WO2013119103A1 - Hardware authentication system - Google Patents
Hardware authentication system Download PDFInfo
- Publication number
- WO2013119103A1 WO2013119103A1 PCT/MY2013/000022 MY2013000022W WO2013119103A1 WO 2013119103 A1 WO2013119103 A1 WO 2013119103A1 MY 2013000022 W MY2013000022 W MY 2013000022W WO 2013119103 A1 WO2013119103 A1 WO 2013119103A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- trusted
- external device
- authentication system
- devices
- power
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Definitions
- the invention relates to authentication of hardware devices, and more specifically, but not limited to, Trusted Platform Module (TPM) systems.
- TPM Trusted Platform Module
- a computer system may be provided which includes a Trusted Platform Module (TPM) chip, containing a unique and secret RSA key, which can be used to authenticate hardware devices.
- TPM Trusted Platform Module
- PCRs Platform Configuration Registers
- BIOS Basic Input Output System
- POST Power On Self Test
- the system is no longer trusted by TPM as the respective hardware lists are no longer identical. This may occur even if the change is minor such as a software or firmware update.
- the system may not be able to load software which relies on the platform being trusted, as may be the case with high-security applications. This is undesirable when the changes are insignificant with respect to the security of the platform.
- the problem is therefore how to allow a user to update their hardware (and/or software) without contravening the trust provided by TPM.
- an authentication system for a computer system on which an operating system may be loaded
- said computer system including a Basic Input Output System which runs a Power On Self Test when power is applied to the computer system;
- the validity of the external device is checked before an operating system is loaded.
- external devices can be added to the computer system before the operating system loads, such that the root of trust is extended (at a low level) to the external device.
- the security risk of malignant software creating false trust is reduced.
- the user is responsible for validating the external device, and is prompted to select if the external device is trusted or not.
- the validity of the external device is determined by a policy.
- the validity of the external device is determined by a remote server.
- the authentication system is integrated into the BIOS.
- a BIOS can be updated or modified to include the authentication system.
- the computer system includes a Trusted Platform Module (TPM) for determining if devices are trusted or not.
- TPM Trusted Platform Module
- PCRs Platform Configuration Registers
- the root of trust is extended to devices considered to be trusted by the authentication system. This has the advantage over the TPM alone which cannot extend the root of trust to external devices, as the PCRs defined by the TPM are static. In one embodiment the devices considered to be trusted can be checked for validity with a remote server.
- the computer system is virtual.
- the authentication system can be used to verify devices on an isolated guest operating system, within a normal host operating system, before the guest operating system is loaded.
- TPM Trusted Platform Module
- PCRs Platform Configuration Registers
- the root of trust is extended to the external device.
- root of trust is extended prior to an operating system being loaded.
- Figure 1 is a schematic view of an authentication system according to an embodiment of the invention.
- BIOS Basic Input Output System
- POST Power On Self Test
- the Substantiation System collects 101 all platform evidence of the machine (hardware properties such as manufacture date, serial number, version, test functionality of the device etc). The Substantiation System then verifies 102 collected platform evidences with the local core evidence storage.
- Substantiation System sends 103 collected platform evidences to server for validation process.
- the Substantiation System then executes 104 server's instruction(s) for the next stage of booting the machine.
- Figure 1 can be explained in more detail as follows;
- the trusted BIOS loads up and runs 200 POST, which checks 201 if the next boot device is either an external device or an internal device. If it is an internal device, trusted BIOS measures 202 internal memory/storage and extend the measurement to PCR to define which devices are trusted.
- the trusted BIOS loads 203 Substantiation System into main memory and calls 204 Substantiation System.
- the Substantiation System measures 205 Root of Trust for Measurement (RTM) from the Internal Core Evidence Storage i.e. a secure storage device or database and also extends these measurements to PCR 240, then loads and calls 206 RTM.
- RTM Root of Trust for Measurement
- the Substantiation system checks 207 if it is the first time run or not. If it is not first time run, it will collect 214 hardware evidence by executing functional tests on the hardware. The collected evidence is measured 215 and the stored evidence is measured 216. The Result of measurement for new evidence and stored evidence are compared 217, and any differences are checked 218.
- the location of the initial core evidence is checked 208. If it is local core evidence storage, hardware evidence is collected by executing 210 functional tests on the hardware on the machine. If the core evidence is not local, local core evidence storage is created 209 based on configuration or properties policy. The collected evidence is measured 21 1 and the measurement is extended to the PCR 240. The evidence is stored 212 inside the Internal Core Evidence Storage. The need to update the server is checked 213. If an update to the server is not needed, it will proceed to the next booting stage and the process ends 226.
- the client and server are informed 219 about the changes on the platform, and the server makes security related decisions 220.
- the trusted BIOS measures and loads the external Master Boot Record (MBR) and extends 222 it to PCR 240.
- the MBR measures 223 the external storage and extends it to PCR 240.
- the trusted BIOS executes 224 the Substantiation system to determine if the external storage is trusted - a user prompt may be generated asking the user if the device is trusted or not.
- the Substantiation system may also check 225 whether validation with server is needed or not. If validation with the server is needed, secure communication is established 227, and the client sends 228 evidence to the server.
- the server compares 229 the evidence sent with core evidence stored inside the server and checks 230 if the compared evidences is valid or not.
- the server informs the client machine that the machine is trusted 232 or not trusted 231 accordingly, and then the Substantiation System executes 221 server instructions. If the external device is not trusted it is halted or the process of concern is stopped.
Abstract
An authentication system for a computer system wherein if an external device is found during the POST (200), said external device is checked for validity (224), and if valid the root of trust can be extended thereto.
Description
HARDWARE AUTHENTICATION SYSTEM
Field of Invention
The invention relates to authentication of hardware devices, and more specifically, but not limited to, Trusted Platform Module (TPM) systems.
Background
In some situations it is desirable to check the integrity of computer hardware and/or software, for example to ensure that the system has an approved configuration and is secure. Thus a computer system may be provided which includes a Trusted Platform Module (TPM) chip, containing a unique and secret RSA key, which can be used to authenticate hardware devices.
Current TPM systems contain Platform Configuration Registers (PCRs) which detail the expected hardware (and/or software) of a system, such that when the system boots via the Basic Input Output System (BIOS), the hardware found during Power On Self Test (POST) can be checked against those listed by the TPM, wherein on finding a match the system is considered to be trusted.
However, if the hardware is modified, such as by adding an external device, the system is no longer trusted by TPM as the respective hardware lists are no longer
identical. This may occur even if the change is minor such as a software or firmware update.
As a consequence the system may not be able to load software which relies on the platform being trusted, as may be the case with high-security applications. This is undesirable when the changes are insignificant with respect to the security of the platform.
The problem is therefore how to allow a user to update their hardware (and/or software) without contravening the trust provided by TPM.
Summary of Invention
In an aspect of the invention, there is provided an authentication system for a computer system on which an operating system may be loaded,
said computer system including a Basic Input Output System which runs a Power On Self Test when power is applied to the computer system;
characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity to determine if it is trusted or not.
In one embodiment the validity of the external device is checked before an operating system is loaded.
Thus external devices can be added to the computer system before the operating system loads, such that the root of trust is extended (at a low level) to the external device. Advantageously, as the trust is extended before the operating system loads, the security risk of malignant software creating false trust is reduced.
In one embodiment the user is responsible for validating the external device, and is prompted to select if the external device is trusted or not. In a further embodiment the validity of the external device is determined by a policy. In a yet further embodiment the validity of the external device is determined by a remote server.
In one embodiment the authentication system is integrated into the BIOS. Typically a BIOS can be updated or modified to include the authentication system.
In one embodiment the computer system includes a Trusted Platform Module (TPM) for determining if devices are trusted or not. Typically the TPM contains one or more Platform Configuration Registers (PCRs) that defines which devices the root of trust may be extended to.
In one embodiment the root of trust is extended to devices considered to be trusted by the authentication system. This has the advantage over the TPM alone which cannot extend the root of trust to external devices, as the PCRs defined by the TPM are static.
In one embodiment the devices considered to be trusted can be checked for validity with a remote server.
In one embodiment the computer system is virtual. Thus the authentication system can be used to verify devices on an isolated guest operating system, within a normal host operating system, before the guest operating system is loaded.
In a further aspect of the invention, there is provided a method of authenticating devices in a computer system comprising the steps of:
running a Power On Self Test from a Basic Input Output System when power is applied to the computer system;
characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity to determine if it is trusted or not. In one embodiment a Trusted Platform Module (TPM) extends root of trust to devices indicated as being trusted by Platform Configuration Registers (PCRs).
In one embodiment, if the external device is considered to trusted by a policy, or by a user in response to a prompt, the root of trust is extended to the external device.
Typically the root of trust is extended prior to an operating system being loaded.
Brief Description of Drawings
It will be convenient to further describe the present invention with respect to the accompanying drawings that illustrate possible arrangements of the invention. Other arrangements of the invention are possible, and consequently the particularity of the accompanying drawings is not to be understood as superseding the generality of the preceding description of the invention.
Figure 1 is a schematic view of an authentication system according to an embodiment of the invention.
Detailed Description
In general the system comprises the following steps, as indicated by the dashed lines in Figure 1 :
When the user starts up 100 the machine, the Basic Input Output System (BIOS) runs a Power On Self Test (POST), and then measures, loads and runs a Hardware and Firmware Authentication System, hereinafter referred to as a Substantiation System.
The Substantiation System collects 101 all platform evidence of the machine (hardware properties such as manufacture date, serial number, version, test functionality of the device etc).
The Substantiation System then verifies 102 collected platform evidences with the local core evidence storage.
If validation is required in order to boot the platform, Substantiation System sends 103 collected platform evidences to server for validation process.
The Substantiation System then executes 104 server's instruction(s) for the next stage of booting the machine. Figure 1 can be explained in more detail as follows;
The trusted BIOS loads up and runs 200 POST, which checks 201 if the next boot device is either an external device or an internal device. If it is an internal device, trusted BIOS measures 202 internal memory/storage and extend the measurement to PCR to define which devices are trusted. The trusted BIOS loads 203 Substantiation System into main memory and calls 204 Substantiation System. The Substantiation System measures 205 Root of Trust for Measurement (RTM) from the Internal Core Evidence Storage i.e. a secure storage device or database and also extends these measurements to PCR 240, then loads and calls 206 RTM.
The Substantiation system checks 207 if it is the first time run or not. If it is not first time run, it will collect 214 hardware evidence by executing functional tests on the hardware. The collected evidence is measured 215 and the stored evidence is
measured 216. The Result of measurement for new evidence and stored evidence are compared 217, and any differences are checked 218.
If it is the first time run, the location of the initial core evidence is checked 208. If it is local core evidence storage, hardware evidence is collected by executing 210 functional tests on the hardware on the machine. If the core evidence is not local, local core evidence storage is created 209 based on configuration or properties policy. The collected evidence is measured 21 1 and the measurement is extended to the PCR 240. The evidence is stored 212 inside the Internal Core Evidence Storage. The need to update the server is checked 213. If an update to the server is not needed, it will proceed to the next booting stage and the process ends 226.
If the integrity of the system is valid, the client and server are informed 219 about the changes on the platform, and the server makes security related decisions 220.
If the POST determines that there is an external device, such as an external drive, the trusted BIOS measures and loads the external Master Boot Record (MBR) and extends 222 it to PCR 240. The MBR measures 223 the external storage and extends it to PCR 240. The trusted BIOS executes 224 the Substantiation system to determine if the external storage is trusted - a user prompt may be generated asking the user if the device is trusted or not. The Substantiation system may also check 225 whether validation with server is
needed or not. If validation with the server is needed, secure communication is established 227, and the client sends 228 evidence to the server. The server compares 229 the evidence sent with core evidence stored inside the server and checks 230 if the compared evidences is valid or not. The server informs the client machine that the machine is trusted 232 or not trusted 231 accordingly, and then the Substantiation System executes 221 server instructions. If the external device is not trusted it is halted or the process of concern is stopped.
It will be appreciated by persons skilled in the art that the present invention may also include further additional modifications made to the device which does not affect the overall functioning of the device.
Claims
Claims
1. An authentication system for a computer system on which an operating system may be loaded,
said computer system including a Basic Input Output System which runs (200) a Power On Self Test when power is applied to the computer system; characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity (224) to determine if it is trusted or not.
2. An authentication system according to claim 1 wherein the validity of the external device is checked (224) before an operating system is loaded.
3. An authentication system according to claim 1 or 2 wherein the user is prompted to select if the external device is trusted or not.
4. An authentication system according to any preceding claim wherein the authentication system is integrated into the Basic Input Output System. 5. An authentication system according to any preceding claim wherein the computer system includes a Trusted Platform Module for determining if devices are trusted or not.
6. An authentication system according to claim 5 wherein the Trusted Platform Module contains one or more Platform Configuration Registers that define a root of trust indicating trusted devices. 7. An authentication system according to claim 6 wherein the root of trust is extended to devices considered to be trusted.
An authentication system according to claim 7 wherein the devices considered to be trusted can be checked for validity with a remote server.
An authentication system according to any preceding claim wherein the computer system is virtual.
A method of authenticating devices in a computer system comprising the steps of:
running (200) a Power On Self Test from a Basic Input Output System when power is applied to the computer system;
characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity (224) to determine if it is trusted or not.
11. A method according to claim 10 wherein a Trusted Platform Module extends root of trust to devices indicated as being trusted by Platform Configuration Registers. 12. A method according to claim 11 wherein if the external device is valid, the root of trust is extended thereto, prior to an operating system being loaded.
13. A method according to any of claims 10-12 wherein the check for validity comprises a user's answer in response to a prompt.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2012000551A MY164496A (en) | 2012-02-09 | 2012-02-09 | Hardware authentication system |
MYPI2012000551 | 2012-02-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013119103A1 true WO2013119103A1 (en) | 2013-08-15 |
Family
ID=48044973
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/MY2013/000022 WO2013119103A1 (en) | 2012-02-09 | 2013-02-05 | Hardware authentication system |
Country Status (2)
Country | Link |
---|---|
MY (1) | MY164496A (en) |
WO (1) | WO2013119103A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030135727A1 (en) * | 2002-01-15 | 2003-07-17 | International Business Machines Corporation | Computer system with selectively available immutable boot block code |
US20050033987A1 (en) * | 2003-08-08 | 2005-02-10 | Zheng Yan | System and method to establish and maintain conditional trust by stating signal of distrust |
US20050141717A1 (en) * | 2003-12-30 | 2005-06-30 | International Business Machines Corporation | Apparatus, system, and method for sealing a data repository to a trusted computing platform |
US20080226080A1 (en) * | 2007-03-16 | 2008-09-18 | Bin Li | Encryption key restoring method, information processing apparatus, and encryption key restoring program |
US7430668B1 (en) * | 1999-02-15 | 2008-09-30 | Hewlett-Packard Development Company, L.P. | Protection of the configuration of modules in computing apparatus |
-
2012
- 2012-02-09 MY MYPI2012000551A patent/MY164496A/en unknown
-
2013
- 2013-02-05 WO PCT/MY2013/000022 patent/WO2013119103A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7430668B1 (en) * | 1999-02-15 | 2008-09-30 | Hewlett-Packard Development Company, L.P. | Protection of the configuration of modules in computing apparatus |
US20030135727A1 (en) * | 2002-01-15 | 2003-07-17 | International Business Machines Corporation | Computer system with selectively available immutable boot block code |
US20050033987A1 (en) * | 2003-08-08 | 2005-02-10 | Zheng Yan | System and method to establish and maintain conditional trust by stating signal of distrust |
US20050141717A1 (en) * | 2003-12-30 | 2005-06-30 | International Business Machines Corporation | Apparatus, system, and method for sealing a data repository to a trusted computing platform |
US20080226080A1 (en) * | 2007-03-16 | 2008-09-18 | Bin Li | Encryption key restoring method, information processing apparatus, and encryption key restoring program |
Non-Patent Citations (1)
Title |
---|
SETH DAVID SCHOEN: "EOF - Give TCPA an Owner Override", 1 December 2003 (2003-12-01), XP055064540, Retrieved from the Internet <URL:www.linuxjournal.com/article/7055> [retrieved on 20130529] * |
Also Published As
Publication number | Publication date |
---|---|
MY164496A (en) | 2017-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220207130A1 (en) | Unlock and recovery for encrypted devices | |
US11861372B2 (en) | Integrity manifest certificate | |
US9819661B2 (en) | Method of authorizing an operation to be performed on a targeted computing device | |
US8694761B2 (en) | System and method to secure boot both UEFI and legacy option ROM's with common policy engine | |
JP5745061B2 (en) | Authenticating the use of interactive components during the boot process | |
US9167002B2 (en) | Global platform health management | |
US20090172378A1 (en) | Method and system for using a trusted disk drive and alternate master boot record for integrity services during the boot of a computing platform | |
EP2250609B1 (en) | Secure boot with optional components method | |
EP2013807B1 (en) | Trusted platform field upgrade system and method | |
US20130055335A1 (en) | Security enhancement methods and systems | |
CN103329093A (en) | Updating software | |
EP3859579B1 (en) | Trusted computing method, and server | |
CN107045611B (en) | Safe starting method and device | |
US20080278285A1 (en) | Recording device | |
US10592661B2 (en) | Package processing | |
US10181956B2 (en) | Key revocation | |
US20120233449A1 (en) | Methods and systems for measuring trustworthiness of a self-protecting drive | |
TW201602835A (en) | Allowing use of a test key for a BIOS installation | |
CN112329005A (en) | Boot measurement method, device, electronic equipment and medium for starting operating system | |
US10095855B2 (en) | Computer system and operating method therefor | |
WO2013119103A1 (en) | Hardware authentication system | |
WO2013028059A1 (en) | Verification system for trusted platform | |
WO2011149329A1 (en) | Method of providing trusted application services | |
US20230106491A1 (en) | Security dominion of computing device | |
WO2013036097A1 (en) | A system and method to establish trusted boot loader using self-substantiated boot loader |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13713545 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13713545 Country of ref document: EP Kind code of ref document: A1 |