JP2007094879A - Authentication system for basic program of operating system, computer used for the same, and computer program - Google Patents

Authentication system for basic program of operating system, computer used for the same, and computer program Download PDF

Info

Publication number
JP2007094879A
JP2007094879A JP2005285204A JP2005285204A JP2007094879A JP 2007094879 A JP2007094879 A JP 2007094879A JP 2005285204 A JP2005285204 A JP 2005285204A JP 2005285204 A JP2005285204 A JP 2005285204A JP 2007094879 A JP2007094879 A JP 2007094879A
Authority
JP
Japan
Prior art keywords
key
storage means
boot loader
digital signature
basic program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2005285204A
Other languages
Japanese (ja)
Inventor
Kotaro Endo
浩太郎 遠藤
Original Assignee
Toshiba Corp
Toshiba Solutions Corp
東芝ソリューション株式会社
株式会社東芝
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Corp, Toshiba Solutions Corp, 東芝ソリューション株式会社, 株式会社東芝 filed Critical Toshiba Corp
Priority to JP2005285204A priority Critical patent/JP2007094879A/en
Publication of JP2007094879A publication Critical patent/JP2007094879A/en
Application status is Pending legal-status Critical

Links

Images

Abstract

Security of a basic program of an operating system is ensured.
An OS kernel 4 is obtained from a file server 20 via a network 40 by a boot loader 1 stored in a ROM 11 of the computer 10, and a boot authentication program is obtained from an IC card 50 inserted in a slot 13 of the computer 10. 2 is called. The activation authentication program 2 applies a hash function to the OS kernel 4 to generate an activation key, acquires the digital signature information 5 corresponding to the OS kernel 4 from the file server 30, reads the public key 3 from the IC card 50, Using this public key 3, the digital signature information 5 is decrypted, the generated activation key is compared with the activation key indicated in the decrypted digital signature information 5, and if the two do not match, the OS kernel 4 is activated. The process ends without
[Selection] Figure 1

Description

  The present invention relates to a technique for enabling an operating system to be used safely for security.

  Computers have become indispensable information devices in all fields of use. There are a wide variety of uses such as office processing terminals and host computers, server computers that provide services via a network, home computers used at home, game machines, and portable terminals.

  On the other hand, a security problem that various information leaks through a computer has become serious. Various information is stored in the computer, and there are cases where personal information that is not preferably leaked, confidential information of a company, and the like are included. Security accidents in which the above-mentioned various types of information are leaked due to various causes such as carelessness of computer users, crimes by malicious persons, computer virus infections, etc., are unending.

  Against this background, diskless computers are attracting attention. A diskless computer is a general term for computers that do not have a storage device capable of permanently storing data, such as a hard disk. In the first place, diskless computer is a technology that has been used from a viewpoint different from the security of efficient use of disk space and centralized management, but it does not have any storage device, so no information is accumulated. Since the possibility of information leakage is low, it is reviewed as a useful technology in terms of security.

  Diskless computers can be broadly classified into those in which a dedicated operating system is built in the ROM in advance and those in which the operating system is acquired via a network at the time of startup. The latter case is advantageous in that it can be realized with a configuration in which a storage device is removed from a general-purpose computer, so that it has a high cost advantage, and a general-purpose operating system can be used as it is.

  Specifically, the latter diskless computer acquires a basic program of an operating system (hereinafter referred to as an “OS kernel”) via a network, stores it in a memory, and starts this OS kernel, whereby it is stored in a file server. Access via the network and obtain the files necessary for operating system operation.

  The activation of the OS kernel is generally realized by executing a small program for executing the OS kernel (hereinafter referred to as “boot loader”). That is, the diskless computer first loads the boot loader into the memory, executes the boot loader, acquires the OS kernel via the network, writes the OS kernel in the memory of the diskless computer, and then starts the OS kernel.

Thus, since a diskless computer does not have a built-in storage device, it can be said that the security is high in that the stored information does not flow out like other computers. In addition, the following are known as technical documents related to the present application.
Japanese Patent No. 2574997

  However, conventional diskless computers are vulnerable to “spoofing” and “phishing” of the OS kernel. Specifically, when the OS kernel acquired via the network is skillfully altered, or when the OS kernel is acquired from a derived server different from the original location and the OS kernel is started, the computer There is a possibility that the contents of the work performed above (for example, the accessed information and the input password) are stolen, resulting in information leakage.

  The present invention has been made in view of the above, and an object of the present invention is to ensure security safety of a basic program of an operating system.

  An authentication system for an operating system basic program according to the present invention is generated using a computer capable of communicating via a network with a storage means storing an operating system basic program and a genuine operating system basic program. Signature storage means for storing the digital signature information obtained by encrypting the activation key with a private key, and the computer stores a public key that can be decrypted with the private key; A boot loader for starting a boot authentication program after acquiring a basic program from the storage means via a network and storing the basic program in the storage means; reading the basic program from the storage means; and using the basic program to obtain an activation key Generate the basic from the signature storage means The digital signature information corresponding to the program is acquired, the public key is read from the key storage means, the digital signature information is decrypted, and the generated activation key is compared with the activation key indicated in the decrypted digital signature information And an activation authentication program that does not activate the basic program when the two do not match.

