CN115943610B - 安全签署配置设置 - Google Patents

安全签署配置设置 Download PDF

Info

Publication number
CN115943610B
CN115943610B CN202180044356.3A CN202180044356A CN115943610B CN 115943610 B CN115943610 B CN 115943610B CN 202180044356 A CN202180044356 A CN 202180044356A CN 115943610 B CN115943610 B CN 115943610B
Authority
CN
China
Prior art keywords
computing device
configuration settings
certificate
public key
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202180044356.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN115943610A (zh
Inventor
X·S·科瓦
N·施勒杰
T·P·门舍
W·本森
J·V·豪克
J·P·德切萨雷
A·G·詹宁斯
J·J·董
R·C·格拉汉姆
J·福捷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Apple Inc
Original Assignee
Apple Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apple Inc filed Critical Apple Inc
Publication of CN115943610A publication Critical patent/CN115943610A/zh
Application granted granted Critical
Publication of CN115943610B publication Critical patent/CN115943610B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN202180044356.3A 2020-06-22 2021-06-18 安全签署配置设置 Active CN115943610B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US202063042050P 2020-06-22 2020-06-22
US63/042,050 2020-06-22
US17/092,030 2020-11-06
US17/092,030 US11822664B2 (en) 2020-06-22 2020-11-06 Securely signing configuration settings
PCT/US2021/038039 WO2021262545A1 (en) 2020-06-22 2021-06-18 Securely signing configuration settings

Publications (2)

Publication Number Publication Date
CN115943610A CN115943610A (zh) 2023-04-07
CN115943610B true CN115943610B (zh) 2024-02-13

Family

ID=79023572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202180044356.3A Active CN115943610B (zh) 2020-06-22 2021-06-18 安全签署配置设置

Country Status (6)

Country Link
US (1) US11822664B2 (enExample)
EP (1) EP4168913B1 (enExample)
JP (1) JP7406013B2 (enExample)
KR (1) KR102660863B1 (enExample)
CN (1) CN115943610B (enExample)
WO (1) WO2021262545A1 (enExample)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11641363B2 (en) * 2019-01-14 2023-05-02 Qatar Foundation For Education, Science And Community Development Methods and systems for verifying the authenticity of a remote service
US11809876B2 (en) * 2021-04-29 2023-11-07 Dell Products L.P. Trusted platform module protection for non-volatile memory express (NVMe) recovery
US20230015697A1 (en) * 2021-07-13 2023-01-19 Citrix Systems, Inc. Application programming interface (api) authorization
US11748485B2 (en) * 2021-07-29 2023-09-05 Dell Products L.P. System and method for booting using HSM integrated chain of trust certificates
US12088696B2 (en) * 2021-10-27 2024-09-10 Salesforce, Inc. Protecting application private keys with remote and local security controllers and local MPC key generation
US20240265152A1 (en) * 2023-02-08 2024-08-08 Stmicroelectronics International N.V. Embedded secure circuit
US12574419B2 (en) 2024-01-29 2026-03-10 Dell Products L.P. Management of location-based security policies using out of band methods
US12490095B2 (en) 2024-01-29 2025-12-02 Dell Products L.P. Obtaining location data for data processing systems using out-of-band components
US12481493B2 (en) 2024-01-29 2025-11-25 Dell Products L.P. Managing out of band software updates
US12309022B1 (en) * 2024-01-29 2025-05-20 Dell Products L.P. Recovery of data processing systems using out-of-band methods
US12530470B2 (en) 2024-01-29 2026-01-20 Dell Products L.P. Policy implementation for data processing systems based on location data using out-of-band components
US12574411B2 (en) 2024-01-29 2026-03-10 Dell Products L.P. Transport layer security management using a management controller
CN119293832B (zh) * 2024-12-13 2025-04-01 湖北长江万润半导体技术有限公司 一种用于eMMC存储设备的数据加密方法与装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110168552A (zh) * 2017-01-12 2019-08-23 谷歌有限责任公司 经验证的引导和密钥轮转
CN111149106A (zh) * 2017-08-11 2020-05-12 华为技术有限公司 使用多个设备证书进行密钥认证的设备和方法

