EP3529734A1 - Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren - Google Patents
Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahrenInfo
- Publication number
- EP3529734A1 EP3529734A1 EP17791592.3A EP17791592A EP3529734A1 EP 3529734 A1 EP3529734 A1 EP 3529734A1 EP 17791592 A EP17791592 A EP 17791592A EP 3529734 A1 EP3529734 A1 EP 3529734A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- operating state
- operating
- device unit
- protected
- integrity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000004224 protection Effects 0.000 claims description 18
- 230000015654 memory Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 7
- 230000004913 activation Effects 0.000 claims description 6
- 230000009849 deactivation Effects 0.000 claims description 4
- 238000011017 operating method Methods 0.000 claims 1
- 230000001681 protective effect Effects 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 12
- 238000011161 development Methods 0.000 description 15
- 230000018109 developmental process Effects 0.000 description 15
- 230000006870 function Effects 0.000 description 15
- 238000012544 monitoring process Methods 0.000 description 8
- 238000012790 confirmation Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000007789 sealing Methods 0.000 description 5
- 238000012360 testing method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- STMIIPIFODONDC-UHFFFAOYSA-N 2-(2,4-dichlorophenyl)-1-(1H-1,2,4-triazol-1-yl)hexan-2-ol Chemical compound C=1C=C(Cl)C=C(Cl)C=1C(O)(CCCC)CN1C=NC=N1 STMIIPIFODONDC-UHFFFAOYSA-N 0.000 description 1
- VVNCNSJFMMFHPL-VKHMYHEASA-N D-penicillamine Chemical compound CC(C)(S)[C@@H](N)C(O)=O VVNCNSJFMMFHPL-VKHMYHEASA-N 0.000 description 1
- 101000759879 Homo sapiens Tetraspanin-10 Proteins 0.000 description 1
- 241000283984 Rodentia Species 0.000 description 1
- 102100024990 Tetraspanin-10 Human genes 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 239000000872 buffer Substances 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000011157 data evaluation Methods 0.000 description 1
- 229940075911 depen Drugs 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- ONUFESLQCSAYKA-UHFFFAOYSA-N iprodione Chemical group O=C1N(C(=O)NC(C)C)CC(=O)N1C1=CC(Cl)=CC(Cl)=C1 ONUFESLQCSAYKA-UHFFFAOYSA-N 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000003381 stabilizer Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Definitions
- the present invention relates to an apparatus unit geeig ⁇ net for the operation in the protected and / or open state of operation and associated method and an associated computer program Com ⁇ (-product).
- Embedded systems are often used in the environment of Industry 4.0, in the industrial Internet and in automation systems. You can in
- a so-called boot loader loads the operating system and the application software when booting the system. Furthermore, this offers the possibility to update the operating system and application software in flash memory.
- Processors (CPUs) for embedded systems such as Freescale / NXP i.MX6 or ti Sitara, FPGA-based system-on-chips such as Xilinx Zynq or Altera Cyclone V SoC or Prozes ⁇ sors Intel Atom with UEFI Secure Boot support. Secure Boot ensures that only authorized, unaltered software or firmware is executed. It is Anfor ⁇ lenge of protecting the integrity of industrial control devices or embedded systems.
- UEFI BIOS For a PC-based system with UEFI BIOS is the Mög ⁇ friendliness that the verification key for Secure Boot can be reset by an authorized user. However, this is not possible on embedded platforms where the keys are burned in so-called fuses (combustible fuses). In addition, this UEFI BIOS variant has the disadvantage that the security level of Secure Boot essentially depends on the security of the BlOS password. This creates a lot of effort to keep the BlOS password safe. Ins ⁇ particular, a user can change with access to BIOS configuration settings and the Secure Boot configuration.
- boot loaders such as Submarine for Linux-based embedded systems in some variants Secure Boot.
- the Linux kernel can check the integrity (correctness, integrity) of kernel modules and load only properly signed kernel modules.
- Temporal Correctness There are relevant temporal Bedin ⁇ conditions such as sequences or maximum Verzögerungszei ⁇ th, are complied with.
- the limitation of Secure Boot by license terms is specifically known in the GPL licenses.