  In the present invention, the basic program is authentic by collating the activation key generated by the computer using the basic program acquired via the network with the activation key indicated in the separately obtained digital signature information. It can be confirmed whether or not.

  In addition, by encrypting digital signature information with a private key and using a public key on a computer to release this encryption, the administrator can manage each basic program even when targeting multiple basic programs. It is only necessary to create digital signature information using the same secret key as the activation key for the program, and it becomes unnecessary to change the activation authentication program and the public key for each basic program.

  The authentication system for a basic program for an operating system according to the present invention is a computer capable of communicating via a network with a storage means storing a basic program for an operating system and a first boot loader for starting the basic program. And signature storage means for storing digital signature information obtained by encrypting an activation key generated using a genuine program of a genuine operating system with a secret key, and the computer encrypts with the secret key Key storage means for storing the public key that can be released, storage means for storing the first boot loader and basic program acquired from the storage means via the network, and first storage means from the storage means via the network. Obtain the boot loader and store it in the storage means A second boot loader that activates the first activation authentication program, and the first boot loader is read from the storage means, an activation key is generated using the first boot loader, and the generated activation key and the storage means are stored. A first activation authentication program that activates the first boot loader when the activation key is checked and the two match, and when the first boot loader is activated, the basic program is read from the storage means, and the basic program is used. Generating the activation key, obtaining the digital signature information corresponding to the basic program from the signature storage means, reading the public key from the key storage means, decrypting the digital signature information, and decrypting the generated activation key If the activation key indicated in the digital signature information is collated and they do not match, the basic program is started. And having a second activation authentication program not to, the.

  In the present invention, when the computer obtains not only the basic program but also the boot loader via the network, the computer authenticates the boot loader using an activation key and authenticates the basic program using digital signature information. By doing so, it is possible to confirm whether both the boot loader and the basic program are authentic.

  The authentication system for a basic program for an operating system according to the present invention is a computer capable of communicating via a network with a storage means storing a basic program for an operating system and a first boot loader for starting the basic program. And the first digital signature information obtained by encrypting the activation key generated using the authentic first boot loader with the secret key, and the activation key generated using the basic program of the authentic operating system with the secret key. Signature storage means for storing the second digital signature information, wherein the computer stores a public key that can be decrypted by the private key, and a key storage means that stores the public key through the network. The first boot loader and basic program obtained Storage means for storing the first boot loader from the storage means via the network, storing the first boot loader in the storage means, and starting the first boot authentication program; and from the storage means to the first boot loader And generating a startup key using the first boot loader, obtaining first digital signature information corresponding to the first boot loader from the signature storage means, and reading a public key from the key storage means to obtain a first digital signature A first boot authentication program for starting the first boot loader when the information is decrypted and the generated boot key is matched with the boot key indicated in the decrypted first digital signature information and they match, and the first boot loader Is started, the basic program is read from the storage means, and an activation key is used using the basic program. Generating and acquiring the second digital signature information corresponding to the basic program from the signature storage means, reading the public key from the key storage means, decrypting the second digital signature information, and decrypting the generated activation key And a second activation authentication program that does not activate the basic program when the activation key indicated in the second digital signature information is not matched.

  In the present invention, when the computer acquires not only the basic program but also the boot loader via the network, the boot loader and the basic program are authenticated by using the corresponding digital signature information in the computer. It is possible to confirm whether the program is authentic or not.

  According to the present invention, it is possible to ensure security safety for the basic program of the operating system.

[First Embodiment]
FIG. 1 is a block diagram showing a configuration of an authentication system for a basic program for an operating system in the present embodiment. In this authentication system, the computer 10 can communicate with the file server 20 and the file server 30 via the network 40. The network 40 is assumed to be the Internet here as an example.

  The file server 20 is a computer having a storage unit 21 for storing a basic program (hereinafter referred to as “OS kernel”) 4 of the operating system.

  The file server 30 is a computer having a storage unit 31 for storing digital signature information 5 obtained by encrypting a startup key generated using a genuine OS kernel with a secret key.

  For example, the activation key is calculated by applying a hash function to the OS kernel. As this calculation method, for example, SHA1 (Secure Hash Algorithm 1), MD5 (Message Digest 5), or the like is used. Since this hash function is a one-way function, even if the “activation key” is publicly known, it is difficult to create or tamper with the OS kernel so as to match the activation key. This activation key is expressed as binary data of several bytes to several tens of bytes.

  The private key is information that can be accessed only by a specific administrator, and has a one-to-one correspondence with the public key for releasing encryption using the private key. The administrator stores the digital signature information 5 encrypted using the secret key in the storage unit 31 of the file server 30 so that the computer 10 can obtain it via the network 40. In addition, “Digital Signature Standard”, “National Institute Standards and Technology, U.S. Department of Commerce” is known as a document regarding a specific method of digital signature using a private key and a public key.

