WO2009044533A1 - セキュアブート端末、セキュアブート方法、セキュアブートプログラム、記録媒体及び集積回路 - Google Patents
セキュアブート端末、セキュアブート方法、セキュアブートプログラム、記録媒体及び集積回路 Download PDFInfo
- Publication number
- WO2009044533A1 WO2009044533A1 PCT/JP2008/002728 JP2008002728W WO2009044533A1 WO 2009044533 A1 WO2009044533 A1 WO 2009044533A1 JP 2008002728 W JP2008002728 W JP 2008002728W WO 2009044533 A1 WO2009044533 A1 WO 2009044533A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secure boot
- configuration information
- software module
- storage means
- terminal
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
起動時にセキュアブート処理を行う端末において、ソフトウェアモジュールの更新の途中で電源断等が起こった場合でも、確実に起動することを可能にする。CPUとソフトウェアモジュール格納手段と証明書格納手段と、ソフトウェアモジュール及び証明書を更新する更新手段とソフトウェアモジュールの構成情報を格納する構成情報格納手段を備えるセキュリティデバイスと更新前の構成でのソフトウェアモジュールの構成情報を格納する代替構成情報格納手段と証明書を用いてソフトウェアモジュールを検証して実行するブート制御手段とを備える端末であり、構成情報格納手段が格納する構成情報と代替構成情報格納手段が格納する構成情報とを参照してソフトウェアモジュールの証明書の検証を行う。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009535966A JP5385148B2 (ja) | 2007-10-05 | 2008-09-30 | セキュアブート端末、セキュアブート方法、セキュアブートプログラム、記録媒体及び集積回路 |
EP08835878A EP2196936A4 (en) | 2007-10-05 | 2008-09-30 | SAFE START-UP END UNIT, SAFE START-UP PROCEDURE, SAFE STARTER PROGRAM, RECORDING MEDIA AND INTEGRATED CIRCUIT |
US12/676,960 US8555049B2 (en) | 2007-10-05 | 2008-09-30 | Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007261977 | 2007-10-05 | ||
JP2007-261977 | 2007-10-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009044533A1 true WO2009044533A1 (ja) | 2009-04-09 |
Family
ID=40525965
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2008/002728 WO2009044533A1 (ja) | 2007-10-05 | 2008-09-30 | セキュアブート端末、セキュアブート方法、セキュアブートプログラム、記録媒体及び集積回路 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8555049B2 (ja) |
EP (1) | EP2196936A4 (ja) |
JP (1) | JP5385148B2 (ja) |
WO (1) | WO2009044533A1 (ja) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009157133A1 (ja) * | 2008-06-23 | 2009-12-30 | パナソニック株式会社 | 情報処理装置、情報処理方法、これらを実現するコンピュータプログラム及び集積回路 |
JP2012532358A (ja) * | 2009-07-01 | 2012-12-13 | パナソニック株式会社 | セキュアブート方法およびセキュアブート装置 |
JP2014503101A (ja) * | 2011-01-19 | 2014-02-06 | インターナショナル・ビジネス・マシーンズ・コーポレーション | コードを更新および認証するための方法およびシステム、プログラムの完全性を試験する方法およびシステム |
JP2014518428A (ja) * | 2011-07-07 | 2014-07-28 | インテル・コーポレーション | Biosフラッシュ攻撃に対する保護および通知 |
JP2017021434A (ja) * | 2015-07-07 | 2017-01-26 | キヤノン株式会社 | 情報処理装置及びその制御方法 |
JP2020042632A (ja) * | 2018-09-12 | 2020-03-19 | キヤノン株式会社 | 情報処理装置、情報処理装置の起動方法、及びプログラム |
US10708064B2 (en) | 2017-05-12 | 2020-07-07 | Renesas Electronics Corporation | Semiconductor device, boot method, and boot program |
Families Citing this family (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9069990B2 (en) * | 2007-11-28 | 2015-06-30 | Nvidia Corporation | Secure information storage system and method |
US9158896B2 (en) * | 2008-02-11 | 2015-10-13 | Nvidia Corporation | Method and system for generating a secure key |
US20090204801A1 (en) * | 2008-02-11 | 2009-08-13 | Nvidia Corporation | Mechanism for secure download of code to a locked system |
US9069706B2 (en) * | 2008-02-11 | 2015-06-30 | Nvidia Corporation | Confidential information protection system and method |
US9613215B2 (en) | 2008-04-10 | 2017-04-04 | Nvidia Corporation | Method and system for implementing a secure chain of trust |
JP5178341B2 (ja) * | 2008-06-23 | 2013-04-10 | パナソニック株式会社 | オプショナルなコンポーネントを伴うセキュアブートの方法 |
US8375211B2 (en) * | 2009-04-21 | 2013-02-12 | International Business Machines Corporation | Optimization of signing soap body element |
US8205257B1 (en) * | 2009-07-28 | 2012-06-19 | Symantec Corporation | Systems and methods for preventing threats originating from a non-process based component hosted by a trusted process |
EP2558972A1 (en) * | 2010-04-12 | 2013-02-20 | InterDigital Patent Holdings, Inc. | Staged control release in boot process |
US20120084562A1 (en) * | 2010-10-04 | 2012-04-05 | Ralph Rabert Farina | Methods and systems for updating a secure boot device using cryptographically secured communications across unsecured networks |
KR101649115B1 (ko) * | 2010-11-11 | 2016-08-19 | 삼성전자주식회사 | 디스플레이 장치 및 이에 적용되는 마이컴 코드 업데이트 방법 |
US8812830B2 (en) | 2011-08-31 | 2014-08-19 | Microsoft Corporation | Attestation protocol for securely booting a guest operating system |
CN103136019A (zh) * | 2011-11-29 | 2013-06-05 | 国际商业机器公司 | 用于加载配置信息的方法和装置 |
US9262637B2 (en) * | 2012-03-29 | 2016-02-16 | Cisco Technology, Inc. | System and method for verifying integrity of platform object using locally stored measurement |
US9489924B2 (en) | 2012-04-19 | 2016-11-08 | Nvidia Corporation | Boot display device detection and selection techniques in multi-GPU devices |
EP2973156B1 (en) * | 2013-03-15 | 2018-04-25 | Intel Corporation | Key revocation in system on chip devices |
CN103338450A (zh) * | 2013-06-26 | 2013-10-02 | 华为技术有限公司 | 一种验证方法及设备 |
CN105981326B (zh) * | 2014-02-26 | 2019-05-14 | 三菱电机株式会社 | 证书管理装置和证书管理方法 |
EP2933070A1 (en) * | 2014-04-17 | 2015-10-21 | Aldebaran Robotics | Methods and systems of handling a dialog with a robot |
US9438627B2 (en) | 2014-06-11 | 2016-09-06 | International Business Machines Corporation | Shared security utility appliance for secure application and data processing |
US10552827B2 (en) * | 2014-09-02 | 2020-02-04 | Google Llc | Dynamic digital certificate updating |
US9916451B2 (en) * | 2015-02-09 | 2018-03-13 | Dell Products L.P. | Information handling system boot pre-validation |
AT517154B1 (de) * | 2015-03-05 | 2018-07-15 | Siemens Ag Oesterreich | Überwachung des Startvorgangs einer integrierten Schaltung |
US9674162B1 (en) | 2015-03-13 | 2017-06-06 | Amazon Technologies, Inc. | Updating encrypted cryptographic key pair |
US9893885B1 (en) | 2015-03-13 | 2018-02-13 | Amazon Technologies, Inc. | Updating cryptographic key pair |
US9479340B1 (en) | 2015-03-30 | 2016-10-25 | Amazon Technologies, Inc. | Controlling use of encryption keys |
US10003467B1 (en) * | 2015-03-30 | 2018-06-19 | Amazon Technologies, Inc. | Controlling digital certificate use |
JP6601491B2 (ja) * | 2015-05-20 | 2019-11-06 | 富士通株式会社 | プログラム検証方法、検証プログラム、及び情報処理装置 |
US10503931B2 (en) * | 2016-05-09 | 2019-12-10 | Arris Enterprises Llc | Method and apparatus for dynamic executable verification |
EP3333748A1 (de) * | 2016-12-08 | 2018-06-13 | Siemens Aktiengesellschaft | Geräteeinheit geeignet für den betrieb im geschützten und/oder offenen betriebszustand sowie zugehöriges verfahren |
EP3542298B1 (en) | 2017-01-12 | 2022-08-03 | Google LLC | Verified boot and key rotation |
EP3382590B1 (en) * | 2017-03-31 | 2019-10-16 | OMRON Corporation | Method for initializing a computerized system and computerized system against rollback attacks |
WO2019036795A1 (en) | 2017-08-22 | 2019-02-28 | Absolute Software Corporation | MONITORING INTEGRITY OF A FIRMWARE USING "SILVER" MEASURES |
EP3489853B1 (en) | 2017-11-27 | 2021-02-24 | Schneider Electric Industries SAS | A method for providing a firmware update of a device |
US11068600B2 (en) * | 2018-05-21 | 2021-07-20 | Kct Holdings, Llc | Apparatus and method for secure router with layered encryption |
US11120137B2 (en) | 2018-06-19 | 2021-09-14 | Netgear, Inc. | Secure transfer of registered network access devices |
US11347879B2 (en) * | 2018-09-07 | 2022-05-31 | Truist Bank | Determining the relative risk for using an originating IP address as an identifying factor |
US10771264B2 (en) | 2018-10-10 | 2020-09-08 | Hewlett Packard Enterprise Development Lp | Securing firmware |
US11861011B2 (en) * | 2019-06-25 | 2024-01-02 | ZPE Systems, Inc. | Secure boot process |
JP7289739B2 (ja) * | 2019-06-27 | 2023-06-12 | キヤノン株式会社 | 情報処理装置、情報処理方法およびプログラム |
KR20210091585A (ko) * | 2020-01-14 | 2021-07-22 | 삼성전자주식회사 | 사용자 인증에 기반한 펌웨어 업데이트를 수행하는 전자 장치 및 이의 동작방법 |
US11431510B1 (en) * | 2020-04-30 | 2022-08-30 | Wells Fargo Bank, N.A. | Code-sign white listing (CSWL) |
US11681513B2 (en) * | 2020-05-14 | 2023-06-20 | Texas Instmments Incorporated | Controlled scope of authentication key for software update |
FR3122749B1 (fr) | 2021-05-10 | 2023-10-27 | Marbeuf Conseil Et Rech | Procédé pour sécuriser l’utilisation d’un logiciel |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050021968A1 (en) | 2003-06-25 | 2005-01-27 | Zimmer Vincent J. | Method for performing a trusted firmware/bios update |
US20050108564A1 (en) * | 2003-11-13 | 2005-05-19 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the Core Root of Trust Measurement is embedded in the boot block code |
JP2005523537A (ja) * | 2002-04-18 | 2005-08-04 | インターナショナル・ビジネス・マシーンズ・コーポレーション | データ・アクセス制御機能を使用した、統合システム内でのセキュア動作の初期化、維持、更新および回復 |
JP2007072909A (ja) * | 2005-09-08 | 2007-03-22 | Internatl Business Mach Corp <Ibm> | 秘密情報へのアクセスを制御するシステムおよびその方法 |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6157721A (en) * | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US7194092B1 (en) * | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US6263431B1 (en) * | 1998-12-31 | 2001-07-17 | Intle Corporation | Operating system bootstrap security mechanism |
US6757824B1 (en) * | 1999-12-10 | 2004-06-29 | Microsoft Corporation | Client-side boot domains and boot rules |
JP2004013477A (ja) | 2002-06-06 | 2004-01-15 | Nec Viewtechnology Ltd | ブートプログラム選択及び更新方法並びにこれを用いたフラッシュメモリ |
US7216369B2 (en) * | 2002-06-28 | 2007-05-08 | Intel Corporation | Trusted platform apparatus, system, and method |
US7318150B2 (en) * | 2004-02-25 | 2008-01-08 | Intel Corporation | System and method to support platform firmware as a trusted process |
US20060136705A1 (en) * | 2004-12-21 | 2006-06-22 | Motorola, Inc. | Multiple stage software verification |
KR100746012B1 (ko) * | 2005-11-07 | 2007-08-06 | 삼성전자주식회사 | 코드 이미지를 안전하게 갱신하고 부팅하는 방법 및 장치 |
JP4769608B2 (ja) * | 2006-03-22 | 2011-09-07 | 富士通株式会社 | 起動検証機能を有する情報処理装置 |
US7827397B2 (en) * | 2006-07-13 | 2010-11-02 | Aristocrat Technologies Australia Pty, Ltd. | Gaming machine having a secure boot chain and method of use |
US7743422B2 (en) * | 2006-08-21 | 2010-06-22 | International Business Machines Corporation | System and method for validating a computer platform when booting from an external device |
US8117429B2 (en) * | 2006-11-01 | 2012-02-14 | Nokia Corporation | System and method for a distributed and flexible configuration of a TCG TPM-based local verifier |
US8254568B2 (en) * | 2007-01-07 | 2012-08-28 | Apple Inc. | Secure booting a computing device |
US20080178257A1 (en) * | 2007-01-20 | 2008-07-24 | Takuya Mishina | Method for integrity metrics management |
US8621191B2 (en) * | 2007-12-26 | 2013-12-31 | Nokia Corporation | Methods, apparatuses, and computer program products for providing a secure predefined boot sequence |
-
2008
- 2008-09-30 WO PCT/JP2008/002728 patent/WO2009044533A1/ja active Application Filing
- 2008-09-30 US US12/676,960 patent/US8555049B2/en not_active Expired - Fee Related
- 2008-09-30 JP JP2009535966A patent/JP5385148B2/ja not_active Expired - Fee Related
- 2008-09-30 EP EP08835878A patent/EP2196936A4/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005523537A (ja) * | 2002-04-18 | 2005-08-04 | インターナショナル・ビジネス・マシーンズ・コーポレーション | データ・アクセス制御機能を使用した、統合システム内でのセキュア動作の初期化、維持、更新および回復 |
US20050021968A1 (en) | 2003-06-25 | 2005-01-27 | Zimmer Vincent J. | Method for performing a trusted firmware/bios update |
US20050108564A1 (en) * | 2003-11-13 | 2005-05-19 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the Core Root of Trust Measurement is embedded in the boot block code |
JP2007072909A (ja) * | 2005-09-08 | 2007-03-22 | Internatl Business Mach Corp <Ibm> | 秘密情報へのアクセスを制御するシステムおよびその方法 |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8510544B2 (en) | 2008-06-23 | 2013-08-13 | Panasonic Corporation | Starts up of modules of a second module group only when modules of a first group have been started up legitimately |
WO2009157133A1 (ja) * | 2008-06-23 | 2009-12-30 | パナソニック株式会社 | 情報処理装置、情報処理方法、これらを実現するコンピュータプログラム及び集積回路 |
JP2012532358A (ja) * | 2009-07-01 | 2012-12-13 | パナソニック株式会社 | セキュアブート方法およびセキュアブート装置 |
US8892862B2 (en) | 2009-07-01 | 2014-11-18 | Panasonic Corporation | Secure boot method for executing a software component including updating a current integrity measurement based on whether the software component is enabled |
US10620936B2 (en) | 2011-01-19 | 2020-04-14 | International Business Machines Corporation | Updating software |
JP2014503101A (ja) * | 2011-01-19 | 2014-02-06 | インターナショナル・ビジネス・マシーンズ・コーポレーション | コードを更新および認証するための方法およびシステム、プログラムの完全性を試験する方法およびシステム |
US10007510B2 (en) | 2011-01-19 | 2018-06-26 | International Business Machines Corporation | Updating software |
US10108413B2 (en) | 2011-01-19 | 2018-10-23 | International Business Machines Corporation | Updating software |
JP2014518428A (ja) * | 2011-07-07 | 2014-07-28 | インテル・コーポレーション | Biosフラッシュ攻撃に対する保護および通知 |
JP2017021434A (ja) * | 2015-07-07 | 2017-01-26 | キヤノン株式会社 | 情報処理装置及びその制御方法 |
US10708064B2 (en) | 2017-05-12 | 2020-07-07 | Renesas Electronics Corporation | Semiconductor device, boot method, and boot program |
JP2020042632A (ja) * | 2018-09-12 | 2020-03-19 | キヤノン株式会社 | 情報処理装置、情報処理装置の起動方法、及びプログラム |
US11514169B2 (en) | 2018-09-12 | 2022-11-29 | Canon Kabushiki Kaisha | Information processing apparatus, method of controlling information processing apparatus, and storage medium |
JP7182966B2 (ja) | 2018-09-12 | 2022-12-05 | キヤノン株式会社 | 情報処理装置、情報処理装置の起動方法、及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
US8555049B2 (en) | 2013-10-08 |
EP2196936A4 (en) | 2012-05-02 |
EP2196936A1 (en) | 2010-06-16 |
JP5385148B2 (ja) | 2014-01-08 |
JPWO2009044533A1 (ja) | 2011-02-03 |
US20100185845A1 (en) | 2010-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009044533A1 (ja) | セキュアブート端末、セキュアブート方法、セキュアブートプログラム、記録媒体及び集積回路 | |
WO2008085449A3 (en) | Secure booting a computing device | |
WO2007095465A3 (en) | Method and apparatus for securely booting from an external storage device | |
WO2011031899A3 (en) | Apparatus, system, and method for power reduction in a storage device | |
WO2011109780A3 (en) | Code download and firewall for embedded secure application | |
WO2008008367A3 (en) | System-on-a-chip (soc) test interface security | |
WO2006124751A3 (en) | Method and apparatus for providing software-based security coprocessors | |
WO2011017028A3 (en) | System and method for accessing diagnostic information | |
EP1918894A4 (en) | INFORMATION STORAGE DEVICE, INFORMATION STORAGE PROGRAM, VERIFICATION DEVICE, AND INFORMATION STORAGE METHOD | |
WO2009042658A3 (en) | Method, system and apparatus for providing a boot loader of an embedded system | |
WO2012012007A3 (en) | Methods and system for verifying memory device integrity | |
GB2433623A (en) | Secure boot scheme from exterbal memory using international memory | |
WO2011159806A3 (en) | Apparatus, system, and method for providing error correction | |
WO2009072755A3 (en) | Digital information security system, kernel driver apparatus and digital information security method | |
TR201902826T4 (tr) | Bir elektronik cihaza güvenilir yazılım sağlamaya yönelik yöntem. | |
WO2008021332A3 (en) | System and method for automatically updating a widget on a desktop | |
EP2221093A4 (en) | SERVER SYSTEM, GAME DEVICE, CONTROL PROCEDURE, PROGRAM AND INFORMATION MEMORY | |
WO2007050357A3 (en) | Embedded system that boots from usb flash drive | |
WO2007078877A3 (en) | Freeze-dried ghost pages | |
WO2007054942A3 (en) | Secure read-write storage device | |
WO2007011971A3 (en) | Content dependency verification for a gaming machine | |
WO2010049391A3 (en) | Performing a data write on a storage device | |
WO2006096837A3 (en) | System and method for managing software patches | |
WO2010046436A3 (en) | Method and apparatus for secure software platform access | |
WO2008081801A1 (ja) | 情報端末、セキュリティデバイス、データ保護方法及びデータ保護プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08835878 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12676960 Country of ref document: US Ref document number: 2008835878 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009535966 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |