WO2010039788A3 - Processor boot security device and methods thereof - Google Patents

Processor boot security device and methods thereof Download PDF

Info

Publication number
WO2010039788A3
WO2010039788A3 PCT/US2009/058962 US2009058962W WO2010039788A3 WO 2010039788 A3 WO2010039788 A3 WO 2010039788A3 US 2009058962 W US2009058962 W US 2009058962W WO 2010039788 A3 WO2010039788 A3 WO 2010039788A3
Authority
WO
WIPO (PCT)
Prior art keywords
authentication information
boot
source
access
network authentication
Prior art date
Application number
PCT/US2009/058962
Other languages
French (fr)
Other versions
WO2010039788A2 (en
Inventor
Harlan T. Beverly
Original Assignee
Bigfoot Networks, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bigfoot Networks, Inc. filed Critical Bigfoot Networks, Inc.
Publication of WO2010039788A2 publication Critical patent/WO2010039788A2/en
Publication of WO2010039788A3 publication Critical patent/WO2010039788A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1433Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4416Network booting; Remote initial program loading [RIPL]

Abstract

A method of securing network authentication information at a data processing device includes determining a boot source from which to boot the device and comparing the boot source to an expected source. If the boot source is not the expected source, access to the network authentication information is inhibited, such as by disabling access to the portion of memory that stores the authentication information. Further, if the boot source is the expected source, boot code authentication information is retrieved from memory and verified during the boot sequence. If the device authentication information is not authenticated, access to the network authentication information is inhibited. Accordingly, access to the network authentication information is allowed only if the data processing device is booted from an expected source, and only if the boot code is authenticated, thereby reducing the likelihood of unauthorized access to the network authentication information.
PCT/US2009/058962 2008-09-30 2009-09-30 Processor boot security device and methods thereof WO2010039788A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10148708P 2008-09-30 2008-09-30
US61/101,487 2008-09-30

Publications (2)

Publication Number Publication Date
WO2010039788A2 WO2010039788A2 (en) 2010-04-08
WO2010039788A3 true WO2010039788A3 (en) 2010-07-22

Family

ID=42058872

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/058962 WO2010039788A2 (en) 2008-09-30 2009-09-30 Processor boot security device and methods thereof

Country Status (2)

Country Link
US (2) US8443181B2 (en)
WO (1) WO2010039788A2 (en)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010039788A2 (en) 2008-09-30 2010-04-08 Bigfoot Networks, Inc. Processor boot security device and methods thereof
US20100306442A1 (en) * 2009-06-02 2010-12-02 International Business Machines Corporation Detecting lost and out of order posted write packets in a peripheral component interconnect (pci) express network
GB2493340A (en) * 2011-07-28 2013-02-06 St Microelectronics Res & Dev Address mapping of boot transactions between dies in a system in package
US9055443B2 (en) 2011-10-27 2015-06-09 T-Mobile Usa, Inc. Mobile device-type locking
US9319884B2 (en) 2011-10-27 2016-04-19 T-Mobile Usa, Inc. Remote unlocking of telecommunication device functionality
US9591484B2 (en) 2012-04-20 2017-03-07 T-Mobile Usa, Inc. Secure environment for subscriber device
US10075848B2 (en) 2012-08-25 2018-09-11 T-Mobile Usa, Inc. SIM level mobile security
CN110569633B (en) * 2012-10-25 2023-04-18 英特尔公司 Theft protection in firmware
US10733288B2 (en) 2013-04-23 2020-08-04 Hewlett-Packard Development Company, L.P. Verifying controller code and system boot code
US9734339B2 (en) 2013-04-23 2017-08-15 Hewlett-Packard Development Company, L.P. Retrieving system boot code from a non-volatile memory
US20150121054A1 (en) * 2013-10-31 2015-04-30 Advanced Micro Devices, Inc. Platform Secure Boot
US9547767B2 (en) 2013-11-13 2017-01-17 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US9767288B2 (en) 2013-11-13 2017-09-19 Via Technologies, Inc. JTAG-based secure BIOS mechanism in a trusted computing system
US9507942B2 (en) 2013-11-13 2016-11-29 Via Technologies, Inc. Secure BIOS mechanism in a trusted computing system
US9129113B2 (en) 2013-11-13 2015-09-08 Via Technologies, Inc. Partition-based apparatus and method for securing bios in a trusted computing system during execution
US10049217B2 (en) 2013-11-13 2018-08-14 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US9779242B2 (en) 2013-11-13 2017-10-03 Via Technologies, Inc. Programmable secure bios mechanism in a trusted computing system
US10055588B2 (en) 2013-11-13 2018-08-21 Via Technologies, Inc. Event-based apparatus and method for securing BIOS in a trusted computing system during execution
US9367689B2 (en) * 2013-11-13 2016-06-14 Via Technologies, Inc. Apparatus and method for securing BIOS in a trusted computing system
US9798880B2 (en) 2013-11-13 2017-10-24 Via Technologies, Inc. Fuse-enabled secure bios mechanism with override feature
US10095868B2 (en) 2013-11-13 2018-10-09 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US9183394B2 (en) 2013-11-13 2015-11-10 Via Technologies, Inc. Secure BIOS tamper protection mechanism
US9779243B2 (en) 2013-11-13 2017-10-03 Via Technologies, Inc. Fuse-enabled secure BIOS mechanism in a trusted computing system
US10013565B2 (en) * 2014-08-18 2018-07-03 Dell Products, Lp System and method for secure transport of data from an operating system to a pre-operating system environment
US9807607B2 (en) 2014-10-03 2017-10-31 T-Mobile Usa, Inc. Secure remote user device unlock
US10769315B2 (en) * 2014-12-01 2020-09-08 T-Mobile Usa, Inc. Anti-theft recovery tool
US20160253501A1 (en) * 2015-02-26 2016-09-01 Dell Products, Lp Method for Detecting a Unified Extensible Firmware Interface Protocol Reload Attack and System Therefor
US9813399B2 (en) 2015-09-17 2017-11-07 T-Mobile Usa, Inc. Secure remote user device unlock for carrier locked user devices
CN106792195B (en) * 2016-12-26 2020-12-08 深圳Tcl数字技术有限公司 Intelligent selection method and system for starting information source of intelligent television
US10387333B2 (en) * 2017-01-05 2019-08-20 Qualcomm Incorporated Non-volatile random access memory with gated security access
US10476875B2 (en) 2017-04-21 2019-11-12 T-Mobile Usa, Inc. Secure updating of telecommunication terminal configuration
US10171649B2 (en) 2017-04-21 2019-01-01 T-Mobile Usa, Inc. Network-based device locking management
US10757087B2 (en) * 2018-01-02 2020-08-25 Winbond Electronics Corporation Secure client authentication based on conditional provisioning of code signature
US10972901B2 (en) 2019-01-30 2021-04-06 T-Mobile Usa, Inc. Remote SIM unlock (RSU) implementation using blockchain
WO2020159533A1 (en) 2019-02-01 2020-08-06 Hewlett-Packard Development Company, L.P. Security credential derivation
CN109902035B (en) * 2019-02-03 2023-10-31 成都皮兆永存科技有限公司 composite memory
WO2020167283A1 (en) 2019-02-11 2020-08-20 Hewlett-Packard Development Company, L.P. Recovery from corruption
US11288373B2 (en) * 2019-04-11 2022-03-29 Baidu Usa Llc Boot failure recovery scheme for hardware-based system of autonomous driving vehicles
US20230385071A1 (en) * 2022-05-31 2023-11-30 Renesas Electronics Corporation Semiconductor device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030140238A1 (en) * 2002-01-22 2003-07-24 Texas Instruments Incorporated Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
US20060090084A1 (en) * 2004-10-22 2006-04-27 Mark Buer Secure processing environment
US20060179308A1 (en) * 2005-02-07 2006-08-10 Andrew Morgan System and method for providing a secure boot architecture
US20080141017A1 (en) * 2006-07-13 2008-06-12 Mccoull James Ross Gaming machine having a secure boot chain and method of use

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7073064B1 (en) * 2000-03-31 2006-07-04 Hewlett-Packard Development Company, L.P. Method and apparatus to provide enhanced computer protection
FI114416B (en) * 2001-06-15 2004-10-15 Nokia Corp Method for securing the electronic device, the backup system and the electronic device
US20050138409A1 (en) * 2003-12-22 2005-06-23 Tayib Sheriff Securing an electronic device
JP4433401B2 (en) * 2004-12-20 2010-03-17 レノボ シンガポール プライヴェート リミテッド Information processing system, program, and information processing method
US7467304B2 (en) * 2005-06-22 2008-12-16 Discretix Technologies Ltd. System, device, and method of selectively allowing a host processor to access host-executable code
US7424398B2 (en) * 2006-06-22 2008-09-09 Lexmark International, Inc. Boot validation system and method
US7757098B2 (en) * 2006-06-27 2010-07-13 Intel Corporation Method and apparatus for verifying authenticity of initial boot code
US7987351B2 (en) * 2006-10-06 2011-07-26 Broadcom Corporation Method and system for enhanced boot protection
WO2010039788A2 (en) 2008-09-30 2010-04-08 Bigfoot Networks, Inc. Processor boot security device and methods thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030140238A1 (en) * 2002-01-22 2003-07-24 Texas Instruments Incorporated Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
US20060090084A1 (en) * 2004-10-22 2006-04-27 Mark Buer Secure processing environment
US20060179308A1 (en) * 2005-02-07 2006-08-10 Andrew Morgan System and method for providing a secure boot architecture
US20080141017A1 (en) * 2006-07-13 2008-06-12 Mccoull James Ross Gaming machine having a secure boot chain and method of use

Also Published As

Publication number Publication date
US8443181B2 (en) 2013-05-14
US20100082968A1 (en) 2010-04-01
WO2010039788A2 (en) 2010-04-08
US9141804B2 (en) 2015-09-22
US20130227266A1 (en) 2013-08-29

Similar Documents

Publication Publication Date Title
WO2010039788A3 (en) Processor boot security device and methods thereof
TWI669626B (en) Processing method, server and client for preventing copy attacks
US20160110545A1 (en) Code pointer authentication for hardware flow control
US10503931B2 (en) Method and apparatus for dynamic executable verification
WO2007096871A3 (en) Device, system and method of accessing a security token
WO2016078327A1 (en) Method and apparatus for identifying malicious operation in mobile terminal
WO2007067221A3 (en) Methods and apparatus for the secure handling of data in a microcontroller
MY175911A (en) Method and system protecting against identity theft or replication abuse
EA201491905A1 (en) METHOD AND SYSTEM FOR ABSTRACT AND RANDOMIZED DISPOSABLE PASSWORDS FOR TRANSACTION AUTHENTICATION
EA201200084A1 (en) METHOD OF REMOTE CONTROL AND MONITORING DATA ON THE DESKTOP
GB201306126D0 (en) Method, secure device, system and computer program product for security managing access to a file system
KR20130015007A (en) Method for verifying a memory block of a nonvolatile memory
JP2008539482A5 (en)
WO2008073606A3 (en) Access control system based on a hardware and software signature of a requesting device
ATE525826T1 (en) AUTHORIZATION OF A TRANSACTION
JP4621732B2 (en) Method for authenticating device outside vehicle, bus system of motor vehicle having control device, and computer program for authenticating device outside vehicle
RU2007122786A (en) METHOD AND SYSTEM FOR PROTECTING SOFTWARE APPLICATIONS AGAINST PIRACY
KR101630462B1 (en) Apparatus and Method for Securing a Keyboard
US9507955B2 (en) System and method for executing code securely in general purpose computer
CN110069936A (en) A kind of wooden horse steganography method and detection method
KR101397666B1 (en) Method for controlling access right of application, and user device
US20160042160A1 (en) Apparatus and method for preventing cloning of code
WO2010151102A1 (en) Remote destroy mechanism using trusted platform module
MY176457A (en) Secure external storage system and method thereof
US20140130162A1 (en) Phishing preventing system and operating method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09818416

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09818416

Country of ref document: EP

Kind code of ref document: A2