[특허]System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party

System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-011/30
출원번호	US-0615361 (2006-12-22)
등록번호	US-7415620 (2008-08-19)
발명자 / 주소	England,Paul DeTreville,John D. Lampson,Butler W.
출원인 / 주소	Microsoft Corporation
인용정보	피인용 횟수 : 22 인용 특허 : 86

초록 ▼

In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.

대표청구항 ▼

What is claimed is: 1. A method implemented in a subscriber unit for establishing a chain of trust between the subscriber unit and a content provider, the subscriber unit having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, the method comprising: submitting a request to the content provider, the request specifying a particular content; receiving, from the content provider, a challenge nonce generated at the content provider; forming an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key and signing the OS certificate using the CPU private key, wherein the forming comprises forming the OS certificate with one or more items from a boot log containing identities of software components that are executing on the CPU; passing the OS certificate and the CPU manufacturer certificate to the content provider for the content provider to evaluate the OS certificate and the CPU manufacturer to determine whether to reject or fulfill the request. 2. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether to trust the identity in the OS certificate. 3. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether the challenge nonce returned in the OS certificate is the challenge nonce generated by the content provider. 4. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by verifying the signature on the OS certificate using the CPU public key contained in the OS certificate. 5. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether the OS certificate and the manufacturer certificate contain an identical CPU public key. 6. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by verifying a manufacturer signature on the manufacturer certificate. 7. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether to trust the manufacturer of the CPU. 8. The method as recited in claim 1, further comprising downloading the content specified in the request in an event that the content provider elects to fulfill the request. 9. The method as recited in claim 8, the content provider having encrypted the content using a storage key derived in part from the identity of the operating system. 10. A method implemented in a content provider for establishing a chain of trust between the content provider and a subscriber unit, in which the subscriber unit has a central processing unit (CPU) and an operating system (OS) and the CPU further includes a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, the method comprising: receiving a request from the subscriber unit, the request specifying a particular content; generating a challenge nonce; returning the challenge nonce to the subscriber unit; receiving, from the subscriber unit, the CPU manufacturer certificate and an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key, the OS certificate having been signed using the CPU private key, wherein the identity from the software identity register comprises one or more items from a boot log containing identities of software components executing on the CPU; and evaluating the OS certificate and the CPU manufacturer certificate at the content provider to determine whether to reject or fulfill the request. 11. A method implemented by a third party for associating a level of trust with a user computer, the user computer having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of an operating system executing on the CPU, the method comprising: establishing a secure connection between the user computer and the third party; generating a challenge nonce; transmitting the challenge nonce to the user computer over the secure connection; receiving, from the user computer, an OS certificate and the challenge nonce, wherein the OS certificate comprises one or more items from a boot log containing identities of software components executing on the CPU, and wherein the OS certificate and the challenge nonce are signed by the user computer using the CPU private key; associating the level of trust for the user computer using the signed OS certificate. 12. The method as recited in claim 11, wherein the identities of the software components executing on the CPU are held in the software identity register. 13. The method as recited in claim 11, wherein the level of trust is based on the operating system identified by the software identity register. 14. The method as recited in claim 11, wherein the OS certificate comprises a boot log. 15. The method as recited in claim 11, wherein the OS certificate comprises a value of a register containing a value associated with a boot log. 16. The method as recited in claim 11, wherein the level of trust is based on the identities of the software components executing on the CPU. 17. The method as recited in claim 11, wherein the software components include device drivers executing on the CPU. 18. The method as recited in claim 17, wherein the level of trust is based on the identities of the device drivers executing on the CPU. 19. The method as recited in claim 11, further comprising: receiving, from the user computer, a request for access to specific content; evaluating whether to permit access based on the level of trust associated with the user computer. 20. The method as recited in claim 19, wherein the access comprises: transmitting the specific content to the user computer through the secure connection. 21. The method as recited in claim 19, wherein the access comprises: transmitting a storage key for the specific content to the user computer through the secure connection, wherein the specific content was previously stored on the user computer. 22. The method as recited in claim 21, wherein the specific content was obtained outside the secure connection.

이 특허에 인용된 특허 (86)

Hardell ; Jr. William R. (Austin TX) Henson ; Jr. James D. (Austin TX) Mitchell Oscar R. (Pflugerville TX), Apparatus and method for booting a multiple processor system having a global/local memory architecture.
상세보기
Anderson Eric D., Apparatus and method to determine cause of failed boot sequence to improve likelihood of successful subsequent boot att.
상세보기
Fieres Helmut ; Merkling Roger ; Klemba Keith, Application certification for an international cryptography framework.
상세보기
Ohta Kazuo (Fujisawa JPX) Okamoto Tatsuaki (Yokosuka JPX), Authentication system and apparatus therefor.
상세보기
Deo Vinay ; Seidensticker Robert B. ; Simon Daniel R., Authentication system and method for smart card transactions.
상세보기
Nevarez Carlos A ; Echols Grant G, Authority delegation with secure operating system queues.
상세보기
Sadowsky Richard S. ; Isenberg Henri J. ; Trollope Rowan, Boot failure recovery.
상세보기
Fisher Jerald C. ; Nguyen Lien Dai ; Young James ; Seaburg Gunnar P. ; Hedlund Galen W. ; Katz Richard S., Channel configuration program server architecture.
상세보기
Atkinson Robert G. ; Price Robert M. ; Contorer Aaron M., Code certification for network transmission.
상세보기
Cummins Marty T. (Rochester MI), Computer software encryption apparatus.
상세보기
Grawrock,David W., Connecting a virtual token to a physical token.
상세보기
Herbert Howard C. ; Davis Derek L., Cryptographically protected paging subsystem.
상세보기
Brachtl Bruno O. (Baden-Wuerttenberg NY DEX) Coppersmith Don (Ossining NY) Hyden Myrna M. (Manassas VA) Matyas ; Jr. Stephen M. (Manassas VA) Meyer Carl H. W. (Kingston NY) Oseas Jonathan (Hurley NY), Data authentication using modification detection codes based on a public one way encryption function.
상세보기
Takahashi Kikuo (Hachioji JPX) Kagimasa Toyohiko (Hachioji JPX) Mori Toshiaki (Hachioji JPX), Data processing apparatus having a real memory region with a corresponding fixed memory protection key value and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Hannah, Eric C., Digital content protection using a secure booting method and apparatus.
상세보기
LeBourgeois John H., Digitally certifying a user identity and a computer system in combination.
상세보기
Takahashi Richard J. (Phoenix AZ), Dual purpose security architecture with protected internal operating system.
상세보기
Jones Michael F. (Nashua NH) Zachai Arthur (Swampscott MA), Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys.
상세보기
Heer Daniel N. ; Rance Robert J., Encrypting method and apparatus enabling multiple access for multiple services and multiple transmission modes over a broadband communication network.
상세보기
Barr Adam D. ; Swift Michael M. ; Lenzmeier Charles T., Ensuring the integrity of remote boot client data.
상세보기
Karnik Milind ; Batz Joseph ; Tiruvallur Keshavan ; Glew Andrew ; Binns Frank ; Thakkar Shreekant ; Sarangdhar Nitin, Fault-tolerant boot strap mechanism for a multiprocessor system.
상세보기
Balk Michael W. (Piscataway NJ), File system for a data storage device having a power fail recovery mechanism for write/replace operations.
상세보기
Clark Paul C., Intelligent token protected system with network authentication.
상세보기
England,Paul; DeTreville,John D.; Lampson,Butler W., Key-based secure storage.
상세보기
England,Paul; DeTreville,John D.; Lampson,Butler W., Key-based secure storage.
상세보기
Griswold Gary N., Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a.
상세보기
Wheeler,Anne M.; Wheeler,Lynn Henry, Managing database for reliably identifying information of device generating digital signatures.
상세보기
Jablon David P. (Shrewsbury MA) Hanley Nora E. (Shrewsbury MA), Method and apparatus for assessing integrity of computer system software.
상세보기
Guillou Louis C. (Rennes FRX) Quisquater Jean-Jacques (Brussels BEX), Method and apparatus for authenticating accreditations and for authenticating and signing messages.
상세보기
Imai Toru,JPX ; Yoshida Hideki,JPX ; Segawa Hideo,JPX, Method and apparatus for data input/output management suitable for protection of electronic writing data.
상세보기
Gutowitz Howard A. (6395 Claremore La. San Diego CA 92120), Method and apparatus for encryption, decryption and authentication using dynamical systems.
상세보기
Helbig ; Sr. Walter A, Method and apparatus for enhancing computer system security.
상세보기
Chang Sheue-Ling ; Gosling James, Method and apparatus for enhancing software security and distributing software.
상세보기
Graunke Gary L. ; Rozas Carlos V., Method and apparatus for integrity verification, authentication, and secure linkage of software modules.
상세보기
Schmeidler,Yonah; Atkins,Derek; Eichin,Mark W.; Rostcheck,David J., Method and apparatus for secure content delivery over broadband access networks.
상세보기
Vu, Son Trung; Phan, Quang, Method and apparatus for secure processing of cryptographic keys.
상세보기
Merkling Roger ; Fieres Helmut ; Klemba Keith, Method and apparatus for trusted processing.
상세보기
Jeffrey Vinson ; Steig Westerberg ; Jeffrey DeVries, Method and apparatus to allow remotely located computer programs and/or data to be accessed on a local computer in a secure, time-limited manner, with persistent caching.
상세보기
Hsu Jerry,TWX ; Shen Sidney,TWX, Method and apparatus to protect computer software.
상세보기
Hennige Hartmut (23 Packman Lane ; Home Green Kirk Ella Hull HU10 7TH N. Humberside GB3), Method and device for simplifying the use of a plurality of credit cards, or the like.
상세보기
Berstis,Viktors; Rodriguez,Herman, Method and system for encryption of web browser cache.
상세보기
Derek L. Davis ; Pranav Mehta, Method for BIOS authentication prior to BIOS execution.
상세보기
Patel Baiju V., Method for securing communications in a pre-boot environment.
상세보기
Rubin Aviel D. (East Hanover NJ), Method for the secure distribution of electronic files in a distributed environment.
상세보기
Preneel Bart K. B. (Heverlee BEX) Van Oorschot Paul C. (Ottawa CAX), Method of building fast MACS from hash functions.
상세보기
Coulier Charles,FRX ; Gordons Edouard,FRX ; Grimonprez Georges,FRX, Microprocessor-based memory card that limits memory accesses by application programs and method of operation.
상세보기
Johnson Herrick J. (Marblehead MA) Olson Margaret (Nashua NH) Jones Stuart (Cambridge MA) Bodoff Stephanie (Somerville MA) Bertrand Stephen C. (Waltham MA) Levine Paul H. (Carlisle MA), Network license server.
상세보기
Trostle Jonathan, Networked workstation intrusion detection system.
상세보기
Thomlinson Matthew W. ; Simon Daniel R. ; Yee Bennet, Non-biased pseudo random number generator.
상세보기
Lovelace John V. ; Nevis Bryon S., Operating system bootstrap security mechanism.
상세보기
Kuznetsov Oleg V. (Kiev UAX) Luchuk Dmitry A. (Kiev UAX), Personal computer security system.
상세보기
Asai Toshinori,JPX, Program operating apparatus.
상세보기
Davis Derek L. (Phoenix AZ), Roving software license for a hardware agent.
상세보기
Davis Derek L., Secure BIOS.
상세보기
Arbaugh William A. ; Farber David J. ; Keromytis Angelos D. ; Smith Jonathan M., Secure and reliable bootstrap architecture.
상세보기
Holtey Thomas O. (Newton MA), Secure application card for sharing application data and procedures among a plurality of microprocessors.
상세보기
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
상세보기
Davis Derek L., Secure boot.
상세보기
Angelo Michael F., Secure software registration and integrity assessment in a computer system.
상세보기
Grimonprez Georges (Villeneuve d\Asq FRX) Paradinas Pierre (Villeneuve d\Asq FRX), Secured method for loading a plurality of applications into a microprocessor memory card.
상세보기
Hinsley Stewart R. (Alsager GB3) Hughes Christopher D. (Audlem GB3), Security mechanism for a computer system.
상세보기
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
상세보기
Chandra Ashileshwari N. (Mahopac NY) Comerford Liam D. (Carmel NY) White Steve R. (New York NY), Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocess.
상세보기
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
상세보기
Hasebe Takayuki,JPX ; Akiyama Ryota,JPX ; Yoshioka Makoto,JPX, Storage medium for preventing an irregular use by a third party.
상세보기
Milios Ioannis ; Oppedahl Carl, Stored program system with protected memory and secure signature extraction.
상세보기
Rosen Sholom S. (New York NY), System and method for commercial payments using trusted agents.
상세보기
Lipner Steven B. (Oakton VA) Balenson David M. (Olney MD) Ellison Carl M. (Baltimore MD) Walker Stephen T. (Glenwood MD), System and method for data recovery.
상세보기
Chess David M. ; Sorkin Gregory Bret ; White Steve Richard, System and method for protecting integrity of alterable ROM using digital signatures.
상세보기
Cox James O. (Austin TX) Mott James M. (Austin TX), System and method for secure initial program load for diskless workstations.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
상세보기
Schneck Paul B. ; Abrams Marshall D., System for controlling access and distribution of digital property.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
상세보기
Rosen Sholom S., Trusted agents for open distribution of electronic money.
상세보기
Rosen Sholom S. (New York NY), Trusted agents for open electronic commerce.
상세보기
Griffin Claire ; Barnes Douglas, Trusted delegation system.
상세보기
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow ; deceased David Wayne ; Wrench ; Jr. Edwin H., Using trusted associations to establish trust in a computer network.
상세보기

이 특허를 인용한 특허 (22)

Hogg, Anthony B.; Jenkin, Peter M., Authorized remote access to an operating system hosted by a virtual machine.
상세보기
Princen, John; Srinivasan, Pramila; Anderson, Craig Steven, Block-based media content authentication.
상세보기
Srinivasan, Pramila; Princen, John, Certificate verification.
상세보기
Riordan, James F., Data processing systems.
상세보기
Yen, Wei; Princen, John; Lo, Raymond; Srinivasan, Pramila, Delivery of license information using a short messaging system protocol in a closed content distribution system.
상세보기
Princen, John; Srinivasan, Pramila; Blythe, David; Yen, Wei, Ensuring authenticity in a closed content distribution system.
상세보기
Princen, John; Srinivasan, Pramila; Blythe, David; Yen, Wei, Ensuring authenticity in a closed content distribution system.
상세보기
Princen, John; Srinivasan, Pramila; Blythe, David; Yen, Wei, Ensuring authenticity in a closed content distribution system.
상세보기
Kelley, Brian H., Method and apparatus to create a secure web-browsing environment with privilege signing.
상세보기
Falk, Rainer; Kohlmayer, Florian, Method for processing messages and message processing device.
상세보기
Green, Mitchell C.; Hunt, Neil D.; Evans, Joshua R.; Hawes, Keith; Gopalani, Naresh, Method of sharing an item rental account.
상세보기
Srinivasan, Pramila; Princen, John, Programming non-volatile memory in a secure processor.
상세보기
Srinivasan, Pramila; Princen, John, Programming on-chip non-volatile memory in a secure processor using a sequence number.
상세보기
Srinivasan, Pramila; Princen, John, Programming on-chip non-volatile memory in a secure processor using a sequence number.
상세보기
Srinivasan, Pramila; Princen, John, Programming on-chip non-volatile memory in a secure processor using a sequence number.
상세보기
Yen, Wei; Blythe, David; Princen, John; Srinivasan, Pramila, Static-or-dynamic and limited-or-unlimited content rights.
상세보기
Malat, Jonathan C.; Raimo, Justin V.; Luther, Matthew K.; Cytryn, Abraham; Stein, F. Jason; Golovaty, Dennis B; Ferreira, Robert; Misiukiewicz, Leon M., Subscription interface for providing access to digital publications.
상세보기
Wolf, Bryan D., System and method enabling parallel processing of hash functions using authentication checkpoint hashes.
상세보기
Wolf, Bryan D., System and method enabling parallel processing of hash functions using authentication checkpoint hashes.
상세보기
Buer, Mark, System and method for distributed security.
상세보기
Buer, Mark, System and method for distributed security.
상세보기
Pomerantz, Ori, Verifying certificate use.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (86)

이 특허를 인용한 특허 (22)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (86)

이 특허를 인용한 특허 (22)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트