CN101529376B - 经由透明辅助因素的平台认证 - Google Patents

经由透明辅助因素的平台认证 Download PDF

Info

Publication number
CN101529376B
CN101529376B CN2007800401147A CN200780040114A CN101529376B CN 101529376 B CN101529376 B CN 101529376B CN 2007800401147 A CN2007800401147 A CN 2007800401147A CN 200780040114 A CN200780040114 A CN 200780040114A CN 101529376 B CN101529376 B CN 101529376B
Authority
CN
China
Prior art keywords
block device
platform
file
smart card
boot process
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2007800401147A
Other languages
English (en)
Chinese (zh)
Other versions
CN101529376A (zh
Inventor
D·R·伍藤
E·霍特
S·汤姆
T·乌雷彻
D·斯莱茨
D·M·麦克莱夫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN101529376A publication Critical patent/CN101529376A/zh
Application granted granted Critical
Publication of CN101529376B publication Critical patent/CN101529376B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • G06Q20/3415Cards acting autonomously as pay-media
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/356Aspects of software for card payments
    • G06Q20/3563Software being resident on card
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
CN2007800401147A 2006-10-25 2007-09-27 经由透明辅助因素的平台认证 Expired - Fee Related CN101529376B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US11/586,283 2006-10-25
US11/586,283 US8200952B2 (en) 2006-10-25 2006-10-25 Platform authentication via a transparent second factor
PCT/US2007/079737 WO2008051679A1 (en) 2006-10-25 2007-09-27 Platform authentication via a transparent second factor

Publications (2)

Publication Number Publication Date
CN101529376A CN101529376A (zh) 2009-09-09
CN101529376B true CN101529376B (zh) 2013-09-04

Family

ID=39324915

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007800401147A Expired - Fee Related CN101529376B (zh) 2006-10-25 2007-09-27 经由透明辅助因素的平台认证

Country Status (7)

Country Link
US (1) US8200952B2 (enExample)
EP (1) EP2076833A1 (enExample)
JP (1) JP2010508578A (enExample)
KR (1) KR20090068201A (enExample)
CN (1) CN101529376B (enExample)
TW (1) TW200821931A (enExample)
WO (1) WO2008051679A1 (enExample)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008087317A2 (fr) * 2006-12-14 2008-07-24 Sagem Securite Dispositif peripherique de securite
DE102006062244B4 (de) * 2006-12-22 2013-10-17 Rational Ag Verfahren zum Auslesen von Daten aus dem Speicher eines Gargeräts und Gargerät zum Durchführen eines solchen Verfahrens
US8510352B2 (en) 2008-10-24 2013-08-13 Microsoft Corporation Virtualized boot block with discovery volume
US20100115116A1 (en) * 2008-11-03 2010-05-06 Micron Technology, Inc. System and method for switching communication protocols in electronic interface devices
US8073886B2 (en) 2009-02-20 2011-12-06 Microsoft Corporation Non-privileged access to data independent of filesystem implementation
CN101814037B (zh) * 2010-03-12 2012-12-05 青岛海信宽带多媒体技术有限公司 兼容多种智能卡的驱动方法
CN101825994B (zh) * 2010-04-16 2016-04-13 苏州壹世通科技有限公司 基于固件的非操作系统依赖的闪存阵列管理装置和方法
US9721101B2 (en) * 2013-06-24 2017-08-01 Red Hat, Inc. System wide root of trust chaining via signed applications
US8495356B2 (en) * 2010-12-31 2013-07-23 International Business Machines Corporation System for securing virtual machine disks on a remote shared storage subsystem
US8503674B2 (en) 2011-04-28 2013-08-06 Microsoft Corporation Cryptographic key attack mitigation
US8375221B1 (en) 2011-07-29 2013-02-12 Microsoft Corporation Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
US9183415B2 (en) * 2011-12-01 2015-11-10 Microsoft Technology Licensing, Llc Regulating access using information regarding a host machine of a portable storage drive
US9208105B2 (en) 2013-05-30 2015-12-08 Dell Products, Lp System and method for intercept of UEFI block I/O protocol services for BIOS based hard drive encryption support
CN103544037B (zh) * 2013-10-29 2016-08-17 飞天诚信科技股份有限公司 一种支持OpenSC的软硬件驱动的实现方法
JP2016025616A (ja) * 2014-07-24 2016-02-08 レノボ・シンガポール・プライベート・リミテッド ディスク・ドライブが記憶するデータを保護する方法および携帯式コンピュータ
CN109155733B (zh) * 2016-06-02 2022-01-04 松下知识产权经营株式会社 信息处理装置以及信息处理系统
CN106250750B (zh) * 2016-07-18 2019-08-16 深圳市文鼎创数据科技有限公司 基于MacOSX系统的USB设备接入方法及装置
US20240143814A1 (en) * 2022-10-28 2024-05-02 Dell Products L.P. Dynamic and secure access to uefi services based on indicator of attack driver

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1527208A (zh) * 2003-09-25 2004-09-08 联想(北京)有限公司 基于身份认证的计算机安全及加密的实现方法和装置
CN1822013A (zh) * 2006-03-14 2006-08-23 上海一维科技有限公司 基于可信平台模块的指纹生物识别引擎系统及其识别方法

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19600081C2 (de) 1996-01-03 1999-11-18 Ibm Sicherung der Datenintegrität bei Datenträgerkarten
DK0885417T3 (da) 1996-02-09 2002-11-11 Digital Privacy Inc Adgangskontrol-/-kryptosystem
KR19990058372A (ko) 1997-12-30 1999-07-15 윤종용 스마트 카드를 이용한 컴퓨터의 보안 방법
US6754886B1 (en) 1998-11-30 2004-06-22 International Business Machines Corporation Method and system for storing java objects in devices having a reduced support of high-level programming concepts
TW463107B (en) 1998-12-22 2001-11-11 Ibm Extended card file system
US6463537B1 (en) 1999-01-04 2002-10-08 Codex Technologies, Inc. Modified computer motherboard security and identification system
US7036738B1 (en) 1999-05-03 2006-05-02 Microsoft Corporation PCMCIA-compliant smart card secured memory assembly for porting user profiles and documents
KR20000018098A (ko) 2000-01-11 2000-04-06 이재현 지문 및 스마트카드를 이용한 개인용컴퓨터 보안장치
KR20010087034A (ko) 2000-03-06 2001-09-15 김효화 보안 기능을 내장한 키보드 및 이를 활용한 네트워크보안방법
KR20020004368A (ko) 2000-07-05 2002-01-16 구승엽 전자 인증 시스템을 이용한 컴퓨터 시스템 운영방법
US7797729B2 (en) * 2000-10-26 2010-09-14 O2Micro International Ltd. Pre-boot authentication system
US6513721B1 (en) 2000-11-27 2003-02-04 Microsoft Corporation Methods and arrangements for configuring portable security token features and contents
US7117376B2 (en) * 2000-12-28 2006-10-03 Intel Corporation Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations
MXPA04005525A (es) 2001-12-07 2005-04-19 Ecebs Ltd Sistema de tarjeta inteligente.
US20030154375A1 (en) 2002-02-08 2003-08-14 Weimin Yang Universal crypto-adaptor system for supporting multiple APIs and multiple smart cards
GB2387254B (en) 2002-04-05 2005-11-23 Armoursoft Ltd User authentication for computer systems
US7028090B2 (en) 2002-05-30 2006-04-11 International Business Machines Corporation Tokens utilized in a server system that have different access permissions at different access times and method of use
US6945454B2 (en) 2003-04-22 2005-09-20 Stmicroelectronics, Inc. Smart card device used as mass storage device
KR101100385B1 (ko) * 2004-03-22 2011-12-30 삼성전자주식회사 인증서 폐지 목록을 이용한 디지털 저작권 관리 방법 및장치
KR20060004584A (ko) 2004-07-08 2006-01-12 삼성전자주식회사 보안 인증을 통한 화상형성장치의 부팅방법
US7725701B2 (en) * 2006-03-03 2010-05-25 Hewlett-Packard Development Company, L.P. Portable device comprising a BIOS setting

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1527208A (zh) * 2003-09-25 2004-09-08 联想(北京)有限公司 基于身份认证的计算机安全及加密的实现方法和装置
CN1822013A (zh) * 2006-03-14 2006-08-23 上海一维科技有限公司 基于可信平台模块的指纹生物识别引擎系统及其识别方法

Also Published As

Publication number Publication date
KR20090068201A (ko) 2009-06-25
EP2076833A1 (en) 2009-07-08
JP2010508578A (ja) 2010-03-18
TW200821931A (en) 2008-05-16
US8200952B2 (en) 2012-06-12
US20080148388A1 (en) 2008-06-19
CN101529376A (zh) 2009-09-09
WO2008051679A1 (en) 2008-05-02

Similar Documents

Publication Publication Date Title
CN101529376B (zh) 经由透明辅助因素的平台认证
CN101589397B (zh) Usb令牌上的密钥容器
US8909940B2 (en) Extensible pre-boot authentication
CN103299311B (zh) 用于可信引导优化的方法和设备
JP5403771B2 (ja) ファームウェアに安全なアップデートを提供するシステム及び方法
US20140115316A1 (en) Boot loading of secure operating system from external device
US20090319806A1 (en) Extensible pre-boot authentication
US20070180509A1 (en) Practical platform for high risk applications
US7210013B2 (en) Data protection for computer system
US8095977B2 (en) Secure PIN transmission
CN104484625B (zh) 一种具有双操作系统的计算机及其实现方法
JP2003511783A (ja) コンピューティング・プラットフォームにおける信用状態の動作
CN101430642B (zh) 一种应用于uefi的操作界面的实现方法及系统
JP2015153198A (ja) コンピュータの動作不良を防止する方法、コンピュータ・プログラムおよびコンピュータ
CN101213557B (zh) 限制操作系统及其它软件的安装的反骇客保护
US7925881B2 (en) Method and apparatus for preventing rogue implementations of a security-sensitive class interface
EP2091002A1 (en) Information processing device and information management program
CN100383761C (zh) 一种建立硬盘物理分区的方法
US12072982B2 (en) Pre-authorized virtualization engine for dynamic firmware measurement
US20080244163A1 (en) Portable data access device
Ghaleh et al. A new approach to protect the OS from off-line attacks using the smart card
Sebastian et al. Design and Development of a Dynamic Boot Loader for Loading an Operating System: An Update
JP2008186220A (ja) リムーバブルメモリユニット

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150513

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150513

Address after: Washington State

Patentee after: MICROSOFT TECHNOLOGY LICENSING, LLC

Address before: Washington State

Patentee before: Microsoft Corp.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130904

CF01 Termination of patent right due to non-payment of annual fee