- the invention claims a device unit, in particular an embedded device unit comprising a module which can configure the device unit with an operating condition of different ⁇ current operating conditions at the start-up procedure and / or during operation of the appliance unit.
- the module can in this case be designed in the form of hardware and / or firmware and / or software.
- a first protected operating state of the different operating states is designed to permit the loading and / or execution of at least one predeterminable operating sequence and, if appropriate, to protect the predeterminable operating sequence with defined cryptographic means.
- the predeterminable operating sequence can be implemented by one or more program codes or can also be configured as such a module.
- At least one second Be ⁇ operating state of the different operating states is adapted to archive the first protected mode to deakti ⁇ and at least one other modifiable operation (also (in program code s) / module implemented) sen zuzulas- or to enable and these optionally substituted with vorgeb ⁇ protect cryptographic means.
- the module If the configured mode speaks ent ⁇ the first operating condition, the module retains this in, or when the kon ⁇ figured operating state corresponding to the at least second operating state, the module disables the first operation ⁇ condition and to maintain or passes the at least second Be ⁇ operating state at /.
- the deactivation can be irrevocable.
- Specified cryptographic means are here to be ver ⁇ stand that manufacturer-side updates, for example, by a firmware update are possible, but the user side no change ments can be made and thus enshrined or preconfigured or specified for the user.
- the module can configure the Ge ⁇ and units of so that is introduced or taken during operation of the first or the second operating condition after the power-up sequence.
- the device unit runs high in the first operating state, then the first operating state can be maintained during the configuration or it is changed to the second operating state in the configuration, then the now configured operating state corresponds to the second operating state, in which case the first operating state is deactivated becomes. 3.
- the unit will power up in the second operating state, then the second operating state will be maintained in the configuration. Accordingly, the configured operating state corresponds to the second operating state, wherein the first operating state is nevertheless deactivated in order to prevent a "return" to the first operating state.
- the first operating state corresponds to an operating state preconfigured by a device manufacturer and the second operating state corresponds to one by a user
- the cryptographic means may be, for example, device configuration or protection means such as keys (from the device manufacturer), certificates, etc.
- a development of the invention provides that the device unit is configured as an embedded system or as part of a system embedded ⁇ .
- a refinement of the invention provides that, if the operating state is to be protected during the high-speed operation and / or during ongoing operation of the device unit, the device can be provided or provided with suitable integrity protection measures during startup and / or during operation.
- Integrity safeguards during the high-speed operation can be eg cryptographically protected file system, cryptographically protected configuration data in EEPROM. Integrity protection measures at runtime can be eg process monitoring, host-based intrusion detection system.
- a further development of the invention provides that in the protected operating state, the integrity protection measures further comprise device authentication and / or device integrity certification.
- a further development of the invention provides that, depending on the operating state of at least one key for integrity protection measures ⁇ device side or from a user
- each have a device certificate for both operating modes may be available ge ⁇ provides.
- a private or shared device authentication key can be provided.
- a further development of the invention provides that the deactivation of the protected operating state can be carried out by deleting the at least one key and / or revoking the device certificate made available for the protected operating state. If necessary, the certificate may fikat be restored by a so-called certification authority (CA).
- CA certification authority
- a development of the invention provides that parts of the device unit can be activated and / or deactivated. Depending on the operating state can also activates a hardware-related function of the device or Kings ⁇ nen eg These disabled or configured a trust anchor in addition to the software-related functions, a hardware-based
- Device integrity monitoring or an integrity watchdog a hardware-based self-test function, a self- monitoring ⁇ sensor, a tamper sensor for detecting tampering or a communication unit that provides, for example, an integrity confirmation signal can be used.
- a development of the invention provides that the module by means of one or more software and / or
- a development of the invention provides that the one or the software and / or firmware program codes
- sealable are sealable.
- the seal can be carried out by means of a hash value or by means of a value from a reference database.
- a development of the invention provides that at least one further third operating state of the device unit is designed to permit the first and the second operating state in parallel operation and, if necessary, to protect cryptographically.
- a development of the invention provides that the first, second and possibly the third operating state by device configuration, so-called jumpers, activation codes and / or by the key and / or by the device certificate and / or the revocation state of the device certificate and / or by a trust anchor and / or by a Communication protocol with another body can be specified.
