Operating system upgrades in a trusted operating system environment

US 7,159,240 B2
Filed: 11/16/2001
Issued: 01/02/2007
Est. Priority Date: 11/16/2001
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request to upgrade a current trusted core of an operating system to a new trusted core, wherein the current trusted core is installed on a computing device; and

allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core can be trusted and further only if the new trusted core has a strictly increasing version number relative to the current trusted core and is signed by a certification authority that also signed the current trusted core.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core. In accordance with one implementation, the new trusted core is allowed to access only selected application data previously securely stored by the current trusted core.

155 Citations

42 Claims

1. A method comprising:
- receiving a request to upgrade a current trusted core of an operating system to a new trusted core, wherein the current trusted core is installed on a computing device; and
  
  allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core can be trusted and further only if the new trusted core has a strictly increasing version number relative to the current trusted core and is signed by a certification authority that also signed the current trusted core.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein the allowing comprises allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core.
  - 3. A method as recited in claim 1, wherein the allowing comprises the current trusted core:
    - identifying a digest of the new trusted core; and
      
      having a key securely generated so that it can only be retrieved by the new trusted core based on the digest of the new trusted core, wherein the key was previously used by the current trusted core to securely store data for applications executing on the same computing device as the current trusted core.
  - 4. A method as recited in claim 3, further comprising:
    - checking, by the current trusted core, whether the new trusted core satisfies one or more conditions; and
      
      having the key securely stored only if the new trusted core satisfies the one or more conditions.
  - 5. A method as recited in claim 1, further comprising:
    - storing trusted application data utilizing a gatekeeper storage key and a hive key, wherein the allowing comprises allowing the new trusted core to access the gatekeeper storage key.
  - 6. A method as recited in claim 3, further comprising, prior to receiving the request to upgrade the current trusted core:
    - generating the key;
      
      having the key securely stored so that it can only be retrieved by the trusted core;
      
      receiving requests to securely store data for applications executing on the computing device; and
      
      using the key to encrypt the data.
  - 7. A method as recited in claim 1, wherein the allowing comprises the new trusted core:
    - obtaining an encrypted key, wherein the key was previously used by the current trusted core to securely store data for applications executing on the same computing device as the current trusted core was executing on;
      
      obtaining the key in decrypted form only if the new trusted core is the new trusted core that the trusted core intended to have access to the key;
      
      generating a new key;
      
      using the new key to retrieve data securely stored for applications after the upgrading; and
      
      using the key to retrieve data securely stored for applications prior to the upgrading.
  - 8. A method as recited in claim 1, wherein the allowing comprises the new trusted core obtaining a set of keys from a platform of the computing device, the set of keys including a key used by the current trusted core to securely store application data and a key to be used by the new trusted core to securely store application data.

9. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device that, when executed by one or more processors, causes the one or more processors to:
- identify a digest of a new trusted core to which the trusted core is to be upgraded; and
  
  have a key securely stored, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core based on the digest of the new trusted core, wherein the key was previously used by the trusted core to securely store data for applications executing on the computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. One or more computer readable media as recited in claim 9, wherein the plurality of instructions further cause the one or more processors to, prior to having the key securely stored:
    - check whether the new trusted core satisfies one or more conditions; and
      
      have the key securely stored only if the new trusted core satisfies the one or more conditions.
  - 11. One or more computer readable media as recited in claim 10, wherein the one or more conditions comprise the new trusted core being a correct next version of the trusted core.
  - 12. One or more computer readable media as recited in claim 10, wherein the one or more conditions comprise verifying that the digest of the new trusted core is digitally signed by the source of the new trusted core.
  - 13. One or more computer readable media as recited in claim 9, wherein the having the key securely stored comprises invoking a seal operation that receives both the key and a cryptographic measure of the new trusted core, and that encrypts at least the key.
  - 14. One or more computer readable media as recited in claim 13, wherein the cryptographic measure comprises a digest.
  - 15. One or more computer readable media as recited in claim 9, wherein the instructions that cause the one or more processors to have the key securely stored so that it can only be retrieved by the new trusted core comprise instructions that cause the one or more processors to:
    - generate a temporary key;
      
      encrypt, using the temporary key, a subset of the data securely stored for applications executing on the computing device; and
      
      have the temporary key securely stored so that it can only be retrieved by the new trusted core, but not having the key securely stored so that it can be retrieved by the new trusted core.
  - 16. One or more computer readable media as recited in claim 9, wherein the plurality of instructions further cause the one or more processors to, prior to identifying the digest:
    - generate the key;
      
      have the key securely stored so that it can only be retrieved by the trusted core;
      
      receive requests to securely store data for applications executing on the computing device; and
      
      use the key to encrypt the data.
  - 17. One or more computer readable media as recited in claim 16, wherein the instructions to generate the key comprises instructions to generate a random number to use as the key.
  - 18. One or more computer readable media as recited in claim 16, wherein the instructions to generate the key comprises instructions to generate the key in a maimer that allows the key to be calculated by the new trusted core but that does not allow the trusted core to calculate a new key generated by the new trusted core.

19. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device to a new trusted core that, when executed by one or more processors, causes the one or more processors to:
- obtain an encrypted key, wherein the key was previously used by the trusted core to securely store data for applications executing on the computing device;
  
  obtain the key in decrypted form only if the new trusted core is the new trusted core that the trusted core intended to have access to the key;
  
  generate a new key;
  
  use the new key to retrieve data securely stored for applications after the upgrading; and
  
  use the key to retrieve data securely stored for applications prior to the upgrading effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data.
- View Dependent Claims (20, 21, 22, 23)
- - 20. One or more computer readable media as recited in claim 19, wherein the plurality of instructions further cause the one or more processors to:
    - identify a digest of another new trusted core to which the new trusted core is to be upgraded; and
      
      have the new key securely stored so that it can only be retrieved by the other new trusted core based on the digest of the other new trusted core, wherein the new key is also used by the new trusted core to securely store data for applications executing on the computing device.
  - 21. One or more computer readable media as recited in claim 19, wherein the key is a temporary key that was used by the trusted core to encrypt a subset of the data securely stored by the trusted core.
  - 22. One or more computer readable media as recited in claim 19, wherein the decrypted key is obtained only if a digest of the new wasted core is the same as a digest that the trusted core identified as corresponding to a new trusted core that should have access to the key.
  - 23. One or more computer readable media as recited in claim 19, wherein the plurality of instructions further cause the one or more processors to, after generating the new key, obtain the key previously used by the trusted core without having the encrypted key decrypted.

24. A system comprising:
- a processor;
  
  a memory, coupled to the processor, configured to store an operating system with a trusted core and further configured to store a first plurality of instructions that, when executed by the processor, cause the processor to,identify a digest of a new trusted core with which the trusted core is to be replaced, andhave a key securely stored, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core, wherein the key is previously used by the trusted core to securely store data for applications executing on the system, andwherein the memory is further configured to store a second plurality of instructions that, when executed by the processor, cause the processor to,obtain the decrypted key only if, based on the digest of the new trusted core, the new trusted core is the new trusted core that the trusted core intended to have access to the key;
  
  generate a new key, anduse the new key to securely store and retrieve secrets for applications after the new trusted core replaces the trusted core.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. A system as recited in claim 24, wherein the first plurality of instructions comprises the trusted core.
  - 26. A system as recited in claim 24, wherein the second plurality of instructions comprises the new trusted core.
  - 27. A system as recited in claim 24, wherein the first plurality of instructions further cause the processor to, prior to having the key securely stored:
    - check whether the new trusted core satisfies one or more conditions; and
      
      have the key securely stored only if the new trusted core satisfies the one or more conditions.
  - 28. A system as recited in claim 24, wherein the first plurality of instructions further cause the processor to:
    - generate a temporary key;
      
      encrypt, using the temporary key, a subset of the data securely stored for applications executing on the system; and
      
      have the temporary key securely stored so that it can only be retrieved by the new trusted core, but not having the key securely stored so that it can be retrieved by the new trusted core.
  - 29. A system as recited in claim 24, wherein the first plurality of instructions further cause the processor to, prior to identifying the digest of the new trusted core and having the key securely stored:
    - generate the key;
      
      have the key securely stored so that it can only be retrieved by the trusted core;
      
      receive requests to securely store data for applications executing on the computing device; and
      
      use the key to encrypt the data.

30. A method comprising:
- identifying a digest of a new trusted core to which a trusted core of an operating system installed on a computing device is to be upgraded; and
  
  having a gatekeeper storage key encrypted, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core, wherein the gatekeeper storage key is a key previously used by the trusted core to securely store secrets for applications executing on the computing device.
- View Dependent Claims (31, 32, 33)
- - 31. A method as recited in claim 30, further comprising, prior to having the gatekeeper storage key encrypted:
    - checking whether the new trusted core satisfies one or more conditions; and
      
      having the key securely stored only if the new trusted core satisfies the one or more conditions.
  - 32. A method as recited in claim 30, wherein having a gatekeeper storage key encrypted so that it can only be retrieved by the new trusted core comprises:
    - generating a temporary key;
      
      encrypting, using the temporary key, a subset of the data securely stored for applications executing on the computing device; and
      
      having the temporary key securely stored so that it can only be retrieved by the new trusted core, but not having the key securely stored so that it can be retrieved by the new trusted core.
  - 33. A method as recited in claim 30, further comprising, prior to identifying the digest of the new trusted core and having the gatekeeper storage key encrypted:
    - generating the key;
      
      having the key securely stored so that it can only be retrieved by the trusted core;
      
      receiving requests to securely store data for applications executing on the computing device; and
      
      using the key to encrypt the data.

