System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
First Claim
1. In a computer system having a central processing unit (CPU) and an operating system (OS), the computer system maintaining a boot log that holds identities of software components that are currently executing, and the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system, a method comprising:
- creating an OS certificate including the identity from the software identity register, information describing the operating system, and the CPU public key;
signing the OS certificate using the CPU private key;
forming a generator seed from a CPU-specific secret, a user-supplied seed, and OS-specific data from the boot log; and
generating a storage key based on a function of the generator seed.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.
-
Citations
23 Claims
-
1. In a computer system having a central processing unit (CPU) and an operating system (OS), the computer system maintaining a boot log that holds identities of software components that are currently executing, and the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system, a method comprising:
-
creating an OS certificate including the identity from the software identity register, information describing the operating system, and the CPU public key; signing the OS certificate using the CPU private key; forming a generator seed from a CPU-specific secret, a user-supplied seed, and OS-specific data from the boot log; and generating a storage key based on a function of the generator seed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system, the computer system further maintaining a boot log that holds identities of software components that are currently executing, a method comprising:
-
forming a generator seed from a CPU-specific secret, a user-supplied seed, and OS-specific data from the boot log; and generating a storage key based on a function of the generator seed; the forming and generating comprising creating a storage key SK as follows; SK=SHA(CPU-specific secret, OS-specific data, seed). - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. For execution on a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system, a computer program stored on one or more computer-readable storage media of the computer system, the program causing the CPU to, when executing the program:
-
form an OS certificate containing the identity from the software identity register, information describing the operating system, and the CPU public key; sign the OS certificate using the CPU private key; form a generator seed from a CPU-specific secret, a user-supplied seed, and the identity of the operating system from the software identity register; and generate a storage key based on a function of the generator seed.
-
-
16. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system, a method comprising:
-
creating an OS certificate including the identity from the software identity register, information describing the operating system, and the CPU public key; signing the OS certificate using the CPU private key; forming a generator seed from a CPU-specific secret, a user-supplied seed, and the identity of the operating system from the software identity register; and generating a storage key based on a function of the generator seed. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. For execution on a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system, the computer system further maintaining a boot log that holds identities of software components that are currently executing, a computer program stored on one or more computer-readable storage media of the computer system, the program causing the CPU to, when executing the program:
-
form an OS certificate containing the identity from the software identity register, information describing the operating system, and the CPU public key; sign the OS certificate using the CPU private key; form a generator seed from a CPU-specific secret, a user-supplied seed, and OS-specific data from the boot log; and generate a storage key based on a function of the generator seed.
-
Specification