- Another aspect of the invention provides a method for loading a drive device unit in an operating state of un ⁇ teretzlichen operating conditions during start-up sequence
- the first ge ⁇ protected operating state is in a further second operating state turned off and allowed at least one other modifiable operation and, if appropriate, is protected with predeterminable cryptographic means, the operating state before and / or during the startup procedure and / or the running operation configured or is determined, and if the configured Radiozu ⁇ state of the first operating state, then this is retained or if the configured operating state of the at least second operating state, the first Be ⁇ operating state (possibly irrevocably) to deactivate and initiate the at least second operating state and / or retained at ⁇ .
- the method may be according to the embodiments / developments of the above-mentioned unit unit or trained.
- a further aspect of the invention is a computer program product having at least one computer program which has means for carrying out the method according to one of the preceding method claims if the at least one computer program can be loaded into the memory of a device unit and its embodiments and executed ,
- the computer program (product) can essentially be developed or developed analogously to the method and its embodiments or further developments.
- FIG. 1 shows a device unit, preferably an embedded device unit,
- Figure 2 shows schematically a flow chart, which steps can be performed on the device unit.
- FIG. 1 shows an apparatus unit GE, which may be integrated as a device alreadystal ⁇ tet or in a device.
- the device unit GE for a Linux-based embedded device ⁇ (embedded device), preferably a field device or a so-called IOT device. It can
- the kernel K in the example a Linux kernel, lau ⁇ fen usually hardware- and firmware-or software-based modules as a Mandatory Access Control module MAC and Runtime Integrity Monitor Module RIM from.
- a hardware or firm- or software-based key module KM for storing and managing crypto-raphischen keys, a hardware- or firm- or software-based integrity monitoring module I (Integrity
- the apparatus unit can configurable into at least two un ⁇ ter Kunststofflichen operating states or modes of operation and / or operate.
- a first so-called “closed mode” - or second so-called “open mode” - operation ⁇ mode or in a further third hybrid operating mode a kind of combination of the two aforementioned loading triebsmodi "open mode” and "closed mode", the devices will use ⁇ ness can be operated.
- the decision as to which mode of operation should be initiated or executed is preferably made at system startup (also called booting).
- FIG. 2 shows a flowchart whose individual steps are identified by S 1 to S 7.
- step S2 At system start Sl or Hochfahrablauf the Radiomo ⁇ dus is determined or selected (S2).
- step S3 When the operation mode in step S3 is "closed mode”, then in step S4, the run-time integrity verification is performed (Runtime Integrity Check).
- step S5 the access to the Attes ⁇ t ists slaughterl is released for device integrity.
- step S6 When the operation mode in step S3 is not Is "closed mode”, then the operation is skipped with step S6, whereby the "end” in step S7 symbolically describes the end of the described procedure and does not have to mean the end of the current operation.
- Embedded systems such as the equipment unit shown above GE, especially for critical industrial control systems often have built-in protection functions / -means to prevent the execution of manipulated source ⁇ kode (also called secure boot) or erken ⁇ nen (also called runtime integrity check).
- manipulated source ⁇ kode also called secure boot
- erken ⁇ nen also called runtime integrity check
- a configurable device unit with two operating modes is used, the configuration being software-based.
- a first mode of operation called closed mode
- only software or firmware that has been authorized by the device manufacturer is executable, typically with a digital signature verifiable with a public manufacturer key (platform key) on the device.
- platform key public manufacturer key
- the device unit In the so-called “closed mode” continue runtime integrity checks active. This can monitor runtime, that only authorized software (processes) and operations are carried out and that the device configuration or stabilizers such as keys, certificates, etc. unchanged and unve ⁇
- a second operating mode called “open mode”
- the device unit In a second operating mode, called “open mode”, a user can load and execute their own software or changed software. For this he can deactivate the first operating mode or set up another platform key.
- the device unit preferably has an integrity confirmation function, which provides cryptographically protected device integrity information via a communication interface, eg, a device display. authentication function or device integrity assertion information.
- the operating mode (open or closed) must be explicitly encoded in the integrity confirmation function, e.g. as a flag.
- a key for forming the cryptographic device integrity information may be selected or released.
- the encoded mode of operation should be designed so that it is not subject to the GPL or similar license described in the beginning.
- the module (M) must not be changeable, i. it must be secured by integrity protections (e.g., Secure Boot).
- cryptographic keys used for device integrity protection in closed mode are cleared or permanently or temporarily disabled when the open mode is activated.
- a request for the revocation of the certificate is generated by the device unit upon activation of the "open mode" and, if appropriate, sent to a third location, for example a certificate authorization authority (certificate authority).
- the device checks its own device certificate (device manufacturer certificate).
- This Certificate can contain information, such as whether the device certificate for "closed mode” or "open mode” is vorgese ⁇ hen as a X.509v3 extension or the device identifier.
- the module (M) activates the operating mode (open, closed) depending on the configured device certificate. This has the advantage that most ⁇ te technologies and processes can be used for certificate issuance and distribution to a device for
- the device unit selects one of several configured device certificates for use in operation, depending on the operating mode.
- the device checks to see if its own manufacturer's device certificate has been revoked or deleted (e.g., using a Certificate Revocation List (CRL) or a Certificate Status Response (OCSP Response)).
- CTL Certificate Revocation List
- OCSP Response Certificate Status Response
- the device unit allows the activation of the "Open Mode” when the associated "Closed Mode” Acting the "Closed Mode” Acting the "Open Mode” when the associated "Closed Mode” Acting the "Open Mode” when the associated "Closed Mode” Acting the "Open Mode” Acting the "Open Mode” when the associated "Closed Mode” Acting the "Open Mode” Acting the "Open Mode” when the associated "Closed Mode” Acting the "Closed Mode” Actgentzerti ⁇ fikat back was or revoked. This has the advantage that known technologies and processes for certificate revocation can be used to unlock a device for an "open mode".
- a hardware-related function of the device can also be activated or deactivated or configured (eg a trust anchor, a hardware-based device integrity monitoring eg RIM or Integrity Watchdog I, a hardware-based self-test ⁇ function, a self-monitoring sensor, a tamper sensor for detecting tampering or a communication unit, for example, provides an integrity confirmation signal).
- a trust anchor e.g a hardware-based device integrity monitoring eg RIM or Integrity Watchdog I
- a hardware-based self-test ⁇ function e.g a hardware-based self-test ⁇ function
- a self-monitoring sensor e.g a tamper sensor for detecting tampering or a communication unit, for example, provides an integrity confirmation signal.
- the operating mode can be determined or configured in different ways and, if appropriate, then maintained, defined or selected: - Device configuration settings (eg UEFI BIOS, device configuration)
- the device unit supports another third mode of operation which simultaneously allows for the two first and second modes of operation, called “combined mode.”
- a third mode of operation which simultaneously allows for the two first and second modes of operation
- two CPUs / SoCs may or may not be provided by means of a hypervisor, two separate execution environments are provided on a shared hardware.
- This "combined mode” may represent a third configurable or selectable operating mode, or may be permanently provided as the sole combined mode of operation.
- the device has two Principalsum ⁇ environments, a "closed mode” -Aus entrysumdecidian (the operation mode) and an "Open Mode” -Aus entrysumdecidecince.
- a “closed mode” -Aus entrysumdecidecidecidecidecidecidecidecidecidecidecidecidecidecidecidecitory a user's own software or changed Load and execute software (eg for operating or execution time, at system start, or when importing a firmware update).
- the closed-mode execution environment can only load authorized applications signed by a device manufacturer's software signature key, Secure Boot and Runtime Integrity Monitoring are active for the "Closed Mode” execution environment, ie for the parts of the software signed by the manufacturer, ie only the "Closed Mo ⁇ de” execution environment is covered by the device integrity protection features.
- the device supports sealing of loaded user software (in the "open mode” of the device unit or for the "open mode” execution environment). It is provided in addition to equipment integrity protection function for the "closed mode", an additional device integrity ⁇ protection function for the "Open Mode". A user may, under his own control, load software for the "open mode.” By "sealing" the device unit configuration, this user-loaded software state is frozen. In this case, the reference information for the Runtime Integrity protection of the device unit (Secure Boot, Runtime Integrity Monitor RIM) is "taught”.
