CN1182678C - 安全引导 - Google Patents
安全引导 Download PDFInfo
- Publication number
- CN1182678C CN1182678C CNB97199904XA CN97199904A CN1182678C CN 1182678 C CN1182678 C CN 1182678C CN B97199904X A CNB97199904X A CN B97199904XA CN 97199904 A CN97199904 A CN 97199904A CN 1182678 C CN1182678 C CN 1182678C
- Authority
- CN
- China
- Prior art keywords
- code
- processor
- encryption
- deciphering
- executable code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/1097—Boot, Start, Initialise, Power
Abstract
本发明揭示了一个用于防止对实现在一个可修改非易失性存储器(比如快速存储器)(620)中的引导固件(例如BIOS(63))进行非法替换的子系统。该固件设备包含在一个响应该主处理器(50)的安全引导设备(54)中。该安全保护是通过使用一个由该安全引导设备(54)和该主处理器(50)共用的秘密密钥(64)加密和解密该引导指令而建立的。
Description
相关申请的交叉引用
本申请的发明人已于1995年12月4日提交了一份名称为“用于加密的伴随压印的装置和方法”的美国专利申请,申请号为08/566910。该申请由本申请的同一受让人所有。
本发明的背景技术
1.发明领域
本发明涉及计算机固件的安全的领域,尤其涉及在通用计算机系统,特别是个人计算机中包括操作系统(OS)和基本输入输出系统(BIOS)的引导(boot-up)固件的领域。
2.相关技术描述
计算机系统中的一个十分关键的单元是引导固件。该引导固件可以是一个操作系统(OS),该OS的一部分,或者是基本输入输出系统(BIOS)。该引导固件实际上是通常存储在某些类型的非易失性存储器中的机器代码,以允许中央处理单元(CPU)执行诸如初始化,诊断,从大容量存储器中装载操作系统以及常规的输入/输出(I/O)功能。
在通过一个加电序列对CPU供电时,CPU通过取出驻留在引导固件中的指令代码而启动。传统上,该引导固件是以可擦除可编程只读存储器(EPROM)实现的。然而,半导体技术的最新进展已经允许可以以快速存储器实现引导固件,从而增加了引导固件受到非法入侵的可能性。
由于引导固件在计算机系统中的关键作用,应当好好对之保护以免受到入侵攻击。一种入侵是入侵者直接接近计算机,物理地去除包括引导固件(例如快速存储器,包含存储器的印刷线路板)的引导设备,用另一引导设备代替该引导设备。在某些情况下,入侵者可能是该计算机系统的合法拥有者或用户,他在试图欺骗第三方服务提供者。
当前所用的机械安全机制,尤其是便携式计算机所使用的防止擦除重要信息的机制(如果该膝上形计算机的外壳没有授权而被打开的话)对于防止这些入侵没有任何效果。目前还没有一个设计好的电子安全机制对连接主处理器和引导设备的路径提供安全保护。
因此,希望提供一种安全机制,能防止入侵者通过替换引导设备,诸如加密的协处理器或比如快速存储设备,成功地欺骗他人。它可以通过将该物理引导设备“绑定”到主处理器上而实现,从而在该主处理器和该引导固件之间提供了一个安全的路径。由于主处理器不能执行由特定的加密协处理器事先未加密的引导指令(该指令相对于该协处理器已经打上标记),因此这一方案能防止入侵者简单地替换该特定的加密协处理器。
发明概述
本发明描述了一种安全子系统以防止对包含引导可执行代码的存储设备的非法替换,它是通过基于电子密钥机制在一个安全引导设备和一个主处理器之间建立一个安全的路径而实现的。
该安全引导设备连接到该存储设备,并且基于一个秘密的密钥对该可执行代码进行加密生成一个加密的代码。主处理器然后基于该同一个秘密的密钥对该加密的代码进行解密,以生成一个解密的代码。只有在该解密的代码与该可执行代码一致时,该主处理器才执行该解密的代码。在该安全引导设备和该主处理器之间建立的安全路径允许该两个处理器通过这种加密的消息进行安全的通信。
附图的简要描述
从下面对本发明的详细描述中可以更清楚地明白本发明的特征及其优点。其中
图1示出在主处理器和安全引导设备之间具有安全路径的本发明,这种安全路径使得能够安全地引导该系统。
图2是本发明在主处理器对引导程序进行正常的读取访问期间进行操作的流程图。
较佳实施例的描述
通过在主处理器和安全的引导设备之间建立一个安全的通信协议,本发明在该主处理器和包含一个引导程序的存储器设备之间提供一个安全的路径。在以下的描述中,使用一些术语来讨论某些密码特征。比如,“密钥”是常规的加密算法所用的编码和/或解码参数,这些加密算法比如Rivest,Shamir和Adleman(RSA),在数据加密标准(DES)中规定的数据加密算法(DEA)等等。“秘密密钥”是有限数目的访问该密钥的电子设备用于加密和解密的密钥。
如下所述,安全引导设备通过使用与主处理器共用的秘密密钥加密引导程序中的指令代码而响应主处理器访问该引导程序的请求(主请求)。主处理器使用该同一个秘密密钥对加密的指令代码进行解密。由于秘密密钥只为该主处理器和该安全引导设备所知,任何试图替换包含该引导程序的安全引导设备都会产生不正常解密的代码,使得系统不能工作。
参见图1,其示出了一个利用本发明的计算机系统的实施例。计算机系统10包括一个芯片组51,该芯片组作为一个接口工作,以支持主处理器50,系统存储器52和连接到系统总线53上的设备之间的通信。更具体地说,主处理器50包括一个逻辑电路(未示出)以及一个用来存储密钥信息的小容量的内部非易失性存储器65。系统存储器52可以包括常规的存储器,诸如各种类型的随机存取存储器(RAM),如DRAM,VRAM,SRAM等以及存储器映射的I/O设备,但并不限于这些设备。系统总线53可以以包含外围部件互连(PCI)和通用串行总线(USB)等的总线结构中的一种实现。
一个可连接到系统总线53上的设备包括一个安全引导设备54。安全引导设备54包括总线接口60,密码单元61和本地非易失性存储器62。使用总线接口60建立到系统总线53的电连接。引导程序63存储在非易失性存储器62中。
仍然参见图1,其中将主处理器50和安全引导设备54配置成在它们各自的非易失性存储器65和62中包括一个共用的秘密密钥64。这一秘密密钥由生产该主处理器和安全引导设备的原始设备制造商或其他系统提供者初始化期间在制造厂建立的,由安全引导设备54和主处理器50用于加密和解密。该加密和解密可以通过多种技术进行,其中包括采用专门的硬件电路,硬件和软件的组合,或者专门的加速器。在图2中描述了在系统加电(引导)序列期间主处理器50和安全引导设备54用于引导访问所执行的序列。
现在参见图2,其中示出了与系统的引导阶段相关的步骤。首先,在步骤110,主处理器对相应于引导程序的一个地址发出一个读请求。安全引导设备通过将其地址空间映射到该相应的引导程序检测这一引导地址(步骤112)。在检测到该读请求时,安全引导设备使用该共用的秘密密钥加密该相应的引导指令(步骤114)。在步骤116,安全引导设备以该加密的引导指令响应该主请求。在步骤118,在接收到该加密的引导指令时,主处理器使用该共用的秘密密钥解密该加密的引导指令。在步骤120,所得到的解密的引导指令可能与正确的指令一致,也可能不一致,这取决于该系统是否被篡改。如果该系统已被篡改,所解密的引导指令是一个不正确的或不合法的指令(步骤130)。由于多种原因,该系统很可能停机,诸如总线错误,不能识别的操作码,无限循环等。因此,该引导序列造成系统失败。在步骤140,所解密的引导指令是该引导程序中的一个有效的或正确的指令。该主处理器执行该指令,以及处理下一引导指令,直到完成整个引导序列。
只有该安全引导设备和该主处理器才知道该共用秘密密钥,因此试图通过用另一安全引导设备来代替该安全引导设备而改变该系统是徒劳的。其原因是该替代设备不能与该主处理器通讯。入侵者不知道该共用的秘密密钥就不能复制该加密的子系统。因此可以保护该引导固件不会受到引导设备的物理替换。
尽管上述讨论是针对主处理器和专用的安全引导设备之间的安全路径,但很容易就可认识到可以在任意数目的子系统,处理器或设备,以及其组合之间建立该安全路径。一个典型的安全路径涉及由所有设备/处理器共用的秘密密钥,以及由任一硬件、固件或软件或其任一组合实现的加密/解密算法。
在本发明的另一实施例中(未示出),一个具有安全引导设备功能的芯片组(其包含一些引导代码)与该主处理器相连接。该引导代码可以是一个可执行指令序列。使用由该芯片组和该主处理器共用的秘密密钥来加密和解密该引导代码。从而建立上述的安全路径。
又一实施例(未示出)涉及一个包含引导程序或一些可执行代码或信息代码的印刷电路板(PCB)或诸如PCMCIA的“智能卡”。该PCB或智能卡可以插入系统主板上的任一扩展槽中,或者在任一底板接口总线上。一个安全引导设备连接到这样一个PCB或智能卡上,响应主请求,使用该板/卡和主处理器共用的一个秘密密钥加密该引导代码。主处理器使用该同一秘密密钥解密该加密的代码。该安全引导设备可以驻留在同一个PCB或智能卡上,或在系统中的其他地方,诸如另一单独的PCB或智能卡。只要该安全引导设备能够与该主处理器通过交换加密的或解密的引导代码进行通讯,任何试图移走该PCB或智能卡以及用另一没有该秘密密钥的PCB或智能卡来替换将造成系统不能工作。
尽管已经参照示意性实施例描述了本发明,但是这些描述并不局限于此。对于本领域的普通技术人员来说,可以对该较佳实施例进行各种改变,而且可以给出其他实施例,但是所有这些修改都被认为落在本发明的精神与范围之内。
Claims (27)
1.一个用于防止对包含可执行代码的存储装置进行非法替换的系统,包括:
第一密码装置,用于在加电序列期间响应一个访问请求,根据一个秘密密钥对所述可执行代码进行加密以产生一个加密的代码,所述第一密码装置与所述存储装置相连;
第二密码装置,用于根据所述秘密密钥对所述加密的代码进行解密,产生解密的代码,所述第二密码装置与所述第一密码装置相连,并且如果所述解密的代码与所述可执行代码一致则能够执行所述解密的代码,所述第二密码装置产生所述访问请求;以及
通讯装置,用于使所述第一密码装置与所述第二密码装置通过交换所述加密的代码和解密的代码进行通讯。
2.根据权利要求1的系统,其特征在于所述第一密码装置包括一个安全的引导装置。
3.根据权利要求1的系统,其特征在于所述第二密码装置包括一个主处理器。
4.根据权利要求1的系统,其特征在于所述通讯装置包括一个连接一条总线的接口,允许所述第一密码装置响应来自所述第二密码装置的所述访问请求。
5.根据权利要求1的系统,其特征在于所述秘密密钥可由所述第一密码装置和所述第二密码装置取得。
6.根据权利要求1的系统,其特征在于所述可执行代码是一操作系统。
7.根据权利要求1的系统,其特征在于所述可执行代码是一基本输入和输出系统。
8.根据权利要求1的系统,其特征在于所述存储装置是一可修改非易失性存储装置。
9.根据权利要求8的系统,其特征在于所述可修改非易失性存储装置是一快速存储器。
10.一个用于防止对可执行代码进行非法替换的系统,包括:
第一处理器,用于在加电序列期间响应一个访问请求,根据一个秘密密钥对所述可执行代码进行加密,产生一个加密的代码,所述第一处理器与所述可执行代码相连;
第二处理器,用于根据所述秘密密钥对所述加密的代码进行解密,产生解密的代码,所述第二处理器与所述第一处理器相连,并且如果所述解密的代码与所述可执行代码一致则能够执行所述解密的代码,所述第二处理器产生所述访问请求;以及
一个通讯路径,用于使所述第一处理器与所述第二处理器通过交换所述加密的代码和解密的代码进行通讯。
11.根据权利要求10的系统,其特征在于所述第一处理器是一个安全的引导装置。
12.根据权利要求10的系统,其特征在于所述第二处理器是一个主处理器。
13.根据权利要求10的系统,其特征在于所述通讯路径包括一个连接一条总线的接口,允许所述第一处理器响应来自所述第二处理器的所述访问请求。
14.根据权利要求10的系统,其特征在于所述秘密密钥可由所述第一处理器和所述第二处理器取得。
15.根据权利要求10的系统,其特征在于所述可执行代码是一操作系统。
16.根据权利要求10的系统,其特征在于所述可执行代码是一基本输入和输出系统。
17.根据权利要求10的系统,其特征在于所述存储装置是一可修改非易失性存储装置。
18.根据权利要求17的系统,其特征在于所述可修改非易失性存储装置是一快速存储器。
19.一种用于防止对包含在存储装置中、主处理器可访问的可执行代码进行非法替换的方法,包括下列步骤:
提供一个与所述存储装置相连的安全处理器,所述安全处理器响应所述主处理器;
在加电序列期间对所述安全处理器产生一个访问请求;
响应所述访问请求,根据一个秘密密钥对所述可执行代码进行加密,产生加密的代码;
根据所述秘密密钥对所述加密的代码进行解密,产生解密的代码;
如果所述解密的代码与所述可执行代码一致则执行所述解密的代码;以及
在所述主处理器和所述安全处理器之间建立一个通讯路径,允许所述主处理器与所述安全处理器进行通讯。
20.根据权利要求19的方法,其特征在于所述通讯路径包括一个连接到一条总线的接口,允许所述安全处理器响应来自所述主处理器的所述访问请求。
21.根据权利要求19的方法,其特征在于所述秘密密钥可由所述主处理器和所述安全处理器取得。
22.根据权利要求19的方法,其特征在于所述可执行代码是一操作系统。
23.根据权利要求19的方法,其特征在于所述可执行代码是一基本输入和输出系统。
24.根据权利要求19的方法,其特征在于所述存储装置是一可修改非易失性存储装置。
25.根据权利要求19的方法,其特征在于所述安全处理器是一个安全的引导设备。
26.根据权利要求19的方法,其特征在于所述加密的步骤由所述安全处理器执行,所述解密的步骤由所述主处理器执行。
27.根据权利要求24的方法,其特征在于所述可修改非易失性存储装置是一快速存储器。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/722298 | 1996-09-30 | ||
US08/722,298 US5937063A (en) | 1996-09-30 | 1996-09-30 | Secure boot |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1238087A CN1238087A (zh) | 1999-12-08 |
CN1182678C true CN1182678C (zh) | 2004-12-29 |
Family
ID=24901262
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB97199904XA Expired - Fee Related CN1182678C (zh) | 1996-09-30 | 1997-07-30 | 安全引导 |
Country Status (9)
Country | Link |
---|---|
US (1) | US5937063A (zh) |
KR (1) | KR20000048718A (zh) |
CN (1) | CN1182678C (zh) |
AU (1) | AU3968397A (zh) |
BR (1) | BR9714348A (zh) |
DE (1) | DE19782038T1 (zh) |
GB (1) | GB2332606B (zh) |
TW (1) | TW339433B (zh) |
WO (1) | WO1998015086A1 (zh) |
Families Citing this family (194)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7037426B2 (en) * | 2000-05-04 | 2006-05-02 | Zenon Environmental Inc. | Immersed membrane apparatus |
US6786420B1 (en) | 1997-07-15 | 2004-09-07 | Silverbrook Research Pty. Ltd. | Data distribution mechanism in the form of ink dots on cards |
US6618117B2 (en) | 1997-07-12 | 2003-09-09 | Silverbrook Research Pty Ltd | Image sensing apparatus including a microcontroller |
US6690419B1 (en) | 1997-07-15 | 2004-02-10 | Silverbrook Research Pty Ltd | Utilising eye detection methods for image processing in a digital image camera |
US6624848B1 (en) | 1997-07-15 | 2003-09-23 | Silverbrook Research Pty Ltd | Cascading image modification using multiple digital cameras incorporating image processing |
US7110024B1 (en) | 1997-07-15 | 2006-09-19 | Silverbrook Research Pty Ltd | Digital camera system having motion deblurring means |
US7551201B2 (en) * | 1997-07-15 | 2009-06-23 | Silverbrook Research Pty Ltd | Image capture and processing device for a print on demand digital camera system |
US6879341B1 (en) | 1997-07-15 | 2005-04-12 | Silverbrook Research Pty Ltd | Digital camera system containing a VLIW vector processor |
US6185678B1 (en) * | 1997-10-02 | 2001-02-06 | Trustees Of The University Of Pennsylvania | Secure and reliable bootstrap architecture |
US6185685B1 (en) | 1997-12-11 | 2001-02-06 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
US6088799A (en) * | 1997-12-11 | 2000-07-11 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
US6134628A (en) * | 1998-01-30 | 2000-10-17 | Ricoh Company, Ltd. | Method and computer-based system for rewriting a nonvolatile rewritable memory |
US6141756A (en) * | 1998-04-27 | 2000-10-31 | Motorola, Inc. | Apparatus and method of reading a program into a processor |
US6757829B1 (en) | 1998-05-29 | 2004-06-29 | Texas Instruments Incorporated | Program debugging system for secure computing device having secure and non-secure modes |
US6711683B1 (en) | 1998-05-29 | 2004-03-23 | Texas Instruments Incorporated | Compresses video decompression system with encryption of compressed data stored in video buffer |
US6266754B1 (en) | 1998-05-29 | 2001-07-24 | Texas Instruments Incorporated | Secure computing device including operating system stored in non-relocatable page of memory |
US6775778B1 (en) | 1998-05-29 | 2004-08-10 | Texas Instruments Incorporated | Secure computing device having boot read only memory verification of program code |
TW432840B (en) * | 1998-06-03 | 2001-05-01 | Sony Corp | Communication control method, system, and device |
AUPP702098A0 (en) | 1998-11-09 | 1998-12-03 | Silverbrook Research Pty Ltd | Image creation method and apparatus (ART73) |
US6463535B1 (en) * | 1998-10-05 | 2002-10-08 | Intel Corporation | System and method for verifying the integrity and authorization of software before execution in a local platform |
US20050060549A1 (en) * | 1998-10-26 | 2005-03-17 | Microsoft Corporation | Controlling access to content based on certificates and access predicates |
US7174457B1 (en) * | 1999-03-10 | 2007-02-06 | Microsoft Corporation | System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party |
US7194092B1 (en) * | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
TW420796B (en) * | 1999-01-13 | 2001-02-01 | Primax Electronics Ltd | Computer system equipped with portable electronic key |
US6389537B1 (en) | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
AUPQ056099A0 (en) | 1999-05-25 | 1999-06-17 | Silverbrook Research Pty Ltd | A method and apparatus (pprint01) |
EP1247221A4 (en) | 1999-09-20 | 2005-01-19 | Quintiles Transnat Corp | SYSTEM AND METHOD FOR ANALYZING DEFINED HEALTH DATA |
AUPQ321699A0 (en) * | 1999-09-30 | 1999-10-28 | Aristocrat Leisure Industries Pty Ltd | Gaming security system |
US6718407B2 (en) * | 1999-09-30 | 2004-04-06 | Intel Corporation | Multiplexer selecting one of input/output data from a low pin count interface and a program information to update a firmware device from a communication interface |
AUPQ334299A0 (en) * | 1999-10-08 | 1999-11-04 | Centurion Tech Holdings Pty Ltd | Security card |
US6407949B1 (en) * | 1999-12-17 | 2002-06-18 | Qualcomm, Incorporated | Mobile communication device having integrated embedded flash and SRAM memory |
US7013481B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Attestation key memory device and bus |
US6957332B1 (en) | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
US7194634B2 (en) | 2000-03-31 | 2007-03-20 | Intel Corporation | Attestation key memory device and bus |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US6754815B1 (en) | 2000-03-31 | 2004-06-22 | Intel Corporation | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set |
US7089595B1 (en) * | 2000-03-31 | 2006-08-08 | Intel Corporation | Device and method for disabling an override hardware pin assertion |
US7073071B1 (en) | 2000-03-31 | 2006-07-04 | Intel Corporation | Platform and method for generating and utilizing a protected audit log |
US7082615B1 (en) | 2000-03-31 | 2006-07-25 | Intel Corporation | Protecting software environment in isolated execution |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
US6990579B1 (en) | 2000-03-31 | 2006-01-24 | Intel Corporation | Platform and method for remote attestation of a platform |
US6996710B1 (en) | 2000-03-31 | 2006-02-07 | Intel Corporation | Platform and method for issuing and certifying a hardware-protected attestation key |
US7356817B1 (en) | 2000-03-31 | 2008-04-08 | Intel Corporation | Real-time scheduling of virtual machines |
US6795905B1 (en) | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
US6760441B1 (en) | 2000-03-31 | 2004-07-06 | Intel Corporation | Generating a key hieararchy for use in an isolated execution environment |
US6769058B1 (en) | 2000-03-31 | 2004-07-27 | Intel Corporation | Resetting a processor in an isolated execution environment |
US7013484B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6986052B1 (en) | 2000-06-30 | 2006-01-10 | Intel Corporation | Method and apparatus for secure execution using a secure memory partition |
US6678833B1 (en) * | 2000-06-30 | 2004-01-13 | Intel Corporation | Protection of boot block data and accurate reporting of boot block contents |
US7793111B1 (en) | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
US7389427B1 (en) | 2000-09-28 | 2008-06-17 | Intel Corporation | Mechanism to secure computer output from software attack using isolated execution |
EP1340138A1 (en) | 2000-12-04 | 2003-09-03 | Trek 2000 International Ltd | A computer pointing device |
US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
US6948065B2 (en) | 2000-12-27 | 2005-09-20 | Intel Corporation | Platform and method for securely transmitting an authorization secret |
JP4074057B2 (ja) * | 2000-12-28 | 2008-04-09 | 株式会社東芝 | 耐タンパプロセッサにおける暗号化データ領域のプロセス間共有方法 |
US20020144121A1 (en) * | 2001-03-30 | 2002-10-03 | Ellison Carl M. | Checking file integrity using signature generated in isolated execution |
US7096497B2 (en) * | 2001-03-30 | 2006-08-22 | Intel Corporation | File checking using remote signing authority via a network |
US7272831B2 (en) | 2001-03-30 | 2007-09-18 | Intel Corporation | Method and apparatus for constructing host processor soft devices independent of the host processor operating system |
US6976136B2 (en) | 2001-05-07 | 2005-12-13 | National Semiconductor Corporation | Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller |
WO2003003242A1 (en) | 2001-06-29 | 2003-01-09 | Secure Systems Limited | Security system and method for computers |
KR100431081B1 (ko) * | 2001-07-02 | 2004-05-12 | 한국전자통신연구원 | 보안모듈 및 그의 이용 방법 |
US20030009687A1 (en) * | 2001-07-05 | 2003-01-09 | Ferchau Joerg U. | Method and apparatus for validating integrity of software |
US7237121B2 (en) * | 2001-09-17 | 2007-06-26 | Texas Instruments Incorporated | Secure bootloader for securing digital devices |
US7484105B2 (en) * | 2001-08-16 | 2009-01-27 | Lenovo (Singapore) Ptd. Ltd. | Flash update using a trusted platform module |
US20030037244A1 (en) * | 2001-08-16 | 2003-02-20 | International Business Machines Corporation | System management interrupt generation upon completion of cryptographic operation |
US6993648B2 (en) * | 2001-08-16 | 2006-01-31 | Lenovo (Singapore) Pte. Ltd. | Proving BIOS trust in a TCPA compliant system |
US7024555B2 (en) | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
US20030120922A1 (en) * | 2001-12-06 | 2003-06-26 | Fairchild Semiconductor Corporation | Device authentication system and method |
ATE369583T1 (de) | 2001-12-26 | 2007-08-15 | Research In Motion Ltd | Sicheres booten für chip-geräten |
US20030126454A1 (en) * | 2001-12-28 | 2003-07-03 | Glew Andrew F. | Authenticated code method and apparatus |
US7308576B2 (en) | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
US6836176B2 (en) * | 2002-01-02 | 2004-12-28 | Intel Corporation | Charge pump ripple reduction |
US6605984B2 (en) | 2002-01-02 | 2003-08-12 | Intel Corporation | Charge pump ripple reduction |
US20030123299A1 (en) * | 2002-01-02 | 2003-07-03 | Annavajjhala Ravi P. | Protection circuit |
US20030135744A1 (en) * | 2002-01-11 | 2003-07-17 | International Business Machines Corporation | Method and system for programming a non-volatile device in a data processing system |
US7631196B2 (en) | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
US7124273B2 (en) * | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
US7343493B2 (en) | 2002-03-28 | 2008-03-11 | Lenovo (Singapore) Pte. Ltd. | Encrypted file system using TCPA |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US20030191943A1 (en) * | 2002-04-05 | 2003-10-09 | Poisner David I. | Methods and arrangements to register code |
US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
US7076669B2 (en) * | 2002-04-15 | 2006-07-11 | Intel Corporation | Method and apparatus for communicating securely with a token |
US7127548B2 (en) | 2002-04-16 | 2006-10-24 | Intel Corporation | Control register access virtualization performance improvement in the virtual-machine architecture |
US7487365B2 (en) * | 2002-04-17 | 2009-02-03 | Microsoft Corporation | Saving and retrieving data based on symmetric key encryption |
US7890771B2 (en) | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
US6715085B2 (en) * | 2002-04-18 | 2004-03-30 | International Business Machines Corporation | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
EP1495394B1 (en) * | 2002-04-18 | 2008-07-23 | Advanced Micro Devices, Inc. | A computer system including a secure execution mode - capable cpu and a security services processor connected via a secure communication path |
US6820177B2 (en) | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
US7392415B2 (en) * | 2002-06-26 | 2008-06-24 | Intel Corporation | Sleep protection |