  The computer 10 includes a ROM (Read Only Memory) 11 that stores the boot loader 1, a RAM (Random Access Memory) 12 that stores various information in a readable manner, and a slot 13 into which an IC card 50 can be inserted. In addition to this, the computer 10 includes an arithmetic processing device (not shown), and the arithmetic processing device executes various processes such as activation of the boot loader 1. Here, as an example, the computer 10 is a diskless computer that does not have a storage device capable of permanently storing information, typified by a magnetic storage device, and a BIOS (Basic Input Output System) is installed in the ROM 11. It shall be. Also, a program by PXE (Pre-boot Execution Envionment) is applied to the boot protocol via the network.

  The boot loader 1 is a small program for acquiring the OS kernel 4 from the file server 20 via the network 40 and storing it in the RAM 12 or starting the boot authentication program 2 or the OS kernel 4.

  The IC card 50 is a card-type memory that stores the activation authentication program 2 and the public key 3. By inserting the IC card 50 into the slot 13, the computer 10 can access the IC card 50 and read the activation authentication program 2 and the public key 3.

  The activation authentication program 2 uses the public key 3 and the digital signature information 5 to authenticate that the OS kernel 4 stored in the RAM 12 is authentic that has not been tampered with. Details of the processing will be described later.

  Next, an overall processing flow in the authentication system will be described.

  First, the user inserts the IC card 50 storing the activation authentication program 2 and the public key 3 into the slot 13 of the computer 10.

  When the user turns on the computer 10, the BIOS is activated and the boot loader 1 is activated.

  The boot loader 1 acquires the OS kernel 4 from the file server 20 via the network 40 and stores it in the RAM 12 and calls the activation authentication program 2 stored in the IC card 50.

  The boot authentication program 2 reads the OS kernel 4 from the RAM 12 and applies a hash function to the OS kernel 4 to generate a boot key. Subsequently, the activation authentication program 2 acquires the digital signature information 5 corresponding to the OS kernel 4 from the file server 30 via the network 40 and stores it in the RAM 12 and reads the public key 3 from the IC card 50. The digital signature information 5 is decrypted using the public key 3. Then, the generated activation key and the activation key indicated in the decrypted digital signature information 5 are collated, and if they match, the OS kernel 4 is activated, and if they do not coincide, the OS kernel 4 is activated. Instead, the authentication failure message is displayed on the display and the process is terminated.

  By performing the above processing, it is guaranteed that the OS kernel to be activated is a genuine one that has not been tampered with.

  On the other hand, the work to be performed by the administrator when updating the OS kernel in the file server 20 is as follows. First, an activation key is generated using a new OS kernel, and digital signature information is created by encrypting the activation key with a secret key. Subsequently, the OS kernel 4 and digital signature information 5 respectively stored in the file servers 20 and 30 are replaced with new ones.

  As described above, according to the present embodiment, in the computer 10, the activation key generated using the OS kernel 4 acquired via the network and the activation indicated by the digital signature information 5 acquired separately from the activation key are obtained. By checking against the key, it is possible to confirm whether the OS kernel 4 is authentic, so that the authentic OS kernel 4 that has not been tampered with can be started, thus ensuring security safety. can do.

  According to the present embodiment, the file server 30 stores the digital signature information 5 obtained by encrypting the activation key using the secret key concealed by the administrator, and the computer 10 discloses the digital signature information 5. Even if a plurality of OS kernels are targeted by decrypting the digital signature information obtained by using the public key, the activation key for each OS kernel is used by using the same secret key. There is an advantage that it is only necessary to create a plurality of encrypted digital signature information, and it is not necessary to change the activation authentication program 2 and the public key 3 for each OS kernel. Further, even when the OS kernel is changed in the file server 30 by updating or the like, there is an advantage that it is not necessary to change the activation authentication program 2 and the public key 3.

  In this embodiment, a diskless computer having no storage device is used. However, the present invention is not limited to this. As the computer 10, for example, a computer with a built-in storage device, a computer with a built-in storage device set so as not to use it, or the like may be used.

  In this embodiment, the activation authentication program 2 and the public key 3 are stored in the IC card 50. However, the present invention is not limited to this. For example, it may be stored in a recording medium such as a CD-ROM, DVD, or USB memory that can be inserted into a computer or connected by a cable, or may be fixedly stored in a ROM built in the computer.

[Second Embodiment]
In the present embodiment, it is assumed that the computer acquires not only the OS kernel but also the boot loader via the network, and that the computer is a genuine one in which neither the boot loader nor the OS kernel has been tampered with. An authentication system that can be confirmed will be described. Since the basic configuration of the authentication system is the same as that of the first embodiment, the description of the duplicated portion is omitted.

  In this authentication system, as shown in FIG. 2, the storage unit 21 of the file server 20 with which the computer 10 can communicate via the network 40 has the OS kernel 4 as well as the OS kernel 4 for starting the OS kernel 4. One boot loader 1a is stored.

  In addition, the digital signature information 5 obtained by encrypting the activation key generated using the genuine OS kernel with the secret key is stored in the storage unit 31 of the file server 30 with which the computer 10 can communicate via the network 40. .

  The ROM 11 of the computer 10 stores a second boot loader 1 b that acquires the first boot loader 1 a from the file server 20 via the network 40 and stores it in the RAM 12.

  As described above, the boot loader is in two stages of the first boot loader 1a and the second boot loader 1b. The second boot loader 1b to be activated first is stored in the ROM 11 in advance and needs a small scale. This is because it is assumed that the execution capability is poor and there is no capability to directly start the OS kernel. For this reason, the second boot loader 1b only acquires the first boot loader 1a capable of executing the OS kernel, confirms its authenticity by the first boot authentication program 2a, and then starts the first boot loader 1a. It has become.

  The IC card 50 stores the public key 13 that can be decrypted with the secret key, the first activation authentication program 2a, and the activation key 6 generated using the authentic first boot loader.

  The first boot authentication program 2a is booted by the second boot loader 1b. After booting, the first boot loader 1a is read from the RAM 12, and a hash function is applied to the first boot loader 1a to generate a boot key. When the generated activation key and the activation key stored in the IC card 50 are collated and the two match, the first boot loader 1a is activated. If the two do not match, the process ends.

  The activated first boot loader 1 a acquires the OS kernel 4 from the storage unit 21 of the file server 20 and stores it in the RAM 12. The first boot loader 1a incorporates a second boot authentication program. When the computer 10 obtains the first boot loader 1a from the file server 20, the second boot authentication program is also obtained at the same time and stored in the RAM 12. Stored.

  When the first boot loader 1a is activated, the second activation authentication program reads the OS kernel 4 from the RAM 12, generates a activation key by applying a hash function to the OS kernel 4, and stores the activation key from the storage unit 31 of the file server 30. The digital signature information 5 corresponding to the OS kernel 4 is acquired and stored in the RAM 12 so as to be readable, the public key 13 is read from the IC card 50, the digital signature information 5b is decrypted, the generated activation key, and the decrypted digital signature The OS kernel 4 is activated when the activation key indicated in the information 5b is matched and the two match, and the processing is terminated without activating the OS kernel 4 when the two do not coincide.

  By performing the above processing, it is guaranteed that both the first boot loader 1a and the OS kernel 4 are genuine ones that have not been tampered with.

  Therefore, according to the present embodiment, when both the first boot loader 1a and the OS kernel 4 are acquired via the network, the first boot loader 1a is authenticated by the activation key, and the OS kernel 4 is further digitalized. By authenticating using the signature information 5, it is possible to confirm whether or not these are authentic, thereby ensuring security safety.

  According to the present embodiment, there is an administrative advantage that the first boot loader 1a can be managed by integrating the second boot authentication program into the first boot loader 1a. Further, there is a security advantage that a different second boot authentication program can be used for each first boot loader 1a.

  According to the present embodiment, by incorporating the second boot authentication program into the first boot loader 1a, the second boot authentication program is also authenticated by the authentication of the first boot loader 1a, so “spoofing” of the boot authentication program itself. Can be prevented.

  In the present embodiment, assuming that the second boot loader 1b for executing the first boot authentication program is in a poor execution environment, the first boot authentication program does not use the digital signature information and starts the activation key. However, the present invention is not limited to this. The digital signature information can also be used for authentication for the first activation authentication program, and an embodiment in this case will be described next.

[Third Embodiment]
Also in the present embodiment, it is assumed that the computer acquires not only the OS kernel but also the boot loader via the network, and the computer is an authentic one in which neither the boot loader nor the OS kernel has been tampered with. An authentication system that can be confirmed by digital signature information will be described. Since the basic configuration of the authentication system is the same as that of the first embodiment, the description of the duplicated portion is omitted.

  In this authentication system, as shown in FIG. 3, the storage unit 21 of the file server 20 with which the computer 10 can communicate via the network 40 has the OS kernel 4 as well as the OS kernel 4 for starting the OS kernel 4. One boot loader 1a is stored.

  Further, the storage unit 31 of the file server 30 with which the computer 10 can communicate via the network 40 has first digital signature information 5a obtained by encrypting an activation key generated using a genuine first boot loader with a secret key, The second digital signature information 5b obtained by encrypting the activation key generated using the genuine OS kernel with the secret key is stored.

  The ROM 11 of the computer 10 stores the first boot loader 1a and the OS kernel 4 from the file server 20 via the network 40, and stores the second boot loader 1b for storing them in the RAM 12.

  The IC card 50 stores the public key 13 that can be decrypted with the secret key and the first activation authentication program 2a. The first boot authentication program 2a is booted by the second boot loader 1b. After booting, the first boot loader 1a is read from the RAM 12, and a hash function is applied to the first boot loader 1a to generate a boot key. The first digital signature information 5a corresponding to the first boot loader 1a is acquired from the storage unit 31 of the file server 30, the public key 13 is read from the IC card 50, the first digital signature information 5a is decrypted, and the generated activation key Are compared with the activation key indicated in the decrypted first digital signature information 5a, and the first boot loader 1a is activated when they match. If the two do not match, the process ends.

