WO2006113167A3 - Secure boot - Google Patents

Secure boot Download PDF

Info

Publication number
WO2006113167A3
WO2006113167A3 PCT/US2006/013007 US2006013007W WO2006113167A3 WO 2006113167 A3 WO2006113167 A3 WO 2006113167A3 US 2006013007 W US2006013007 W US 2006013007W WO 2006113167 A3 WO2006113167 A3 WO 2006113167A3
Authority
WO
WIPO (PCT)
Prior art keywords
program
run
check
modified
next level
Prior art date
Application number
PCT/US2006/013007
Other languages
French (fr)
Other versions
WO2006113167A2 (en
Inventor
Scott A Field
Jonathan David Schwartz
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to AU2006236956A priority Critical patent/AU2006236956A1/en
Priority to MX2007011377A priority patent/MX2007011377A/en
Priority to EP06749499A priority patent/EP1872231A4/en
Priority to CA002598616A priority patent/CA2598616A1/en
Priority to BRPI0608821-0A priority patent/BRPI0608821A2/en
Priority to JP2008506537A priority patent/JP2008537224A/en
Publication of WO2006113167A2 publication Critical patent/WO2006113167A2/en
Priority to NO20074060A priority patent/NO20074060L/en
Publication of WO2006113167A3 publication Critical patent/WO2006113167A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.
PCT/US2006/013007 2005-04-15 2006-04-06 Secure boot WO2006113167A2 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
AU2006236956A AU2006236956A1 (en) 2005-04-15 2006-04-06 Secure boot
MX2007011377A MX2007011377A (en) 2005-04-15 2006-04-06 Secure boot.
EP06749499A EP1872231A4 (en) 2005-04-15 2006-04-06 Secure boot
CA002598616A CA2598616A1 (en) 2005-04-15 2006-04-06 Secure boot
BRPI0608821-0A BRPI0608821A2 (en) 2005-04-15 2006-04-06 secure boot
JP2008506537A JP2008537224A (en) 2005-04-15 2006-04-06 Safe starting method and system
NO20074060A NO20074060L (en) 2005-04-15 2007-08-07 Safe startup

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/106,756 US20060236122A1 (en) 2005-04-15 2005-04-15 Secure boot
US11/106,756 2005-04-15

Publications (2)

Publication Number Publication Date
WO2006113167A2 WO2006113167A2 (en) 2006-10-26
WO2006113167A3 true WO2006113167A3 (en) 2008-01-03

Family

ID=37109951

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/013007 WO2006113167A2 (en) 2005-04-15 2006-04-06 Secure boot

Country Status (13)

Country Link
US (1) US20060236122A1 (en)
EP (1) EP1872231A4 (en)
JP (1) JP2008537224A (en)
KR (1) KR20080005482A (en)
CN (1) CN101199159A (en)
AU (1) AU2006236956A1 (en)
BR (1) BRPI0608821A2 (en)
CA (1) CA2598616A1 (en)
MX (1) MX2007011377A (en)
NO (1) NO20074060L (en)
RU (1) RU2007138019A (en)
WO (1) WO2006113167A2 (en)
ZA (1) ZA200707404B (en)

