System and method for programming an isolated computing environment

US 7,562,220 B2
Filed: 04/19/2005
Issued: 07/14/2009
Est. Priority Date: 11/15/2004
Status: Expired due to Fees

First Claim

Patent Images

1. An isolated computing environment module configured for use in a computer and for maintaining security of data hosted by the isolated computing environment module, the isolated computing environment module comprising:

an initial manufactured security state of the data hosted by the isolated computing environment module, wherein the data is stored in volatile memory;

a core service module configured to control access to the data hosted by the computer;

an interface module configured to receive a message and provide information provided by the message to the core service module, the message comprising at least one of an update code or configuration information;

a cryptographic service module, coupled to the core service module, and configured to access a first key and to verify a digital signature of the message using the first key before allowing access to the data; and

an update service module configured to update the core service module responsive to the information provided by the message after verification of the digital signature of the message using the first key, and configured to use a second key configured for use in a production of a programmed security state of the data and a later verification by the cryptographic service module, wherein the programmed security state of the data includes kernel data other than the data of the initial manufactured security state.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer is provided with an isolated computing environment. The isolated computing environment is adapted to allow initial programming for use in manufacturing, distribution and sales. The isolated computing environment further allows an authenticated source or authenticated code to update the isolated computing environment with code and configuration data for use in the end-user environment. To encourage final updating, the computer may be placed in a limited-function mode until authorized code is installed and operational. A method and apparatus are disclosed for the sanctioning and secure update of the isolated computing environment.

Citations

20 Claims

1. An isolated computing environment module configured for use in a computer and for maintaining security of data hosted by the isolated computing environment module, the isolated computing environment module comprising:
- an initial manufactured security state of the data hosted by the isolated computing environment module, wherein the data is stored in volatile memory;
  
  a core service module configured to control access to the data hosted by the computer;
  
  an interface module configured to receive a message and provide information provided by the message to the core service module, the message comprising at least one of an update code or configuration information;
  
  a cryptographic service module, coupled to the core service module, and configured to access a first key and to verify a digital signature of the message using the first key before allowing access to the data; and
  
  an update service module configured to update the core service module responsive to the information provided by the message after verification of the digital signature of the message using the first key, and configured to use a second key configured for use in a production of a programmed security state of the data and a later verification by the cryptographic service module, wherein the programmed security state of the data includes kernel data other than the data of the initial manufactured security state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The isolated computing environment module of claim 1, further comprising a configuration table, wherein the update service module updates the configuration table, responsive to the message comprising the configuration information.
  - 3. The isolated computing environment module of claim 1, further comprising a sanction service module for limiting a module of the computer.
  - 4. The isolated computing environment module of claim 3, wherein the sanction service module limits the module of the computer prior to the update of the core service module responsive to the message verified by the first key.
  - 5. The isolated computing environment module of claim 1, further comprising a hosted application, wherein the message comprises at least one of a core service update data or a hosted application update data.
  - 6. The isolated computing environment module of claim 1, wherein a characteristic of the core service module is digitally verifiable.
  - 7. The isolated computing environment module of claim 1, further comprising an application program interface module, the application program interface module configured to provide a standard interface between the computer and the isolated computing environment module facilitating one of instantiating an application hosted on the isolated computing environment module, and to configure an application hosted on the isolated computing environment module, and to update the isolated computing environment module.

8. A computer adapted to operate using an isolated computing environment module, the computer comprising:
- a processor;
  
  a memory coupled to the processor for storing processor-executable instructions; and
  
  an isolated computing environment module configured to respond to signals sent via an application program interface module, the isolated computing environment module comprising;
  
  a cryptographic module configured to produce a verification of a first key, and to verify a digital signature of the signal using the first key before allowing access to the data hosted by the isolated computing environment module;
  
  a processing module, coupled to the cryptographic module, and configured to control access to the data;
  
  a secured memory configured to store the data including a first data instantiated during a manufacturing phase of production of the isolated computing environment module; and
  
  an update module configured to use a second key, after the second key has passed a second verification by the cryptographic module, to update the data of the secured memory with a second data including, kernel data instantiated during a second phase of the production of the isolated computing environment module, which is other than the manufacturing phase.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer of claim 8, further comprising a bidirectional data transfer port, wherein data received via the bidirectional data transfer port includes at least one of a second executable code or a second configuration.
  - 10. The computer of claim 8, wherein the application program interface module comprises a first routine for updating the first data.
  - 11. The computer of claim 8, wherein the application program interface module comprises support for a secure data transfer connection to the isolated computing environment module.
  - 12. The computer of claim 8, further comprising a trigger mechanism, coupled between the computer and a sanction circuit, configured to impede a module of the computer.
  - 13. The computer of claim 12, wherein the trigger mechanism is tamper-resistant.
  - 14. The computer of claim 8, wherein the trigger mechanism comprises one of a persistent reset module a processor reduction module.

15. A method of providing security for data maintained by an isolated computing environment module in a computer, the method comprising:
- programming provisional data into the isolated computing environment module during a manufacturing phase;
  
  controlling access to the data via a cryptographic service module;
  
  receiving a message including a first key configured for use by the cryptographic service module;
  
  verifying the first key and a digital signature by the cryptographic service module to produce a verification result indicating a grant of access to the data;
  
  providing a second key;
  
  using the second key to access the data of the provisional data;
  
  reprogramming the data of the provisional data with kernel data during a phase of production of the isolated computing environment module which is not the manufacturing phase.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising limiting a module of the computer when the verification result does not indicate the grant of access.
  - 17. The method of claim 15, wherein programming the provisional data into the isolated computing environment module comprises a download module.
  - 18. The method of claim 17, wherein reprogramming the isolated computing environment module with the kernel data comprises authenticating the source of the kernel data.
  - 19. The method of claim 17, wherein reprogramming the isolated computing environment module with the kernel data comprises authenticating the source of the kernel data using the second key.
  - 20. The method of claim 15, further comprising limiting an operation of the computer, wherein limiting the operation of the computer comprises at least one of reducing functionality of a processor and resetting the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Phillps, Thomas G., Frank, Alexander
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US11/109,438
Publication Number

US 20060112384A1
Time in Patent Office

1,547 Days
Field of Search

713/168, 713/189, 380/251
US Class Current

713/168
CPC Class Codes

G06F 21/572   Secure firmware programming...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3247   involving digital signatures

System and method for programming an isolated computing environment

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for programming an isolated computing environment

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links