In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correc
In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.
대표청구항▼
We claim: 1. In a computer system having a central processing unit and a software identity register, a method comprising: executing an atomic operation to set an identity of a piece of software into the software identity register, wherein if the atomic operation completes correctly, the software id
We claim: 1. In a computer system having a central processing unit and a software identity register, a method comprising: executing an atomic operation to set an identity of a piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software and if the atomic operation fails to complete correctly, the software identity register contains a value other than the identity of the piece of software; and examining the software identity register to verify the identity of the piece of software; wherein the identity comprises a public key of a correctly signed block of code from the piece of software, and the examining comprises verifying a signature of the signed block of code against the public key. 2. A method as recited in claim 1, wherein the piece of software comprises the operating system. 3. A method as recited in claim 1, wherein the piece of software comprises an operating system loader. 4. A method as recited in claim 1, wherein executing the atomic operation comprises executing the atomic operation at the start of an operating system loader. 5. A method as recited in claim 1, wherein executing the atomic operation comprises executing a BeginAuthenticatedBoot instruction. 6. A method as recited in claim 1, wherein the piece of software includes a boot block that includes a block of code. 7. A method as recited in claim 6, wherein the boot block further includes a BeginAuthenticatedBoot opcode. 8. A method as recited in claim 6, wherein the boot block further includes a length specifying a number of bytes in the block of code. 9. A method as recited in claim 6, wherein the boot block further includes one or more constants to be used to validate subsequent operating system components. 10. A method as recited in claim 1, further comprising appending at least a portion of the identity to a boot log. 11. A method as recited in claim 1, further comprising authenticating additional blocks of code. 12. A method as recited in claim 1, further comprising: appending at least a portion of the identity to a boot log; authenticating additional blocks of code; and appending identities of the additional blocks of code to the boot log. 13. In a computer system having a central processing unit and a software identity register, a method comprising: executing an atomic operation to set an identity of a piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software and if the atomic operation fails to complete correctly, the software identity register contains a value other than the identity of the piece of software; and examining the software identity register to verify the identity of the piece of software, wherein the piece of software includes a boot block that includes a block of code and, wherein the boot block further includes: a signature obtained from signing the block of code; and a public key from a key pair. 14. A method as recited in claim 13, wherein the piece of software comprises the operating system. 15. A method as recited in claim 13, wherein the piece of software comprises an operating system loader. 16. A method as recited in claim 13, wherein executing the atomic operation comprises executing the atomic operation at the start of an operating system loader. 17. A method as recited in claim 13, wherein executing the atomic operation comprises executing a BeginAuthenticatedBoot instruction. 18. A method as recited in claim 13, wherein the boot block further includes a BeginAuthenticatedBoot opcode. 19. A method as recited in claim 13, wherein the boot block further includes a length specifying a number of bytes in the block of code. 20. A method as recited in claim 13, wherein the boot block further includes one or more constants to be used to validate subsequent operating system components. 21. A method as recited in claim 13, further comprising appending at least a portion of the identity to a boot log. 22. A method as recited in claim 13, further comprising authenticating additional blocks of code. 23. A method as recited in claim 13, further comprising: appending at least a portion of the identity to a boot log; authenticating additional blocks of code; and appending identities of the additional blocks of code to the boot log. 24. In a computer system having a central processing unit (CPU), a piece of software, and a software identity register, a method comprising: identifying a boot block of code associated with the piece of software that uniquely describes the piece of software; creating an identity of the piece of software from the boot block, wherein the creating comprises signing the boot block using a private key from a key pair to form a signature, and wherein the signature and a corresponding public key from the key pair together form the identity of the piece of software; and executing an atomic operation to set the identity of the piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software. 25. A method as recited in claim 24, wherein the piece of software comprises an operating system. 26. A method as recited in claim 24, wherein the piece of software comprises an operating system loader. 27. A method as recited in claim 24, wherein executing the atomic operation comprises executing the atomic operation at the start of an operating system loader. 28. A method as recited in claim 24, further comprising appending at least a portion of the identity to a boot log. 29. A method as recited in claim 24, further comprising authenticating additional blocks of code. 30. A method as recited in claim 24, further comprising: appending at least a portion of the identity to a boot log; authenticating additional blocks of code; and appending identities of the additional blocks of code to the boot log. 31. A method as recited in claim 24, wherein executing the atomic operation comprises executing a BeginAuthenticatedBoot instruction. 32. A computer comprising: a nonvolatile memory having a piece of software stored therein, wherein the piece of software has a block of code; a software identity register; a central processing unit (CPU) coupled to the memory, wherein the CPU holds a manufacturer certificate signed by a manufacturer of the CPU; and the piece of software being booted for execution on the CPU according to a sequence that begins with an atomic operation, wherein if the atomic operation completes correctly, the software identity register is set to the identity of the piece of software. 33. A computer as recited in claim 32, wherein the software identity register is included in the CPU. 34. A computer as recited in claim 32, wherein the piece of software comprises an operating system. 35. A computer as recited in claim 32, wherein the piece of software comprises an operating system loader. 36. A method as recited in claim 32, wherein the sequence includes an operating system loader. 37. A computer as recited in claim 32, wherein the identity comprises a digital signature on a block of code from the piece of software. 38. A computer as recited in claim 32, wherein the identity comprises a hash digest of a block of code from the piece of software. 39. A computer as recited in claim 32, further comprising a boot log, wherein the CPU appends the identity of the piece of software to the boot log in the event that the atomic operation completes correctly. 40. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to: load a boot block for a piece of software, wherein the boot block includes a block of code, and wherein the boot block further includes a length specifying a number of bytes in the block of code; generate a value based on the block of code and one or more constants; and set the value into a software identity register of one of the one or more processors. 41. One or more computer readable memories as recited in claim 40, wherein the boot block further includes a BeginAuthenticatedBoot opcode. 42. One or more computer readable memories as recited in claim 40, wherein the boot block further includes one or more constants to be used to validate subsequent operating system components. 43. One or more computer readable memories as recited in claim 40, wherein the piece of software comprises an operating system. 44. One or more computer readable memories as recited in claim 40, wherein the piece of software comprises an operating system loader. 45. One or more computer readable memories as recited in claim 40, wherein the value comprises a cryptographic hash of the block of code and the one or more constants. 46. One or more computer readable memories as recited in claim 40, wherein the value comprises a digest of the block of code and the one or more constants. 47. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to: load a boot block for a piece of software, wherein the boot block includes a block of code, and wherein the boot block further includes one or more constants to be used to validate subsequent operating system components; generate a value based on the block of code and the one or more constants; and set the value into a software identity register of one of the one or more processors. 48. One or more computer readable memories as recited in claim 47, wherein the boot block further includes a BeginAuthenticatedBoot opcode. 49. One or more computer readable memories as recited in claim 47, wherein the piece of software comprises an operating system. 50. One or more computer readable memories as recited in claim 47, wherein the piece of software comprises an operating system loader. 51. One or more computer readable memories as recited in claim 47, wherein the value comprises a cryptographic hash of the block of code and the one or more constants. 52. One or more computer readable memories as recited in claim 47, wherein the value comprises a digest of the block of code and the one or more constants. 53. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to: load a boot block for a piece of software, wherein the boot block includes a block of code; generate a value based on the block of code and one or more constants, wherein the value comprises a digest of the block of code and the one or more constants; and set the value into a software identity register of one of the one or more processors. 54. One or more computer readable memories as recited in claim 53, wherein the boot block further includes a BeginAuthenticatedBoot opcode. 55. One or more computer readable memories as recited in claim 53, wherein the boot block further includes one or more constants to be used to validate subsequent operating system components. 56. One or more computer readable memories as recited in claim 53, wherein the piece of software comprises an operating system. 57. One or more computer readable memories as recited in claim 53, wherein the piece of software comprises an operating system loader.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (135)
Hardell ; Jr. William R. (Austin TX) Henson ; Jr. James D. (Austin TX) Mitchell Oscar R. (Pflugerville TX), Apparatus and method for booting a multiple processor system having a global/local memory architecture.
Fisher Jerald C. ; Nguyen Lien Dai ; Young James ; Seaburg Gunnar P. ; Hedlund Galen W. ; Katz Richard S., Channel configuration program server architecture.
Brachtl Bruno O. (Baden-Wuerttenberg NY DEX) Coppersmith Don (Ossining NY) Hyden Myrna M. (Manassas VA) Matyas ; Jr. Stephen M. (Manassas VA) Meyer Carl H. W. (Kingston NY) Oseas Jonathan (Hurley NY), Data authentication using modification detection codes based on a public one way encryption function.
Takahashi Kikuo (Hachioji JPX) Kagimasa Toyohiko (Hachioji JPX) Mori Toshiaki (Hachioji JPX), Data processing apparatus having a real memory region with a corresponding fixed memory protection key value and method.
Robert G. Atkinson ; James W. Kelly, Jr. ; Bryan W. Tuttle ; Robert M. Price ; Robert P. Reichel, Embedding certifications in executable files for network transmission.
Jones Michael F. (Nashua NH) Zachai Arthur (Swampscott MA), Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys.
Heer Daniel N. ; Rance Robert J., Encrypting method and apparatus enabling multiple access for multiple services and multiple transmission modes over a broadband communication network.
Guillou Louis C. (Rennes FRX) Quisquater Jean-Jacques (Brussels BEX), Method and apparatus for authenticating accreditations and for authenticating and signing messages.
Imai Toru,JPX ; Yoshida Hideki,JPX ; Segawa Hideo,JPX, Method and apparatus for data input/output management suitable for protection of electronic writing data.
Gutowitz Howard A. (6395 Claremore La. San Diego CA 92120), Method and apparatus for encryption, decryption and authentication using dynamical systems.
Novoa Manuel ; McCann Paul H. ; Sharum Wayne P. ; Crisan Adrian ; Hokanson Paul B., Method and apparatus for remote ROM flashing and security management for a computer system.
Jeffrey Vinson ; Steig Westerberg ; Jeffrey DeVries, Method and apparatus to allow remotely located computer programs and/or data to be accessed on a local computer in a secure, time-limited manner, with persistent caching.
Hennige Hartmut (23 Packman Lane ; Home Green Kirk Ella Hull HU10 7TH N. Humberside GB3), Method and device for simplifying the use of a plurality of credit cards, or the like.
Ellison, Carl M.; Golliver, Roger A.; Herbert, Howard C.; Lin, Derrick C.; McKeen, Francis X.; Neiger, Gilbert; Reneris, Ken; Sutton, James A.; Thakkar, Shreekant S.; Mittal, Millind, Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set.
Krishnan Ganapathy ; Guthrie John ; Oyler Scott, Method and system for securely incorporating electronic information into an online purchasing application.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow David Wayne ; Wrench ; Jr. Edwin H., Method for establishing trust in a computer network via association.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Johnson Herrick J. (Marblehead MA) Olson Margaret (Nashua NH) Jones Stuart (Cambridge MA) Bodoff Stephanie (Somerville MA) Bertrand Stephen C. (Waltham MA) Levine Paul H. (Carlisle MA), Network license server.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Grimonprez Georges (Villeneuve d\Asq FRX) Paradinas Pierre (Villeneuve d\Asq FRX), Secured method for loading a plurality of applications into a microprocessor memory card.
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
Chandra Ashileshwari N. (Mahopac NY) Comerford Liam D. (Carmel NY) White Steve R. (New York NY), Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocess.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Barlow Doug ; Dillaway Blair ; Fox Barbara ; Lipscomb Terry ; Spies Terrence, System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer.
Lipner Steven B. (Oakton VA) Balenson David M. (Olney MD) Ellison Carl M. (Baltimore MD) Walker Stephen T. (Glenwood MD), System and method for data recovery.
Ryan ; Jr. Frederick W. ; Sisson Robert W., System and method for mutual authentication and secure communications between a postage security device and a meter server.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Wilkinson Timothy J.,GBX ; Guthery Scott B. ; Krishna Ksheerabdhi ; Montgomery Michael A., Using a high level programming language with a microcontroller.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow ; deceased David Wayne ; Wrench ; Jr. Edwin H., Using trusted associations to establish trust in a computer network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.