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7779482B1 (en) 2003-02-07 2010-08-17 iGware Inc Delivery of license information using a short messaging system protocol in a closed content distribution system
US20100017627A1 (en) 2003-02-07 2010-01-21 Broadon Communications Corp. Ensuring authenticity in a closed content distribution system
US8131649B2 (en) 2003-02-07 2012-03-06 Igware, Inc. Static-or-dynamic and limited-or-unlimited content rights
US20070055859A1 (en) * 2005-09-02 2007-03-08 Mediatek Inc. Boot systems and methods
EP1826697A1 (en) * 2006-02-24 2007-08-29 Giga Games System, SL Method for booting and using software for AWP and B type amusing gaming machines, and for C type casino machines
EP2033350A2 (en) 2006-05-02 2009-03-11 Broadon Communications Corp. Content management system and method
US7904278B2 (en) * 2006-05-02 2011-03-08 The Johns Hopkins University Methods and system for program execution integrity measurement
US7624276B2 (en) 2006-10-16 2009-11-24 Broadon Communications Corp. Secure device authentication system and method
US7613915B2 (en) 2006-11-09 2009-11-03 BroadOn Communications Corp Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed
US8904552B2 (en) * 2007-04-17 2014-12-02 Samsung Electronics Co., Ltd. System and method for protecting data information stored in storage
US20080271145A1 (en) * 2007-04-30 2008-10-30 Schiller Mark R Tamper indication system and method for a computing system
FR2926149B1 (en) 2008-01-07 2010-01-29 Bull Sas DEVICE, SYSTEMS AND METHOD FOR SECURELY STARTING A COMPUTER INSTALLATION
US8793477B2 (en) * 2008-02-12 2014-07-29 Mcafee, Inc. Bootstrap OS protection and recovery
US9286080B2 (en) * 2008-07-02 2016-03-15 Hewlett-Packard Development Company, L.P. Memory management for hypervisor loading
US8843742B2 (en) 2008-08-26 2014-09-23 Hewlett-Packard Company Hypervisor security using SMM
CN102640160B (en) * 2009-10-09 2015-02-11 诺基亚公司 Method and device for control of resource access
CN102262717B (en) * 2011-07-18 2014-05-07 百度在线网络技术(北京)有限公司 Method, device and equipment for changing original installation information and detecting installation information
US20130036103A1 (en) * 2011-08-04 2013-02-07 The Boeing Company Software Part Validation Using Hash Values
US9262631B2 (en) * 2011-11-15 2016-02-16 Mstar Semiconductor, Inc. Embedded device and control method thereof
JP5519712B2 (en) * 2012-01-20 2014-06-11 レノボ・シンガポール・プライベート・リミテッド Method of booting a computer and computer
US8627097B2 (en) 2012-03-27 2014-01-07 Igt System and method enabling parallel processing of hash functions using authentication checkpoint hashes
US9942257B1 (en) * 2012-07-11 2018-04-10 Amazon Technologies, Inc. Trustworthy indication of software integrity
US9465943B2 (en) * 2013-01-31 2016-10-11 Red Hat, Inc. Extension of a platform configuration register with a known value
US20150019852A1 (en) * 2013-07-12 2015-01-15 International Games System Co., Ltd. Verification method for system execution environment
CN104636662B (en) * 2013-11-15 2018-07-03 华为技术有限公司 A kind of data processing method and terminal device
CN104796771B (en) * 2014-01-22 2018-04-06 中国电信股份有限公司 Control method for down loading and system and downloading guides module
US9672361B2 (en) 2014-04-30 2017-06-06 Ncr Corporation Self-service terminal (SST) secure boot
CN104019783B (en) * 2014-06-13 2017-01-18 冠亿精密工业(昆山)有限公司 Outer diameter detecting device
CN105704514B (en) * 2014-11-27 2018-06-29 中国电信股份有限公司 It is used to implement method, set-top box and the system of secure payment
US9727737B1 (en) 2015-07-27 2017-08-08 Amazon Technologies, Inc. Trustworthy indication of software integrity
JP2017102566A (en) * 2015-11-30 2017-06-08 日本電信電話株式会社 Unauthorized file detection device, unauthorized file detection method and unauthorized file detection program
SG10201602449PA (en) 2016-03-29 2017-10-30 Huawei Int Pte Ltd System and method for verifying integrity of an electronic device
CN106845212A (en) * 2017-01-17 2017-06-13 北京北信源软件股份有限公司 A kind of software verification method under Windows
US10664599B2 (en) 2017-05-01 2020-05-26 International Business Machines Corporation Portable executable and non-portable executable boot file security
US11138315B2 (en) 2018-01-17 2021-10-05 Hewlett Packard Enterprise Development Lp Data structure measurement comparison
JP6706278B2 (en) * 2018-03-27 2020-06-03 キヤノン株式会社 Information processing apparatus and information processing method
US11714910B2 (en) * 2018-06-13 2023-08-01 Hewlett Packard Enterprise Development Lp Measuring integrity of computing system
JP7171339B2 (en) * 2018-09-26 2022-11-15 キヤノン株式会社 Information processing device, control method for information processing device, and program
KR102126931B1 (en) * 2018-11-07 2020-06-25 시큐리티플랫폼 주식회사 Device and method for secure booting
EP3696698A1 (en) * 2019-02-18 2020-08-19 Verimatrix Method of protecting a software program against tampering
US11036267B2 (en) * 2019-02-26 2021-06-15 Microsoft Technology Licensing, Llc Field replaceable touch display module
JP7092071B2 (en) * 2019-03-05 2022-06-28 トヨタ自動車株式会社 Vehicle control device, vehicle control device activation method and vehicle control program
EP3772842A1 (en) * 2019-08-07 2021-02-10 Siemens Aktiengesellschaft Detection of manipulated clients of a factory control system
CN110955442B (en) * 2019-11-11 2023-03-07 郑州信大先进技术研究院 Bootloader suitable for PCI-E password card
CN112231694A (en) * 2020-10-27 2021-01-15 北京人大金仓信息技术股份有限公司 Database detection method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6625729B1 (en) * 2000-03-31 2003-09-23 Hewlett-Packard Company, L.P. Computer system having security features for authenticating different components
US6715074B1 (en) * 1999-07-27 2004-03-30 Hewlett-Packard Development Company, L.P. Virus resistant and hardware independent method of flashing system bios

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3744034A (en) * 1972-01-27 1973-07-03 Perkin Elmer Corp Method and apparatus for providing a security system for a computer
US4975950A (en) * 1988-11-03 1990-12-04 Lentz Stephen A System and method of protecting integrity of computer data and software
US5121345A (en) * 1988-11-03 1992-06-09 Lentz Stephen A System and method for protecting integrity of computer data and software
EP0449242A3 (en) * 1990-03-28 1992-10-28 National Semiconductor Corporation Method and structure for providing computer security and virus prevention
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5864698A (en) * 1994-08-24 1999-01-26 Packard Bell Nec Disk based bios
US5537540A (en) * 1994-09-30 1996-07-16 Compaq Computer Corporation Transparent, secure computer virus detection method and apparatus
US5643086A (en) * 1995-06-29 1997-07-01 Silicon Gaming, Inc. Electronic casino gaming apparatus with improved play capacity, authentication and security
US5757915A (en) * 1995-08-25 1998-05-26 Intel Corporation Parameterized hash functions for access control
US5953502A (en) * 1997-02-13 1999-09-14 Helbig, Sr.; Walter A Method and apparatus for enhancing computer system security
US6185678B1 (en) * 1997-10-02 2001-02-06 Trustees Of The University Of Pennsylvania Secure and reliable bootstrap architecture
US6735696B1 (en) * 1998-08-14 2004-05-11 Intel Corporation Digital content protection using a secure booting method and apparatus
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
US6928548B1 (en) * 2000-09-29 2005-08-09 Intel Corporation System and method for verifying the integrity of stored information within an electronic device
FI114416B (en) * 2001-06-15 2004-10-15 Nokia Corp Method for securing the electronic device, the backup system and the electronic device
US7398389B2 (en) * 2001-12-20 2008-07-08 Coretrace Corporation Kernel-based network security infrastructure
US6907522B2 (en) * 2002-06-07 2005-06-14 Microsoft Corporation Use of hashing in a secure boot loader
US7174465B2 (en) * 2002-06-26 2007-02-06 Lenovo Singapore Pte, Ltd Secure method for system attribute modification
US7305710B2 (en) * 2003-04-29 2007-12-04 Pitney Bowes Inc. Method for securely loading and executing software in a secure device that cannot retain software after a loss of power
US20040250086A1 (en) * 2003-05-23 2004-12-09 Harris Corporation Method and system for protecting against software misuse and malicious code
US7380136B2 (en) * 2003-06-25 2008-05-27 Intel Corp. Methods and apparatus for secure collection and display of user interface information in a pre-boot environment
US8332652B2 (en) * 2003-10-01 2012-12-11 International Business Machines Corporation Computing device that securely runs authorized software

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6715074B1 (en) * 1999-07-27 2004-03-30 Hewlett-Packard Development Company, L.P. Virus resistant and hardware independent method of flashing system bios
US6625729B1 (en) * 2000-03-31 2003-09-23 Hewlett-Packard Company, L.P. Computer system having security features for authenticating different components

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1872231A4 *

Also Published As

Publication number Publication date
MX2007011377A (en) 2007-10-03
KR20080005482A (en) 2008-01-14
WO2006113167A2 (en) 2006-10-26
NO20074060L (en) 2007-11-14
AU2006236956A1 (en) 2006-10-26
CN101199159A (en) 2008-06-11
JP2008537224A (en) 2008-09-11
BRPI0608821A2 (en) 2010-01-26
US20060236122A1 (en) 2006-10-19
EP1872231A2 (en) 2008-01-02
EP1872231A4 (en) 2009-07-29
CA2598616A1 (en) 2006-10-26
RU2007138019A (en) 2009-04-20
ZA200707404B (en) 2009-06-24

Similar Documents

Publication Publication Date Title
WO2006113167A3 (en) Secure boot
WO2008016489A3 (en) Methods and systems for modifying an integrity measurement based on user athentication
WO2007118154A3 (en) System and method for checking the integrity of computer program code
WO2007004219A3 (en) System, device and method of verifying that a code is executed by a processor
WO2009042658A3 (en) Method, system and apparatus for providing a boot loader of an embedded system
WO2008017796A8 (en) Apparatus and method for performing integrity checks on software
ATE404932T1 (en) SECURE LICENSE MANAGEMENT
WO2008000504A3 (en) Using status models with status transitions in a computer system
WO2008000500A3 (en) Using status models with preconditions in a computer system
WO2008000498A3 (en) Defining a status model for a computer system
DE60138455D1 (en) ACCESS CONTROL TO RESOURCES THROUGH A PROGRAM ASSISTED IN DIGITAL SIGNATURES
WO2008013826A3 (en) User space virtualization system
WO2008115279A3 (en) Virtualization for diversified tamper resistance
IN2014KN02671A (en)
TW200636445A (en) Method and system for validating a computer system
WO2007098424A3 (en) System and method for multi-processor application support
FR2867871B1 (en) METHOD AND DEVICE FOR SECURING ACCESS TO A DEVICE
WO2008078366A1 (en) Data verifying device, data verifying method, and data verifying program
WO2009044533A1 (en) Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit
WO2010103466A3 (en) Integrity verification using a peripheral device
WO2008108129A1 (en) Memory access control system, memory access control method, and program therefor
TW200606719A (en) Grid computing system, management server, processing server, control method, control program and recording medium
WO2008021777A3 (en) Formal verification of graphical programs
GB0623237D0 (en) Issuing syncpoints during execution of a batch application
JP2003076585A5 (en)

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680006238.9

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2598616

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 560860

Country of ref document: NZ

WWE Wipo information: entry into national phase

Ref document number: 3700/CHENP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 1020077019435

Country of ref document: KR

ENP Entry into the national phase

Ref document number: 2008506537

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: MX/a/2007/011377

Country of ref document: MX

Ref document number: 12007502003

Country of ref document: PH

Ref document number: 2006749499

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007138019

Country of ref document: RU

WWE Wipo information: entry into national phase

Ref document number: 2006236956

Country of ref document: AU

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: PI0608821

Country of ref document: BR

Kind code of ref document: A2