Cryptographically signed filesystem

US 8,171,285 B2
Filed: 10/25/2006
Issued: 05/01/2012
Est. Priority Date: 03/30/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A process, comprising steps of:

calculating one or more hash values for each database object of a plurality of database objects in a central database resident on a server;

creating a digital signature based on both of;

the plurality of database objects and the hash values corresponding to the plurality of database objects;

storing the plurality of database objects, the hash values corresponding to the plurality of database objects, and the digital signature of both the plurality of database objects and the corresponding hash values in a bootstrap code database object;

assembling, using at least a hardware processor, a hash table file for a root filesystem database object on the server and incorporating the hash table file into the bootstrap code database object, wherein each filename and hash value for each file in the root filesystem database object is entered in the hash table file; and

transmitting the bootstrap code database object to a client device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographically signed filesystem provides a central database resident on a server that contains database objects. The server creates startup software to be installed in a client system'"'"'s read only memory. The startup software contains a hash value for a second stage loader. The server also creates software for a bootstrap loader object which typically contains the operating system for a client system and also the bootstrap loader'"'"'s hash value and a digital signature that is unique to the server. The startup software and objects created by the server are initially installed on a client device at the time of manufacture. The server can update a client'"'"'s bootstrap loader and root filesystem at any time through the transmission of slices.

Citations

21 Claims

1. A process, comprising steps of:
- calculating one or more hash values for each database object of a plurality of database objects in a central database resident on a server;
  
  creating a digital signature based on both of;
  
  the plurality of database objects and the hash values corresponding to the plurality of database objects;
  
  storing the plurality of database objects, the hash values corresponding to the plurality of database objects, and the digital signature of both the plurality of database objects and the corresponding hash values in a bootstrap code database object;
  
  assembling, using at least a hardware processor, a hash table file for a root filesystem database object on the server and incorporating the hash table file into the bootstrap code database object, wherein each filename and hash value for each file in the root filesystem database object is entered in the hash table file; and
  
  transmitting the bootstrap code database object to a client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The process of claim 1, wherein transmitting the bootstrap code database object comprises creating slices from the bootstrap code database object and transmitting the slices to the client device, wherein the client device assembles the slices into the bootstrap code database object, and wherein the client device stores the bootstrap code database object onto at least one persistent storage device.
  - 3. The process of claim 2, further comprising steps of:
    - verifying a hash value of the bootstrap code database object on the at least one persistent storage device;
      
      responsive to determining that the hash value of the bootstrap code database object is not valid, disabling the client device;
      
      responsive to determining that the hash value of the bootstrap code database object is valid, extracting and verifying a digital signature based on at least a portion of the bootstrap code database object;
      
      responsive to determining that the digital signature is valid, transferring control to bootstrap code in the bootstrap code database object; and
      
      responsive to determining that the digital signature is not valid, disabling the client device.
  - 4. The process of claim 3, further comprising steps of:
    - storing a startup software in read only memory on the client device;
      
      wherein the startup software is executed upon boot up of the client device;
      
      storing a second stage loader software on the client device;
      
      wherein the startup software verifies a hash value of the second stage loader software;
      
      responsive to determining that the second stage loader software'"'"'s hash value is valid, transferring control to the second stage loader software, wherein the second stage loader software verifies the one or more hash values of each database object of the plurality of database objects in the bootstrap code database object;
      
      responsive to determining that the second stage loader software'"'"'s hash value is not valid, disabling the client device.
  - 5. The process of claim 3, further comprising a step of:
    - performing a scan on each file in a root filesystem database object on the at least one persistent storage device to validate that each file name and hash value of each file in the root filesystem database object on the at least one persistent storage device matches an entry in the hash table file.
  - 6. The process of claim 5, further comprising a step of:
    - deleting files in the root filesystem database object on the at least one persistent storage device that are found to be invalid.
  - 7. The process of claim 5, further comprising a step of:
    - replacing files in the root filesystem database object on the at least one persistent storage device that are found to be invalid with valid copies.

8. An apparatus, comprising:
- a hardware server;
  
  a central database resident on the hardware server, wherein the database contains a plurality of database objects;
  
  one or more hardware processors;
  
  the one or more hardware processors configured for;
  
  calculating one or more hash values for each database object in the plurality of database objects;
  
  creating a digital signature based on both of the plurality of database objects and the hash values corresponding to the plurality of database objects;
  
  storing the plurality of database objects, the hash values corresponding to the plurality of database objects, and the digital signature of both the plurality of database objects and the corresponding hash values in a bootstrap code database object;
  
  assembling a hash table file for a root filesystem database object on the hardware server and incorporating the hash table file into the bootstrap code database object, wherein each filename and hash value for each file in the root filesystem database object is entered in the hash table file; and
  
  transmitting the bootstrap code database object to a client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein transmitting the bootstrap code database object comprises creating slices from the bootstrap code database object and transmitting the slices to the client device, wherein the client device assembles the slices into the bootstrap code database object, and wherein the client device stores the bootstrap code database object onto at least one persistent storage device.
  - 10. The apparatus of claim 9, wherein the client device is configured for:
    - confirming a hash value of the bootstrap code database object on the at least one persistent storage device;
      
      responsive to determining that the hash value of the bootstrap database object is not valid, disabling the client device;
      
      if the hash value of the bootstrap database object is valid, extracting and verifying a digital signature based on at least a portion of the bootstrap code database object;
      
      responsive to determining that the digital signature is valid, transferring control to bootstrap code in the bootstrap code database object; and
      
      responsive to determining that the digital signature is not valid, disabling the client device.
  - 11. The apparatus of claim 10, wherein the client device comprises:
    - a startup software resident in read only memory on the client device;
      
      wherein the startup software is executed upon boot up of the client device;
      
