USER TRUSTED DEVICE TO ATTEST TRUSTWORTHINESS OF INITIALIZATION FIRMWARE
First Claim
1. A user trusted device (10), comprising:
- a connection interface (12) enabling connection (S2) with a computer (101); and
a persistent memory (14) storing modules (15, 16, 17), which are configured, upon connection of the user trusted device (10) with said computer (101) via said connection interface (12), to;
enable said computer (101) to start booting from the user trusted device (10);
map firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot;
attest trustworthiness of the code; and
enable said computer (101) to complete booting from the user trusted device (10) if the code is attested.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is notably directed to a user trusted device (10), comprising: a connection interface (12) enabling connection (S2) with a computer (101); and a persistent memory (14) storing modules (15, 16, 17), which are configured, upon connection of the user trusted device (10) with said computer (101) via said connection interface (12), to: enable said computer (101) to start booting (S3, S3a) from the user trusted device (10); map (S6) firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot; attest (S7-S12) trustworthiness of the code; and enable (S14) said computer (101) to complete booting from the user trusted device (10) if the code is attested. The present invention is further directed to related systems and methods.
21 Citations
15 Claims
-
1. A user trusted device (10), comprising:
-
a connection interface (12) enabling connection (S2) with a computer (101); and a persistent memory (14) storing modules (15, 16, 17), which are configured, upon connection of the user trusted device (10) with said computer (101) via said connection interface (12), to; enable said computer (101) to start booting from the user trusted device (10); map firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot; attest trustworthiness of the code; and enable said computer (101) to complete booting from the user trusted device (10) if the code is attested. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for enabling a computer (101) to boot from a user trusted device (10), the user trusted device (10) comprising a connection interface (12) enabling connection (S2) with said computer (101), the method comprising:
-
enabling said computer (101) to start (S3, S3a) booting from the user trusted device (10) upon connection (S2) of the user trusted device with said computer (101) via said connection interface (12); mapping (S6) firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot; attesting (S7-S12) trustworthiness of the code; and enabling (S14) said computer (101) to complete booting from the user trusted device (10) if the code is attested. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product for enabling a computer (101) to boot from a user trusted device (10), the computer program product comprising a computer-readable storage medium having modules (15, 16, 17) embodied therewith, the modules allowing for enabling a computer (101) to boot from a user trusted device (10), the user trusted device (10) comprising a connection interface (12) enabling connection (S2) with said computer (101), the method comprising:
-
enabling said computer (101) to start (S3, S3a) booting from the user trusted device (10) upon connection (S2) of the user trusted device with said computer (101) via said connection interface (12); mapping (S6) firmware data to a code, the firmware data comprising program code of an initialization firmware and/or data accessible by the initialization firmware (122) of the computer while starting to boot; attesting (S7-S12) trustworthiness of the code; and enabling (S14) said computer (101) to complete booting from the user trusted device (10) if the code is attested.
-
Specification