IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7506380 B1

PDFFull Text
Date of Patent:
Mar. 17, 2009

Filed:

Jan. 14, 2005

Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module

Applicants:

Jamie Hunter, Bothell, WA (US);

Paul England, Bellevue, WA (US);

Russell Humphries, Redmond, WA (US);

Stefan Thom, Snohomish, WA (US);

James Anthony Schwartz, Jr., Seattle, WA (US);

Kenneth D. Ray, Seattle, WA (US);

Jonathan Schwartz, Kirkland, WA (US);

Inventors:

Jamie Hunter, Bothell, WA (US);

Paul England, Bellevue, WA (US);

Russell Humphries, Redmond, WA (US);

Stefan Thom, Snohomish, WA (US);

James Anthony Schwartz, Jr., Seattle, WA (US);

Kenneth D. Ray, Seattle, WA (US);

Jonathan Schwartz, Kirkland, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:

Woodcock Washburn LLP

Primary Examiner:

Christopher A Revak

Int. Cl.
CPC ...
G06F 21/02 (2006.01); G06F 11/30 (2006.01); G06F 9/00 (2006.01); H04L 9/00 (2006.01); H04K 1/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

Find Patent Forward Citations

Loading…