News Column

Researchers Submit Patent Application, "System and Method for Establishing Perpetual Trust among Platform Domains", for Approval

September 9, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Jaber, Muhammed (Austin, TX); Savage, Marshal (Austin, TX); Khatri, Mukund Purshottam (Austin, TX), filed on April 24, 2014, was made available online on August 28, 2014.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: "As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.

"Traditionally, it has been assumed that information handling resources within boundaries of an information handling system may assume trust with each other. For example, in a server platform, the basic input/output system (BIOS) and a storage host bus adapter (HBA) of an information handling system may trust each other in exchange of credentials. Many implementations rely on a shared secret between information handling resources, and rely on a likelihood that the shared secret will not be leaked to a malicious entity. Such implementations introduce a security risk, as malicious code executing on an information handling system with a priority greater than that of an operating system may utilize a similar mechanism to manipulate confidential information within a given platform domain. As a specific illustration, in a server implementation, a BIOS may communicate to a service processor through a keyboard control-style (KCS) interface that is also available to code executing on a processor of the information handling system (e.g., an application executed at a higher priority than an operating system). If the BIOS is deemed trustable to the service processor, any entity with knowledge of the architectural implementation may execute malicious code (e.g., at the level of the operating system) posing as the trusted BIOS to gain access to confidential platform information."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "In accordance with the teachings of the present disclosure, the disadvantages and problems associated with failure of a bootloader and/or an operating system in an access controller have been reduced or eliminated.

"In accordance with embodiments of the present disclosure, an information handling system may include a processor, a first information handling resource, and a second information handling resource. The first information handling resource may be configured to generate a first shared secret for a present boot session of the information handling system and determine if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the first information handling resource may be configured to encrypt the first shared secret with the second shared secret and communicate the first shared secret encrypted by the second shared secret. If the second shared secret did not exist for the prior boot session, the first information handling resource may be configured to communicate the first shared secret unencrypted. The second information handling resource may be configured to receive the first shared secret and decrypt the first shared secret with the second shared secret if the second shared secret existed for the prior boot session. The first information handling resource and the second information handling resource may further be configured to securely communicate during the present boot session using the first shared secret for encryption and decryption of communications.

"In accordance with additional embodiments of the present disclosure, a method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may further include, at the second information handling resource receiving the first shared secret and decrypting the first shared secret with the second shared secret if the second shared secret existed for the prior boot session. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption of communications.

"In accordance with further embodiments of the present disclosure, an information handling resource may be configured to generate a first shared secret for a present boot session of an information handling system and determine if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the information handling resource may be configured to encrypt the first shared secret with the second shared secret and communicate the first shared secret encrypted by the second shared secret to a second information handling resource. If the second shared secret did not exist for the prior boot session, the information handling resource may be configured to communicate the first shared secret unencrypted to the second information handling resource. The information handling resource may be further configured to securely communicate with the second information handling resource using the first shared secret for encryption and decryption of communications.

"Technical advantages of the present disclosure will be apparent to those of ordinary skill in the art in view of the following specification, claims, and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

"A more complete understanding of the present embodiments and advantages thereof may be acquired by referring to the following description taken in conjunction with the accompanying drawings, in which like reference numbers indicate like features, and wherein:

"FIG. 1 illustrates a block diagram of an example information handling system, in accordance with certain embodiments of the present disclosure; and

"FIG. 2 illustrates a flow chart of an example method for establishing perpetual trust, in accordance with certain embodiments of the present disclosure."

For additional information on this patent application, see: Jaber, Muhammed; Savage, Marshal; Khatri, Mukund Purshottam. System and Method for Establishing Perpetual Trust among Platform Domains. Filed April 24, 2014 and posted August 28, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=433&p=9&f=G&l=50&d=PG01&S1=20140821.PD.&OS=PD/20140821&RS=PD/20140821

Keywords for this news article include: Information Technology, Information and Data Encoding and Encryption, Information and Data Storage, Patents.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters