Communication method integrated with trusted measurement and apparatus
US-2024357360-A1 · Oct 24, 2024 · US
Client authentication during network boot
US9864608B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9864608-B2 |
| Application number | US-201615063145-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 7, 2016 |
| Priority date | May 2, 2008 |
| Publication date | Jan 9, 2018 |
| Grant date | Jan 9, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer system, the computer system comprising: a processor; system memory, the system memory coupled to the processor, the system memory storing instructions that are executable by the processor; and the processor executing the instructions stored in system memory to: access a command, the command to request establishment of a relationship between the computer system and a device, establishment of the relationship preventing other devices from being able to perform network boot sequences with the device; transmit the command to the device; receive a response indicative of the device having at least attempted to perform the command; and transmit boot software to the device based at least in part on the response, the boot software for booting up the device. 2. The computer system of claim 1 , further comprising instructions executed at the processor to receive a boot request from the device; and wherein instructions executed at the processor to access a command comprise instructions executed at the processor to access a command responsive to the received boot request from the system memory. 3. The computer system of claim 2 , wherein instructions executed at the processor to receive a boot request from the device comprise instructions executed at the processor to receive a broadcast transmission over a network. 4. The computer system of claim 3 , further comprising instructions executed at the processor to: use an identifier to look up a public key for the device in a database; and encrypt the command with the public key to create an encrypted command. 5. The computer system of claim 4 , wherein instructions executed at the processor to transmit the command to the device comprise instructions executed at the processor to transmit the encrypted command to the device. 6. The computer system of claim 5 , wherein instructions executed at the processor to receive a response indicative of the device having at least attempted to perform the command comprise instructions executed at the processor to receive a response indicating that the device is capable of decrypting the encrypted command. 7. The computer system of claim 1 , wherein instructions executed at the processor to transmit the command and receive a response comprises instructions executed at the processor to participate in an authentication exchange with the device. 8. The computer system of claim 7 , wherein instructions executed at the processor to participate in an authentication exchange with the device comprise instructions executed at the processor to: transmit an ownership query to the device; receive a response back from the device; determine that the device is not owned by any network boot server based on the received response; and take ownership of the device. 9. The computer system of claim 8 , wherein instructions executed at the processor to participate in an authentication exchange with the device comprise instructions executed at the processor to determining that the device is not an interloper device. 10. The computer system of claim 9 , wherein instructions executed at the processor to determine that the device is not an interloper device comprises instructions executed at the processor to determine that the device is authorized to receive the boot software. 11. The computer system of claim 1 , wherein instructions executed at the processor to receive a response indicative of the device having at least attempted to perform the command comprises instructions executed at the processor to receive a response indicative of the remote device having generated an outcome for the command. 12. The computer system of claim 1 , further comprising instructions executed at the processor to transmit one or more of: an operating system or an application to the device. 13. The computer system of claim 1 , wherein instructions executed at the processor to access a command comprise instructions executed at the processor to access a command derived from one or more pre-boot command sequences. 14. A processor implemented method for use at a computer system, the processor implemented method for configuring a device to boot, the processor implemented method comprising: accessing a command from system memory, the command to request establishment of a relationship between the computer system and a device, establishment of the relationship preventing other devices from being able to perform network boot sequences with the device; transmitting the command to the device; receiving a response indicative of the device having at least attempted to perform the command; and transmitting boot software from system memory to the device based at least in part on receiving the response, the boot software for booting up the device. 15. The method of claim 14 , wherein accessing a command comprises accessing a command in response to receiving a boot request from the device, the boot request received in a broadcast transmission over a network. 16. The method of claim 14 , wherein transmitting the command to the device comprises: using an identifier to look up a public key for the device in a database; encrypting the command with the public key to create an encrypted command; and transmitting the encrypted command to the device. 17. The method of claim 14 , wherein receiving a response indicative of the device having at least attempted to perform the command comprises receiving a response indicative of the remote device having generated an outcome for the command. 18. The method of claim 14 , further comprising transmitting one or more of: an operating system or an application to the device. 19. The method of claim 14 , wherein accessing a command comprises accessing a command derived from one or more pre-boot command sequences. 20. A computer program product for use at a computer system, the computer program product for implementing a method for configuring a device to boot, the computer program product comprising one or more computer hardware storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following: access a command, the command to request establishment of a relationship between the computer system and a device, establishment of the relationship preventing other devices from being able to perform network boot sequences with the device; transmit the command to the device; receive a response indicative of the device having at least attempted to perform the command; and transmit boot software to the device based at least in part on the response, the boot software for booting up the device.
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
by using cryptography (for digital transmission H04L9/00) · CPC title
for achieving mutual authentication (cryptographic mechanisms or cryptographic arrangements for mutual authentication H04L9/3273) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9864608B2 cover?
- A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The de…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3271. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 09 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).