  The first boot loader 1 a incorporates a second boot authentication program. When the computer 10 acquires the first boot loader 1 a from the file server 20, the second authentication program is also acquired and stored in the RAM 12. .

  When the first boot loader 1a is activated, the second activation authentication program reads the OS kernel 4 from the RAM 12, generates a activation key by applying a hash function to the OS kernel 4, and stores the activation key from the storage unit 31 of the file server 30. The second digital signature information 5b corresponding to the OS kernel 4 is acquired and stored in the RAM 12 so as to be readable, and the public key 13 is read from the IC card 50 to decrypt the second digital signature information 5b, and the generated activation key and decryption The OS kernel 4 is started when the activation key shown in the second digital signature information 5b is matched and the two match, and the processing is terminated without starting the OS kernel 4 when they do not match To do.

  By performing the above processing, it is guaranteed that both the first boot loader 1a and the OS kernel 4 are genuine ones that have not been tampered with.

  Therefore, according to the present embodiment, the digital boot information 5a and 5b corresponding to both the first boot loader 1a and the OS kernel 4 are created, and the first boot loader acquired via the network in the computer 10 is created. By authenticating the 1a and OS kernels 4 using the corresponding digital signature information 5a and 5b, it is possible to confirm whether or not they are authentic, thereby ensuring security safety.

  According to the present embodiment, there is an administrative advantage that the first boot loader 1a can be managed by integrating the second boot authentication program into the first boot loader 1a. Further, there is a security advantage that a different second boot authentication program can be used for each first boot loader 1a.

  According to the present embodiment, by incorporating the second boot authentication program into the first boot loader 1a, the second boot authentication program is also authenticated by the authentication of the first boot loader 1a, so “spoofing” of the boot authentication program itself. Can be prevented.

  In the present embodiment, the second boot loader 1b acquires the OS kernel 4. However, the present invention is not limited to this, and the first boot loader 1a may acquire the OS kernel 4.

[Another embodiment]
In each of the above embodiments, the computer 10 acquires the OS kernel 4 via the network, but the present invention is not limited to this. For example, as shown in FIG. 4, a storage device (indicated as HDD (Hard Disk Drive)) 14 is provided in the computer 10 and the OS kernel 4 stored in the storage device 14 is authenticated. May be. The processing of the authentication system in this case is as follows. Since the basic configuration of the authentication system is the same as that of the first embodiment, the description of the duplicated portion is omitted.

  First, when the user turns on the computer 10, the BIOS is activated and the boot loader 1 is activated.

  The boot loader 1 calls the activation authentication program 2 stored in the IC card 50.

  The activation authentication program 2 reads the OS kernel 4 from the storage device 14 and applies a hash function to the OS kernel 4 to generate an activation key. Subsequently, the activation authentication program 2 acquires the digital signature information 5 corresponding to the OS kernel 4 from the file server 30 via the network 40 and stores the digital signature information 5 in the storage device 14, and the public key 3 from the IC card 50. And the digital signature information 5 is decrypted using the public key 3. Then, the generated activation key and the activation key indicated in the decrypted digital signature information 5 are collated, and if they match, the OS kernel 4 is activated, and if they do not coincide, the OS kernel 4 is activated. Instead, the authentication failure message is displayed on the display and the process is terminated.

  By performing the above processing, it is assured that the OS kernel to be booted is a genuine one that has not been tampered with regardless of acquisition via the network.

It is a functional block diagram which shows the structure of the authentication system of the basic program for operating systems in 1st Embodiment. It is a functional block diagram which shows the structure of the authentication system of the basic program for operating systems in 2nd Embodiment. It is a functional block diagram which shows the structure of the authentication system of the basic program for operating systems in 3rd Embodiment. It is a functional block diagram which shows the structure of the authentication system of the basic program for operating systems in another embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Boot loader 1a ... 1st boot loader 1b ... 2nd boot loader 2 ... Activation authentication program 2a ... 1st activation authentication program 3 ... Public key 4 ... OS kernel 5 ... Digital signature information 5a ... 1st digital signature information 5b ... 2nd digital Signature information 6 ... Activation key 10 ... Computer 11 ... ROM
12 ... RAM
DESCRIPTION OF SYMBOLS 13 ... Slot 13 ... Public key 14 ... Storage device 20, 30 ... File server 21, 31 ... Storage part 40 ... Network 50 ... IC card

Claims (24)

  1. A computer capable of communicating via a network with a storage means storing the basic program of the operating system;
    Signature storage means for storing digital signature information obtained by encrypting an activation key generated using a basic program of a genuine operating system with a secret key, and
    The computer
    Key storage means storing a public key that can be decrypted by the secret key;
    A boot loader for starting a boot authentication program after acquiring a basic program from the storage means via a network and storing it in a storage means;
    The basic program is read from the storage means, an activation key is generated using the basic program, the digital signature information corresponding to the basic program is acquired from the signature storage means, and the public key is read from the key storage means. An activation authentication program that decrypts the digital signature information, collates the generated activation key and the activation key indicated in the decrypted digital signature information, and does not activate the basic program if they do not match;
    An authentication system for a basic program for an operating system, comprising:
  2. The computer is a diskless computer,
    ROM storing the boot loader;
    RAM as storage means for storing the basic program,
    2. The operating system basic program authentication system according to claim 1, wherein the public key and the activation authentication program are recorded and read from a recording medium accessible by the computer.
  3.   3. The operating system basic program authentication system according to claim 1, wherein the digital signature information is acquired by the computer from the signature storage unit via a network.
  4. A computer capable of communicating via a network with a storage means storing a basic program of an operating system and a first boot loader for starting the basic program;
    Signature storage means for storing digital signature information obtained by encrypting an activation key generated using a basic program of a genuine operating system with a secret key, and
    The computer
    Key storage means storing a public key that can be decrypted by the secret key;
    Storage means for storing a first boot loader and a basic program acquired from the storage means via a network;
    A second boot loader that acquires the first boot loader from the storage unit via a network and stores the first boot loader in the storage unit and then activates the first boot authentication program;
    When the first boot loader is read from the storage means, an activation key is generated using the first boot loader, the generated activation key and the activation key stored in the storage means are collated, and the first is matched A first activation authentication program for activating a boot loader;
    When the first boot loader is activated, the basic program is read from the storage means, an activation key is generated using the basic program, the digital signature information corresponding to the basic program is obtained from the signature storage means, and the The public key is read from the key storage means, the digital signature information is decrypted, the generated activation key is compared with the activation key indicated in the decrypted digital signature information, and the basic program is not activated if they do not match A second activation authentication program;
    An authentication system for a basic program for an operating system, comprising:
  5. A computer capable of communicating via a network with a storage means storing a basic program of an operating system and a first boot loader for starting the basic program;
    First digital signature information obtained by encrypting an activation key generated using a genuine first boot loader with a private key, and an encryption key obtained by encrypting an activation key generated using a basic program of an authentic operating system with a private key. 2 signature storage means for storing digital signature information,
    The computer
    Key storage means storing a public key that can be decrypted by the secret key;
    Storage means for storing a first boot loader and a basic program acquired from the storage means via a network;
    A second boot loader that acquires the first boot loader from the storage unit via a network and stores the first boot loader in the storage unit and then activates the first boot authentication program;
    The first boot loader is read from the storage means, an activation key is generated using the first boot loader, first digital signature information corresponding to the first boot loader is obtained from the signature storage means, and a public key is obtained from the key storage means Is read out, the first digital signature information is decrypted, the generated activation key is compared with the activation key indicated in the decrypted first digital signature information, and the first boot loader is activated when the two match An authentication program;
    When the first boot loader is activated, the basic program is read from the storage means, an activation key is generated using the basic program, and second digital signature information corresponding to the basic program is obtained from the signature storage means. When the public key is read out from the key storage means and the second digital signature information is decrypted, and the generated activation key and the activation key indicated in the decrypted second digital signature information are collated, and the two do not match A second activation authentication program that does not activate the basic program;
    An authentication system for a basic program for an operating system, comprising:
  6. The computer is a diskless computer,
    A ROM storing the second boot loader;
    RAM as storage means for storing the first boot loader and the basic program,
    6. The operating system basic program authentication system according to claim 4, wherein the public key and the first activation authentication program are recorded and read from a recording medium accessible by the computer.
  7.   7. The second boot authentication program is incorporated in a first boot loader, and is acquired at the same time when the computer acquires the first boot loader via a network. An authentication system for a basic program for an operating system described in any of the above.
  8.   8. The operating system basic according to claim 5, wherein the first digital signature information and the second digital signature information are acquired by the computer from the signature storage unit via a network. Program authentication system.
  9. Storage means for storing a basic program of the operating system;
    Key storage means for storing a public key that can be decrypted by a private key;
    A boot loader for starting the boot authentication program;
    The basic program is read from the storage means, an activation key is generated using the basic program, and digital signature information obtained by encrypting the activation key generated using a genuine operating system basic program with a secret key is stored. The digital signature information corresponding to the basic program is acquired from the signature storage means, the public key is read from the key storage means, the digital signature information is decrypted, and the generated activation key and the decrypted digital signature information are converted into An activation authentication program that does not activate the basic program if the activation key shown is not matched
    A computer comprising:
  10.   The computer according to claim 9, wherein the basic program acquired through a network is stored in the storage unit.
  11. The computer is a diskless computer,
    ROM storing the boot loader;
    RAM as storage means for storing the basic program,
    11. The computer according to claim 9, wherein the public key and the activation authentication program are recorded and read from a recording medium accessible by the computer.
  12.   The computer according to claim 9, wherein the digital signature information is acquired from the signature storage unit via a network.
  13. Storage means for storing a basic program of an operating system and a first boot loader for starting the basic program;
    A key storage means storing a public key that can be decrypted with a private key;
    A second boot loader that activates the first activation authentication program;
    When the first boot loader is read from the storage means, an activation key is generated using the first boot loader, the generated activation key and the activation key stored in the storage means are collated, and the first is matched A first activation authentication program for activating a boot loader;