US7849011B1 (en) | 2002-07-16 | 2010-12-07 | Diebold Self-Service Systems Division Of Diebold, Incorporated | Automated banking machine bootable media authentication |
JP2004054834A (ja) * | 2002-07-24 | 2004-02-19 | Matsushita Electric Ind Co Ltd | プログラム開発方法、プログラム開発支援装置およびプログラム実装方法 |
TWI234706B (en) * | 2002-07-26 | 2005-06-21 | Hon Hai Prec Ind Co Ltd | System and method for firmware authentication |
US8386797B1 (en) * | 2002-08-07 | 2013-02-26 | Nvidia Corporation | System and method for transparent disk encryption |
US20040064457A1 (en) * | 2002-09-27 | 2004-04-01 | Zimmer Vincent J. | Mechanism for providing both a secure and attested boot |
US7974416B2 (en) | 2002-11-27 | 2011-07-05 | Intel Corporation | Providing a secure execution mode in a pre-boot environment |
US7318235B2 (en) * | 2002-12-16 | 2008-01-08 | Intel Corporation | Attestation using both fixed token and portable token |
US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
US7793286B2 (en) * | 2002-12-19 | 2010-09-07 | Intel Corporation | Methods and systems to manage machine state in virtual machine operations |
US7900017B2 (en) | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
US20040128465A1 (en) * | 2002-12-30 | 2004-07-01 | Lee Micheil J. | Configurable memory bus width |
US7320052B2 (en) | 2003-02-10 | 2008-01-15 | Intel Corporation | Methods and apparatus for providing seamless file system encryption and redundant array of independent disks from a pre-boot environment into a firmware interface aware operating system |
JP2007507020A (ja) * | 2003-06-24 | 2007-03-22 | バイエリッシェ モートーレン ウエルケ アクチエンゲゼルシャフト | プログラミング可能な読出し専用メモリのブートセクタ内にソフトウェアをリロードするための方法 |
US7380136B2 (en) * | 2003-06-25 | 2008-05-27 | Intel Corp. | Methods and apparatus for secure collection and display of user interface information in a pre-boot environment |
US7415708B2 (en) * | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
US7287197B2 (en) * | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
US7464256B2 (en) * | 2003-09-18 | 2008-12-09 | Aristocrat Technologies Australia Pty. Limited | Bios protection device preventing execution of a boot program stored in the bios memory until the boot program is authenticated |
US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
US20050080934A1 (en) | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US20050108171A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
KR100604828B1 (ko) * | 2004-01-09 | 2006-07-28 | 삼성전자주식회사 | 펌웨어 암호화 방법 및 해독 방법과 그 처리 장치 |
US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
US8468337B2 (en) * | 2004-03-02 | 2013-06-18 | International Business Machines Corporation | Secure data transfer over a network |
US7564976B2 (en) * | 2004-03-02 | 2009-07-21 | International Business Machines Corporation | System and method for performing security operations on network data |
US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
US7299347B1 (en) | 2004-04-02 | 2007-11-20 | Super Talent Electronics, Inc. | Boot management in computer systems assisted by an endpoint with PCI-XP or USB-V2 interface |
US8112618B2 (en) * | 2004-04-08 | 2012-02-07 | Texas Instruments Incorporated | Less-secure processors, integrated circuits, wireless communications apparatus, methods and processes of making |
US20050263977A1 (en) * | 2004-05-13 | 2005-12-01 | Tien-Hui Pan | Method of preventing firmware piracy |
US20050283826A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for performing secure communications between an authorized computing platform and a hardware component |
US20050283601A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for securing a computer boot |
US20050289343A1 (en) * | 2004-06-23 | 2005-12-29 | Sun Microsystems, Inc. | Systems and methods for binding a hardware component and a platform |
US7840962B2 (en) | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
US7702907B2 (en) * | 2004-10-01 | 2010-04-20 | Nokia Corporation | System and method for safe booting electronic devices |
US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
US8667580B2 (en) * | 2004-11-15 | 2014-03-04 | Intel Corporation | Secure boot scheme from external memory using internal memory |
US8037318B2 (en) * | 2004-11-17 | 2011-10-11 | Oracle America, Inc. | System and methods for dependent trust in a computer system |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US20060133607A1 (en) * | 2004-12-22 | 2006-06-22 | Seagate Technology Llc | Apparatus and method for generating a secret key |
US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
US7725703B2 (en) * | 2005-01-07 | 2010-05-25 | Microsoft Corporation | Systems and methods for securely booting a computer with a trusted processing module |
US8028172B2 (en) | 2005-01-14 | 2011-09-27 | Microsoft Corporation | Systems and methods for updating a secure boot process on a computer with a hardware security module |
US7506380B2 (en) * | 2005-01-14 | 2009-03-17 | Microsoft Corporation | Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module |
US7565553B2 (en) * | 2005-01-14 | 2009-07-21 | Microsoft Corporation | Systems and methods for controlling access to data on a computer with a secure boot process |
US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
US9525666B2 (en) * | 2005-01-31 | 2016-12-20 | Unisys Corporation | Methods and systems for managing concurrent unsecured and cryptographically secure communications across unsecured networks |
WO2006082994A2 (en) * | 2005-02-07 | 2006-08-10 | Sony Computer Entertainment Inc. | Methods and apparatus for facilitating a secure session between a processor and an external device |
WO2006082985A2 (en) * | 2005-02-07 | 2006-08-10 | Sony Computer Entertainment Inc. | Methods and apparatus for providing a secure booting sequence in a processor |
JP4606339B2 (ja) * | 2005-02-07 | 2011-01-05 | 株式会社ソニー・コンピュータエンタテインメント | セキュアなプロセッサの処理の移行を実施する方法および装置 |
US7802111B1 (en) | 2005-04-27 | 2010-09-21 | Oracle America, Inc. | System and method for limiting exposure of cryptographic keys protected by a trusted platform module |
US8554686B2 (en) * | 2005-06-30 | 2013-10-08 | Advanced Micro Devices, Inc. | Anti-hack protection to restrict installation of operating systems and other software |
US20070055859A1 (en) * | 2005-09-02 | 2007-03-08 | Mediatek Inc. | Boot systems and methods |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
JP4537940B2 (ja) * | 2005-11-21 | 2010-09-08 | 株式会社ソニー・コンピュータエンタテインメント | 情報処理装置、及びプログラム実行制御方法 |
US20070136609A1 (en) * | 2005-12-13 | 2007-06-14 | Rudelic John C | Methods and apparatus for providing a secure channel associated with a flash device |
US20070162759A1 (en) * | 2005-12-28 | 2007-07-12 | Motorola, Inc. | Protected port for electronic access to an embedded device |
JP4795812B2 (ja) | 2006-02-22 | 2011-10-19 | 富士通セミコンダクター株式会社 | セキュアプロセッサ |
US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
US7774616B2 (en) * | 2006-06-09 | 2010-08-10 | International Business Machines Corporation | Masking a boot sequence by providing a dummy processor |
US7594104B2 (en) * | 2006-06-09 | 2009-09-22 | International Business Machines Corporation | System and method for masking a hardware boot sequence |
US20070288740A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for secure boot across a plurality of processors |
US20070288761A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors |
US20070288738A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for selecting a random processor to boot on a multiprocessor system |
TWI310153B (en) | 2006-08-17 | 2009-05-21 | Quanta Comp Inc | Computer system and boot code accessing method thereof |
US7668945B2 (en) * | 2006-08-18 | 2010-02-23 | Intel Corporation | Network booting using a platform management coprocessor |
US9355273B2 (en) | 2006-12-18 | 2016-05-31 | Bank Of America, N.A., As Collateral Agent | System and method for the protection and de-identification of health care data |
US8423794B2 (en) * | 2006-12-28 | 2013-04-16 | Sandisk Technologies Inc. | Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications |
EP2122900A4 (en) * | 2007-01-22 | 2014-07-23 | Spyrus Inc | PORTABLE DATA ENCRYPTION DEVICE WITH CONFIGURABLE SAFETY FUNCTIONS AND METHOD FOR FILING ENCRYPTION |
US7769993B2 (en) * | 2007-03-09 | 2010-08-03 | Microsoft Corporation | Method for ensuring boot source integrity of a computing system |
US20080235513A1 (en) * | 2007-03-19 | 2008-09-25 | Microsoft Corporation | Three Party Authentication |
US8255988B2 (en) * | 2007-03-28 | 2012-08-28 | Microsoft Corporation | Direct peripheral communication for restricted mode operation |
US20090006831A1 (en) * | 2007-06-30 | 2009-01-01 | Wah Yiu Kwong | Methods and apparatuses for configuring add-on hardware to a computing platform |
IL187044A0 (en) * | 2007-10-30 | 2008-02-09 | Sandisk Il Ltd | Fast secure boot implementation |
US8661234B2 (en) * | 2008-01-31 | 2014-02-25 | Microsoft Corporation | Individualized per device initialization of computing devices in avoidance of mass exploitation of vulnerabilities |
US20090327741A1 (en) * | 2008-06-30 | 2009-12-31 | Zimmer Vincent J | System and method to secure boot uefi firmware and uefi-aware operating systems on a mobile internet device (mid) |
CN101404577B (zh) * | 2008-10-30 | 2010-04-21 | 南京大学 | 一种融合多种保密技术的保密通信方法 |
US9058491B1 (en) | 2009-03-26 | 2015-06-16 | Micron Technology, Inc. | Enabling a secure boot from non-volatile memory |
US8176306B2 (en) * | 2009-07-24 | 2012-05-08 | Hewlett-Packard Development Company, L.P. | Boot block |
US20110107395A1 (en) * | 2009-11-03 | 2011-05-05 | Nokia Corporation | Method and apparatus for providing a fast and secure boot process |
US9336410B2 (en) | 2009-12-15 | 2016-05-10 | Micron Technology, Inc. | Nonvolatile memory internal signature generation |
EP2355502A1 (en) | 2010-02-03 | 2011-08-10 | Irdeto B.V. | Preventing the use of modified receiver firmware in receivers of a conditional access system |
US8503674B2 (en) | 2011-04-28 | 2013-08-06 | Microsoft Corporation | Cryptographic key attack mitigation |
US8738915B2 (en) * | 2011-06-30 | 2014-05-27 | Dell Products L.P. | System and method for establishing perpetual trust among platform domains |
WO2013012436A1 (en) | 2011-07-18 | 2013-01-24 | Hewlett-Packard Development Company, L.P. | Reset vectors for boot instructions |
US8386763B1 (en) * | 2012-01-04 | 2013-02-26 | Google Inc. | System and method for locking down a capability of a computer system |
US20130239214A1 (en) * | 2012-03-06 | 2013-09-12 | Trusteer Ltd. | Method for detecting and removing malware |
FR2989197B1 (fr) * | 2012-04-05 | 2014-05-02 | Toucan System | Procede de securisation d'acces a un dispositif informatique |
US8839004B1 (en) * | 2012-04-16 | 2014-09-16 | Ionu Security, Inc. | Secure cloud computing infrastructure |
US9390278B2 (en) | 2012-09-14 | 2016-07-12 | Freescale Semiconductor, Inc. | Systems and methods for code protection in non-volatile memory systems |
US9881161B2 (en) | 2012-12-06 | 2018-01-30 | S-Printing Solution Co., Ltd. | System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof |
US9280687B2 (en) * | 2013-03-15 | 2016-03-08 | Lenovo (Singapore) Pte. Ltd. | Pre-boot authentication using a cryptographic processor |
US9613214B2 (en) * | 2013-07-09 | 2017-04-04 | Micron Technology, Inc. | Self-measuring nonvolatile memory devices with remediation capabilities and associated systems and methods |
US9830456B2 (en) * | 2013-10-21 | 2017-11-28 | Cisco Technology, Inc. | Trust transference from a trusted processor to an untrusted processor |
CN106537407B (zh) * | 2014-04-15 | 2022-03-04 | 麦利尔亚洲新加坡私人有限公司 | 可信根 |
US9438627B2 (en) | 2014-06-11 | 2016-09-06 | International Business Machines Corporation | Shared security utility appliance for secure application and data processing |
US9331989B2 (en) * | 2014-10-06 | 2016-05-03 | Micron Technology, Inc. | Secure shared key sharing systems and methods |
US20170300340A1 (en) * | 2016-04-15 | 2017-10-19 | Sunland International, Llc | Secure computer access using removable bootable drives |
WO2017222499A1 (en) * | 2016-06-20 | 2017-12-28 | Hewlett-Packard Development Company, L.P. | Firmware-inaccessible key storage |
US10242197B2 (en) * | 2016-09-23 | 2019-03-26 | Intel Corporation | Methods and apparatus to use a security coprocessor for firmware protection |
CN107491276A (zh) * | 2017-06-30 | 2017-12-19 | 杭州旗捷科技有限公司 | 设备数据远程加密升级的方法、存储介质、电子设备 |
FR3105484B1 (fr) | 2019-12-19 | 2021-12-10 | Commissariat Energie Atomique | Méthode de vérification dynamique de l’intégrité d’un code machine |
US11698971B2 (en) | 2021-04-15 | 2023-07-11 | Honeywell International Inc. | Secure boot device |
CN116340954B (zh) * | 2023-03-24 | 2024-01-23 | 合芯科技有限公司 | 一种数据安全通道建立方法、系统控制处理器和启动固件 |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4278837A (en) * | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
DE3483410D1 (de) * | 1983-10-14 | 1990-11-22 | Toshiba Kawasaki Kk | Einchip mikrocomputer mit verschluesselbarer funktion des programmspeichers. |
US4633388A (en) * | 1984-01-18 | 1986-12-30 | Siemens Corporate Research & Support, Inc. | On-chip microprocessor instruction decoder having hardware for selectively bypassing on-chip circuitry used to decipher encrypted instruction codes |