- the Secure Boot checks that the "Open Mode" software version detected during sealing is loaded, eg a software hash hash value can be captured during sealing, and it can be checked during subsequent system booting
- the user software can be signed with a device key by the device unit
- Integrity Monitoring RIM the software loaded by the user when sealing the device in the reference database (with so-called “white” or “black” lists are included.
- Processor or bound to specific execution schemes can be performed by software, firmware, microcode, hardware, Prozes ⁇ sensors, integrated circuits, etc. in stand-alone mode or in any combination.
- Various processing strategies can be used, for example serial processing by a single processor or multiprocessing or multitasking or parallel processing, etc.
- the instructions can be stored in local memories, but it is also possible to store the instructions on a remote system and then via Network access.
- processor central signal processing
- Control unit or “data evaluation means” as here USAGE ⁇ det, processing means includes in the broad sense, that is, for example, servers, general purpose processors, Gardnerluxo ⁇ ren, digital signal processors, application specific inte ⁇ grated circuits (ASICs), programmable logic circuits, such as FPGAs, discrete analog or digital circuits and be ⁇ undesirables combinations thereof, and any other processing means known in the art or developed in the future.
- Processors can be one or more Devices or devices or units exist. Be a processor of several devices, they can be designed or configured for parallel or sequential processing or execution of instructions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16202905.2A EP3333748A1 (de) | 2016-12-08 | 2016-12-08 | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren |
PCT/EP2017/075719 WO2018103915A1 (de) | 2016-12-08 | 2017-10-10 | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3529734A1 true EP3529734A1 (de) | 2019-08-28 |
Family
ID=57629234
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16202905.2A Withdrawn EP3333748A1 (de) | 2016-12-08 | 2016-12-08 | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren |
EP17791592.3A Pending EP3529734A1 (de) | 2016-12-08 | 2017-10-10 | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16202905.2A Withdrawn EP3333748A1 (de) | 2016-12-08 | 2016-12-08 | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren |
Country Status (4)
Country | Link |
---|---|
US (1) | US11914715B2 (de) |
EP (2) | EP3333748A1 (de) |
CN (1) | CN110023940A (de) |
WO (1) | WO2018103915A1 (de) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102022125711A1 (de) | 2022-10-05 | 2024-04-11 | Audi Aktiengesellschaft | Verfahren zum Aktualisieren eines Steuergeräts eines Fahrzeugs |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7694121B2 (en) | 2004-06-30 | 2010-04-06 | Microsoft Corporation | System and method for protected operating system boot using state validation |
US8266692B2 (en) * | 2006-07-05 | 2012-09-11 | Bby Solutions, Inc. | Malware automated removal system and method |
US8555049B2 (en) * | 2007-10-05 | 2013-10-08 | Panasonic Corporation | Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit |
US8127363B2 (en) * | 2007-12-26 | 2012-02-28 | Intel Corporation | Method and apparatus for booting a processing system |
US8533445B2 (en) * | 2009-04-21 | 2013-09-10 | Hewlett-Packard Development Company, L.P. | Disabling a feature that prevents access to persistent secondary storage |
EP2449503A4 (de) * | 2009-07-01 | 2013-12-11 | Mandar Patil | Verfahren zur fernsteuerung und überwachung der auf einer desktop-software erstellten daten |
US20120204254A1 (en) * | 2011-02-04 | 2012-08-09 | Motorola Mobility, Inc. | Method and apparatus for managing security state transitions |
US8863109B2 (en) * | 2011-07-28 | 2014-10-14 | International Business Machines Corporation | Updating secure pre-boot firmware in a computing system in real-time |
US9015456B1 (en) * | 2011-09-27 | 2015-04-21 | Google Inc. | Indicator for developer mode |
US8806579B1 (en) * | 2011-10-12 | 2014-08-12 | The Boeing Company | Secure partitioning of devices connected to aircraft network data processing systems |
KR101930864B1 (ko) * | 2012-02-16 | 2019-03-11 | 삼성전자주식회사 | 디바이스 인증을 이용한 디지털 콘텐츠 보호 방법 및 장치 |
US9218178B2 (en) * | 2012-08-29 | 2015-12-22 | Microsoft Technology Licensing, Llc | Secure firmware updates |
JP2014089652A (ja) * | 2012-10-31 | 2014-05-15 | Toshiba Corp | 情報処理装置 |
US10140454B1 (en) * | 2015-09-29 | 2018-11-27 | Symantec Corporation | Systems and methods for restarting computing devices into security-application-configured safe modes |
-
2016
- 2016-12-08 EP EP16202905.2A patent/EP3333748A1/de not_active Withdrawn
-
2017
- 2017-10-10 EP EP17791592.3A patent/EP3529734A1/de active Pending
- 2017-10-10 US US16/466,869 patent/US11914715B2/en active Active
- 2017-10-10 WO PCT/EP2017/075719 patent/WO2018103915A1/de unknown
- 2017-10-10 CN CN201780075704.7A patent/CN110023940A/zh active Pending
Also Published As
Publication number | Publication date |
---|---|
US11914715B2 (en) | 2024-02-27 |
US20200089890A1 (en) | 2020-03-19 |
EP3333748A1 (de) | 2018-06-13 |
CN110023940A (zh) | 2019-07-16 |
WO2018103915A1 (de) | 2018-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE19781829C2 (de) | Verfahren und Vorrichtung zum Schützen eines Flash-Speichers | |
DE112017004786T5 (de) | Verfahren und vorrichtung zur verwendung eines sicherheits-coprozessors für firmwareschutz | |
EP3437012B1 (de) | Verfahren, prozessor und gerät zur integritätsprüfung von nutzerdaten | |
EP3274825A1 (de) | Verfahren und ausführungsumgebung zum gesicherten ausführen von programmbefehlen | |
DE102011005209B4 (de) | Programmanweisungsgesteuerte Instruktionsflusskontrolle | |
DE10393662T5 (de) | Bereitstellen eines sicheren Ausführungsmodus in einer Preboot-Umgebung | |
CN105122214A (zh) | 对非易失性存储器中损坏的系统数据的修复 | |
DE102014208838A1 (de) | Verfahren zum Betreiben eines Steuergeräts | |
WO2019201598A1 (de) | Verfahren und ausführungsumgebung zum ausführen von programmcode auf einem feldgerät | |
DE102016210788B4 (de) | Komponente zur Verarbeitung eines schützenswerten Datums und Verfahren zur Umsetzung einer Sicherheitsfunktion zum Schutz eines schützenswerten Datums in einer solchen Komponente | |
DE112015007220T5 (de) | Techniken zum Koordinieren von Vorrichtungshochfahrsicherheit | |
EP3529734A1 (de) | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren | |
DE102021101891A1 (de) | Bestimmen , ob eine aktion zur berechnung ausgeführt werden soll gerät basierend auf der analyse von endorsement-informationen eines sicherheits-coprozessors | |
EP3752911B1 (de) | Verfahren zum installieren eines programmcodepakets in ein gerät sowie gerät und kraftfahrzeug | |
EP3286872B1 (de) | Bereitstellen eines gerätespezifischen kryptographischen schlüssels aus einem systemübergreifenden schlüssel für ein gerät | |
DE102014208848A1 (de) | Verfahren zum Überwachen eines elektronischen Sicherheitsmoduls | |
DE102014208840A1 (de) | Verfahren zum Behandeln von Software-Funktionen in einem Steuergerät | |
EP3072080B1 (de) | Verfahren und vorrichtung zum manipulationsschutz einer recheneinrichtung | |
EP3690690B1 (de) | Verfahren zum prüfen einer validität von daten und computerimplementierte vorrichtung zum verarbeiten von daten | |
DE102014208853A1 (de) | Verfahren zum Betreiben eines Steuergeräts | |
DE102018207504A1 (de) | Steuervorrichtung und Steuerverfahren | |
EP3786790A1 (de) | Ausführungsumgebung und verfahren für einen prozess | |
EP4312137A1 (de) | Berechtigung zu einem installieren und/oder einem starten eines zweiten anwendungsprogramms | |
EP4254096A1 (de) | Verfahren zur implementierung einer automatisierungsfunktionalität auf einer automatisierungskomponente mit programmierbarer automatisierungsfunktionalität und system | |
EP4270228A1 (de) | Software-implementierte sperre |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20190524 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20210430 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |