CA2638955A1 - Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function - Google Patents
Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function Download PDFInfo
- Publication number
- CA2638955A1 CA2638955A1 CA002638955A CA2638955A CA2638955A1 CA 2638955 A1 CA2638955 A1 CA 2638955A1 CA 002638955 A CA002638955 A CA 002638955A CA 2638955 A CA2638955 A CA 2638955A CA 2638955 A1 CA2638955 A1 CA 2638955A1
- Authority
- CA
- Canada
- Prior art keywords
- integrated system
- initialization
- initialization code
- code
- substitute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract 16
- 238000011084 recovery Methods 0.000 claims 6
- 230000002085 persistent effect Effects 0.000 claims 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.
Claims (4)
1. A method of recovering integrated system functionality following a trigger event, said method comprising:
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location; wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and wherein the initialization code further comprises a manufacturer's public key, and wherein the method further comprises:
generating at the integrated system a public/private key pair;
securely storing the integrated system's private key; and encrypting the integrated system's public key using the manufacturers public key.
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location; wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and wherein the initialization code further comprises a manufacturer's public key, and wherein the method further comprises:
generating at the integrated system a public/private key pair;
securely storing the integrated system's private key; and encrypting the integrated system's public key using the manufacturers public key.
2. The method of claim 1, further comprising storing the master key and the substitute initialization address in persistent storage associated with a data access control function of the integrated system.
3. The method of claim 1, wherein the automatically establishing the reduced level of functionality within the integrated system includes limiting access to secure code and data within the integrated system.
4. A method of recovering integrated system functionality following a trigger event, said method comprising:
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location;
wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and further comprising establishing a secure network connection between the integrated system and manufacturer, the establishing employing the generated public/private key pair, and downloading across the secure network connection required code and data to reestablish full functionality of the integrated system.
automatically establishing a reduced level of functionality within the integrated system;
allowing for full functional recovery of the integrated system by employing a selective recovery procedure;
wherein the recovery procedure includes loading initialization code into the integrated system at a secure physical location;
wherein the loading of initialization code further comprises loading unencrypted initialization code into the integrated system, including restoration initialization code, and wherein the method further comprises:
executing the restoration initialization code to obtain a master key and a substitute initialization address;
encrypting the restoration initialization code with the master key and storing the encrypted initialization code at the substitute initialization address;
reinitializing the integrated system using the stored encrypted initialization code at the substitute initialization address; and further comprising establishing a secure network connection between the integrated system and manufacturer, the establishing employing the generated public/private key pair, and downloading across the secure network connection required code and data to reestablish full functionality of the integrated system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2638955A CA2638955C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002481569A CA2481569C (en) | 2002-04-18 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| CA2638955A CA2638955C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002481569A Division CA2481569C (en) | 2002-04-18 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2638955A1 true CA2638955A1 (en) | 2003-10-30 |
| CA2638955C CA2638955C (en) | 2012-06-05 |
Family
ID=40091289
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2638955A Expired - Lifetime CA2638955C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| CA2638979A Expired - Lifetime CA2638979C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2638979A Expired - Lifetime CA2638979C (en) | 2003-04-16 | 2003-04-16 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Country Status (1)
| Country | Link |
|---|---|
| CA (2) | CA2638955C (en) |
-
2003
- 2003-04-16 CA CA2638955A patent/CA2638955C/en not_active Expired - Lifetime
- 2003-04-16 CA CA2638979A patent/CA2638979C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CA2638955C (en) | 2012-06-05 |
| CA2638979A1 (en) | 2003-10-30 |
| CA2638979C (en) | 2017-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2481569A1 (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
| US9342713B2 (en) | Unlocking a storage device | |
| US7461270B2 (en) | Methods and systems for promoting security in a computer system employing attached storage devices | |
| US8798272B2 (en) | Systems and methods for managing multiple keys for file encryption and decryption | |
| EP1116840A3 (en) | Key security system for vehicle-based information node | |
| RU2012146367A (en) | PROTECTED DOWNLOAD AND CONFIGURATION OF A SUB-SYSTEM FROM A NON-LOCAL REMEMBERING DEVICE | |
| CN108255505A (en) | A kind of firmware update, device, equipment and computer readable storage medium | |
| MY130889A (en) | Method and apparatus of storage anti-piracy key encryption (sake) device to control data access for networks | |
| US20120237024A1 (en) | Security System Using Physical Key for Cryptographic Processes | |
| CA2417516A1 (en) | Method and apparatus for automatic database encryption | |
| WO2005045550A3 (en) | Password recovery system and method | |
| RU2006131456A (en) | SYSTEM, METHOD AND COMPUTER SOFTWARE PRODUCT FOR ACCESSING AT LEAST TO ONE VIRTUAL FREQUENCY NETWORK | |
| WO2005089088A2 (en) | Method, apparatus and system for use in distributed and parallel decryption | |
| CA2588309C (en) | System and method for remote reset of password and encryption key | |
| JP2003249927A (en) | Super secure migratable key in tcpa | |
| CN101008895A (en) | Software update system and method of computer enclosed operation system | |
| CN105245334A (en) | System and method for backup and recovery of TPM key and its authorized data | |
| CN102521094A (en) | Method for initializing java card and java card | |
| CA2638955A1 (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
| KR20060008338A (en) | How to boot up the software to a boot sector of programmable read-only memory | |
| CN104346299B (en) | The control method and device of a kind of mobile terminal to update | |
| CN112580115B (en) | NVME device security management method, device, equipment and readable storage medium | |
| JP3975685B2 (en) | Information processing apparatus and activation control method | |
| WO2000062515A3 (en) | Method and system for updating information in a telefon exchange system | |
| CN109819018A (en) | A kind of hot update method that realizing smart card executable file and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20230417 |
|
| MKEX | Expiry |
Effective date: 20230417 |