    When the first boot loader is activated, the basic program is read from the storage means, an activation key is generated using the basic program, and the activation key generated using the authentic operating system basic program is used as a secret key. The digital signature information corresponding to the basic program is acquired from the signature storage means storing the digital signature information encrypted by the above, the public key is read from the key storage means, the digital signature information is decrypted, and the generated activation key And a second activation authentication program that does not activate the basic program if the activation key indicated in the decrypted digital signature information is not matched.
    A computer comprising:
  14. Storage means for storing a basic program of an operating system and a first boot loader for starting the basic program;
    A key storage means storing a public key that can be decrypted with a private key;
    A second boot loader that activates the first activation authentication program;
    The first boot loader is read from the storage means, an activation key is generated using the first boot loader, and the first digital signature information obtained by encrypting the activation key generated using the authentic first boot loader with a secret key First digital signature information corresponding to the first boot loader is acquired from the stored signature storage means, the public key is read from the key storage means, the first digital signature information is decrypted, and the generated activation key is decrypted A first activation authentication program that activates the first boot loader when the activation key indicated in the first digital signature is matched and the two match;
    When the first boot loader is activated, the basic program is read from the storage means, an activation key is generated using the basic program, and the activation key generated using the authentic operating system basic program is used as a secret key. The second digital signature information corresponding to the basic program is acquired from the signature storage means storing the second digital signature information encrypted by the above, and the public key is read from the key storage means to decrypt the second digital signature information A second activation authentication program that does not activate the basic program when the generated activation key and the activation key indicated in the decrypted second digital signature information are collated and they do not match,
    A computer comprising:
  15.   15. The computer according to claim 13, wherein the first boot loader and the basic program are acquired through a network and stored in the storage unit.
  16. The computer is a diskless computer,
    A ROM storing the second boot loader;
    RAM as storage means for storing the first boot loader and the basic program,
    16. The computer according to claim 13, wherein the public key and the first activation authentication program are recorded and read from a recording medium accessible by the computer.
  17.   17. The second boot authentication program is incorporated in the first boot loader, and is acquired at the same time when the first boot loader is acquired via a network. Computer as described in.
  18.   The computer according to any one of claims 14 to 17, wherein the first digital signature information and the second digital signature information are acquired from the respective signature storage means via a network.
  19. A process of reading the basic program from the storage means storing the basic program of the operating system and generating an activation key using the basic program;
    Processing for obtaining digital signature information corresponding to the read basic program from signature storage means storing digital signature information obtained by encrypting an activation key generated using a basic program of a genuine operating system with a secret key When,
    A process of reading the public key from the key storage means storing the public key that can be decrypted by the private key, and decrypting the acquired digital signature information;
    A process of checking the generated activation key and the activation key indicated in the decrypted digital signature information and not starting the basic program if they do not match,
    A computer program for causing a computer to execute.
  20.   The computer program according to claim 19, wherein the process of acquiring the digital signature information is acquired via a network.
  21. A process of reading a first boot loader from a storage means storing a basic program of an operating system and a first boot loader for starting the basic program, and generating an activation key using the first boot loader;
    A process of collating the generated activation key with the activation key stored in the storage means and activating the first boot loader if they match,
    A first activation authentication program for causing a computer to execute
    When the first boot loader is activated, a process of reading the basic program from the storage means and generating an activation key using the basic program;
    Processing for obtaining digital signature information corresponding to the basic program from signature storage means storing digital signature information obtained by encrypting the activation key generated using the basic program of the authentic operating system with a secret key;
    A process of reading the public key from the key storage means and decrypting the acquired digital signature information;
    A process of checking the generated activation key and the activation key indicated in the decrypted digital signature information and not starting the basic program if they do not match,
    A second activation authentication program for causing a computer to execute
    A computer program characterized by comprising:
  22. A process of reading a first boot loader from a storage means storing a basic program of an operating system and a first boot loader for starting the basic program, and generating an activation key using the first boot loader;
    Processing for obtaining first digital signature information corresponding to the first boot loader from signature storage means storing first digital signature information obtained by encrypting an activation key generated using a genuine first boot loader with a secret key When,
    A process of reading the public key from the key storage means storing the public key that can be decrypted by the private key, and decrypting the acquired first digital signature information;
    A process of collating the generated activation key with the activation key indicated in the decrypted first digital signature information and activating the first boot loader if they match,
    A first activation authentication program for causing a computer to execute
    When the first boot loader is activated, a process of reading the basic program from the storage means and generating an activation key using the basic program;
    The second digital signature information corresponding to the basic program is acquired from the signature storage means storing the second digital signature information obtained by encrypting the activation key generated using the basic program of the authentic operating system with the secret key. Processing,
    A process of reading the public key from the key storage means and decrypting the acquired second digital signature information;
    A process of collating the generated activation key with the activation key indicated in the decrypted second digital signature information and not starting the basic program if they do not match;
    A second activation authentication program for causing a computer to execute
    A computer program characterized by comprising:
  23.   23. The computer program according to claim 21, wherein the second boot authentication program is incorporated in a first boot loader.
  24. The computer program according to claim 22 or 23, wherein the process of acquiring the first digital signature information and the process of acquiring the second digital signature information are acquired via a network, respectively.
JP2005285204A 2005-09-29 2005-09-29 Authentication system for basic program of operating system, computer used for the same, and computer program Pending JP2007094879A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2005285204A JP2007094879A (en) 2005-09-29 2005-09-29 Authentication system for basic program of operating system, computer used for the same, and computer program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2005285204A JP2007094879A (en) 2005-09-29 2005-09-29 Authentication system for basic program of operating system, computer used for the same, and computer program

