JP7406013B2 - 構成設定の安全な署名 - Google Patents

構成設定の安全な署名 Download PDF

Info

Publication number
JP7406013B2
JP7406013B2 JP2022577761A JP2022577761A JP7406013B2 JP 7406013 B2 JP7406013 B2 JP 7406013B2 JP 2022577761 A JP2022577761 A JP 2022577761A JP 2022577761 A JP2022577761 A JP 2022577761A JP 7406013 B2 JP7406013 B2 JP 7406013B2
Authority
JP
Japan
Prior art keywords
configuration settings
computing device
secure circuit
public key
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2022577761A
Other languages
English (en)
Japanese (ja)
Other versions
JP2023530730A5 (enExample
JP2023530730A (ja
Inventor
ゼノ エス. コヴェ,
ニコライ スクレイ,
トーマス ピー. メンシュ,
ウェイド ベンソン,
ジェラルド ヴィー. ハウク,
チェーザレ, ジョシュ ピー. デ
オースティン ジー. ジェニンング,
ジョン ジェイ. ドン,
ロバート シー. グラハム,
ジャック フォルティエ,
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Apple Inc
Original Assignee
Apple Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apple Inc filed Critical Apple Inc
Publication of JP2023530730A publication Critical patent/JP2023530730A/ja
Publication of JP2023530730A5 publication Critical patent/JP2023530730A5/ja
Application granted granted Critical
Publication of JP7406013B2 publication Critical patent/JP7406013B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
JP2022577761A 2020-06-22 2021-06-18 構成設定の安全な署名 Active JP7406013B2 (ja)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US202063042050P 2020-06-22 2020-06-22
US63/042,050 2020-06-22
US17/092,030 2020-11-06
US17/092,030 US11822664B2 (en) 2020-06-22 2020-11-06 Securely signing configuration settings
PCT/US2021/038039 WO2021262545A1 (en) 2020-06-22 2021-06-18 Securely signing configuration settings

Publications (3)

Publication Number Publication Date
JP2023530730A JP2023530730A (ja) 2023-07-19
JP2023530730A5 JP2023530730A5 (enExample) 2023-08-10
JP7406013B2 true JP7406013B2 (ja) 2023-12-26

Family

ID=79023572

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2022577761A Active JP7406013B2 (ja) 2020-06-22 2021-06-18 構成設定の安全な署名

Country Status (6)

Country Link
US (1) US11822664B2 (enExample)
EP (1) EP4168913B1 (enExample)
JP (1) JP7406013B2 (enExample)
KR (1) KR102660863B1 (enExample)
CN (1) CN115943610B (enExample)
WO (1) WO2021262545A1 (enExample)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11641363B2 (en) * 2019-01-14 2023-05-02 Qatar Foundation For Education, Science And Community Development Methods and systems for verifying the authenticity of a remote service
US11809876B2 (en) * 2021-04-29 2023-11-07 Dell Products L.P. Trusted platform module protection for non-volatile memory express (NVMe) recovery
US20230015697A1 (en) * 2021-07-13 2023-01-19 Citrix Systems, Inc. Application programming interface (api) authorization
US11748485B2 (en) * 2021-07-29 2023-09-05 Dell Products L.P. System and method for booting using HSM integrated chain of trust certificates
US12088696B2 (en) * 2021-10-27 2024-09-10 Salesforce, Inc. Protecting application private keys with remote and local security controllers and local MPC key generation
US20240265152A1 (en) * 2023-02-08 2024-08-08 Stmicroelectronics International N.V. Embedded secure circuit
US12574419B2 (en) 2024-01-29 2026-03-10 Dell Products L.P. Management of location-based security policies using out of band methods
US12490095B2 (en) 2024-01-29 2025-12-02 Dell Products L.P. Obtaining location data for data processing systems using out-of-band components
US12481493B2 (en) 2024-01-29 2025-11-25 Dell Products L.P. Managing out of band software updates
US12309022B1 (en) * 2024-01-29 2025-05-20 Dell Products L.P. Recovery of data processing systems using out-of-band methods
US12530470B2 (en) 2024-01-29 2026-01-20 Dell Products L.P. Policy implementation for data processing systems based on location data using out-of-band components
US12574411B2 (en) 2024-01-29 2026-03-10 Dell Products L.P. Transport layer security management using a management controller
CN119293832B (zh) * 2024-12-13 2025-04-01 湖北长江万润半导体技术有限公司 一种用于eMMC存储设备的数据加密方法与装置

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006139489A (ja) 2004-11-11 2006-06-01 Nippon Telegr & Teleph Corp <Ntt> 共同利用パソコンシステムの環境復元方法および共同利用パソコン
JP2008541279A (ja) 2005-05-13 2008-11-20 インテル コーポレイション ソフトウェア・ベースのセキュリティ・コプロセッサを提供する方法および装置
JP2012113616A (ja) 2010-11-26 2012-06-14 Nec Infrontia Corp エラーコード出力装置及びエラーコード出力方法
WO2012160760A1 (ja) 2011-05-25 2012-11-29 パナソニック株式会社 情報処理装置および情報処理方法
JP2018038036A (ja) 2016-08-30 2018-03-08 株式会社ワコム トランスポート層セキュリティを用いたサインタブレットとホストコンピュータとの間における認証及び安全なデータ送信
JP2018117185A (ja) 2017-01-16 2018-07-26 キヤノン株式会社 情報処理装置、情報処理方法
US10057243B1 (en) 2017-11-30 2018-08-21 Mocana Corporation System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service
US20180365427A1 (en) 2017-06-16 2018-12-20 International Business Machines Corporation Securing operating system configuration using hardware