34. A method comprising:
- obtaining an encrypted gatekeeper storage key, wherein the gatekeeper storage key is a key previously used by a trusted core of an operating system installed on a computing device to securely store secrets for applications executing on the computing device;
  
  obtaining the decrypted gatekeeper storage key only it based on a digest of a new trusted core, the new trusted core is the new trusted core that the trusted core intended to have access to the gatekeeper storage key;
  
  generating a new gatekeeper storage key;
  
  using the new gatekeeper storage key to retrieve secrets securely stored for applications after the upgrading;
  
  using the gatekeeper storage key to retrieve secrets securely stored for applications prior to upgrading to the new trusted core effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data.
- View Dependent Claims (35, 36, 37)
- - 35. A method as recited in claim 34, further comprising:
    - identifying a digest of another new trusted core to which the new trusted core is to be upgraded; and
      
      having the new gatekeeper storage key securely stored so that the gatekeeper storage key can only be retrieved by the other new trusted core based on the digest of the other new trusted core, wherein the new gatekeeper storage key is also used by the new trusted core to securely store data for applications executing on the computing device.
  - 36. A method as recited in claim 34, wherein the gatekeeper storage key is a temporary gatekeeper storage key that was used by the trusted core to encrypt a subset of the data securely stored by the trusted core.
  - 37. A method as recited in claim 34, wherein the decrypted gatekeeper storage key is obtained only if a digest of the new trusted core is the same as a digest that the trusted core identified as corresponding to a new trusted core that should have access to the gatekeeper storage key.

38. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device to a new trusted core that, when executed by one or more processors, causes the one or more processors to:
- obtain a set of one or more keys, wherein a first key of the set of keys was previously used by the trusted core to securely store data for applications executing on the computing device;
  
  use a second key of the set of keys to securely store data for applications after the upgrading;
  
  use the first key to retrieve data securely stored for applications prior to the upgrading; and
  
  use the second key to retrieve data securely stored for applications after the upgrading effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data.
- View Dependent Claims (39, 40)
- - 39. One or more computer readable media as recited in claim 38, wherein the set of one or more keys includes a plurality of additional keys, and wherein each of the plurality of additional keys was used by a different trusted core prior to upgrading to the trusted core.
  - 40. One or more computer readable media as recited in claim 38, wherein a value SK_nrefers to the set of one or more keys, an operation SHA-1 refers to the Secure Hash Algorithm 1, an operation cat refers to a concatenation operation, a value BK refers to a platform key, a value public₁₃key refers to a public key of a party that generated the new trusted core, a value n refers to a particular trusted core number, a value N refers to a number of the trusted core, and wherein the plurality of instructions to obtain the set of one or more keys comprises instructions that cause the one or more processors to have the set of one or more keys generated as follows:
    - SK_n=SHA-1(cat(BK, public₁₃key, n), for n=0 to N.

41. A method comprising:
- requesting, by a trusted core, a set of keys to be used by the trusted core for secure secret storage and retrieval on a computing device, wherein the set of keys includes a first key and a second key, and wherein the first key was previously used by a previous trusted core for secure secret storage prior to the computing device being upgraded to the trusted core;
  
  using the second key for secure storage of secrets by applications by the trusted core;
  
  using the second key for retrieval of secrets previously stored by applications via the trusted core;
  
  using the first key for retrieval of secrets previously stored by applications via the previous trusted core effective to enable both the trusted core and the previous trusted core to subsequently retrieve the secrets previously stored by applications via the previous trusted core while only the trusted core can retrieve secrets secured by the second key.
- View Dependent Claims (42)
- - 42. A method as recited in claim 41, wherein a value SK_nrefers to the set of keys, an operation SHA-1 refers to the Secure Hash Algorithm 1, an operation cat refers to a concatenation operation, a value BK refers to a key of a platform of the computing device, a value public key refers to a public₁₃key of a party that generated the trusted core, a value n refers to a particular trusted core number, a value N refers to a number of the trusted core, and wherein the plurality of instructions to request the set of keys comprises instructions that cause the one or more processors to have the set of one or more keys generated as follows:
    - SK_n=SHA-1(cat(BK, public₁₃key, n), for n=0 to N.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.
Primary Examiner(s)
Wright; Norman M.

Application Number

US09/993,373
Publication Number

US 20030097578A1
Time in Patent Office

1,873 Days
Field of Search

726/2, 726/3, 726/4, 726/5, 726/6, 726/7, 726/18, 726/19, 726/17, 709/223, 709/225, 709/227, 713/2, 713/1
US Class Current

726/6
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

Operating system upgrades in a trusted operating system environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Operating system upgrades in a trusted operating system environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links