Publications (1)

Publication Number Publication Date
JP2007094879A true JP2007094879A (en) 2007-04-12

Family

ID=37980499

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2005285204A Pending JP2007094879A (en) 2005-09-29 2005-09-29 Authentication system for basic program of operating system, computer used for the same, and computer program

Country Status (1)

Country Link
JP (1) JP2007094879A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011003020A (en) * 2009-06-18 2011-01-06 Toyota Infotechnology Center Co Ltd Computer system and program starting method
JP2012104135A (en) * 2007-11-21 2012-05-31 Intel Corp Device, method and storage medium utilizing device identifier
WO2013046334A1 (en) * 2011-09-27 2013-04-04 富士通株式会社 Information processing device, basic system startup method, and basic system startup program
JP2013143143A (en) * 2012-01-09 2013-07-22 Fujitsu Ltd Trusted network booting system and method
KR101393307B1 (en) * 2007-07-13 2014-05-12 삼성전자주식회사 Secure boot method and semiconductor memory system for using the method
JP2014526086A (en) * 2011-06-30 2014-10-02 アマゾン・テクノロジーズ・インコーポレーテッド Storage gateway startup process
WO2015186820A1 (en) * 2014-06-06 2015-12-10 豊田通商株式会社 Kernel program including relational data base, and method and device for executing said program

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101393307B1 (en) * 2007-07-13 2014-05-12 삼성전자주식회사 Secure boot method and semiconductor memory system for using the method
JP2012104135A (en) * 2007-11-21 2012-05-31 Intel Corp Device, method and storage medium utilizing device identifier
JP2011003020A (en) * 2009-06-18 2011-01-06 Toyota Infotechnology Center Co Ltd Computer system and program starting method
JP2014526086A (en) * 2011-06-30 2014-10-02 アマゾン・テクノロジーズ・インコーポレーテッド Storage gateway startup process
WO2013046334A1 (en) * 2011-09-27 2013-04-04 富士通株式会社 Information processing device, basic system startup method, and basic system startup program
JP2013143143A (en) * 2012-01-09 2013-07-22 Fujitsu Ltd Trusted network booting system and method
WO2015186820A1 (en) * 2014-06-06 2015-12-10 豊田通商株式会社 Kernel program including relational data base, and method and device for executing said program
CN106575342A (en) * 2014-06-06 2017-04-19 株式会社丰通电子 Kernel program including relational data base, and method and device for executing said program
CN106575342B (en) * 2014-06-06 2018-02-02 株式会社先端电子 Kernel program including relational database and the method and apparatus for performing described program
US10324774B2 (en) 2014-06-06 2019-06-18 Nexty Electronics Corporation Kernel program including relational database, and method and apparatus for executing said program

Similar Documents

Publication Publication Date Title
Challener et al. A practical guide to trusted computing
US7904730B2 (en) System for providing a trustworthy user interface
KR100806477B1 (en) Remote access system, gateway, client device, program, and storage medium
US7797549B2 (en) Secure method and system for biometric verification
US6044155A (en) Method and system for securely archiving core data secrets
KR100896625B1 (en) System and method for authenticating software using hidden intermediate keys
US8335931B2 (en) Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US6263431B1 (en) Operating system bootstrap security mechanism
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
US7073059B2 (en) Secure machine platform that interfaces to operating systems and customized control programs
CN1165849C (en) Computer system for protecting software and method for protecting software
US7694121B2 (en) System and method for protected operating system boot using state validation
US7770021B2 (en) Authenticating software using protected master key
US7174463B2 (en) Method and system for preboot user authentication
JP3622433B2 (en) Access credential authentication apparatus and method
EP0302710A2 (en) A method of controlling the use of computer programs
JP3614057B2 (en) Access qualification authentication method and apparatus, and auxiliary information creation method and apparatus for certification
JP4689945B2 (en) Resource access method
US8046592B2 (en) Method and apparatus for securing the privacy of sensitive information in a data-handling system
JP2005227995A (en) Information processor, information processing method and computer program
JP2009518702A (en) Devices that use virtual interfaces to provide a safe working environment
US20040039932A1 (en) Apparatus, system and method for securing digital documents in a digital appliance
JP3363379B2 (en) Method and apparatus for protecting application data in a secure storage area
KR101158184B1 (en) Protecting content on client platforms
EP1273996A2 (en) Secure bootloader for securing digital devices

Legal Events

Date Code Title Description
A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20080410

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20081014

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20090303