US9270466B2 - System and method for temporary secure boot of an electronic device - Google Patents

System and method for temporary secure boot of an electronic device Download PDF

Info

Publication number
US9270466B2
US9270466B2 US13/682,752 US201213682752A US9270466B2 US 9270466 B2 US9270466 B2 US 9270466B2 US 201213682752 A US201213682752 A US 201213682752A US 9270466 B2 US9270466 B2 US 9270466B2
Authority
US
United States
Prior art keywords
token
key
electronic device
boot package
boot
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/682,752
Other versions
US20130145140A1 (en
Inventor
Chao-Chung Hsien
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HTC Corp
Original Assignee
HTC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HTC Corp filed Critical HTC Corp
Priority to US13/682,752 priority Critical patent/US9270466B2/en
Assigned to HTC CORPORATION reassignment HTC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HSIEN, CHAO-CHUNG
Publication of US20130145140A1 publication Critical patent/US20130145140A1/en
Application granted granted Critical
Publication of US9270466B2 publication Critical patent/US9270466B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/0813

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses system and method of temporary secure boot process of an electronic device. The method comprises: generating a first token according to an identification data of the electronic device; sending a request along with the first token to a service provider, the request corresponding to a boot package; receiving a second token and a boot package from the service provider; verifying the second token and the boot package; and executing the boot package according to verification result.