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6757824B1 (en) 1999-12-10 2004-06-29 Microsoft Corporation Client-side boot domains and boot rules
JP4612399B2 (ja) 2004-11-11 2011-01-12 日本電信電話株式会社 共同利用パソコンシステムの環境復元方法および共同利用パソコン
US7587595B2 (en) 2005-05-13 2009-09-08 Intel Corporation Method and apparatus for providing software-based security coprocessors
JP5305473B2 (ja) 2010-11-26 2013-10-02 Necインフロンティア株式会社 エラーコード出力装置及びエラーコード出力方法
US9158924B2 (en) 2011-05-25 2015-10-13 Panasonic Intellectual Property Management Co., Ltd. Information processing apparatus and information processing method
US9547778B1 (en) 2014-09-26 2017-01-17 Apple Inc. Secure public key acceleration
US10079677B2 (en) * 2015-06-05 2018-09-18 Apple Inc. Secure circuit for encryption key generation
US10536271B1 (en) 2016-01-10 2020-01-14 Apple Inc. Silicon key attestation
EP3291504B1 (en) 2016-08-30 2020-03-11 Wacom Co., Ltd. Authentication and secure transmission of data between signature devices and host computers using transport layer security
JP2018117185A (ja) 2017-01-16 2018-07-26 キヤノン株式会社 情報処理装置、情報処理方法
US10417429B2 (en) 2017-06-02 2019-09-17 Apple Inc. Method and apparatus for boot variable protection
US11263326B2 (en) 2017-06-02 2022-03-01 Apple Inc. Method and apparatus for secure system boot
US10467416B2 (en) * 2017-06-16 2019-11-05 International Business Machines Corporation Securing operating system configuration using hardware
US10057243B1 (en) 2017-11-30 2018-08-21 Mocana Corporation System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110168552A (zh) * 2017-01-12 2019-08-23 谷歌有限责任公司 经验证的引导和密钥轮转
CN111149106A (zh) * 2017-08-11 2020-05-12 华为技术有限公司 使用多个设备证书进行密钥认证的设备和方法

Also Published As

Publication number Publication date
WO2021262545A1 (en) 2021-12-30
US20210397716A1 (en) 2021-12-23
US11822664B2 (en) 2023-11-21
EP4168913B1 (en) 2024-02-28
KR102660863B1 (ko) 2024-04-29
CN115943610A (zh) 2023-04-07
JP7406013B2 (ja) 2023-12-26
JP2023530730A (ja) 2023-07-19
EP4168913A1 (en) 2023-04-26
KR20230016195A (ko) 2023-02-01

Similar Documents

Publication Publication Date Title
CN115943610B (zh) 安全签署配置设置
US20240078343A1 (en) Application Integrity Attestation
CN112262547B (zh) 具有安全单元以提供根信任服务的数据处理加速器
CN112262546B (zh) 用于数据处理加速器的密钥分配和交换的方法和系统
US7986786B2 (en) Methods and systems for utilizing cryptographic functions of a cryptographic co-processor
CN100458641C (zh) 用于复位平台配置寄存器的系统和方法
CN112236972B (zh) 用于导出会话密钥以确保主机系统和数据处理加速器之间的信息交换信道的方法和系统
US9043615B2 (en) Method and apparatus for a trust processor
US11909882B2 (en) Systems and methods to cryptographically verify an identity of an information handling system
CN103765429B (zh) 数字签名机构相关的平台秘密
JP2014505943A (ja) 耐タンパー性ブート処理のためのシステム及び方法
CN112352220B (zh) 保护由数据处理加速器处理的数据的方法和系统
US20190325140A1 (en) Binding of TPM and Root Device
CN112262545B (zh) 主机系统与数据处理加速器之间的证明协议
CN112334902B (zh) 建立主机系统与数据处理加速器之间的安全信息交换信道的方法
CN112236772B (zh) 用于管理数据处理加速器的内存的方法和系统
US12008087B2 (en) Secure reduced power mode
CN106156632A (zh) 安全装置及在其内提供安全服务至主机的方法、安全设备
US20250119273A1 (en) Device Managed Cryptographic Keys
CN116089967B (zh) 数据防回滚方法和电子设备

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant