; and allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core can be trusted and further only if the new trusted core has a strictly increasing version number relative to the current trusted core and is signed by a certification authority that also signed the current trusted core. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device that, when executed by one or more processors, causes the one or more processors to:
-
identify a digest of a new trusted core to which the trusted core is to be upgraded; and have a key securely stored, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core based on the digest of the new trusted core, wherein the key was previously used by the trusted core to securely store data for applications executing on the computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device to a new trusted core that, when executed by one or more processors, causes the one or more processors to:
-
obtain an encrypted key, wherein the key was previously used by the trusted core to securely store data for applications executing on the computing device; obtain the key in decrypted form only if the new trusted core is the new trusted core that the trusted core intended to have access to the key; generate a new key; use the new key to retrieve data securely stored for applications after the upgrading; and use the key to retrieve data securely stored for applications prior to the upgrading effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A system comprising:
-
a processor; a memory, coupled to the processor, configured to store an operating system with a trusted core and further configured to store a first plurality of instructions that, when executed by the processor, cause the processor to, identify a digest of a new trusted core with which the trusted core is to be replaced, and have a key securely stored, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core, wherein the key is previously used by the trusted core to securely store data for applications executing on the system, and wherein the memory is further configured to store a second plurality of instructions that, when executed by the processor, cause the processor to, obtain the decrypted key only if, based on the digest of the new trusted core, the new trusted core is the new trusted core that the trusted core intended to have access to the key; generate a new key, and use the new key to securely store and retrieve secrets for applications after the new trusted core replaces the trusted core. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A method comprising:
-
identifying a digest of a new trusted core to which a trusted core of an operating system installed on a computing device is to be upgraded; and having a gatekeeper storage key encrypted, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core, wherein the gatekeeper storage key is a key previously used by the trusted core to securely store secrets for applications executing on the computing device. - View Dependent Claims (31, 32, 33)
-
-
34. A method comprising:
-
obtaining an encrypted gatekeeper storage key, wherein the gatekeeper storage key is a key previously used by a trusted core of an operating system installed on a computing device to securely store secrets for applications executing on the computing device; obtaining the decrypted gatekeeper storage key only it based on a digest of a new trusted core, the new trusted core is the new trusted core that the trusted core intended to have access to the gatekeeper storage key; generating a new gatekeeper storage key; using the new gatekeeper storage key to retrieve secrets securely stored for applications after the upgrading; using the gatekeeper storage key to retrieve secrets securely stored for applications prior to upgrading to the new trusted core effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data. - View Dependent Claims (35, 36, 37)
-
-
38. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device to a new trusted core that, when executed by one or more processors, causes the one or more processors to:
-
obtain a set of one or more keys, wherein a first key of the set of keys was previously used by the trusted core to securely store data for applications executing on the computing device; use a second key of the set of keys to securely store data for applications after the upgrading; use the first key to retrieve data securely stored for applications prior to the upgrading; and use the second key to retrieve data securely stored for applications after the upgrading effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data. - View Dependent Claims (39, 40)
-
-
41. A method comprising:
- requesting, by a trusted core, a set of keys to be used by the trusted core for secure secret storage and retrieval on a computing device, wherein the set of keys includes a first key and a second key, and wherein the first key was previously used by a previous trusted core for secure secret storage prior to the computing device being upgraded to the trusted core;
using the second key for secure storage of secrets by applications by the trusted core; using the second key for retrieval of secrets previously stored by applications via the trusted core; using the first key for retrieval of secrets previously stored by applications via the previous trusted core effective to enable both the trusted core and the previous trusted core to subsequently retrieve the secrets previously stored by applications via the previous trusted core while only the trusted core can retrieve secrets secured by the second key. - View Dependent Claims (42)
- requesting, by a trusted core, a set of keys to be used by the trusted core for secure secret storage and retrieval on a computing device, wherein the set of keys includes a first key and a second key, and wherein the first key was previously used by a previous trusted core for secure secret storage prior to the computing device being upgraded to the trusted core;
Specification