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6757824B1 (en) 1999-12-10 2004-06-29 Microsoft Corporation Client-side boot domains and boot rules
US9547778B1 (en) 2014-09-26 2017-01-17 Apple Inc. Secure public key acceleration
US10079677B2 (en) * 2015-06-05 2018-09-18 Apple Inc. Secure circuit for encryption key generation
US10536271B1 (en) 2016-01-10 2020-01-14 Apple Inc. Silicon key attestation
US10992482B2 (en) * 2017-01-12 2021-04-27 Google Llc Verified boot and key rotation
US10417429B2 (en) 2017-06-02 2019-09-17 Apple Inc. Method and apparatus for boot variable protection
US11263326B2 (en) 2017-06-02 2022-03-01 Apple Inc. Method and apparatus for secure system boot
CN111149106B (zh) * 2017-08-11 2022-09-02 华为技术有限公司 使用多个设备证书进行密钥认证的设备和方法

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006139489A (ja) 2004-11-11 2006-06-01 Nippon Telegr & Teleph Corp <Ntt> 共同利用パソコンシステムの環境復元方法および共同利用パソコン
JP2008541279A (ja) 2005-05-13 2008-11-20 インテル コーポレイション ソフトウェア・ベースのセキュリティ・コプロセッサを提供する方法および装置
JP2012113616A (ja) 2010-11-26 2012-06-14 Nec Infrontia Corp エラーコード出力装置及びエラーコード出力方法
WO2012160760A1 (ja) 2011-05-25 2012-11-29 パナソニック株式会社 情報処理装置および情報処理方法
US20130111605A1 (en) 2011-05-25 2013-05-02 Manabu Maeda Information processing apparatus and information processing method
JP2018038036A (ja) 2016-08-30 2018-03-08 株式会社ワコム トランスポート層セキュリティを用いたサインタブレットとホストコンピュータとの間における認証及び安全なデータ送信
JP2018117185A (ja) 2017-01-16 2018-07-26 キヤノン株式会社 情報処理装置、情報処理方法
US20180365427A1 (en) 2017-06-16 2018-12-20 International Business Machines Corporation Securing operating system configuration using hardware
US10057243B1 (en) 2017-11-30 2018-08-21 Mocana Corporation System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service

Also Published As

Publication number Publication date
WO2021262545A1 (en) 2021-12-30
US20210397716A1 (en) 2021-12-23
US11822664B2 (en) 2023-11-21
CN115943610B (zh) 2024-02-13
EP4168913B1 (en) 2024-02-28
KR102660863B1 (ko) 2024-04-29
CN115943610A (zh) 2023-04-07
JP2023530730A (ja) 2023-07-19
EP4168913A1 (en) 2023-04-26
KR20230016195A (ko) 2023-02-01

Similar Documents

Publication Publication Date Title
JP7406013B2 (ja) 構成設定の安全な署名
US20240078343A1 (en) Application Integrity Attestation
US12105806B2 (en) Securing communications with security processors using platform keys
US7986786B2 (en) Methods and systems for utilizing cryptographic functions of a cryptographic co-processor
CN112262546B (zh) 用于数据处理加速器的密钥分配和交换的方法和系统
JP4982825B2 (ja) コンピュータおよび共有パスワードの管理方法
CN1914849B (zh) 受信移动平台体系结构
CN107851160B (zh) 用于在isa控制下进行多个共存可信执行环境的可信i/o的技术
US10303880B2 (en) Security device having indirect access to external non-volatile memory
US11909882B2 (en) Systems and methods to cryptographically verify an identity of an information handling system
US20050132186A1 (en) Method and apparatus for a trust processor
US20050132226A1 (en) Trusted mobile platform architecture
TWI745629B (zh) 電腦系統以及初始化電腦系統的方法
JP2014505943A (ja) 耐タンパー性ブート処理のためのシステム及び方法
CN103221957A (zh) 利用基于硬件的安全引擎的安全软件许可和供应
CN109983465A (zh) 增强的安全引导
US20090307451A1 (en) Dynamic logical unit number creation and protection for a transient storage device
US12314408B2 (en) Ephemeral data storage
CN106156632A (zh) 安全装置及在其内提供安全服务至主机的方法、安全设备
US12008087B2 (en) Secure reduced power mode
US20250119273A1 (en) Device Managed Cryptographic Keys
CN121866740A (zh) 硅密钥交换

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20221216

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20221216

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20230802

A871 Explanation of circumstances concerning accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A871

Effective date: 20230802

TRDD Decision of grant or rejection written
A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20231115

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20231120

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20231214

R150 Certificate of patent or registration of utility model

Ref document number: 7406013

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150