Cryptographically signed filesystem
First Claim
1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:
- confirming a hash value of a bootstrap code on a persistent storage device on said DVR;
disabling said DVR when said hash value is not confirmed;
extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed;
transferring control to said bootstrap code when said digital signature is verified;
disabling said DVR when said digital signature is not verified;
scanning each file in a root filesystem on said persistent storage device to validate that each file name and hash value of each file matches an entry in a hash table file; and
automatically replacing a file by said scanning step that said scanning step has found does not correctly match an entry in said hash table file with a valid backup file from said persistent storage device.
13 Assignments
0 Petitions
Accused Products
Abstract
A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system'"'"'s read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader'"'"'s hash value and a digital signature that is unique to the server. A root filesystem object is also created containing operational code and data for the client system'"'"'s functionality. A hash table file is stored in the bootstrap loader that contains the names of each file in the root filesystem along with their corresponding hash values. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The client performs a staged bootup sequence that confirms that the hash value is correct for each of the objects before they are executed. The digital signature of the bootstrap loader is verified. If a hash value or digital signature is incorrect, the client device is disabled or the file deleted or replaced. The server can update a client'"'"'s bootstrap loader and root filesystem at any time through the transmission of slices.
-
Citations
20 Claims
-
1. A process for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising the steps of:
-
confirming a hash value of a bootstrap code on a persistent storage device on said DVR; disabling said DVR when said hash value is not confirmed; extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed; transferring control to said bootstrap code when said digital signature is verified; disabling said DVR when said digital signature is not verified; scanning each file in a root filesystem on said persistent storage device to validate that each file name and hash value of each file matches an entry in a hash table file; and automatically replacing a file by said scanning step that said scanning step has found does not correctly match an entry in said hash table file with a valid backup file from said persistent storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for a cryptographically signed filesystem that ensures that authorized software and data are used by a digital video recorder (DVR), comprising:
-
a persistent storage device on said DVR; a bootstrap code on said persistent storage device; a module for confirming a hash value of said bootstrap code; a disabling module that disables said DVR when said hash value is not confirmed by said confirming module; a module for extracting and verifying a digital signature of said bootstrap code if said hash value is confirmed; wherein said extracting and verifying module transfers control to said bootstrap code when said digital signature is verified by said extracting and verifying module; a disabling module that disables said DVR when said digital signature is not verified by said extracting and verifying module; a module for scanning each file in a root filesystem on said persistent storage device to validate that each file name and hash value of each file matches an entry in a hash table file; and wherein said scanning module automatically replaces a file that said scanning module does not correctly match an entry in said hash table file with a valid backup file from said persistent storage device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification