IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0615361
(2006-12-22)
|
등록번호 |
US-7415620
(2008-08-19)
|
발명자
/ 주소 |
- England,Paul
- DeTreville,John D.
- Lampson,Butler W.
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
22 인용 특허 :
86 |
초록
▼
In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber
In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.
대표청구항
▼
What is claimed is: 1. A method implemented in a subscriber unit for establishing a chain of trust between the subscriber unit and a content provider, the subscriber unit having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufac
What is claimed is: 1. A method implemented in a subscriber unit for establishing a chain of trust between the subscriber unit and a content provider, the subscriber unit having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, the method comprising: submitting a request to the content provider, the request specifying a particular content; receiving, from the content provider, a challenge nonce generated at the content provider; forming an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key and signing the OS certificate using the CPU private key, wherein the forming comprises forming the OS certificate with one or more items from a boot log containing identities of software components that are executing on the CPU; passing the OS certificate and the CPU manufacturer certificate to the content provider for the content provider to evaluate the OS certificate and the CPU manufacturer to determine whether to reject or fulfill the request. 2. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether to trust the identity in the OS certificate. 3. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether the challenge nonce returned in the OS certificate is the challenge nonce generated by the content provider. 4. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by verifying the signature on the OS certificate using the CPU public key contained in the OS certificate. 5. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether the OS certificate and the manufacturer certificate contain an identical CPU public key. 6. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by verifying a manufacturer signature on the manufacturer certificate. 7. The method as recited in claim 1, wherein the content provider evaluates the OS certificate by determining whether to trust the manufacturer of the CPU. 8. The method as recited in claim 1, further comprising downloading the content specified in the request in an event that the content provider elects to fulfill the request. 9. The method as recited in claim 8, the content provider having encrypted the content using a storage key derived in part from the identity of the operating system. 10. A method implemented in a content provider for establishing a chain of trust between the content provider and a subscriber unit, in which the subscriber unit has a central processing unit (CPU) and an operating system (OS) and the CPU further includes a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of the operating system, the method comprising: receiving a request from the subscriber unit, the request specifying a particular content; generating a challenge nonce; returning the challenge nonce to the subscriber unit; receiving, from the subscriber unit, the CPU manufacturer certificate and an OS certificate containing the identity from the software identity register, information describing the operating system, the challenge nonce, and the CPU public key, the OS certificate having been signed using the CPU private key, wherein the identity from the software identity register comprises one or more items from a boot log containing identities of software components executing on the CPU; and evaluating the OS certificate and the CPU manufacturer certificate at the content provider to determine whether to reject or fulfill the request. 11. A method implemented by a third party for associating a level of trust with a user computer, the user computer having a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys, a manufacturer certificate supplied by a manufacturer of the CPU, and a software identity register that holds an identity of an operating system executing on the CPU, the method comprising: establishing a secure connection between the user computer and the third party; generating a challenge nonce; transmitting the challenge nonce to the user computer over the secure connection; receiving, from the user computer, an OS certificate and the challenge nonce, wherein the OS certificate comprises one or more items from a boot log containing identities of software components executing on the CPU, and wherein the OS certificate and the challenge nonce are signed by the user computer using the CPU private key; associating the level of trust for the user computer using the signed OS certificate. 12. The method as recited in claim 11, wherein the identities of the software components executing on the CPU are held in the software identity register. 13. The method as recited in claim 11, wherein the level of trust is based on the operating system identified by the software identity register. 14. The method as recited in claim 11, wherein the OS certificate comprises a boot log. 15. The method as recited in claim 11, wherein the OS certificate comprises a value of a register containing a value associated with a boot log. 16. The method as recited in claim 11, wherein the level of trust is based on the identities of the software components executing on the CPU. 17. The method as recited in claim 11, wherein the software components include device drivers executing on the CPU. 18. The method as recited in claim 17, wherein the level of trust is based on the identities of the device drivers executing on the CPU. 19. The method as recited in claim 11, further comprising: receiving, from the user computer, a request for access to specific content; evaluating whether to permit access based on the level of trust associated with the user computer. 20. The method as recited in claim 19, wherein the access comprises: transmitting the specific content to the user computer through the secure connection. 21. The method as recited in claim 19, wherein the access comprises: transmitting a storage key for the specific content to the user computer through the secure connection, wherein the specific content was previously stored on the user computer. 22. The method as recited in claim 21, wherein the specific content was obtained outside the secure connection.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.