CN115516420A - 用于软件更新的认证密钥的可控范围 - Google Patents

用于软件更新的认证密钥的可控范围 Download PDF

Info

Publication number
CN115516420A
CN115516420A CN202180033676.9A CN202180033676A CN115516420A CN 115516420 A CN115516420 A CN 115516420A CN 202180033676 A CN202180033676 A CN 202180033676A CN 115516420 A CN115516420 A CN 115516420A
Authority
CN
China
Prior art keywords
update
certificate
software
software update
range value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202180033676.9A
Other languages
English (en)
Chinese (zh)
Inventor
B·谢尔谢斯
E·T·J·佩特斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Texas Instruments Inc
Original Assignee
Texas Instruments Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Texas Instruments Inc filed Critical Texas Instruments Inc
Publication of CN115516420A publication Critical patent/CN115516420A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/654Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)
CN202180033676.9A 2020-05-14 2021-05-13 用于软件更新的认证密钥的可控范围 Pending CN115516420A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/931,794 2020-05-14
US15/931,794 US11681513B2 (en) 2020-05-14 2020-05-14 Controlled scope of authentication key for software update
PCT/US2021/032175 WO2021231686A1 (en) 2020-05-14 2021-05-13 Controlled scope of authentication key for software update

Publications (1)

Publication Number Publication Date
CN115516420A true CN115516420A (zh) 2022-12-23

Family

ID=78513413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202180033676.9A Pending CN115516420A (zh) 2020-05-14 2021-05-13 用于软件更新的认证密钥的可控范围

Country Status (5)

Country Link
US (1) US11681513B2 (https=)
EP (1) EP4150444A4 (https=)
JP (1) JP7723236B2 (https=)
CN (1) CN115516420A (https=)
WO (1) WO2021231686A1 (https=)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220058270A1 (en) * 2020-08-21 2022-02-24 Arm Limited System, devices and/or processes for delegation of cryptographic control of firmware authorization management
US12536306B2 (en) 2020-08-21 2026-01-27 Arm Limited System, devices and/or processes for system ownership change event
US20220078033A1 (en) * 2020-09-04 2022-03-10 Cohesity, Inc. Certificate management
US12039318B2 (en) * 2020-10-26 2024-07-16 Micron Technology, Inc. Endpoint customization via online firmware store
US12081537B2 (en) * 2022-01-21 2024-09-03 VMware LLC Secure inter-application communication with unmanaged applications using certificate enrollment
CN115993985B (zh) * 2022-12-27 2025-08-19 知行汽车科技(苏州)股份有限公司 Bootloader更新方法、装置、设备及介质
US20250117209A1 (en) * 2023-10-10 2025-04-10 Micron Technology, Inc. Firmware validation for firmware updates

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1906886A (zh) * 2004-01-08 2007-01-31 国际商业机器公司 在计算机系统之间建立用于传递消息的安全上下文
US20080107269A1 (en) * 2004-11-17 2008-05-08 Christian Gehrmann Updating Configuration Parameters in a Mobile Terminal
US9058504B1 (en) * 2013-05-21 2015-06-16 Malwarebytes Corporation Anti-malware digital-signature verification
US20190163465A1 (en) * 2017-11-27 2019-05-30 Schneider Electric Industries Sas Method for providing a firmware update of a device

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6223291B1 (en) * 1999-03-26 2001-04-24 Motorola, Inc. Secure wireless electronic-commerce system with digital product certificates and digital license certificates
US6976163B1 (en) 2000-07-12 2005-12-13 International Business Machines Corporation Methods, systems and computer program products for rule based firmware updates utilizing certificate extensions and certificates for use therein
US20030196096A1 (en) 2002-04-12 2003-10-16 Sutton James A. Microcode patch authentication
JP4227641B2 (ja) * 2006-11-20 2009-02-18 キヤノン株式会社 情報処理装置及び情報処理装置の制御方法
US9280337B2 (en) 2006-12-18 2016-03-08 Adobe Systems Incorporated Secured distribution of software updates
JP2008181228A (ja) * 2007-01-23 2008-08-07 Sony Corp 管理システムおよび管理方法、端末装置、管理サーバ、並びにプログラム
WO2009044533A1 (ja) 2007-10-05 2009-04-09 Panasonic Corporation セキュアブート端末、セキュアブート方法、セキュアブートプログラム、記録媒体及び集積回路
US8484474B2 (en) * 2010-07-01 2013-07-09 Rockwell Automation Technologies, Inc. Methods for firmware signature
JP6595822B2 (ja) * 2015-07-07 2019-10-23 キヤノン株式会社 情報処理装置及びその制御方法
DE102015214696A1 (de) * 2015-07-31 2017-02-02 Siemens Aktiengesellschaft Vorrichtung und Verfahren zum Verwenden eines Kunden-Geräte-Zertifikats auf einem Gerät
GB2543096A (en) * 2015-10-09 2017-04-12 Secure Thingz Ltd Data Processing Device
US10958435B2 (en) * 2015-12-21 2021-03-23 Electro Industries/ Gauge Tech Providing security in an intelligent electronic device
US11061660B2 (en) * 2017-06-07 2021-07-13 Huawei Technologies Co., Ltd. Method for authenticating and updating EUICC firmware version and related apparatus
US20190108009A1 (en) * 2017-10-05 2019-04-11 Harman International Industries, Incorporated Generating checksums on trusted storage devices for accelerated authentication
JP6697038B2 (ja) * 2018-07-31 2020-05-20 日本電信電話株式会社 情報処理装置、検証方法および検証プログラム
US11301569B2 (en) * 2019-03-07 2022-04-12 Lookout, Inc. Quarantine of software based on analysis of updated device data
KR20220071182A (ko) * 2019-09-27 2022-05-31 인텔 코포레이션 소프트웨어 정의된 실리콘 구현 및 관리

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1906886A (zh) * 2004-01-08 2007-01-31 国际商业机器公司 在计算机系统之间建立用于传递消息的安全上下文
US20080107269A1 (en) * 2004-11-17 2008-05-08 Christian Gehrmann Updating Configuration Parameters in a Mobile Terminal
US9058504B1 (en) * 2013-05-21 2015-06-16 Malwarebytes Corporation Anti-malware digital-signature verification
US20190163465A1 (en) * 2017-11-27 2019-05-30 Schneider Electric Industries Sas Method for providing a firmware update of a device

Also Published As

Publication number Publication date
WO2021231686A1 (en) 2021-11-18
EP4150444A4 (en) 2023-11-01
US11681513B2 (en) 2023-06-20
US20210357198A1 (en) 2021-11-18
JP2023525576A (ja) 2023-06-16
JP7723236B2 (ja) 2025-08-14
EP4150444A1 (en) 2023-03-22

Similar Documents

Publication Publication Date Title
JP7723236B2 (ja) ソフトウェア更新のための認証キーの制御範囲
CN110933163B (zh) 区块链合约部署方法、装置、设备以及存储介质
CN111213339B (zh) 带有客户端密钥的认证令牌
CN102171652B (zh) 为电子装置提供可信软件的方法
US11388012B2 (en) Application certificate
US12010241B2 (en) Distributed ledger system
US9871821B2 (en) Securely operating a process using user-specific and device-specific security constraints
CN103166759B (zh) 使用诊断链路连接器(dlc)和onstar系统的用于安全固件下载的方法和装置
US11977637B2 (en) Technique for authentication and prerequisite checks for software updates
CN114117551B (zh) 一种访问验证方法及装置
US12368603B1 (en) Code-sign white listing (CSWL)
US9652599B2 (en) Restricted code signing
US20140215220A1 (en) Application distribution system and method
CN109982150B (zh) 智能电视终端的信任链建立方法和智能电视终端
CN116975901A (zh) 基于区块链的身份验证方法、装置、设备、介质及产品
KR101978185B1 (ko) 블록체인 기반의 소프트웨어 라이센스 관리 방법 및 이를 이용한 라이센스 관리 서버
KR20130101964A (ko) 플랫폼 컴포넌트들의 보안 업그레이드 또는 다운그레이드를 위한 방법 및 시스템
CN109977662A (zh) 应用程序的处理方法、装置、终端及存储介质
CN107968764B (zh) 一种认证方法及装置
CN118591803A (zh) 使用经授权子密钥进行安全启动的装置和方法
CN114879980A (zh) 车载应用安装方法、装置、计算机设备、存储介质
CN107241187B (zh) 一种针对移动端向导式验证的服务端数据处理方法
US12547773B2 (en) Utilizing hardware tokens in conjunction with HSM for code signing
CN118467551A (zh) 基于区块链的状态更新方法、装置、设备、介质及产品
CN121283661A (zh) 数据处理方法、装置、产品、设备和介质

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination