KR102386111B1 - 보호되는 시크릿을 보안 부팅 업데이트에 걸쳐 보존하는 기법 - Google Patents

보호되는 시크릿을 보안 부팅 업데이트에 걸쳐 보존하는 기법 Download PDF

Info

Publication number
KR102386111B1
KR102386111B1 KR1020197006214A KR20197006214A KR102386111B1 KR 102386111 B1 KR102386111 B1 KR 102386111B1 KR 1020197006214 A KR1020197006214 A KR 1020197006214A KR 20197006214 A KR20197006214 A KR 20197006214A KR 102386111 B1 KR102386111 B1 KR 102386111B1
Authority
KR
South Korea
Prior art keywords
blob
secret
condition
conditions
blobs
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
KR1020197006214A
Other languages
English (en)
Korean (ko)
Other versions
KR20190042018A (ko
Inventor
- 킨슈만
크리스토퍼 맥캐런
예브게니 아나톨리예비치 삼소노프
Original Assignee
마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 filed Critical 마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Publication of KR20190042018A publication Critical patent/KR20190042018A/ko
Application granted granted Critical
Publication of KR102386111B1 publication Critical patent/KR102386111B1/ko
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operations
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1417Boot up procedures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operations
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1433Saving, restoring, recovering or retrying at system level during software upgrading
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
KR1020197006214A 2016-08-31 2017-08-25 보호되는 시크릿을 보안 부팅 업데이트에 걸쳐 보존하는 기법 Expired - Fee Related KR102386111B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/253,521 US10177910B2 (en) 2016-08-31 2016-08-31 Preserving protected secrets across a secure boot update
US15/253,521 2016-08-31
PCT/US2017/048517 WO2018044696A1 (en) 2016-08-31 2017-08-25 Preserving protected secrets across a secure boot update

Publications (2)

Publication Number Publication Date
KR20190042018A KR20190042018A (ko) 2019-04-23
KR102386111B1 true KR102386111B1 (ko) 2022-04-12

Family

ID=59791182

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020197006214A Expired - Fee Related KR102386111B1 (ko) 2016-08-31 2017-08-25 보호되는 시크릿을 보안 부팅 업데이트에 걸쳐 보존하는 기법

Country Status (19)

Country Link
US (1) US10177910B2 (enExample)
EP (1) EP3507737B1 (enExample)
JP (1) JP6994022B2 (enExample)
KR (1) KR102386111B1 (enExample)
CN (1) CN109643352B (enExample)
AU (1) AU2017318962B2 (enExample)
BR (1) BR112019000763A8 (enExample)
CA (1) CA3030983A1 (enExample)
CL (1) CL2019000507A1 (enExample)
CO (1) CO2019001414A2 (enExample)
IL (1) IL264706B (enExample)
MX (1) MX2019002063A (enExample)
MY (1) MY202112A (enExample)
NZ (1) NZ749830A (enExample)
PH (1) PH12019550006A1 (enExample)
RU (1) RU2748392C2 (enExample)
SG (1) SG11201901127YA (enExample)
WO (1) WO2018044696A1 (enExample)
ZA (1) ZA201900424B (enExample)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7367471B2 (ja) * 2019-11-07 2023-10-24 株式会社リコー 情報処理装置、ファイル保証方法、及びファイル保証プログラム
KR20220154879A (ko) * 2021-05-14 2022-11-22 현대자동차주식회사 차량 제어 장치 및 방법

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060155988A1 (en) * 2005-01-07 2006-07-13 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US20070226505A1 (en) * 2006-03-27 2007-09-27 Brickell Ernie F Method of using signatures for measurement in a trusted computing environment
JP2008226158A (ja) * 2007-03-15 2008-09-25 Ricoh Co Ltd 情報処理装置、ソフトウェア更新方法及び画像処理装置
US20130086383A1 (en) * 2011-10-04 2013-04-04 International Business Machines Corporation Virtual machine images encryption using trusted computing group sealing

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058807B2 (en) 2002-04-15 2006-06-06 Intel Corporation Validation of inclusion of a platform within a data center
US7890771B2 (en) * 2002-04-17 2011-02-15 Microsoft Corporation Saving and retrieving data based on public key encryption
US7062764B2 (en) * 2002-06-17 2006-06-13 Microsoft Corporation System and method for manipulating offline software
US7694121B2 (en) * 2004-06-30 2010-04-06 Microsoft Corporation System and method for protected operating system boot using state validation
US20060095505A1 (en) * 2004-09-30 2006-05-04 Zimmer Vincent J Providing a trustworthy configuration server
US7565553B2 (en) 2005-01-14 2009-07-21 Microsoft Corporation Systems and methods for controlling access to data on a computer with a secure boot process
EP1866825A1 (en) * 2005-03-22 2007-12-19 Hewlett-Packard Development Company, L.P. Methods, devices and data structures for trusted data
US7809957B2 (en) 2005-09-29 2010-10-05 Intel Corporation Trusted platform module for generating sealed data
US8190916B1 (en) * 2006-07-27 2012-05-29 Hewlett-Packard Development Company, L.P. Methods and systems for modifying an integrity measurement based on user authentication
US8108940B2 (en) 2006-12-19 2012-01-31 International Business Machines Corporation Method for protecting data from unauthorised access
JP2009169841A (ja) 2008-01-18 2009-07-30 Panasonic Corp 情報処理装置および携帯電話装置
WO2010041462A1 (ja) 2008-10-10 2010-04-15 パナソニック株式会社 情報処理装置、情報処理方法、情報処理プログラム及び集積回路
US8495036B2 (en) * 2008-10-24 2013-07-23 Microsoft Corporation Blob manipulation in an integrated structured storage system
US8266448B2 (en) * 2008-12-09 2012-09-11 Nvidia Corporation Apparatus, system, method, and computer program product for generating and securing a program capable of being executed utilizing a processor to decrypt content
JP5493951B2 (ja) * 2009-04-17 2014-05-14 株式会社リコー 情報処理装置、正当性検証方法及びプログラム
US8588422B2 (en) 2009-05-28 2013-11-19 Novell, Inc. Key management to protect encrypted data of an endpoint computing device
US8490179B2 (en) * 2009-10-27 2013-07-16 Hewlett-Packard Development Company, L.P. Computing platform
GB2482652B (en) 2010-05-21 2016-08-24 Hewlett Packard Development Co Lp Extending integrity measurements in a trusted device using a policy register
MY150362A (en) 2010-11-02 2013-12-31 Mimos Berhad A system and method for securing data storage
US8762742B2 (en) * 2011-05-16 2014-06-24 Broadcom Corporation Security architecture for using host memory in the design of a secure element
US8612766B2 (en) * 2011-07-05 2013-12-17 Microsoft Corporation Secure credential unlock using trusted execution environments
CN102650947B (zh) * 2012-04-01 2015-06-24 广东欧珀移动通信有限公司 一种Android手持设备连续增量的空中升级方法
US20150134965A1 (en) 2012-05-24 2015-05-14 Telefonaktiebolaget L M Ericsson (Publ) Enhanced Secure Virtual Machine Provisioning
JP5980050B2 (ja) 2012-08-29 2016-08-31 キヤノン株式会社 情報処理装置
US9596085B2 (en) * 2013-06-13 2017-03-14 Intel Corporation Secure battery authentication
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US9264410B2 (en) * 2014-06-05 2016-02-16 Sony Corporation Dynamic configuration of trusted executed environment resources
US9519787B2 (en) 2014-11-14 2016-12-13 Microsoft Technology Licensing, Llc Secure creation of encrypted virtual machines from encrypted templates

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060155988A1 (en) * 2005-01-07 2006-07-13 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US20070226505A1 (en) * 2006-03-27 2007-09-27 Brickell Ernie F Method of using signatures for measurement in a trusted computing environment
JP2008226158A (ja) * 2007-03-15 2008-09-25 Ricoh Co Ltd 情報処理装置、ソフトウェア更新方法及び画像処理装置
US20130086383A1 (en) * 2011-10-04 2013-04-04 International Business Machines Corporation Virtual machine images encryption using trusted computing group sealing

Also Published As

Publication number Publication date
CL2019000507A1 (es) 2019-07-05
JP6994022B2 (ja) 2022-01-14
WO2018044696A1 (en) 2018-03-08
CA3030983A1 (en) 2018-03-08
BR112019000763A8 (pt) 2023-01-31
MY202112A (en) 2024-04-04
PH12019550006A1 (en) 2020-01-20
EP3507737A1 (en) 2019-07-10
IL264706B (en) 2021-12-01
ZA201900424B (en) 2020-05-27
CN109643352A (zh) 2019-04-16
US10177910B2 (en) 2019-01-08
BR112019000763A2 (pt) 2019-04-24
MX2019002063A (es) 2019-06-06
KR20190042018A (ko) 2019-04-23
JP2019532402A (ja) 2019-11-07
RU2748392C2 (ru) 2021-05-25
RU2019105575A3 (enExample) 2020-11-02
RU2019105575A (ru) 2020-08-27
CO2019001414A2 (es) 2019-02-28
CN109643352B (zh) 2023-07-18
AU2017318962B2 (en) 2021-10-28
NZ749830A (en) 2022-09-30
EP3507737B1 (en) 2021-06-02
SG11201901127YA (en) 2019-03-28
US20180062833A1 (en) 2018-03-01
AU2017318962A1 (en) 2019-01-24

Similar Documents

Publication Publication Date Title
US10419216B2 (en) Keying infrastructure
EP3362939B1 (en) Migrating secrets using hardware roots of trust for devices
KR101219857B1 (ko) 하드웨어 보안 모듈을 구비한 컴퓨터를 보안 부팅하기 위한시스템, 방법 및 컴퓨터 판독 가능 매체
US10409978B2 (en) Hypervisor and virtual machine protection
EP2126770B1 (en) Trusted computing entities
TW201500960A (zh) 在配有適用統一可延伸韌體介面(uefi)之韌體之計算裝置中的安全性變數變化檢測技術
KR20030082485A (ko) 대칭 키 암호화에 기초한 데이터의 저장 및 검색
US10803176B2 (en) Bios security
US20220043911A1 (en) Method and system for generating a list of indicators of compromise
KR102256249B1 (ko) 통합 보안 SoC를 이용한 IoT 디바이스의 안전한 펌웨어 업데이트 방법
EP4425358B1 (en) Fingerprinting techniques to support file hash generation
KR102386111B1 (ko) 보호되는 시크릿을 보안 부팅 업데이트에 걸쳐 보존하는 기법
TWI841919B (zh) 在一開蓋竄改事件中使一安全啟動失敗的電腦系統
CN117610083A (zh) 文件校验方法、装置、电子设备及计算机存储介质
HK40006241A (en) Preserving protected secrets across a secure boot update
HK40006241B (en) Preserving protected secrets across a secure boot update
US12602234B1 (en) Staged measured boot sequence of a computer
US12526140B2 (en) System and method for secure cloud FPGA deployment
US20240155336A1 (en) Vehicle, device, computer program and method for loading data
GB2397981A (en) method and apparatus for managing a hierarchy of nodes

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

A201 Request for examination
P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

D13-X000 Search requested

St.27 status event code: A-1-2-D10-D13-srh-X000

D14-X000 Search report completed

St.27 status event code: A-1-2-D10-D14-srh-X000

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

GRNT Written decision to grant
PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

PC1903 Unpaid annual fee

St.27 status event code: A-4-4-U10-U13-oth-PC1903

Not in force date: 20250409

Payment event data comment text: Termination Category : DEFAULT_OF_REGISTRATION_FEE

H13 Ip right lapsed

Free format text: ST27 STATUS EVENT CODE: N-4-6-H10-H13-OTH-PC1903 (AS PROVIDED BY THE NATIONAL OFFICE); TERMINATION CATEGORY : DEFAULT_OF_REGISTRATION_FEE

Effective date: 20250409

PC1903 Unpaid annual fee

St.27 status event code: N-4-6-H10-H13-oth-PC1903

Ip right cessation event data comment text: Termination Category : DEFAULT_OF_REGISTRATION_FEE

Not in force date: 20250409