Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
First Claim
Patent Images
1. A method of recovering integrated system functionality following a trigger event, said method comprising:
- automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location;
wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises;
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and
wherein the initialization code further comprises a manufacturer'"'"'s public key, and wherein the method further comprises;
generating at the integrated system a public/private key pair;
securely storing the integrated system'"'"'s private key; and
encrypting the integrated system'"'"'s public key using the manufacturers public key.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.
-
Citations
4 Claims
-
1. A method of recovering integrated system functionality following a trigger event, said method comprising:
-
automatically establishing a reduced level of functionality within the integrated system; allowing for full functional recovery of the integrated system by employing a selective recovery procedure; wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location; wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises; executing the restoration initialization code to obtain a master key and a substitute initialization address; encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address; reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and wherein the initialization code further comprises a manufacturer'"'"'s public key, and wherein the method further comprises; generating at the integrated system a public/private key pair; securely storing the integrated system'"'"'s private key; and encrypting the integrated system'"'"'s public key using the manufacturers public key. - View Dependent Claims (2, 3)
-
-
4. A method of recovering integrated system functionality following a trigger event, said method comprising:
-
automatically establishing a reduced level of functionality within the integrated system; allowing for full functional recovery of the integrated system by employing a selective recovery procedure; wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location; wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises; executing the restoration initialization code to obtain a master key and a substitute initialization address; encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address; reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and further comprising establishing a secure network connection between the integrated system and manufacturer, the establishing employing the generated public/private key pair, and downloading across the secure network connection required code and data to reestablish full functionality of the integrated system.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeDaedalus Blue LLC
-
Original AssigneeInternational Business Machines Corporation
-
InventorsRosu, Marcel Catalin, Hall, William E., Foster, Eric M.
-
Primary Examiner(s)Moazzami; Nasser
-
Assistant Examiner(s)ABEDIN, SHANTO
-
Application NumberUS10/691,924Publication NumberTime in Patent Office1,629 DaysField of Search713/100, 713/189, 713/193US Class Current713/189CPC Class CodesG06F 21/575 Secure bootG06F 21/6218 to a system of files or obj...G06F 2221/2149 Restricted operating enviro...H04L 9/0891 Revocation or update of sec...H04L 9/0894 Escrow, recovery or storing...
