专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

2. 发明授权

US06560706B1 Interface for ensuring system boot image integrity and authenticity 有权
标题翻译：确保系统引导映像完整性和真实性的界面
公开(公告)号：US06560706B1
公开(公告)日：2003-05-06
申请号：US09234757
申请日：1999-01-21
申请人： John M. Carbajal , Eric R. Dittert , Paul C. Drews
发明人： John M. Carbajal , Eric R. Dittert , Paul C. Drews
IPC分类号： H04L900
CPC分类号： G06F21/572 , G06F9/4416
摘要： A method and apparatus for ensuring system boot image integrity and authenticity is described. In one embodiment, the invention provides security from the end of Basic Input/Output System (BIOS) initialization to the point in time at which control is transferred to a high-level operating system (OS). The OS boot image is obtained via a network connection and is checked for integrity and authority to run on a particular platform. For this purpose, the invention provides a boot image security usage model that is simple and flexible enough to cover a variety of needs. Because receipt of boot images via a network connection can be subject to size constraints, the invention allows software to bootstrap more sophisticated security software if desired. In general, the invention utilizes one or more Remote-Boot Authorization Certificates for each group of platforms to be managed. The authorization certificate for a group of platforms is configured into each of the platforms in a group as the source of authority for allowing boot images to be executed. The authorization certificate is also the source of authority for allowing reconfiguration commands, including reconfiguration commands that transfer the source of authority to another authority. In one embodiment, IT organizations can create different authorization certificates for different groups to allow the different groups to be managed by different authorities. Authority can also be transferred between management groups. The Remote-Boot Authorization Certificates provide protection against remote-boot images that have been damaged and/or tampered with either in transit or on a server, the ability to designate and enforce which boot images are permitted, and a mechanism to limit the scope of management authorities having remote-boot authority.
摘要翻译：描述了一种用于确保系统引导映像完整性和真实性的方法和装置。在一个实施例中，本发明提供从基本输入/输出系统（BIOS）初始化结束到将控制传送到高级操作系统（OS）的时间点的安全性。操作系统引导映像是通过网络连接获得的，并检查其在整个特定平台上的完整性和权限。为此，本发明提供了一种引导映像安全性使用模型，其简单和灵活性足以满足各种需求。由于通过网络连接接收引导映像可能受到大小限制，本发明允许软件在需要时引导更复杂的安全软件。通常，本发明利用一个或多个远程启动授权证书来管理每组平台。将一组平台的授权证书配置为组中的每个平台作为允许启动映像执行的权限的来源。授权证书也是允许重新配置命令的权力来源，包括重新配置命令，将权限的来源转移到另一个权限。在一个实施例中，IT组织可以为不同的组创建不同的授权证书，以允许不同的组由不同的权限管理。管理层也可以在管理组之间转移。远程启动授权证书提供了对在传输或服务器上已损坏和/或篡改的远程启动映像的保护，指定和强制执行哪些启动映像的能力以及限制范围的机制管理机构拥有远程启动权限。

IPRDB

热门服务

关于我们

友情链接

联系方式