Operating system upgrades in a trusted operating system environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/04
G06F-007/02
G06F-012/00
출원번호
US-0993373
(2001-11-16)
발명자
/ 주소
England,Paul
Peinado,Marcus
Simon,Daniel R.
Benaloh,Josh D.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Lee & Hayes, PLLC
인용정보
피인용 횟수 :
16인용 특허 :
109
초록▼
Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the current trusted c
Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core. In accordance with one implementation, the new trusted core is allowed to access only selected application data previously securely stored by the current trusted core.
대표청구항▼
The invention claimed is: 1. A method comprising: receiving a request to upgrade a current trusted core of an operating system to a new trusted core, wherein the current trusted core is installed on a computing device; and allowing the new trusted core to access application data previously securely
The invention claimed is: 1. A method comprising: receiving a request to upgrade a current trusted core of an operating system to a new trusted core, wherein the current trusted core is installed on a computing device; and allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core can be trusted and further only if the new trusted core has a strictly increasing version number relative to the current trusted core and is signed by a certification authority that also signed the current trusted core. 2. A method as recited in claim 1, wherein the allowing comprises allowing the new trusted core to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core. 3. A method as recited in claim 1, wherein the allowing comprises the current trusted core: identifying a digest of the new trusted core; and having a key securely generated so that it can only be retrieved by the new trusted core based on the digest of the new trusted core, wherein the key was previously used by the current trusted core to securely store data for applications executing on the same computing device as the current trusted core. 4. A method as recited in claim 3, further comprising: checking, by the current trusted core, whether the new trusted core satisfies one or more conditions; and having the key securely stored only if the new trusted core satisfies the one or more conditions. 5. A method as recited in claim 1, further comprising: storing trusted application data utilizing a gatekeeper storage key and a hive key, wherein the allowing comprises allowing the new trusted core to access the gatekeeper storage key. 6. A method as recited in claim 3, further comprising, prior to receiving the request to upgrade the current trusted core: generating the key; having the key securely stored so that it can only be retrieved by the trusted core; receiving requests to securely store data for applications executing on the computing device; and using the key to encrypt the data. 7. A method as recited in claim 1, wherein the allowing comprises the new trusted core: obtaining an encrypted key, wherein the key was previously used by the current trusted core to securely store data for applications executing on the same computing device as the current trusted core was executing on; obtaining the key in decrypted form only if the new trusted core is the new trusted core that the trusted core intended to have access to the key; generating a new key; using the new key to retrieve data securely stored for applications after the upgrading; and using the key to retrieve data securely stored for applications prior to the upgrading. 8. A method as recited in claim 1, wherein the allowing comprises the new trusted core obtaining a set of keys from a platform of the computing device, the set of keys including a key used by the current trusted core to securely store application data and a key to be used by the new trusted core to securely store application data. 9. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device that, when executed by one or more processors, causes the one or more processors to: identify a digest of a new trusted core to which the trusted core is to be upgraded; and have a key securely stored, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core based on the digest of the new trusted core, wherein the key was previously used by the trusted core to securely store data for applications executing on the computing device. 10. One or more computer readable media as recited in claim 9, wherein the plurality of instructions further cause the one or more processors to, prior to having the key securely stored: check whether the new trusted core satisfies one or more conditions; and have the key securely stored only if the new trusted core satisfies the one or more conditions. 11. One or more computer readable media as recited in claim 10, wherein the one or more conditions comprise the new trusted core being a correct next version of the trusted core. 12. One or more computer readable media as recited in claim 10, wherein the one or more conditions comprise verifying that the digest of the new trusted core is digitally signed by the source of the new trusted core. 13. One or more computer readable media as recited in claim 9, wherein the having the key securely stored comprises invoking a seal operation that receives both the key and a cryptographic measure of the new trusted core, and that encrypts at least the key. 14. One or more computer readable media as recited in claim 13, wherein the cryptographic measure comprises a digest. 15. One or more computer readable media as recited in claim 9, wherein the instructions that cause the one or more processors to have the key securely stored so that it can only be retrieved by the new trusted core comprise instructions that cause the one or more processors to: generate a temporary key; encrypt, using the temporary key, a subset of the data securely stored for applications executing on the computing device; and have the temporary key securely stored so that it can only be retrieved by the new trusted core, but not having the key securely stored so that it can be retrieved by the new trusted core. 16. One or more computer readable media as recited in claim 9, wherein the plurality of instructions further cause the one or more processors to, prior to identifying the digest: generate the key; have the key securely stored so that it can only be retrieved by the trusted core; receive requests to securely store data for applications executing on the computing device; and use the key to encrypt the data. 17. One or more computer readable media as recited in claim 16, wherein the instructions to generate the key comprises instructions to generate a random number to use as the key. 18. One or more computer readable media as recited in claim 16, wherein the instructions to generate the key comprises instructions to generate the key in a maimer that allows the key to be calculated by the new trusted core but that does not allow the trusted core to calculate a new key generated by the new trusted core. 19. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device to a new trusted core that, when executed by one or more processors, causes the one or more processors to: obtain an encrypted key, wherein the key was previously used by the trusted core to securely store data for applications executing on the computing device; obtain the key in decrypted form only if the new trusted core is the new trusted core that the trusted core intended to have access to the key; generate a new key; use the new key to retrieve data securely stored for applications after the upgrading; and use the key to retrieve data securely stored for applications prior to the upgrading effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data. 20. One or more computer readable media as recited in claim 19, wherein the plurality of instructions further cause the one or more processors to: identify a digest of another new trusted core to which the new trusted core is to be upgraded; and have the new key securely stored so that it can only be retrieved by the other new trusted core based on the digest of the other new trusted core, wherein the new key is also used by the new trusted core to securely store data for applications executing on the computing device. 21. One or more computer readable media as recited in claim 19, wherein the key is a temporary key that was used by the trusted core to encrypt a subset of the data securely stored by the trusted core. 22. One or more computer readable media as recited in claim 19, wherein the decrypted key is obtained only if a digest of the new wasted core is the same as a digest that the trusted core identified as corresponding to a new trusted core that should have access to the key. 23. One or more computer readable media as recited in claim 19, wherein the plurality of instructions further cause the one or more processors to, after generating the new key, obtain the key previously used by the trusted core without having the encrypted key decrypted. 24. A system comprising: a processor; a memory, coupled to the processor, configured to store an operating system with a trusted core and further configured to store a first plurality of instructions that, when executed by the processor, cause the processor to, identify a digest of a new trusted core with which the trusted core is to be replaced, and have a key securely stored, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core, wherein the key is previously used by the trusted core to securely store data for applications executing on the system, and wherein the memory is further configured to store a second plurality of instructions that, when executed by the processor, cause the processor to, obtain the decrypted key only if, based on the digest of the new trusted core, the new trusted core is the new trusted core that the trusted core intended to have access to the key; generate a new key, and use the new key to securely store and retrieve secrets for applications after the new trusted core replaces the trusted core. 25. A system as recited in claim 24, wherein the first plurality of instructions comprises the trusted core. 26. A system as recited in claim 24, wherein the second plurality of instructions comprises the new trusted core. 27. A system as recited in claim 24, wherein the first plurality of instructions further cause the processor to, prior to having the key securely stored: check whether the new trusted core satisfies one or more conditions; and have the key securely stored only if the new trusted core satisfies the one or more conditions. 28. A system as recited in claim 24, wherein the first plurality of instructions further cause the processor to: generate a temporary key; encrypt, using the temporary key, a subset of the data securely stored for applications executing on the system; and have the temporary key securely stored so that it can only be retrieved by the new trusted core, but not having the key securely stored so that it can be retrieved by the new trusted core. 29. A system as recited in claim 24, wherein the first plurality of instructions further cause the processor to, prior to identifying the digest of the new trusted core and having the key securely stored: generate the key; have the key securely stored so that it can only be retrieved by the trusted core; receive requests to securely store data for applications executing on the computing device; and use the key to encrypt the data. 30. A method comprising: identifying a digest of a new trusted core to which a trusted core of an operating system installed on a computing device is to be upgraded; and having a gatekeeper storage key encrypted, at least in part utilizing a binding key, so that the key can only be retrieved by the new trusted core, wherein the gatekeeper storage key is a key previously used by the trusted core to securely store secrets for applications executing on the computing device. 31. A method as recited in claim 30, further comprising, prior to having the gatekeeper storage key encrypted: checking whether the new trusted core satisfies one or more conditions; and having the key securely stored only if the new trusted core satisfies the one or more conditions. 32. A method as recited in claim 30, wherein having a gatekeeper storage key encrypted so that it can only be retrieved by the new trusted core comprises: generating a temporary key; encrypting, using the temporary key, a subset of the data securely stored for applications executing on the computing device; and having the temporary key securely stored so that it can only be retrieved by the new trusted core, but not having the key securely stored so that it can be retrieved by the new trusted core. 33. A method as recited in claim 30, further comprising, prior to identifying the digest of the new trusted core and having the gatekeeper storage key encrypted: generating the key; having the key securely stored so that it can only be retrieved by the trusted core; receiving requests to securely store data for applications executing on the computing device; and using the key to encrypt the data. 34. A method comprising: obtaining an encrypted gatekeeper storage key, wherein the gatekeeper storage key is a key previously used by a trusted core of an operating system installed on a computing device to securely store secrets for applications executing on the computing device; obtaining the decrypted gatekeeper storage key only it based on a digest of a new trusted core, the new trusted core is the new trusted core that the trusted core intended to have access to the gatekeeper storage key; generating a new gatekeeper storage key; using the new gatekeeper storage key to retrieve secrets securely stored for applications after the upgrading; using the gatekeeper storage key to retrieve secrets securely stored for applications prior to upgrading to the new trusted core effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data. 35. A method as recited in claim 34, further comprising: identifying a digest of another new trusted core to which the new trusted core is to be upgraded; and having the new gatekeeper storage key securely stored so that the gatekeeper storage key can only be retrieved by the other new trusted core based on the digest of the other new trusted core, wherein the new gatekeeper storage key is also used by the new trusted core to securely store data for applications executing on the computing device. 36. A method as recited in claim 34, wherein the gatekeeper storage key is a temporary gatekeeper storage key that was used by the trusted core to encrypt a subset of the data securely stored by the trusted core. 37. A method as recited in claim 34, wherein the decrypted gatekeeper storage key is obtained only if a digest of the new trusted core is the same as a digest that the trusted core identified as corresponding to a new trusted core that should have access to the gatekeeper storage key. 38. One or more computer readable media having stored thereon a plurality of instructions to facilitate upgrading a trusted core of an operating system installed on a computing device to a new trusted core that, when executed by one or more processors, causes the one or more processors to: obtain a set of one or more keys, wherein a first key of the set of keys was previously used by the trusted core to securely store data for applications executing on the computing device; use a second key of the set of keys to securely store data for applications after the upgrading; use the first key to retrieve data securely stored for applications prior to the upgrading; and use the second key to retrieve data securely stored for applications after the upgrading effective to enable both the trusted core and the new trusted core to subsequently retrieve the prior stored data while only the new trusted core can retrieve the after stored data. 39. One or more computer readable media as recited in claim 38, wherein the set of one or more keys includes a plurality of additional keys, and wherein each of the plurality of additional keys was used by a different trusted core prior to upgrading to the trusted core. 40. One or more computer readable media as recited in claim 38, wherein a value SKn refers to the set of one or more keys, an operation SHA-1 refers to the Secure Hash Algorithm 1, an operation cat refers to a concatenation operation, a value BK refers to a platform key, a value public13key refers to a public key of a party that generated the new trusted core, a value n refers to a particular trusted core number, a value N refers to a number of the trusted core, and wherein the plurality of instructions to obtain the set of one or more keys comprises instructions that cause the one or more processors to have the set of one or more keys generated as follows: description="In-line Formulae" end="lead"SK n=SHA-1(cat(BK, public13key, n), for n=0 to N. description="In-line Formulae" end="tail" 41. A method comprising: requesting, by a trusted core, a set of keys to be used by the trusted core for secure secret storage and retrieval on a computing device, wherein the set of keys includes a first key and a second key, and wherein the first key was previously used by a previous trusted core for secure secret storage prior to the computing device being upgraded to the trusted core; using the second key for secure storage of secrets by applications by the trusted core; using the second key for retrieval of secrets previously stored by applications via the trusted core; using the first key for retrieval of secrets previously stored by applications via the previous trusted core effective to enable both the trusted core and the previous trusted core to subsequently retrieve the secrets previously stored by applications via the previous trusted core while only the trusted core can retrieve secrets secured by the second key. 42. A method as recited in claim 41, wherein a value SKn refers to the set of keys, an operation SHA-1 refers to the Secure Hash Algorithm 1, an operation cat refers to a concatenation operation, a value BK refers to a key of a platform of the computing device, a value public key refers to a public13key of a party that generated the trusted core, a value n refers to a particular trusted core number, a value N refers to a number of the trusted core, and wherein the plurality of instructions to request the set of keys comprises instructions that cause the one or more processors to have the set of one or more keys generated as follows: description="In-line Formulae" end="lead"SK n=SHA-1(cat(BK, public13key, n), for n=0 to N. description="In-line Formulae" end="tail"
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (109)
Campbell Randall B., Apparatus and method for remotely executing commands using distributed computing environment remote procedure calls.
Fisher Jerald C. ; Nguyen Lien Dai ; Young James ; Seaburg Gunnar P. ; Hedlund Galen W. ; Katz Richard S., Channel configuration program server architecture.
Takahashi Kikuo (Hachioji JPX) Kagimasa Toyohiko (Hachioji JPX) Mori Toshiaki (Hachioji JPX), Data processing apparatus having a real memory region with a corresponding fixed memory protection key value and method.
Robert G. Atkinson ; James W. Kelly, Jr. ; Bryan W. Tuttle ; Robert M. Price ; Robert P. Reichel, Embedding certifications in executable files for network transmission.
Benantar Messaoud ; Blakley ; III George Robert ; Nadalin Anthony Joseph, Information handling system, method, and article of manufacture for efficient object security processing by grouping obj.
Guillou Louis C. (Rennes FRX) Quisquater Jean-Jacques (Brussels BEX), Method and apparatus for authenticating accreditations and for authenticating and signing messages.
Novoa Manuel ; McCann Paul H. ; Sharum Wayne P. ; Crisan Adrian ; Hokanson Paul B., Method and apparatus for remote ROM flashing and security management for a computer system.
Hennige Hartmut (23 Packman Lane ; Home Green Kirk Ella Hull HU10 7TH N. Humberside GB3), Method and device for simplifying the use of a plurality of credit cards, or the like.
Thomas D. McGuire ; Michael V. Sliger ; Daniel C. Welch ; Rajendra H. Vishnumurty ; Gabriel J. Aul ; Oliver I. Wallace ; Gregory W. Nichols ; Alan B. Auerbach, Method and system for downloading updates for software installation.
Krishnan Ganapathy ; Guthrie John ; Oyler Scott, Method and system for securely incorporating electronic information into an online purchasing application.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow David Wayne ; Wrench ; Jr. Edwin H., Method for establishing trust in a computer network via association.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Johnson Herrick J. (Marblehead MA) Olson Margaret (Nashua NH) Jones Stuart (Cambridge MA) Bodoff Stephanie (Somerville MA) Bertrand Stephen C. (Waltham MA) Levine Paul H. (Carlisle MA), Network license server.
Dardinski,Steven; Eldridge,Keith; Hall,Robert; Johnson,Mark; McKay,Brian; Meskonis,Paul; Volk,Scott, Process control configuration system with connection validation and configuration.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Grimonprez Georges (Villeneuve d\Asq FRX) Paradinas Pierre (Villeneuve d\Asq FRX), Secured method for loading a plurality of applications into a microprocessor memory card.
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Barlow Doug ; Dillaway Blair ; Fox Barbara ; Lipscomb Terry ; Spies Terrence, System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer.
Ryan ; Jr. Frederick W. ; Sisson Robert W., System and method for mutual authentication and secure communications between a postage security device and a meter server.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Chiles Anthony A. ; Chiles David C. ; Manbeck ; Jr. Jackie Lee ; Nguyen Vu Hoanh, Technique for automatically updating software stored on a client computer in a networked client-server environment.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow ; deceased David Wayne ; Wrench ; Jr. Edwin H., Using trusted associations to establish trust in a computer network.
Fearnley,Jolyon A.; Shute,Beresford; Johnson,Brian; Furniss,Diane; Waters,David A., Infrastructure method and system for authenticated dynamic security domain boundary extension.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.