최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0231443 (1994-04-20) |
발명자 / 주소 |
|
출원인 / 주소 |
|
인용정보 | 피인용 횟수 : 474 인용 특허 : 0 |
A method and device for reliably assessing the integrity of a computer system\s software prevents execution of corrupted programs at time of system initialization, enhancing system security. Programs and data comprising the system\s trusted software, including all startup processes, are verified bef
A method and device for reliably assessing the integrity of a computer system\s software prevents execution of corrupted programs at time of system initialization, enhancing system security. Programs and data comprising the system\s trusted software, including all startup processes, are verified before being utilized. Methods to verify the trusted software use a hierarchy of both modification detection codes and public-key digital signature codes. The top-level codes are placed in a protectable non-volatile storage area, and are used by the startup program to verify the integrity of subsequent programs. A trusted initialization program sets a hardware latch to protect the codes in the non-volatile memory from being overwritten by subsequent untrusted programs. The latch is only reset at system restart, when control returns to the bootstrap program. Software reconfiguration is possible with trusted programs that write new top-level codes while the latch is open. The mechanism itself is immune to malicious software attack when the write-protect latch is closed before running untrusted software. Preferred embodiments in an IBM-compatible personal computer uses the reset switch to initiate a trusted path between the user and a program. Damage from certain classes of computer virus and trojan horse attacks is prevented. A system recovery process is described. A related improved method for user authentication uses a read-and -write memory protection latch to prevent access to sensitive authentication data.
A computer system comprising: a processor; random access memory; read only memory containing a first program executed by said processor upon resetting of the computer system; first storage means for storing first operating system and user programs executed by said processor, said first storage means
A computer system comprising: a processor; random access memory; read only memory containing a first program executed by said processor upon resetting of the computer system; first storage means for storing first operating system and user programs executed by said processor, said first storage means including a region for storing a second program loaded and executed by said processor to commence booting the computer system from said first storage means; second storage means for storing second operating system and user programs executed by said processor, said second storage means including a region for storing a third program loaded and executed by said processor to commence booting the computer system from said second storage means; and a non-volatile memory device having locations for storing first and second code values and accessible to said processor, said first code value being a modification detection code of said second program and said second code value being a modification detection code of said third program, said locations being readable and writable by said processor after a first reset of the computer system, being write protected after receipt of a designated signal from said processor and being made writable again only after a second reset of the computer system, wherein said first program includes: means to determine if either of said second or third programs is present and loading said second or third program into said random access memory; means to compute the modification detection code of the program loaded into said random access memory; means to determine if said computed modification code is equal to said first code value stored in said non volatile memory device, to provide said designated signal to said non-volatile memory device if said computed modification detection code is equal to said first code value and to cause execution of the program loaded into said random access memory after providing said designated signal; means to determine if said computed modification detection code is equal to said second code value stored in said non-volatile memory device and to cause execution of the program loaded into said random access memory without providing said designated signal to said non-volatile memory device if said computed modification detection code is equal to said second code value; and means to halt operation of the computer system if said computed modification code is not equal to either said first code value or said second code value.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.