Cryptographically signed filesystem

US 7,409,546 B2
Filed: 07/02/2002
Issued: 08/05/2008
Est. Priority Date: 10/20/1999
Status: Expired due to Term

First Claim

Patent Images

1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:

confirming a hash value of a bootstrap code on a persistent storage device on said DVR;

disabling said DVR when said hash value is not confirmed;

extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;

transferring control to said bootstrap code when said digital signature is verified;

disabling said DVR when said digital signature is not verified;

scanning each file in a root filesystem on said persistent storage device to validate that each file name and hash value of each file matches an entry in a hash table file; and

automatically replacing a file by said scanning step that said scanning step has found does not correctly match an entry in said hash table file with a valid backup file from said persistent storage device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system'"'"'s read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader'"'"'s hash value and a digital signature that is unique to the server. A root filesystem object is also created containing operational code and data for the client system'"'"'s functionality. A hash table file is stored in the bootstrap loader that contains the names of each file in the root filesystem along with their corresponding hash values. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The client performs a staged bootup sequence that confirms that the hash value is correct for each of the objects before they are executed. The digital signature of the bootstrap loader is verified. If a hash value or digital signature is incorrect, the client device is disabled or the file deleted or replaced. The server can update a client'"'"'s bootstrap loader and root filesystem at any time through the transmission of slices.

Citations

20 Claims

1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:
- confirming a hash value of a bootstrap code on a persistent storage device on said DVR;
  
  disabling said DVR when said hash value is not confirmed;
  
  extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
  
  transferring control to said bootstrap code when said digital signature is verified;
  
  disabling said DVR when said digital signature is not verified;
  
  scanning each file in a root filesystem on said persistent storage device to validate that each file name and hash value of each file matches an entry in a hash table file; and
  
  automatically replacing a file by said scanning step that said scanning step has found does not correctly match an entry in said hash table file with a valid backup file from said persistent storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The process of claim 1, further comprising the steps of:
    - executing, upon bootup of said DVR, a startup software resident in read only memory on said DVR;
      
      wherein said startup software verifies a hash value of a second stage loader software;
      
      transferring control to said second stage loader when said second stage loader'"'"'s hash value is valid;
      
      disabling said DVR when said second stage loader'"'"'s hash value is not valid; and
      
      wherein said second stage loader confirms the hash value of said bootstrap code.
  - 3. The process of claim 2, further comprising the steps of:
    - calculating a hash value for said second stage loader; and
      
      storing said calculated hash value as part of said startup software in said read only memory on said DVR.
  - 4. The process of claim 1, wherein said hash table file is stored on said persistent storage device and contains valid hash values for each file in said root filesystem.
  - 5. The process of claim 4, wherein if any files in said root filesystem are found to be invalid, then the invalid files are deleted.
  - 6. The process of claim 4, wherein if any files in said root filesystem are found to be invalid, then the invalid files are replaced with valid copies.
  - 7. The process of claim 1, further comprising the steps of:
    - calculating a hash value for said bootstrap code on a server;
      
      creating a digital signature for said bootstrap code on said server; and
      
      storing said bootstrap hash value and said bootstrap digital signature as part of said bootstrap code.
  - 8. The process of claim 7, further comprising the step of:
    - updating said DVR with said bootstrap code from said server.
  - 9. The process of claim 1, further comprising the steps of:
    - creating a hash table file on a server;
      
      calculating a hash value on said server for each file in said root filesystem;
      
      entering each file'"'"'s file name and hash value in said root filesystem into said hash table file; and
      
      incorporating said hash table file into said bootstrap code.
  - 10. The process of claim 9, further comprising the step of:
    - updating said DVR with said bootstrap code and said root filesystem from said server.

