JP2019092134A - Encryption key generation method - Google Patents

Encryption key generation method Download PDF

Info

Publication number
JP2019092134A
JP2019092134A JP2017221468A JP2017221468A JP2019092134A JP 2019092134 A JP2019092134 A JP 2019092134A JP 2017221468 A JP2017221468 A JP 2017221468A JP 2017221468 A JP2017221468 A JP 2017221468A JP 2019092134 A JP2019092134 A JP 2019092134A
Authority
JP
Japan
Prior art keywords
code
measurement
encryption
key
key information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2017221468A
Other languages
Japanese (ja)
Inventor
高宮和宏
Kazuhiro Takamiya
高橋正志
Masashi Takahashi
大内隆男
Takao Ouchi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CS SERVICES CO Ltd
Original Assignee
CS SERVICES CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CS SERVICES CO Ltd filed Critical CS SERVICES CO Ltd
Priority to JP2017221468A priority Critical patent/JP2019092134A/en
Publication of JP2019092134A publication Critical patent/JP2019092134A/en
Pending legal-status Critical Current

Links

Images

Abstract

To provide a technology that avoids bypassing of a core root of trust for measurement (CRTM) code that includes a measurement function that is the greatest risk when a secure boot (preventing code tampering) is performed using a secure element (SE) such as a trusted platform module (TPM) by a generic MCU that does not ensure tamper resistance.SOLUTION: A one-way function 102 included in logic operation means 100 of an MCU uses key information [α] 202 included in an object code 201 or data and a code measurement result 308 generated in code measurement means 300 to generate an encryption key 101 for common key encryption.EFFECT: The encryption key 101 is generated by the same process in an external device connected to such a system and used for mutual encryption communication, and therefore, it becomes possible to detect object code tampering due to mutual authentication abnormality or the like.SELECTED DRAWING: Figure 2

Description

耐タンパ性能が確保されていない汎用MCU用の認証、及び送受信データの暗号化を対象とする。 Targets authentication for general-purpose MCUs for which tamper resistance is not secured, and encryption of transmission / reception data.

本発明の目的は、近年ITセキュリティの分野で注目を集めているマルウェア対策を提供することである。 An object of the present invention is to provide an anti-malware measure that has recently attracted attention in the field of IT security.

本来、マルウェア対策としてはマルウェア自体の侵入を防御することが根本対策となるが、Xiongmai製のネットワークカメラ等[SOURCE:http://www.itmedia.co.jp/enterprise/articles/1610/25/news059.html]の近年のDDoS事例を見ると、アタック技術の進歩に防御技術が追い付かないケースが存在している。 Originally, as a measure against malware, the basic measure is to prevent the intrusion of malware itself, but a network camera made by Xiongmai etc. [SOURCE: http://www.itmedia.co.jp/enterprise/articles/1610/25/ Looking at the recent DDoS case in [news059.html], there are cases where defense technology can not keep up with the progress of attack technology.

本発明の目的は、ピアツーピア[Peer to Peer]またはマスタスレーブ形態の接続環境で、マルウェア侵入時に開局時の認証プロセスで上位装置がシステム異常を検知可能とする機能を提供することにある。 An object of the present invention is to provide a function that enables a host device to detect a system abnormality in an authentication process at the time of opening of a malware in a peer-to-peer (Peer to Peer) or master-slave connection environment.

マルウェア対策の最終手段として、近年、TPM[Trusted Platform Module]を利用して起動時にオブジェクトコードの完全性証明を実施するセキュアブート技術が採用されているが、例えばソフトウェアをOSがRAM上に展開するケースでは、図1のアタックツリーに示すように、次のリスクが潜在的に存在する。
リスク_1:起動後に外部RAM上に展開されたコードをプロービングで直接書き換える
リスク_2:完全性証明の起点となるCRTM[Core Root of Trust for Measurement]をバイパスする In recent years, Secure Boot technology has been adopted that uses TPM (Trusted Platform Module) to perform integrity verification of object code as a final measure of anti-malware measures. For example, software is deployed on RAM In the case, as shown in the attack tree of FIG. 1, the following risks potentially exist.
Risk _1: Directly rewrite the code developed on the external RAM after startup by probing Risk _2: Bypass the CRTM [Core Root of Trust for Measurement], which is the starting point of the integrity proof

リスク_1については、USのRed Balloon Security社が開発したRun Time Detection技術が存在するが、リスク_2についてはTPMの標準化団体であるTCG[Trusted Computer Group]が刊行した標準書Trusted Platform Module Library Part 1: Architecture(Family “2.0”、Level 00 Revision 01.38、September 29, 2016)の34.1 Introductionで次のように規定され、バイパスは考慮されていない。 For Risk_1, there is Run Time Detection technology developed by US Red Balloon Security, but for Risk_2, a standard document Trusted Platform Module Library published by TCG [Trusted Computer Group] which is a standardization body of TPM. It is specified as follows in 34.1 Introduction of Part 1: Architecture (Family “2.0”, Level 00 Revision 01.38, September 29, 2016), and bypass is not taken into consideration.

A computer system reset puts the processor and chipset into a known state, and the processor (the root of trust for measurement) begins executing code provided by the platform manufacturer.
This initial code is the core root of trust for measurement (CRTM). It is code that must be trusted as there is no way to tell what that code is other than to rely on the manufacturer.
訳:コンピュータシステムのリセットは、プロセッサ及びチップセットを既知の状態とし、プロセッサ(RTM301)はプラットフォーム製造者が提供したコードの実行を開始する。
この初期コードはCRTMである。
製造者を信頼する以外に方策が無いため、信頼すべきコードでなければならない。 A computer system reset puts the processor and chipset into a known state, and the processor (beginning of the root for trust) begins executing code provided by the platform manufacturer.
This initial code is the core root of trust for measurement (CRTM). It is a code that must be trusted as there is no way to tell what that code is for other than really on the manufacturer.
Translation: Computer system reset puts the processor and chipset in a known state, and the processor (RTM 301) starts executing code provided by the platform manufacturer.
This initial code is CRTM.
It has to be a code to trust, as there is no way but to trust the manufacturer.

なお、CRTMとは、同標準で規定されているように、ブート時に実行されるソフトウェアであり、ブート領域が変更可能であるシステムでは、リスク_2のCRTMのバイパスが最大のリスクとなる。 The CRTM is software executed at boot time as defined in the same standard, and in a system where the boot area can be changed, bypassing the CRTM at Risk_2 is the largest risk.

本発明の構成を図2に示す。 The configuration of the present invention is shown in FIG.

システムは、CPUまたはFPGA等で構成される論理演算手段100、FLASHメモリ等の不揮発性記憶手段200、及びソフトウェア実装またはTPM等のデバイスで構成されるコード測定手段300から構成される。
ここではコード測定手段300にTPMを使用した場合を例として以下に構成を説明するが、コード測定手段300は、FLASHまたはRAMインタフェースに直接接続され、転送と同時に測定を行うゲートアレイとすることもできる。 The system comprises a logic operation unit 100 configured by a CPU or an FPGA, a non-volatile storage unit 200 such as a FLASH memory, and a code measurement unit 300 configured by software implementation or a device such as a TPM.
Here, the configuration will be described below using the TPM as the code measurement means 300 as an example, but the code measurement means 300 may be a gate array that is directly connected to the FLASH or RAM interface and performs measurement simultaneously with transfer. it can.

なお、コード測定手段300にTPMを利用する理由としては、測定結果をUSのNIST[National Institute of Standards and Technology]が標準化したFIPS 140-2内で規定された暗号境界[cryptographic boundary]内500で安全に管理可能である点が挙げられる。
また、TPMではRTM301[Root of Trust for Measurement]がコードをハッシュ関数304により測定し、測定結果(ステップS306)をPCR拡張関数305によってRTS302[Root of Trust for Storage]に含まれるPCR308[Platform Configuration Register]に格納し(ステップS307)、RTR303[Root of Trust for Reporting]が測定結果を出力する(ステップS309)構成となる。 The reason for using the TPM for the code measurement means 300 is 500 in the cryptographic boundary defined in FIPS 140-2 standardized by NIST (National Institute of Standards and Technology) of the measurement results. It can be safely managed.
Further, in the TPM, RTM 301 [Root of Trust for Measurement] measures the code by hash function 304, and the measurement result (step S306) is included by PCR expansion function 305 in RTS 302 [Root of Trust for Storage] PCR 308 [Platform Configuration Register ] (Step S307), and the RTR 303 [Root of Trust for Reporting] outputs the measurement result (step S309).

通常のセキュアブート同様、論理演算手段100は、不揮発性記憶手段200に格納されたオブジェクトコード201をコード測定手段300に転送し(ステップS203)、論理演算手段100はPCR308から測定結果を取得し(ステップS309)、不揮発性記憶手段200に含まれる鍵情報[α]202の取得(ステップS204)と共に一方向性関数Fdiv( )102に入力し、暗号鍵101を生成する(ステップS103)。
なお、暗号鍵101は暗号境界外400に存在するため、安全性を考慮する場合、暗号鍵101及びFdiv( )102はJTAG等のデバッグ用インタフェースが無効化された論理演算手段100のCPUの内部RAM内に格納する。 As in normal secure boot, the logic operation unit 100 transfers the object code 201 stored in the non-volatile storage unit 200 to the code measurement unit 300 (step S203), and the logic operation unit 100 acquires the measurement result from the PCR 308 ( Step S309) The key information [α] 202 included in the non-volatile storage unit 200 is obtained (step S204) and input to the one-way function Fdiv () 102 to generate the encryption key 101 (step S103).
Note that since the encryption key 101 exists outside the encryption boundary 400, when considering security, the encryption key 101 and the Fdiv () 102 are internal to the CPU of the logic operation means 100 in which the debugging interface such as JTAG is invalidated. Store in RAM.

一方向性関数Fdiv( ) 102としてはNISTでAES[Advanced Encryption Standard]等の暗号関数を用いることも可能だが、ここでは計算量を考慮し、AESと同等のセキュリティ強度[128 bit]を有するSHA-256を次式に従って使用したHMACとする。
Fdiv( 鍵情報[α]202, 測定結果S309 ) = HASH( 鍵情報[α]202 || 測定結果S309 )
ただし、HASH( ):SHA-256関数 As the one-way function Fdiv () 102, it is also possible to use an encryption function such as AES [Advanced Encryption Standard] in NIST, but in consideration of the amount of calculation here, SHA having a security strength [128 bit] equivalent to AES. Let H.sub.MAC be used according to the following equation.
Fdiv (key information [α] 202, measurement result S 309) = HASH (key information [α] 202 || measurement result S 309)
However, the HASH (): SHA-256 function

ただし、鍵情報[α]202は暗号境界外400の不揮発性記憶手段200に格納され、露呈する可能性は否定できないため、露呈時の他システムへの影響を最小化するために、多様化(図3)を実施しても良い。 However, since the key information [α] 202 is stored in the non-volatile storage means 200 out of the encryption boundary 400 and the possibility of exposure can not be denied, diversification is performed to minimize the influence on other systems at the time of exposure. FIG. 3) may be implemented.

本システムに接続された外部機器でも本発明と同様の処理を行うことで、暗号鍵101を共有することが可能であり、本システムのオブジェクトコードが改ざんされた際には相互の暗号 / 復号結果に不整合が発生し、例えば相互認証異常等によってコード改ざんを検出することが可能となる。 It is possible to share the encryption key 101 by performing the same process as in the present invention even with an external device connected to this system, and when the object code of this system is falsified, mutual encryption / decryption results Inconsistencies occur, and it is possible to detect code tampering due to, for example, mutual authentication error.

また、論理演算手段100、不揮発性記憶手段200、コード測定手段300で認証を行う場合、生成された暗号鍵101をコード測定手段300に設定することで、コード測定手段300及びコード測定手段300が提供する他の暗号化手段を無効化することが可能となる。 Further, when authentication is performed by the logic operation unit 100, the non-volatile storage unit 200, and the code measurement unit 300, the code measurement unit 300 and the code measurement unit 300 are configured by setting the generated encryption key 101 in the code measurement unit 300. It is possible to invalidate other encryption means provided.

セキュアブートに対するアタックツリーの一例を示す図である。It is a figure which shows an example of the attack tree with respect to secure boot. 本発明の全体像の一例を示す図である。It is a figure which shows an example of the whole image of this invention. 本発明の多様化方法の全体像の一例を示す図である。It is a figure which shows an example of the whole image of the diversification method of this invention. 本発明の多様化方法の鍵情報格納の一例を示す図である。It is a figure which shows an example of the key information storage of the diversification method of this invention. 本発明の多様化方法の鍵情報生成の一例を示す図である。It is a figure which shows an example of key information generation of the diversification method of this invention.

以下、図3の鍵情報の多様化(全体図)を図4(鍵情報格納)と図5(鍵情報生成)を用いて説明する。 Hereinafter, diversification (entire view) of key information in FIG. 3 will be described using FIG. 4 (key information storage) and FIG. 5 (key information generation).

図4の論理演算手段100はRAM上にn個(配列数)の鍵長[ここでは256 bit]サイズのエントリから構成される乱数配列領域106を確保し、乱数列で満たす。 The logical operation means 100 of FIG. 4 secures a random number array area 106 composed of n (number of arrays) key length [here, 256 bits] size entries on the RAM, and fills it with a random number sequence.

なお、エントリはEntry_m[添え字mはエントリ番号(0, 1, 2 …)を示す]として記載される。 Note that the entry is described as Entry_m (the suffix m indicates the entry number (0, 1, 2,...)).

次に、論理演算手段100は論理演算手段100に格納されたデバイス情報等の変更不可能なユニーク値104から配列番号を生成する配列番号生成関数Fsel( )105によって使用する2エントリ(x,y)[図3ではEntry_1とEntry_n-2]を選定する。 Next, the logical operation means 100 generates two array entries (x, y) to be used by the array element number generation function Fsel () 105 which generates an array element number from unmodifiable unique values 104 such as device information stored in the logical operation means 100. 3) select [Entry_1 and Entry_n-2].

なお、2エントリ[Entry_x及びEntry_y]を選定するFsel( )105の処理としては、例えば次式が挙げられる。
x=ユニーク値 mod n[ただし、ユニーク値104はunique_IDまたはユーザ規定値]
y=( x + z ) mod n[ただし、zは任意アルゴリズムでユニーク値から算出した固定値で、1 ≦ z ≦ n - 1] The processing of Fsel () 105 for selecting two entries [Entry_x and Entry_y] may be, for example, the following expression.
x = unique value mod n [where unique value 104 is unique_ID or user defined value]
y = (x + z) mod n [where z is a fixed value calculated from the unique value by an arbitrary algorithm, 1 z z n n-1]

次に論理演算手段100はx番107のエントリを読み出し(β)(ステップS108)、不揮発性記憶手段200に格納されている鍵情報[α]202と排他的論理和を取った結果(γ)(ステップS108a)をy番107aのエントリに格納した後(ステップS108b)、乱数配列領域106を不揮発性記憶手段200にコピー(コピー乱数配列領域106a)した後(ステップS109)、乱数配列領域106を論理演算手段100からは消去する。 Next, the logic operation means 100 reads out the entry of the number x 107 (β) (step S108), and the result of exclusive ORing with the key information [α] 202 stored in the non-volatile storage means 200 (γ) After storing (step S108a) in the yth entry 107a (step S108b), the random number array area 106 is copied to the non-volatile storage unit 200 (copy random number array area 106a) (step S109). It is erased from the logic operation means 100.

論理演算手段100が不発性記憶手段200に格納されたコピー乱数配列領域106aから鍵情報[α]202を再生する場合には、図4の格納時と同様に、図5の論理演算手段100に格納されているユニーク値104をFsel( )105によってエントリ番号(x,y)に変換し、不揮発性記憶手段200に格納されているコピー乱数配列領域106aを論理演算手段100にコピー(再コピー乱数配列領域106b)(ステップS109a)した後、x番107のエントリ(β)とy番107aのエントリ(γ)を読み出し(ステップS110〜S110a)、それらの排他的論理和を取ることで(ステップS110b)不揮発性記憶手段200にある鍵情報[α]202と同じ鍵情報[α]である生成鍵情報[α]202aを論理演算手段100に再生する。 When the logical operation means 100 reproduces the key information [α] 202 from the copy random number array area 106a stored in the non-volatile storage means 200, the logical operation means 100 of FIG. The stored unique value 104 is converted to the entry number (x, y) by Fsel () 105, and the copy random number array area 106a stored in the non-volatile storage unit 200 is copied to the logic operation unit 100 (recopy random number After the array area 106b (step S109a), the entry (β) of the x-th 107 and the entry (γ) of the y-th 107a are read out (steps S110 to S110a), and their exclusive OR is taken (step S110b). ) The generated key information [α] 202 a which is the same key information [α] as the key information [α] 202 in the non-volatile storage means 200 is reproduced to the logical operation means 100.

なお、安全性を考慮する場合には、暗号鍵101と同様に図3の鍵情報の多様化は論理演算手段100のCPUの内部RAMに格納する。 If security is taken into consideration, diversification of key information in FIG. 3 is stored in the internal RAM of the CPU of the logic operation means 100 as in the case of the encryption key 101.

本処理を採用することで、攻撃者が論理演算手段100〜不揮発性記憶手段200間の信号を傍受してもシステム毎にユニークなコピー乱数領域106aの鍵長 × nの乱数列が測定されるだけで(ステップS111)、鍵情報[α]202が信号上には出現しないことから中間者攻撃に対する耐性が確保可能となる。 By adopting this process, even if an attacker intercepts a signal between the logic operation means 100 and the non-volatile storage means 200, a random number sequence of key length x n unique to the copy random number area 106a is measured for each system. As the key information [α] 202 does not appear on the signal only by (step S111), it is possible to secure the resistance against the man-in-the-middle attack.

また、生成にユニーク値104を使用しているため、仮に論理演算手段100のCPU内部RAMから鍵情報[α]202を不正取得した場合でも、他の機器の不揮発性記憶手段間200に格納されたコピー乱数配列領域106aにフィードバックさせることは困難となる。 Further, since the unique value 104 is used for generation, even if the key information [α] 202 is illegally acquired from the CPU internal RAM of the logic operation means 100, it is stored in the non-volatile storage means 200 of other devices. It is difficult to feed back to the copy random number array area 106a.

100 論理演算手段
101 暗号鍵
102 一方向性関数Fdiv()
104 ユニーク値
105 配列番号生成関数Fsel( )
106 論理演算手段の乱数配列領域
106a 論理演算手段から不揮発性記憶手段へのコピー乱数配列領域
106b 不揮発性記憶手段から論理演算手段へコピー乱数配列領域
107 select_Entry_x
107a select_Entry_y
200 不揮発性記憶手段
201 オブジェクトコード
202 鍵情報[α]
202a 生成鍵情報[α]
300 コード生成手段
301 RTM [Core Root of Trust for Measurement]
302 RTS [Root of Trust for Storage]
303 RTR [Root of Trust for Reporting]
304 ハッシュ関数
305 PCR拡張関数
400 暗号境界外
500 暗号境界内 100 logical operation means 101 encryption key 102 one-way function Fdiv ()
104 unique value 105 array number generation function Fsel ()
106 Random number array area 106a of logical operation means Copy from random operation means to nonvolatile storage means Random number array area 106b from nonvolatile storage means to logical operation means Copy random number array area 107 select_Entry_x
107a select_Entry_y
200 non-volatile storage means 201 object code 202 key information [α]
202a generated key information [α]
300 Code Generation Means 301 RTM [Core Root of Trust for Measurement]
302 RTS [Root of Trust for Storage]
303 RTR [Root of Trust for Reporting]
304 hash function 305 PCR extension function 400 outside the cryptographic boundary 500 within the cryptographic boundary

Claims (2)

少なくともオブジェクトコード201とデータを含む不揮発性記憶手段200、オブジェクトコード201に対する測定を実施するコード測定手段300、及びオブジェクトコード201を実行する論理演算手段100から構成されるシステムにおいて、論理演算手段100に含まれる一方向性関数102が、オブジェクトコード201またはデータに含まれる鍵情報[α]202とコード測定結果308から共通鍵暗号用の暗号鍵を生成することを特徴とするシステム。 In a system comprising a nonvolatile storage means 200 including at least an object code 201 and data, a code measuring means 300 for performing measurement on the object code 201, and a logic operation means 100 for executing the object code 201, A system characterized in that a one-way function included 102 generates an encryption key for common key encryption from key information [α] 202 included in object code 201 or data and code measurement result 308. 前記第1項記載の一方向性関数102の入力としてシステム固有値が含まれることを特徴とするシステム。 A system characterized in that the system unique value is included as an input of the one-way function 102 according to the first paragraph.
JP2017221468A 2017-11-17 2017-11-17 Encryption key generation method Pending JP2019092134A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2017221468A JP2019092134A (en) 2017-11-17 2017-11-17 Encryption key generation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2017221468A JP2019092134A (en) 2017-11-17 2017-11-17 Encryption key generation method

Publications (1)

Publication Number Publication Date
JP2019092134A true JP2019092134A (en) 2019-06-13

Family

ID=66836747

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2017221468A Pending JP2019092134A (en) 2017-11-17 2017-11-17 Encryption key generation method

Country Status (1)

Country Link
JP (1) JP2019092134A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688341A (en) * 2019-09-25 2020-01-14 支付宝(杭州)信息技术有限公司 Method and device for realizing efficient contract calling on FPGA (field programmable Gate array)
CN110750488A (en) * 2019-09-25 2020-02-04 支付宝(杭州)信息技术有限公司 Method and device for realizing external calling in FPGA
EP4213055A1 (en) 2022-01-14 2023-07-19 FUJIFILM Business Innovation Corp. Encryption processing system, encryption processing program, and encryption processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009089390A (en) * 2007-09-27 2009-04-23 Intel Corp Method and apparatus for providing upgradeable key binding for trusted platform module (tpm)
JP2009252244A (en) * 2008-04-10 2009-10-29 Nvidia Corp Method and system for implementing secure chain of trust
JP2013524385A (en) * 2010-04-12 2013-06-17 インターデイジタル パテント ホールディングス インコーポレイテッド Staged control of release in the boot process

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009089390A (en) * 2007-09-27 2009-04-23 Intel Corp Method and apparatus for providing upgradeable key binding for trusted platform module (tpm)
JP2009252244A (en) * 2008-04-10 2009-10-29 Nvidia Corp Method and system for implementing secure chain of trust
JP2013524385A (en) * 2010-04-12 2013-06-17 インターデイジタル パテント ホールディングス インコーポレイテッド Staged control of release in the boot process

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
中村智久,東川淳紀: "PC搭載セキュリティチップ(TPM)の概要と最新動向", 情報処理, vol. 第47巻 第5号, JPN6021020615, 15 May 2006 (2006-05-15), pages 473 - 478, ISSN: 0004678843 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688341A (en) * 2019-09-25 2020-01-14 支付宝(杭州)信息技术有限公司 Method and device for realizing efficient contract calling on FPGA (field programmable Gate array)
CN110750488A (en) * 2019-09-25 2020-02-04 支付宝(杭州)信息技术有限公司 Method and device for realizing external calling in FPGA
EP4213055A1 (en) 2022-01-14 2023-07-19 FUJIFILM Business Innovation Corp. Encryption processing system, encryption processing program, and encryption processing method

Similar Documents

Publication Publication Date Title
US9842212B2 (en) System and method for a renewable secure boot
US10491401B2 (en) Verification of code signature with flexible constraints
JP5646631B2 (en) Device audit
EP2854066B1 (en) System and method for firmware integrity verification using multiple keys and OTP memory
US11334502B2 (en) Memory protection based on system state
US20080034350A1 (en) System and Method for Checking the Integrity of Computer Program Code
US9298947B2 (en) Method for protecting the integrity of a fixed-length data structure
US11556651B2 (en) Method for secure booting using route switchover function for boot memory bus and apparatus using the same
US10776493B2 (en) Secure management and execution of computing code including firmware
EP3678025B1 (en) Computer code integrity checking
JP2019092134A (en) Encryption key generation method
TW201926047A (en) Secure memory access using memory read restriction
Goodspeed Extracting keys from second generation zigbee chips
TWI522914B (en) Microprocessor and method of revoking first password
Mohammad et al. Required policies and properties of the security engine of an SoC
US10747878B1 (en) Rapid verification of executing processes
US10242195B2 (en) Integrity values for beginning booting instructions
CN111357003A (en) Data protection in a pre-operating system environment
US20230177154A1 (en) Sparse Encodings for Control Signals
EP4281893A1 (en) Read-only memory (rom) security
EP4281891A1 (en) Read-only memory (rom) security
Koumoutzelis et al. Security Issues of GPUs and FPGAs for AI-powered near & far Edge Services
Al Mahmod Towards Unclonable System Design for Resource-Constrained Applications
WO2023166363A1 (en) Secure attestation of hardware device
Kruus et al. On reporting of the time of attestation measurements

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20200910

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20210421

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20210622

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20220111