US4698617A (en) * | 1984-05-22 | 1987-10-06 | American Microsystems, Inc. | ROM Protection scheme |
US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5359659A (en) * | 1992-06-19 | 1994-10-25 | Doren Rosenthal | Method for securing software against corruption by computer viruses |
FR2703800B1 (fr) * | 1993-04-06 | 1995-05-24 | Bull Cp8 | Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre. |
US5444850A (en) * | 1993-08-04 | 1995-08-22 | Trend Micro Devices Incorporated | Method and apparatus for controlling network and workstation access prior to workstation boot |
US5386469A (en) * | 1993-08-05 | 1995-01-31 | Zilog, Inc. | Firmware encryption for microprocessor/microcomputer |
US5450489A (en) * | 1993-10-29 | 1995-09-12 | Time Warner Entertainment Co., L.P. | System and method for authenticating software carriers |
US5509120A (en) * | 1993-11-30 | 1996-04-16 | International Business Machines Corporation | Method and system for detecting computer viruses during power on self test |
US5377264A (en) * | 1993-12-09 | 1994-12-27 | Pitney Bowes Inc. | Memory access protection circuit with encryption key |
US5666411A (en) * | 1994-01-13 | 1997-09-09 | Mccarty; Johnnie C. | System for computer software protection |
JPH07295893A (ja) * | 1994-04-28 | 1995-11-10 | Nec Corp | マイクロプロセッサのメモリ情報読込装置及び読込方法 |
US5699428A (en) * | 1996-01-16 | 1997-12-16 | Symantec Corporation | System for automatic decryption of file data on a per-use basis and automatic re-encryption within context of multi-threaded operating system under which applications run in real-time |
-
1996
- 1996-09-30 US US08/722,298 patent/US5937063A/en not_active Expired - Lifetime
-
1997
- 1997-07-30 BR BR9714348-0A patent/BR9714348A/pt not_active Application Discontinuation
- 1997-07-30 AU AU39683/97A patent/AU3968397A/en not_active Abandoned
- 1997-07-30 CN CNB97199904XA patent/CN1182678C/zh not_active Expired - Fee Related
- 1997-07-30 DE DE19782038T patent/DE19782038T1/de not_active Ceased
- 1997-07-30 WO PCT/US1997/013518 patent/WO1998015086A1/en not_active Application Discontinuation
- 1997-07-30 GB GB9906810A patent/GB2332606B/en not_active Expired - Fee Related
- 1997-07-30 KR KR1019990702684A patent/KR20000048718A/ko not_active Application Discontinuation
- 1997-08-20 TW TW086111913A patent/TW339433B/zh not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
TW339433B (en) | 1998-09-01 |
KR20000048718A (ko) | 2000-07-25 |
AU3968397A (en) | 1998-04-24 |
US5937063A (en) | 1999-08-10 |
GB2332606B (en) | 2001-05-16 |
GB2332606A (en) | 1999-06-23 |
WO1998015086A1 (en) | 1998-04-09 |
CN1238087A (zh) | 1999-12-08 |
BR9714348A (pt) | 2000-04-11 |
DE19782038T1 (de) | 1999-08-05 |
GB9906810D0 (en) | 1999-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1182678C (zh) | 安全引导 | |
US5844986A (en) | Secure BIOS | |
US7500098B2 (en) | Secure mode controlled memory | |
US8006095B2 (en) | Configurable signature for authenticating data or program code | |
US7636844B2 (en) | Method and system to provide a trusted channel within a computer system for a SIM device | |
JP4288209B2 (ja) | システム・オン・チップのためのセキュリティ・アーキテクチャ | |
US20020099950A1 (en) | Method of maintaining integrity of an instruction or data set | |
US6598165B1 (en) | Secure memory | |
EP2006792A2 (en) | Encryption and decryption methods and a PLC system using said methods | |
US9015454B2 (en) | Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys | |
US8843766B2 (en) | Method and system for protecting against access to a machine code of a device | |
NO309887B1 (no) | Sikkert minnekort | |
KR20050008847A (ko) | 휴면 보호 | |
WO2009144606A1 (en) | A method for adapting and executing a computer program and computer architecture therefore | |
JP4791250B2 (ja) | マイクロコンピュータおよびそのソフトウェア改竄防止方法 | |
WO2009149715A1 (en) | Secure link module and transaction system | |
JP6930884B2 (ja) | Bios管理装置、bios管理システム、bios管理方法、及び、bios管理プログラム | |
US20060075254A1 (en) | Smart card functionality from a security co-processor and symmetric key in ROM | |
EP1811460A1 (en) | Secure software system and method for a printer | |
JP2020201526A (ja) | 暗号処理用プラット―フォーム | |
CN114816549B (zh) | 一种保护bootloader及其环境变量的方法及系统 | |
CN117216813B (zh) | 用于读写数据的方法、装置和安全芯片 | |
US20220317184A1 (en) | Secured debug | |
JP2008033549A (ja) | 携帯可能電子装置、icカードおよび携帯可能電子装置の重要データ隠匿方法 | |
JP2006054554A (ja) | 認証装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20041229 Termination date: 20120730 |