      a second stage loader software;
      
      wherein the startup software verifies a hash value of the second stage loader software;
      
      responsive to determining that the second stage loader software'"'"'s hash value is valid, transferring control to the second stage loader software, wherein the second stage loadersoftware verifies the one or more hash values of each database object of the plurality of database objects in the bootstrap code database object;
      
      responsive to determining that the second stage loader software'"'"'s hash value is not valid, disabling the client device.
  - 12. The apparatus of claim 10, wherein the client device is configured for:
    - performing a scan on each file in a root filesystem database object on the at least one persistent storage device to validate that each file name and hash value of each file in the root filesystem database object on the at least one persistent storage device matches an entry in the hash table file.
  - 13. The apparatus of claim 12, wherein the client device is configured for:
    - deleting files in the root filesystem database object on the at least one persistent storage device that are found to be invalid.
  - 14. The apparatus of claim 12, further comprising:
    - replacing files in the root filesystem database object on the at least one persistent storage device that are found to be invalid with valid copies.

15. A non-transitory computer readable storage medium, storing a program of instructions, which when executed by one or more processors, perform steps comprising:
- calculating one or more hash values for each database object of a plurality of database objects in a central database resident on a server;
  
  creating a digital signature based on both of;
  
  the plurality of database objects and the hash values corresponding to the plurality of database objects;
  
  storing the plurality of database objects, the hash values corresponding to the plurality of database objects, and the digital signature of both the plurality of database objects and the corresponding hash values in a bootstrap code database object;
  
  assembling a hash table file for a root filesystem database object on the server and incorporating the hash table file into the bootstrap code database object, wherein each filename and hash value for each file in the root filesystem database object is entered in the hash table file; and
  
  transmitting the bootstrap code database object to a client device.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein transmitting the bootstrap code database object comprises creating slices from the bootstrap code database object and transmitting the slices to the client device, wherein the client device assembles the slices into the bootstrap code database object, and wherein the client device stores the bootstrap code database object onto at least one persistent storage device.
  - 17. The non-transitory computer readable storage medium of claim 16, the steps further comprising:
    - verifying a hash value of the bootstrap code database object on the at least one persistent storage device;
      
      responsive to determining that the hash value of the bootstrap code database object is not valid, disabling the client device;
      
      if the hash value of the bootstrap code database object is valid, extracting and verifying a digital signature based on at least a portion of the bootstrap code database object;
      
      responsive to determining that the digital signature is valid, transferring control to bootstrap code in the bootstrap code database object; and
      
      responsive to determining that the digital signature is not valid, disabling the client device.
  - 18. The non-transitory computer readable storage medium of claim 17, the steps further comprising:
    - storing a startup software in read only memory on the client device;
      
      wherein the startup software is executed upon boot up of the client device;
      
      storing a second stage loader software on the client device;
      
      wherein the startup software verifies a hash value of the second stage loader software;
      
      responsive to determining that the second stage loader software'"'"'s hash value is valid, transferring control to the second stage loader software, wherein the second stage loader software verifies the one or more hash values of each database object of the plurality of database objects in the bootstrap code database object;
      
      responsive to determining that the second stage loader software'"'"'s hash value is not valid, disabling the client device.
  - 19. The non-transitory computer readable storage medium of claim 17, the steps further comprising:
    - performing a scan on each file in a root filesystem database object on the at least one persistent storage device to validate that each file name and hash value of each file in the root filesystem database object on the at least one persistent storage device matches an entry in the hash table file.
  - 20. The non-transitory computer readable storage medium of claim 19, the steps further comprising:
    - deleting files in the root filesystem database object on the at least one persistent storage device that are found to be invalid.
  - 21. The non-transitory computer readable storage medium of claim 19, the steps further comprising:
    - replacing files in the root filesystem database object on the at least one persistent storage device that are found to be invalid with valid copies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TiVo Solutions Inc. (Adeia Inc.)
Original Assignee
TiVo Inc. (Adeia Inc.)
Inventors
Platt, David C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US11/586,774
Publication Number

US 20070118730A1
Time in Patent Office

2,015 Days
Field of Search

713/176, 713/150, 713/2, 713/165, 713/179, 713/180, 713/189, 713/172, 713/181, 380/30, 380/246, 705/44, 705/69, 705/75, 709/225, 709/226, 709/229
US Class Current

713/165
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 21/575   Secure boot

G06Q 20/3678   e-cash details, e.g. blinde...

G11B 2220/2545   CDs

G11B 2220/2562   DVDs [digital versatile dis...

G11B 2220/90   Tape-like record carriers

G11B 27/005   Reproducing at a different ...

G11B 27/032   on tapes G11B27/036, G11B27...

G11B 27/036   Insert-editing

G11B 27/34   Indicating arrangements in...

H04N 21/2407   Monitoring of transmitted c...

H04N 21/25891   being end-user preferences ...

H04N 21/262   Content or additional data ...

H04N 21/4143   embedded in a Personal Comp...

H04N 21/4147   PVR [Personal Video Recorde...

H04N 21/42204   User interfaces specially a...

H04N 21/426   Internal components of the ...

H04N 21/4316   for displaying supplemental...

H04N 21/4532   involving end-user characte...

H04N 21/454   Content or additional data ...

H04N 21/47 : End-user applications

H04N 21/482 : End-user interface for prog...

H04N 5/775 : between a recording apparat...

H04N 5/781 : on disks or drums

H04N 5/782 : on tape

H04N 5/783 : Adaptations for reproducing...

H04N 9/7921 : for more than one processin...

H04N 9/8042 : involving data reduction

H04N 9/8063 : using time division multipl...

H04N 9/8205 : involving the multiplexing ...

View All

Cryptographically signed filesystem

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographically signed filesystem

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links