Secure and reliable bootstrap architecture
October 2, 2018. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.Patent ReferencesCryptographic apparatus and method Data processing system comprising authentification means viz a viz a smart card, an electronic circuit for use in such system, and a procedure for implementing such authentification Method and apparatus for providing enhanced data verification in a computer system Apparatus and method for loading BIOS from a diskette in a personal computer system Method and apparatus for assessing integrity of computer system software Fail-safe computer boot apparatus and method System for controlling the distribution and use of digital works System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources System and method for recovering PC configurations Secure boot InventorsAssigneeApplicationNo. 165316 filed on 10/02/1998US Classes:713/2Loading initialization program (e.g., booting, rebooting, warm booting, remote booting, BIOS, initial program load (IPL), bootstrapping)ExaminersPrimary: Butler, Dennis M.Attorney, Agent or FirmInternational ClassesG06F 009/00G06F 011/30 AbstractIntegrity is rarely a valid presupposition in many systems architectures, yet it is necessary to make any security guarantees. To address this problem, the present invention discloses a secure bootstrap process, which presumes a minimal amount of integrity. The basic principle is sequencing the bootstrap process as a chain of progressively higher levels of abstraction, and requiring each layer to check a digital signature of the next layer before control is passed to it. A major design decision is the consequence of a failed integrity check. A simplistic strategy is to simply halt the bootstrap process. However, the bootstrap process of the present invention can be augmented with automated recovery procedures which preserve the security properties of the bootstrap process of the present invention under the additional assumption of the availability of a trusted repository. A variety of means by which such a repository can be implemented are disclosed with attention focused on a network-accessible repository. The recovery process is easily generalized to applications other than the bootstrap process of the present invention, such as standardized desktop management and secure automated recovery of network elements such as routers or "Active Network" elements.Other References
Field of SearchDIGITAL DATA PROCESSING SYSTEM INITIALIZATION OR CONFIGURATION (E.G., INITIALIZING, SET UP, CONFIGURATION, OR RESETTING)Loading initialization program (e.g., booting, rebooting, warm booting, remote booting, BIOS, initial program load (IPL), bootstrapping) RECONFIGURATION (E.G., CHANGING SYSTEM SETTING) | |
