CA2638955A1 - Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function - Google Patents
Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function Download PDFInfo
- Publication number
- CA2638955A1 CA2638955A1 CA002638955A CA2638955A CA2638955A1 CA 2638955 A1 CA2638955 A1 CA 2638955A1 CA 002638955 A CA002638955 A CA 002638955A CA 2638955 A CA2638955 A CA 2638955A CA 2638955 A1 CA2638955 A1 CA 2638955A1
- Authority
- CA
- Canada
- Prior art keywords
- integrated system
- initialization
- initialization code
- code
- substitute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract 16
- 238000011084 recovery Methods 0.000 claims 6
- 230000002085 persistent effect Effects 0.000 claims 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.
Claims (4)
1. A method of recovering integrated system functionality following a trigger event, said method comprising:
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location; wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and wherein the initialization code further comprises a manufacturer's public key, and wherein the method further comprises:
generating at the integrated system a public/private key pair;
securely storing the integrated system's private key; and encrypting the integrated system's public key using the manufacturers public key.
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location; wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and wherein the initialization code further comprises a manufacturer's public key, and wherein the method further comprises:
generating at the integrated system a public/private key pair;
securely storing the integrated system's private key; and encrypting the integrated system's public key using the manufacturers public key.
2. The method of claim 1, further comprising storing the master key and the substitute initialization address in persistent storage associated with a data access control function of the integrated system.
3. The method of claim 1, wherein the automatically establishing the reduced level of functionality within the integrated system includes limiting access to secure code and data within the integrated system.
4. A method of recovering integrated system functionality following a trigger event, said method comprising:
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location;
wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and further comprising establishing a secure network connection between the integrated system and manufacturer, the establishing employing the generated public/private key pair, and downloading across the secure network connection required code and data to reestablish full functionality of the integrated system.
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location;
wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and further comprising establishing a secure network connection between the integrated system and manufacturer, the establishing employing the generated public/private key pair, and downloading across the secure network connection required code and data to reestablish full functionality of the integrated system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2638955A CA2638955C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002481569A CA2481569C (en) | 2002-04-18 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| CA2638955A CA2638955C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002481569A Division CA2481569C (en) | 2002-04-18 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2638955A1 true CA2638955A1 (en) | 2003-10-30 |
| CA2638955C CA2638955C (en) | 2012-06-05 |
Family
ID=40091289
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2638979A Expired - Lifetime CA2638979C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| CA2638955A Expired - Lifetime CA2638955C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2638979A Expired - Lifetime CA2638979C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Country Status (1)
| Country | Link |
|---|---|
| CA (2) | CA2638979C (en) |
-
2003
- 2003-04-16 CA CA2638979A patent/CA2638979C/en not_active Expired - Lifetime
- 2003-04-16 CA CA2638955A patent/CA2638955C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CA2638979C (en) | 2017-06-06 |
| CA2638955C (en) | 2012-06-05 |
| CA2638979A1 (en) | 2003-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2481569A1 (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
| US9652638B2 (en) | Unlocking a storage device | |
| EP1561299B1 (en) | Device keys | |
| US7036020B2 (en) | Methods and systems for promoting security in a computer system employing attached storage devices | |
| US7242768B2 (en) | Super secure migratable keys in TCPA | |
| CN108255505A (en) | A kind of firmware update, device, equipment and computer readable storage medium | |
| US20060174352A1 (en) | Method and apparatus for providing versatile services on storage devices | |
| WO2007120375A1 (en) | Authentication of a request to alter at least one of a bios and a setting associated with the bios | |
| US20120237024A1 (en) | Security System Using Physical Key for Cryptographic Processes | |
| CA2826837C (en) | System and method for remote reset of password and encrytion key | |
| JP2001516913A (en) | Encrypted file system and method | |
| JP2004240764A (en) | Information processor, method for controlling information processor and control program for information processor | |
| WO2005045550A3 (en) | Password recovery system and method | |
| WO2004015515A3 (en) | System and method for authentication | |
| RU2006131456A (en) | SYSTEM, METHOD AND COMPUTER SOFTWARE PRODUCT FOR ACCESSING AT LEAST TO ONE VIRTUAL FREQUENCY NETWORK | |
| WO2011130970A1 (en) | Device and method for protecting data of mobile terminal | |
| CA2638955A1 (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
| KR20060008338A (en) | Method for booting up a software in the boot sector of a programmable read-only memory | |
| GB2425193A (en) | Method for updating the software in a processor unit | |
| CA2516895A1 (en) | User-defined passwords having associated unique version data to assist user recall of the password | |
| WO2006039967A1 (en) | Secure loading and storing of data in a data processing device | |
| CN105760750B (en) | Software tamper Detection method and system | |
| JP3975685B2 (en) | Information processing apparatus and activation control method | |
| CN109819018A (en) | A kind of hot update method that realizing smart card executable file and device | |
| WO2000062515A3 (en) | Method and system for updating information in a telefon exchange system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20230417 |
|
| MKEX | Expiry |
Effective date: 20230417 |