×

Support for multiple security policies on a unified authentication architecture

  • US 8,166,304 B2
  • Filed: 10/02/2007
  • Issued: 04/24/2012
  • Est. Priority Date: 10/02/2007
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method of processing data, the method comprising:

  • decrypting, by a computer, using initialization hardware, an encrypted copy of a secure operating system kernel for storage into memory accessible to a processor datapath of the computer, wherein the secure operating system kernel contains a secure kernel cryptographic key; and

    executing, by the computer, the secure kernel accessed from said memory, wherein the executing includes;

    providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors;

    determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors;

    responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring;

    responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring;

    validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and

    validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×