NDLI: Data Protection in A Pre-operating System Environment

Please wait, while we are loading the content...

Data Protection in A Pre-operating System Environment

Content Provider	The Lens
Description	La présente invention concerne un système donné à titre d'exemple comprenant un environnement de pré-OS (système d'exploitation), l'environnement de pré-OS comprenant une mémoire privée qui est isolée d'un processeur du système. L'environnement de pré-OS comprend également un contrôleur intégré (EC) couplé à la mémoire privée, l'EC comprenant une clé intégrée. L'EC est destiné à exécuter des instructions afin de générer une clé de chiffrement sur la base de la clé intégrée ; de générer une clé de signature ; d'obtenir des données ; de produire une étiquette de vérification d'intégrité sur la base d'un hachage des données obtenues, le hachage utilisant la clé de signature ; de chiffrer les données obtenues sur la base de la clé de chiffrement ; de stocker les données chiffrées dans la mémoire privée ; et de stocker l'étiquette de vérification d'intégrité dans la mémoire privée en association avec les données chiffrées stockées.
Abstract	An example system with a pre-OS (Operating System) environment, the pre-OS environment includes a private memory that is isolated from a processor of the system. The pre-OS environment also includes an embedded controller (EC) coupled to the private memory, where the EC includes an embedded key. The EC is to execute instructions to generate an encryption key based on the embedded key; generate a signature key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, where the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory; and store the integrity- verification tag in the private memory in association with the stored encrypted data.
Related Links	https://www.lens.org/lens/patent/011-707-142-676-283/frontpage
Language	English
Publisher Date	2019-08-01
Access Restriction	Open
Alternative Title	Protection De Données Dans Un Environnement De Pré-système D'exploitation
Content Type	Text
Resource Type	Patent
Date Applied	2018-01-29
Agent	Christie, Kasey C. Et Al.
Applicant	Hewlett Packard Development Co
Application No.	2018015767
Claim	CLAIMS What is claimed is: A system with a pre-OS (Operating System) environment, the pre- OS environment comprises: a private memory that is isolated from a processor of the system; and an embedded controller (EC) coupled to the private memory, wherein the EC includes an embedded key; the EC to execute instructions to: generate an encryption key based on the embedded key; generate a signature key based on the embedded key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, wherein the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory; and store the integrity-verification tag in the private memory in association with the stored encrypted data. The system of Claim 1, wherein the encrypted data stored in the private memory is accessible only to the EC. The system of Claim 1, wherein the private memory includes data sets that are used by the EC during a system's initial boot sequence and hardware initialization. The system of Claim 1, wherein the private memory includes a solid-state non-volatile computer storage medium that employs NOR logic gates. The system of Claim 1, wherein the embedded key is inaccessible and unattainable outside of the EC. The system of Claim 1, wherein the integrity-verification tag includes a hash message authentication code (HMAC) that is based upon a keyed cryptographic hash function. The system of Claim 6, wherein the EC reads the HMAC based on the signature key. A non-transitory machine-readable storage medium encoded with instructions executable by a processor of a system, the machine-readable storage medium comprising instructions to: generate an encryption key based upon an embedded key installed into an embedded controller (EC) of the system; produce an integrity-verification tag based on a function of the obtained data, wherein the function employs the signature key; store the encrypted data in the memory; and store the integrity-verification tag in the memory in association with the stored encrypted data. The non-transitory machine-readable storage medium of Claim 8, wherein the encryption key is based upon a combination of an initialization vector and a randomly generated number, the randomly generated number being seeded from the embedded key. The non-transitory machine-readable storage medium of Claim 9 further comprising instructions to update the encryption key by incrementing the initialization vector used in a previous encryption of data. The non-transitory machine-readable storage medium of Claim 8, wherein the embedded key is inaccessible and unattainable outside of the EC. The non-transitory machine-readable storage medium of Claim 8, wherein the function is a keyed cryptographic hash function. A non-transitory machine-readable storage medium encoded with instructions executable by an embedded controller (EC) of a pre-OS (Operating System) environment, the machine-readable storage medium comprising instructions to: generate an encryption key based upon an embedded key of the EC, wherein the embedded key is inaccessible and unattainable outside the EC; generate a signature key based on the embedded key; The non-transitory machine-readable storage medium of Claim 13, the machine-readable storage medium further comprising instructions to update an initialization vector used, at least in part, to generate another encryption key. The non-transitory machine-readable storage medium of Claim 13, wherein the integrity-verification tag includes a hash message authentication code (HMAC) that is based upon a keyed cryptographic hash function.
CPC Classification	ELECTRIC DIGITAL DATA PROCESSING
Extended Family	036-460-597-617-795 067-071-812-302-610 173-745-161-195-401 014-503-680-610-403 011-707-142-676-283 129-787-365-459-384
Patent ID	2019147288
Inventor/Author	Jeansonne Jeffrey Kevin Braduke Rosilet Retnamoni Schiffman Josh Ser Plaquin David
IPC	G06F21/64
Status	Pending
Simple Family	173-745-161-195-401 067-071-812-302-610 036-460-597-617-795 014-503-680-610-403 011-707-142-676-283 129-787-365-459-384
CPC (with Group)	G06F21/575 G06F21/107 G06F21/556 G06F21/577 G06F21/602
Issuing Authority	United States Patent and Trademark Office (USPTO)
Kind	Patent Application Publication

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in