User trusted device to attest trustworthiness of initialization firmware
First Claim
1. A user trusted device, comprising:
- a connection interface enabling connection with a computer; and
a persistent memory storing modules, which are configured, upon connection of the user trusted device with said computer via said connection interface, to;
enable said computer to start booting from the user trusted device;
map firmware data to a corresponding mapping code, the firmware data comprising program code of an initialization firmware stored in the computer while starting to boot;
attest trustworthiness of the mapping code, a stored verification module configured to instruct, upon execution, a checking of the mapping code against a list of mapping codes attesting good states of the initialization firmware,wherein the list of mapping codes is stored in an external entity connected with the device through a communication network, and wherein the mapping code is obtained by mapping the firmware data; and
enable said computer to complete booting from the user trusted device if the mapping code is attested.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is notably directed to a user trusted device (10), comprising: a connection interface (12) enabling connection (S2) with a computer (101); and a persistent memory (14) storing modules (15, 16, 17), which are configured, upon connection of the user trusted device (10) with said computer (101) via said connection interface (12), to: enable said computer (101) to start booting (S3, S3a) from the user trusted device (10); map (S6) firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot; attest (S7-S12) trustworthiness of the code; and enable (S14) said computer (101) to complete booting from the user trusted device (10) if the code is attested. The present invention is further directed to related systems and methods.
15 Citations
16 Claims
-
1. A user trusted device, comprising:
-
a connection interface enabling connection with a computer; and a persistent memory storing modules, which are configured, upon connection of the user trusted device with said computer via said connection interface, to; enable said computer to start booting from the user trusted device; map firmware data to a corresponding mapping code, the firmware data comprising program code of an initialization firmware stored in the computer while starting to boot; attest trustworthiness of the mapping code, a stored verification module configured to instruct, upon execution, a checking of the mapping code against a list of mapping codes attesting good states of the initialization firmware, wherein the list of mapping codes is stored in an external entity connected with the device through a communication network, and wherein the mapping code is obtained by mapping the firmware data; and enable said computer to complete booting from the user trusted device if the mapping code is attested. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 16)
-
-
9. A method for enabling a computer to boot from a user trusted device, the user trusted device comprising a connection interface enabling connection with said computer, the method comprising:
-
enabling said computer to start booting from the user trusted device upon connection of the user trusted device with said computer via said connection interface; mapping firmware data to a corresponding mapping code, the firmware data comprising program code of an initialization firmware stored in the computer while starting to boot; attesting trustworthiness of the mapping code; instructing, upon execution, a checking of the mapping code against a list of mapping codes attesting good states of the initialization firmware, wherein the list of mapping codes is stored in an external entity connected with the device through a communication network, and wherein the mapping code is obtained by mapping the firmware data; and enabling said computer to complete booting from the user trusted device if the mapping code is attested. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product for enabling a computer to boot from a user trusted device, the computer program product comprising a non-transitory computer-readable storage medium having modules embodied therewith, the modules allowing for enabling the computer to boot from the user trusted device, the user trusted device comprising a connection interface enabling connection with said computer, a method comprising:
- enabling said computer to start booting from the user trusted device upon connection of the user trusted device with said computer via said connection interface;
mapping firmware data to a corresponding mapping code, the firmware data comprisingprogram code of an initialization firmware stored in the computer while starting to boot; attesting trustworthiness of the mapping code;
instructing, upon execution, a checking of the mapping code against a list of mapping codes attesting good states of the initialization firmware, wherein the list of mapping codes is stored in an external entity connected with the device through a communication network, and wherein the mapping code is obtained by mapping the firmware data; and
enabling said computer to complete booting from the user trusted device if the mapping code is attested.
- enabling said computer to start booting from the user trusted device upon connection of the user trusted device with said computer via said connection interface;
Specification