11. An apparatus for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising:
- a persistent storage device on said DVR;
  
  a bootstrap code on said persistent storage device;
  
  a module for confirming a hash value of said bootstrap code;
  
  a disabling module that disables said DVR when said hash value is not confirmed by said confirming module;
  
  a module for extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
  
  wherein said extracting and verifying module transfers control to said bootstrap code when said digital signature is verified by said extracting and verifying module;
  
  a disabling module that disables said DVR when said digital signature is not verified by said extracting and verifying module;
  
  a module for scanning each file in a root filesystem on said persistent storage device to validate that each file name and hash value of each file matches an entry in a hash table file; and
  
  wherein said scanning module automatically replaces a file that said scanning module does not correctly match an entry in said hash table file with a valid backup file from said persistent storage device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, further comprising:
    - a startup module resident in read only memory on said DVR;
      
      wherein said startup module is executed upon bootup of said DVR;
      
      a second stage loader module;
      
      wherein said startup module verifies a hash value of said second stage loader;
      
      wherein said startup module transfers control to said second stage loader when said second stage loader'"'"'s hash value is valid; and
      
      a disabling module that disables said DVR when said second stage loader'"'"'s hash value is not valid.
  - 13. The apparatus of claim 12, further comprising:
    - a module for calculating a hash value for said second stage loader; and
      
      a module for storing said calculated hash value as part of said startup software in said read only memory on said DVR.
  - 14. The apparatus of claim 11, wherein said hash table file is stored on said persistent storage device and contains valid hash values for each file in said root filesystem.
  - 15. The apparatus of claim 14, wherein if any files in said root filesystem are found to be invalid, then said performing a scan module deletes the invalid files.
  - 16. The apparatus of claim 14, wherein if any files in said root filesystem are found to be invalid, then said performing a scan module replaces invalid files with valid copies.
  - 17. The apparatus of claim 11, further comprising:
    - a module for calculating a hash value for said bootstrap code on a server;
      
      a module for creating a digital signature for said bootstrap code on said server; and
      
      a module for storing said bootstrap hash value and said bootstrap digital signature as part of said bootstrap code.
  - 18. The apparatus of claim 17, further comprising:
    - a module for updating said DVR with said bootstrap code from said server.
  - 19. The apparatus of claim 14, further comprising:
    - a module for creating a hash table file on a server;
      
      a module for calculating a hash value for each file in said root filesystem on said server;
      
      a module for entering each file'"'"'s file name and hash value in said root filesystem into said hash table file; and
      
      a module for incorporating said hash table file into said bootstrap code.
  - 20. The apparatus of claim 19, further comprising:
    - a module for updating said DVR with said bootstrap code and said root filesystem from said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TiVo Solutions Inc. (Adeia Inc.)
Original Assignee
TiVo Inc. (Adeia Inc.)
Inventors
Platt, David C.
Primary Examiner(s)
HENEGHAN, MATTHEW E

Application Number

US10/189,079
Publication Number

US 20030028761A1
Time in Patent Office

2,226 Days
Field of Search

713/165
US Class Current

713/165
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 21/575   Secure boot

G06Q 20/3678   e-cash details, e.g. blinde...

G11B 2220/2545   CDs

G11B 2220/2562   DVDs [digital versatile dis...

G11B 2220/90   Tape-like record carriers

G11B 27/005   Reproducing at a different ...

G11B 27/032   on tapes G11B27/036, G11B27...

G11B 27/036   Insert-editing

G11B 27/34   Indicating arrangements in...

H04N 21/2407   Monitoring of transmitted c...

H04N 21/25891   being end-user preferences ...

H04N 21/262   Content or additional data ...

H04N 21/4143   embedded in a Personal Comp...

H04N 21/4147   PVR [Personal Video Recorde...

H04N 21/42204   User interfaces specially a...

H04N 21/426   Internal components of the ...

H04N 21/4316   for displaying supplemental...

H04N 21/4532   involving end-user characte...

H04N 21/454   Content or additional data ...

H04N 21/47 : End-user applications

H04N 21/482 : End-user interface for prog...

H04N 5/775 : between a recording apparat...

H04N 5/781 : on disks or drums

H04N 5/782 : on tape

H04N 5/783 : Adaptations for reproducing...

H04N 9/7921 : for more than one processin...

H04N 9/8042 : involving data reduction

H04N 9/8063 : using time division multipl...

H04N 9/8205 : involving the multiplexing ...

View All

Cryptographically signed filesystem

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographically signed filesystem

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links