MAINTAINING OPERATING SYSTEM SECRETS ACROSS RESETS

A device includes a reset resistant store and a trusted key service. The reset resistant store maintains data across various different device reset or data invalidation operations. The trusted key service maintains, for each of one or more operating systems that run on the device from a boot configu...

Full description

Saved in:
Bibliographic Details
Main Authors YOUNG, Robert D, AIGNER, Ronald, COX, Jeremiah J, MICHAUD, Alain L, BARKELEW, Jonathan Bret
Format Patent
LanguageEnglish
French
German
Published 08.05.2019
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:A device includes a reset resistant store and a trusted key service. The reset resistant store maintains data across various different device reset or data invalidation operations. The trusted key service maintains, for each of one or more operating systems that run on the device from a boot configuration, an encrypted key associated with the boot configuration. The device also has a master key that is specific to the device. Each of the keys associated with a boot configuration is encrypted using the master key. When booting the device, the boot configuration being run on the device is identified, and the key associated with that boot configuration is obtained (e.g., from the reset resistant store or the encrypted key vault). The master key is used to decrypt the obtained key, and the obtained key is used to decrypt secrets associated with the operating system run from the boot configuration.
Bibliography:Application Number: EP20170735717