System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US7174457B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 10, 1999 |
| Grant date | Feb 6, 2007 |
| Priority date | — |
| Expiry date | Mar 10, 2019 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2129
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.