Description

CROSS REFERENCE TO RELATED APPLICATIONS
This application claims priority of U.S. Provisional No. 61/565,955 filed on Dec. 1, 2011.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to system and method of temporary secure boot process of an electronic device. More particularly, the invention relates to a temporary secure boot process by use of unique device information.
2. Description of the Prior Art
Electronic devices are installed with an operating system. Normally in a boot up process, a bootloader would initiate components of the electronic device and load the operating system so that a user may operate the electronic device to perform various functions. Some user specific data or user-installed programs are also controlled by the operation system. However, when the electronic device encounters error or is sent to the care center for examination, user might not wish to reveals personal data/files during examination, or the electronic device may not be able to boot up as normal.
SUMMARY OF THE INVENTION
The invention discloses system and method of temporary secure boot process of an electronic device. A method of temporary secure boot process according to an embodiment of the invention comprises: generating a first token according to an identification data of the electronic device; sending a request along with the first token to a service provider, the request corresponding to a boot package; receiving a second token and a boot package from the service provider; verifying the second token and the boot package; and executing the boot package according to verification result.
Another embodiment of the invention comprises: an electronic device, configured to execute at least an operating system by a processor. The processor comprises: a token generator, configured to generate a first token according to a first key; a token verification unit, configured to verify a second token according to the first key of a first key pair; a boot package execution unit configured to execute a secure boot package according to the verification of the second token; and a key pair unit configured to store at least the first key, the first key being one key of a first key pair. The system further comprises a communication interface unit within the electronic device configured to transmit the first token and receive the second token and the secure boot package; and a service provider configured to verify the first token and to generate the second token according to a second key of the first key pair and the secure boot package according to a third key of a second key pair according to the verification of the first token.
Yet in another embodiment of the invention discloses method for boot package processing. The method comprises: receiving a first token along with a request from an electronic device; verifying an identity of the electronic device according to the first token; in response to the identity being confirmed, generating a second token comprising at least partial content of the first token; securing a boot package corresponding to the request by the second token; and sending the second token and the secured boot package to the electronic device.
These and other objectives of the present invention will no doubt become obvious to those of ordinary skill in the art after reading the following detailed description of the preferred embodiment that is illustrated in the various figures and drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates a data authentication system according to an embodiment of the invention.
FIG. 2 illustrates a block diagram of the electronic device according to an embodiment of the invention.
FIG. 3 illustrates a secure boot method according to an embodiment of the invention.
FIG. 4 illustrates identification token generation according to an embodiment of the invention.
FIG. 5 depicts an embodiment of boot package processing flow according to an embodiment of the invention.
FIG. 6 illustrates embodiment of authentication token and secure boot package generation according to an embodiment of the invention.
FIG. 7 illustrates embodiment of secure boot package processing flow of the service provider of the invention.
FIG. 8 depicts an embodiment of boot package verification flow of the electronic device of the invention
 DETAILED DESCRIPTION
The invention discloses system and method for temporary secure boot processing of an electronic device. The electronic device may send request to a service provider for providing a boot package that can only be executed temporarily. To ensure security of the request, the electronic device may generate a token along with the request. In response to the request, the service provider may verify the token to determine identity of request sender. Once confirmed, the service provider sends a secure boot package along with another token. The electronic device also verifies the token and the secure boot package to confirm the identity of the service provider. The electronic device and the service provider may generate the tokens according to particular information held by the two parties only. In addition, to avoid such information being stolen by malicious party, the electronic device may process the request and the token in a secure domain that cannot be accessed by unauthorized user.
Please refer to FIG. 1, which illustrates a secure boot processing system according to an embodiment of the invention. As illustrated, the system comprises an electronic device 100 and a service provider 200. The electronic device 100 may be a handheld device such as mobile phone, tablet, game console, PDA, and/or other kinds. The electronic device 100 may also be a personal computer, desktop computer, laptop computer. In some circumstances, user might wish to boot up the electronic device 100 without affecting operating system or revealing personal data, for example the electronic device is sent to care center for inspection. User might lock the electronic device 100 with some security mechanism, such as password or unlock pattern. In order to preserve privacy of user but still be able to inspect the functionality of the electronic device 100, another boot package may be executed temporarily in a secure domain and be removed upon completion of execution. To obtain the temporary boot package, the electronic device may send a request to the service provider 200 for downloading the temporary boot package, such as manufacturer of the electronic device 100. The electronic device 100 may send an identification (ID) token which contains unique information corresponding to the electronic device 100 along with the request to the service provider 200. The request and the ID token may also be stored in a memory device, such as SD or micro SD card, and be transmitted to the service provider via another electronic device, such as a personal computer. User may communicate with the service provider 200 through the other electronic device, for example logging on the service provider and uploading the ID token via a personal computer.
The service provider 200 may verify identity of the electronic device 100 and record the activity for security reason. In response to the request and confirmation of the ID token, the service provider 200 may send back a secure boot package along with an authentication token to the electronic device 100. The authentication token is also verified by the electronic device 100 so as to confirm the identity of boot package sender. Once confirmed, the electronic device 100 may execute the boot package temporarily and reboot by normal procedure when the execution of the boot package finishes. Similarly, the boot package and the authentication token may be received by the other electronic device that sends the request and be stored in a storage device that can be accessed by the electronic device 100. For example, when the service provider 200 verifies the ID token sent by a logged-in user, the user then may access the secure boot package and the authentication token by downloading them and storing in the SD/micro SD card or hard-disk memory of a personal computer. The electronic device 100 can access the files from the SD or micro SD card or by connecting to the personal computer via USB connection.
Next please refer to FIG. 2, which illustrates a block diagram of the electronic device 100 according to an embodiment of the invention. The electronic device 100 comprises, among others, a processor 110 and a communication interface 170. The processor 110 is configured to execute at least an operating system and a plurality of applications in normal domain (not shown) and private programs in a secure domain 120. The secure domain 120 may be configured to execute applications and/or programs with security demand. In the embodiment of the invention, the secure domain 120 may comprise, among others, a token generator 130, a token verification unit 140, a boot package execution unit 150, and a key pair unit 160. The token generator 130 is configured to generate the ID token sent to the service provider 200, and the token verification unit 140 is configured to verify the authentication token received from the service provider 200. The token generator 130 generates the ID token from unique information of the electronic device 100, such as identification data. The identification data may be device serial number, IMEI number, MAC address, IMSI number, and/or other information that is unique and can be used to specify the electronic device 100. Furthermore, to provide better security, the ID token is generated by combining other data generated in random. The unique information and the random data may be processed by a predetermined algorithm and secured by a key that is known to the electronic device 100 and the service provider 200 only. The predetermined algorithm may be an encryption algorithm known in the art.
The token verification unit 140 verifies the authentication token according to another predetermined algorithm, which may be a decryption algorithm known in the art. Both the electronic device 100 and the service provider 200 may possess at least one pair of keys used for encryption and decryption. The key pair is stored in the key pair unit 160. The keys may be stored during manufacturing stage or obtained by a secure procedure, and different electronic device 100 may hold different pair of keys. The key pair may be RSA public and private key pair. The electronic device 100 holds the public key while the service provider 200 holds the private key. The ID token may be generated by encrypting the identification data and the random data by the public key of the electronic device 100, and be verified by the service provider 200 by using the private key for decryption. Therefore, the token generator 130 and the service provider 200 may share corresponding pair of algorithms for encryption and decryption respectively. Similarly, the token verification unit 140 shares corresponding pair of algorithms for decryption with the service provider 200. Details of the token generation and verification will be described later.
The boot package execution unit 150 is configured to execute the boot package received from the service provider 200 upon verification of the authentication token being confirmed. To provide better security, the boot package may be further secured by a key, and the boot package execution unit 150 may verify the secure boot package prior to execution. In this case, as described above, the boot package execution unit 150 may access corresponding key in the key pair unit 160 and use corresponding algorithms for boot package protection. Similar to the tokens, the service provider 200 may secure the boot package by signing or encrypting with a private key and the boot package execution unit 150 may verify the secure boot package by corresponding public key. For example, the boot package may be signed with a signature generated from the private key of the service provider 200. The boot package may be designated to perform specific tasks, such as file system backup, customization, system check and/or others. The electronic device 100 may send request of particular boot package for specific purpose.
The electronic device 100 also comprises a communication interface 170 which is configured to communicate with the service provider 200. The communication interface may transit the ID token, authentication token and boot package between the electronic device 100 and the service provider 200 via suitable transmission protocol. The transmission protocol may be wired or wireless protocol. The communication interface 170 may be configured to communicate with another electronic device, such as a personal computer. The tokens and boot package are transmitted between the electronic device 100 and the service provider 200 via the other electronic device. For example, the communication interface may be a USB interface or memory interface.
FIG. 3 illustrates a secure boot method according to an embodiment of the invention. The method may be implemented by the system shown in FIG. 1. The method starts from generating an ID token by the electronic device 100 in step 310. The ID token is generated according to some unique data possessed by the electronic device 100 and encrypted by one key of a first key pair. Then the ID token is sent from the electronic device 100 to the service provider 200 in step 320. The ID token may be attached to a request for demanding a boot package or combined within the request. The service provider 200 may verify the ID token to confirm identity of requesting device and whether it is reliable (step 330). The ID token may be verifies by another key of the key pair. In response to confirmation of the ID token, the service provider 200 generates an authentication token which comprises information that should be verified by the receiver (i.e. the electronic device 100 in this embodiment) in step 340. Then the service provider 200 sends the authentication token along with secure boot package to the electronic device 100 (step 350). The authentication token may be generated from the content within the ID token and encrypted by another key of the first key pair. In other embodiments, the authentication token may further comprise other information that needs to be verified by the receiver and be processed by other operations, such as SHA. Upon receiving the authentication token, the electronic device first verifies the authentication token in step 360. Similarly, the authentication token may be verified by the key held by the electronic device 100. The electronic device 100 also verifies the secure boot package according to a key, which may be one of another key pair shared by the electronic device 100 and the service provider 200 (step 370). If both the authentication token and the secure boot package are confirmed, the secure boot package is executed in a secure domain for temporarily booting up the electronic device 100 to perform specific task in step 380. Upon completion of the execution of the secure boot package, the electronic device 100 will be restarted by normal boot procedure in step 390. While restarting, the secure boot package may be erased from the electronic device 100 and thus cannot be executed again.
In below token generations and verifications will be described in further details. FIG. 4 illustrates identification token generation according to an embodiment of the invention. As shown in FIG. 4, the identification token is generated from identification data of the electronic device 100 and random data. The identification data may be device serial number, IMEI number, MAC address, IMSI and/or other data that is unique and can be used to identify the electronic device 100. The random data can only be used for once to ensure security. The random data may also be used to hide the identification data from stealing. In one embodiment of the invention, the length of the random data is longer than the identification data. Therefore, identification token of each request would be different for each request and is only valid to corresponding request. The ID data and random data are processed by a first algorithm according to a first public key of a key pair. For each key pair, a public key is held by the electronic device 100 and the private key is held by the service provider 200. The electronic device 100 may not know the private key, but it can be verified by the public key as known in the art. The first algorithm may be any kind of encryption algorithm, such as RSA encryption.
Next please refer to FIG. 5, which depicts an embodiment of boot package processing flow of the electronic device 100. The processing flow starts from step 510, an identification token is generated according to a first public key and sent to the service provider 200 along with a request for boot package. The ID token may be generated according to FIG. 4. The first public key is one of a key pair comprising the first public key and a corresponding first private key. The first public key is held by the electronic device 100 and the first private key is held by the service provider 200. One or more key pairs may be shared by the electronic device 100 and the service provider 200. Next an authentication token and a secure boot package corresponding to the ID token are received from the service provider 200 (step 520). The ID token, authentication token and the secure boot package may be transmitted via wireless protocol and/or accessed via a storage device. For example, the authentication and the secure boot package may be downloaded and stored in an SD card or micro SD card. The electronic device 100 then verifies the authentication token according to the first public key in step 530. The authentication token may be verified by decrypting the authentication token by the first public key and confirming the content within. Upon confirmation of the authentication token, the electronic device next verifies the secure boot package according to a second public key in step 540. Similarly, the second public key may correspond to a second private key used to sign or encrypt the secure boot package. Next the secure boot package is executed according to the verification result in step 550. If the verification fails, the secure boot package would not be executed and be discarded. If verification is successful, the secure boot package is executed in a secure domain of the electronic device 100. Upon completion of the boot package execution, the electronic device 100 is restarted by normal boot-up procedure and enters the operating system. The identification token and secure boot package may be erased from the electronic device 100. Please note that the random data used to generate the ID token will be cleared as well and cannot be used again.
FIG. 6 illustrates embodiment of authentication token and secure boot package generation of the service provider 200. As described above, authentication token is generated upon confirmation of ID token received from the electronic device 100. Content of the ID token may be used to generate the authentication token so that it can only be verified by the sender of the ID token. In this embodiment, ID data and random data of the electronic device 100 is used to generate the authentication token according to a second algorithm and a first private key. The first private key is in pair with the first public key of FIG. 4, and the second algorithm may be any kind of encryption algorithm as well. In another embodiment of the invention, other data may be combined into the authentication token as well, for example other data that need to be verified. Yet in another embodiment of the invention, the content of the authentication token may be preprocessed before encryption, such as hash operation. The boot package requested by the electronic device 100 is processed by a third algorithm and a second private key to generate a secure boot package too. The second private key is in pair with a second public key held by the electronic device 100 and the third algorithm may be any suitable encryption/compression algorithm or used as a signature. In the embodiment of FIG. 4 and FIG. 6, the key pair may be distributed to the electronic device 100 during manufacturing stage or be requested by certain secure registration procedure to the service provider 200, and be stored in a secure memory that can only be accessed in secure domain.
FIG. 7 illustrates embodiment of secure boot package processing flow of the service provider 200 of the invention. First, an ID token along with a request is received by the service provider 200 in step 710. The request may demand for a boot package of a specific task. Prior to sending the boot package, the ID token is verified according to a first private key in step 720. The ID token comprises information of the request sender's identity and should be generated by a first public key in pair with the first private key. Furthermore, the ID token may be checked to confirm whether the request sender is associated with the service provider 200, for example manufactured by the service provider 200, registered to the service provider 200, and/or other relationships. The service provider 200 may also record an event corresponding to the request. The event may comprise information of the identity of requesting device, time of request received, type of request and confirmation result, etc.
In response to the identification token is confirmed, the service provider 200 generates an authentication token according to content of the ID token and the first private key in step 730. To make sure the response from the service device 200 is sent to the right requesting device, the authentication token may comprise the ID data and the random data within the ID token so that it can only be verified by the requesting device that generates these data. To provide better protection, the ID data and random data may be pre-processed by operations such as hash operation prior to encrypting by the first private key. In other embodiment of the invention, the authentication token may also comprise other information that is necessary. Then the boot package corresponding to the request is secured according to a second private key in step 740. The boot package may be signed with a signature generated by the second private key for example. The authentication token is then sent to the requesting device along with the secured boot package in step 750. In one embodiment of the invention, the token and secured boot package may be sent via wireless protocol. In another embodiment of the invention, the authentication token and boot package may be stored in a storage device that can be accessed by the electronic device 100, such as an SD card.
FIG. 8 depicts an embodiment of boot package verification flow of the electronic device 100 of the invention. Upon receiving the authentication token and the secure boot package, the electronic device 100 needs to verify both of them prior to execution so that it can be ensured the boot package is received from a trusted service provider. The authentication token is processed by a fourth algorithm according to a first public key. The fourth algorithm may be a decryption algorithm corresponding to the second algorithm of FIG. 6, and the first public key is in pair with the first private key. As a result, the authentication token may be decrypted into identification data and random data. The electronic device 100 may compare the decrypted identification data with its own identification to confirm the authentication token is sent from the service provider and it is the right recipient. The decrypted random data may also be compared with the random data of FIG. 4. The secure boot package is processed by a fifth algorithm according to a second private key to confirm the boot package. The fifth algorithm may be a decryption/decompression algorithm corresponding to the third algorithm of FIG. 6 and the second public key is in pair with the second private key. Please note that the public key of the key pairs is held by the electronic device 100 and the private key is held by the service provider 200. In yet another embodiment of the invention, the second key pair may be encrypted within the authentication token and the electronic device 100 can only obtain the second public key in response to confirmation of the authentication token. In the case that the service provider provides boot packages to multiple electronic devices 100, the key pair is different for each electronic device. The algorithms and keys used for token generation and verification may be stored in a secure domain of the electronic device 100 during manufacturing stage or be requested by certain registration process.
In one embodiment of the invention, the electronic device may be a handheld device such as smart phone, tablet, game console, PDA, multimedia player and/or other devices. In one embodiment of the invention, the temporary secure boot process may be initiated by specific user input, such as long press of power button and home key during device boot up. Yet in another embodiment of the invention, the temporary secure boot process may be executed by a boot loader in a secure domain or other software implemented by TrustZone technology, the tokens and boot package may be transmitted via wireless transmission or via hardwire connection to a storage device, such as SD card, USB external memory, etc.
Those skilled in the art will readily observe that numerous modifications and alterations of the device and method may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.

Claims (17)

What is claimed is:
1. A method of temporary secure boot process of an electronic device, comprising:
generating a first token according to an identification data of the electronic device;
sending a request along with the first token to a service provider, the request corresponding to a boot package;
receiving a second token and the boot package from the service provider;
verifying the second token and the boot package; and
executing the boot package according to verification result;
wherein the generating of the first token comprises:
generating random data; and
encrypting the identification data and the random data according to a first key.
2. The method of claim 1, further comprising:
upon completion of the execution, erasing the boot package and then restarting the electronic device.
3. The method of claim 1, wherein the verifying of the second token and the boot package comprises:
decrypting the second token by the first key;
confirming content of the second token with the identification data; and
in response to the second token being confirmed, verifying the boot package by a second key.
4. The method of claim 3, further comprises clearing the random data from the electronic device.
5. The method of claim 1, wherein the identification data is one of the following: device serial number, IMEI number, MAC address and IMSI number.
6. The method of claim 1, wherein the executing of boot package is executed in a secure domain of the electronic device.
7. A system for temporary boot up process, comprising:
an electronic device, configured to execute at least an operating system by a processor, the electronic device comprises:
a token generator, configured to generate a first token by encrypting an identification data of the electronic device and a random data according to a first key;
a token verification unit, configured to verify a second token according to the first key of a first key pair;
a boot package execution unit, configured to execute a secure boot package according to the verification of the second token; and
a key pair unit, configured to store at least the first key, the first key being one key of a first key pair.
8. The system of claim 7, further comprising:
a communication interface unit within the electronic device, configured to transmit the first token and receive the second token and the secure boot package; and
a service provider, configured to verify the first token and to generate the second token according to a second key of the first key pair and to generate the secure boot package according to a third key of a second key pair according to the verification result of the first token.
9. The system of claim 7, wherein the service provider is further configured to generate the second token by encrypting content of the first token according to the second key, and to generate the secure boot package by signing a boot package with the third key.
10. The system of claim 7, wherein the boot package execution unit is further configured to verify the secure boot package according to a fourth key of a second key pair.
11. The system of claim 10, wherein the first key pair is a RSA key pair, the first key is a public key and the second key is a private key; the second key pair is another RSA key pair, the fourth key is a public key and the third key is a private key.
12. The system of claim 10, wherein the fourth key is encrypted within the second token by the service provider, and is obtained by the electronic device by decrypting the second token.
13. The system of claim 7, wherein the secure boot package is downloaded into a storage device accessible by the electronic device.
14. The system of claim 7, wherein the processor is further configured to erase the secure boot package and restart the electronic device upon execution completion of the secure boot package, and execute the operating system.
15. The system of claim 7, wherein the token generator, the token verification unit, the boot package execution unit and the key pair unit are implemented in a secure domain of the electronic device, the secure domain is unable to be accessed by the operating system.
16. A method for boot package processing, comprising:
receiving a first token along with a request from an electronic device;
verifying an identity of the electronic device according to the first token;
in response to the identity being confirmed, generating a second token comprising at least partial content of the first token;
securing a boot package corresponding to the request; and
sending the second token and the secured boot package to the electronic device;
wherein the step of verifying the identity of the electronic device further comprises decrypting the first token to obtain an identification data of the electronic device and a random data according to a second key of a first key pair,
wherein the first token is generated by a first key of the first key pair.
17. The method of claim 16, wherein the step of generating the second token further comprises encrypting at least the identification data and the random data by the first key.
US13/682,752 2011-12-01 2012-11-21 System and method for temporary secure boot of an electronic device Active 2034-02-14 US9270466B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/682,752 US9270466B2 (en) 2011-12-01 2012-11-21 System and method for temporary secure boot of an electronic device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161565955P 2011-12-01 2011-12-01
US13/682,752 US9270466B2 (en) 2011-12-01 2012-11-21 System and method for temporary secure boot of an electronic device

Publications (2)

Publication Number Publication Date
US20130145140A1 US20130145140A1 (en) 2013-06-06
US9270466B2 true US9270466B2 (en) 2016-02-23

Family

ID=48496280

Family Applications (4)

Application Number Title Priority Date Filing Date
US13/674,068 Active 2033-02-02 US9054874B2 (en) 2011-12-01 2012-11-11 System and method for data authentication among processors
US13/682,739 Active US9240889B2 (en) 2011-12-01 2012-11-21 Method and system for secure data access among two devices
US13/682,752 Active 2034-02-14 US9270466B2 (en) 2011-12-01 2012-11-21 System and method for temporary secure boot of an electronic device
US14/686,752 Active US9276753B2 (en) 2011-12-01 2015-04-14 System and method for data authentication among processors

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US13/674,068 Active 2033-02-02 US9054874B2 (en) 2011-12-01 2012-11-11 System and method for data authentication among processors
US13/682,739 Active US9240889B2 (en) 2011-12-01 2012-11-21 Method and system for secure data access among two devices

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/686,752 Active US9276753B2 (en) 2011-12-01 2015-04-14 System and method for data authentication among processors

Country Status (3)

Country Link
US (4) US9054874B2 (en)
CN (3) CN103218571B (en)
TW (3) TWI463349B (en)

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130346571A1 (en) * 2012-06-24 2013-12-26 Sergei MAKAVEEV Computer and method of operation of its network
CN103947151A (en) * 2012-08-24 2014-07-23 索尼公司 Information processing device, information storage device, server, information processing system, information processing method, and program
US9165162B2 (en) * 2012-12-28 2015-10-20 Infineon Technologies Ag Processor arrangements and a method for transmitting a data bit sequence
US9697372B2 (en) * 2013-03-19 2017-07-04 Raytheon Company Methods and apparatuses for securing tethered data
US9712324B2 (en) * 2013-03-19 2017-07-18 Forcepoint Federal Llc Methods and apparatuses for reducing or eliminating unauthorized access to tethered data
KR102087404B1 (en) * 2013-11-12 2020-03-11 삼성전자주식회사 Apparatus and method for processing security packet in eletronic device
CN104866777B (en) * 2014-02-24 2018-01-23 联想(北京)有限公司 A kind of data guard method, device and electronic equipment
US9378345B2 (en) * 2014-04-29 2016-06-28 Bank Of America Corporation Authentication using device ID
US9584509B2 (en) * 2014-05-07 2017-02-28 Cryptography Research, Inc. Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure
CN104901803A (en) * 2014-08-20 2015-09-09 易兴旺 Data interaction safety protection method based on CPK identity authentication technology
FR3026254B1 (en) * 2014-09-19 2016-11-25 Dominique Bolignano PAIRING PROCESS
US10437288B2 (en) 2014-10-06 2019-10-08 Fasetto, Inc. Portable storage device with modular power and housing system
TWI533160B (en) * 2014-11-26 2016-05-11 緯創資通股份有限公司 Electronic system, electronic apparatus and access authentication method thereof
CN105631259A (en) * 2015-04-28 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Power-on verification method, power-on verification device and terminal
EP3258375A1 (en) * 2015-05-07 2017-12-20 Cyber-Ark Software Ltd. Systems and methods for detecting and reacting to malicious activity in computer networks
EP3098744A1 (en) * 2015-05-29 2016-11-30 Orange A remotely protected electronic device
TWI566103B (en) * 2015-11-16 2017-01-11 宇瞻科技股份有限公司 Pcie bridge transformation device and method thereof
US10262164B2 (en) 2016-01-15 2019-04-16 Blockchain Asics Llc Cryptographic ASIC including circuitry-encoded transformation function
WO2018160714A1 (en) * 2016-03-18 2018-09-07 Ozzie Raymond E Providing low risk exceptional access with verification of device possession
US10089116B2 (en) * 2016-03-18 2018-10-02 Uber Technologies, Inc. Secure start system for an autonomous vehicle
CN105933291B (en) * 2016-04-07 2019-04-05 合肥联宝信息技术有限公司 A kind of method, smart machine and the server of smart machine safe handling
KR101782378B1 (en) * 2016-11-03 2017-09-27 시큐리티플랫폼 주식회사 Method for secure boot using signed public key
US10382203B1 (en) * 2016-11-22 2019-08-13 Amazon Technologies, Inc. Associating applications with Internet-of-things (IoT) devices using three-way handshake
US11708051B2 (en) 2017-02-03 2023-07-25 Fasetto, Inc. Systems and methods for data storage in keyed devices
CN106599735B (en) * 2017-02-13 2023-10-24 珠海格力电器股份有限公司 Data protection device, method and storage controller
CN106982119A (en) * 2017-03-07 2017-07-25 记忆科技(深圳)有限公司 A kind of device and TF cards that key is generated based on TF cards characteristic vector
CN108573161B (en) * 2017-03-13 2022-02-18 北京贝塔科技股份有限公司 Encryption method, application lock and electronic equipment
CN108055123A (en) * 2017-11-10 2018-05-18 中国电子科技集团公司第三十二研究所 Unlocking password design method
CN108090366B (en) * 2017-12-05 2020-02-04 深圳云天励飞技术有限公司 Data protection method and device, computer device and readable storage medium
CN108171831B (en) * 2017-12-22 2020-08-21 武汉瑞纳捷电子技术有限公司 Bidirectional security authentication method based on NFC mobile phone and intelligent lock
US10372943B1 (en) 2018-03-20 2019-08-06 Blockchain Asics Llc Cryptographic ASIC with combined transformation and one-way functions
CN108540562A (en) * 2018-04-16 2018-09-14 江苏泓茂新能源科技有限公司 A kind of photovoltaic plant data management system and its working method
EP3782112A4 (en) 2018-04-17 2022-01-05 Fasetto, Inc. Device presentation with real-time feedback
US10256974B1 (en) 2018-04-25 2019-04-09 Blockchain Asics Llc Cryptographic ASIC for key hierarchy enforcement
WO2019217929A1 (en) 2018-05-11 2019-11-14 Lattice Semiconductor Corporation Failure characterization systems and methods for programmable logic devices
CN108804952B (en) * 2018-05-29 2021-06-25 郑州云海信息技术有限公司 Server startup control device and control method
TWI684887B (en) * 2018-06-26 2020-02-11 和碩聯合科技股份有限公司 Automatic verification method and system thereof
US20200106612A1 (en) * 2018-09-28 2020-04-02 Yokogawa Electric Corporation System and method for providing cloud service
CN113518989A (en) * 2018-11-26 2021-10-19 埃姆普里萨有限公司 Multidimensional quantization and distributed automatic system management
CN110955442B (en) * 2019-11-11 2023-03-07 郑州信大先进技术研究院 Bootloader suitable for PCI-E password card
WO2021112603A1 (en) * 2019-12-06 2021-06-10 Samsung Electronics Co., Ltd. Method and electronic device for managing digital keys
KR20210078109A (en) 2019-12-18 2021-06-28 삼성전자주식회사 Storage device and storage system including the same
JP2021099764A (en) * 2019-12-24 2021-07-01 コベルコ建機株式会社 Falsified apparatus specifying system, falsified apparatus specifying program and falsified apparatus specifying method
TWI777118B (en) * 2020-01-06 2022-09-11 聯陽半導體股份有限公司 Restart control device and restart control method
US11228423B2 (en) 2020-01-12 2022-01-18 Advanced New Technologies Co., Ltd. Method and device for security assessment of encryption models
US11949784B2 (en) * 2020-05-13 2024-04-02 Ridgeline, Inc. Auditing for events
US11233640B2 (en) 2020-05-13 2022-01-25 Ridgeline, Inc. Mutation processing for events
US20220006653A1 (en) * 2020-07-02 2022-01-06 SDG Logic Inc. System and methods for confidential computing
TWI743963B (en) 2020-08-25 2021-10-21 瑞昱半導體股份有限公司 Computer system and electronic apparatus having secure boot mechanism and operation status restoring method thereof
CN112019566B (en) * 2020-09-25 2022-04-05 中国农业银行股份有限公司 Data transmission method, server, client and computer storage medium

Citations (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0725512A2 (en) 1995-02-03 1996-08-07 International Business Machines Corporation Data communication system using public keys
US20020073306A1 (en) * 2000-09-08 2002-06-13 Gaspare Aluzzo System and method for protecting information stored on a computer
US20020112161A1 (en) 2001-02-13 2002-08-15 Thomas Fred C. Method and system for software authentication in a computer system
US20040111331A1 (en) 2002-06-25 2004-06-10 Dai Nippon Printing Co., Ltd. Electronic contract system
US20040123109A1 (en) 2002-09-16 2004-06-24 Samsung Electronics Co., Ltd. Method of managing metadata
US6799197B1 (en) 2000-08-29 2004-09-28 Networks Associates Technology, Inc. Secure method and system for using a public network or email to administer to software on a plurality of client computers
US20050097316A1 (en) 2003-11-01 2005-05-05 Kim Dae-Youb Digital signature method based on identification information of group members, and method of acquiring identification information of signed-group member, and digital signature system for performing digital signature based on identification information of group members
TW200539706A (en) 2004-04-02 2005-12-01 Matsushita Electric Ind Co Ltd Unauthorized contents detection system
US6975727B1 (en) 1999-06-22 2005-12-13 Entrust Limited Dynamic security credential generation system and method
CN1731726A (en) 2005-08-09 2006-02-08 刘津立 Safety infrastructure and value-added project composed by mobile phone association server
US7051206B1 (en) 2000-11-07 2006-05-23 Unisys Corporation Self-authentication of value documents using digital signatures
TW200629085A (en) 2004-12-08 2006-08-16 Microsoft Corp Method and system for securely provisioning a client device
US20070214370A1 (en) 2006-03-07 2007-09-13 Kabushiki Kaisha Toshiba Portable terminal
US20070269042A1 (en) 2006-05-17 2007-11-22 Kyocera Mita Corporation Image forming apparatus and image forming system
US20080028209A1 (en) 2002-02-28 2008-01-31 Dare Peter R Method and system for key certification
US20080082813A1 (en) 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
US20080184218A1 (en) * 2007-01-24 2008-07-31 Kenneth Largman Computer system architecture and method having isolated file system management for secure and reliable data processing
US20080189550A1 (en) 2004-09-21 2008-08-07 Snapin Software Inc. Secure Software Execution Such as for Use with a Cell Phone or Mobile Device
US7428750B1 (en) 2003-03-24 2008-09-23 Microsoft Corporation Managing multiple user identities in authentication environments
US20080244271A1 (en) 2007-03-28 2008-10-02 Legend Holdings Ltd Method and system for authentication based on wireless identification, wireless identification and server
TW200841187A (en) 2007-02-02 2008-10-16 Microsoft Corp Bidirectional dynamic offloading of tasks between a host and mobile device
CN101379506A (en) 2006-02-10 2009-03-04 高通股份有限公司 Method and apparatus for securely booting from an external storage device
CN101398764A (en) 2007-09-25 2009-04-01 智多星电子科技有限公司 Portable usb device that boots a computer as a server with security measure
US7552333B2 (en) 2000-08-04 2009-06-23 First Data Corporation Trusted authentication digital signature (tads) system
TW200951848A (en) 2008-03-14 2009-12-16 Avish Jacob Weiner System and method for providing product or service with cellular telephone
US20100005304A1 (en) 2004-03-12 2010-01-07 Hiroshi Maruyama Security and ticketing system control and management
US20100031034A1 (en) 2008-07-29 2010-02-04 Samsung Electronics Co., Ltd. Method and apparatus for protecting file in direct printing
US20100050241A1 (en) 2008-08-20 2010-02-25 Mei Yan Accessing memory device content using a network
US7681048B2 (en) 2006-04-27 2010-03-16 Matthew Thomas Starr Data encryption using a key and moniker for mobile storage media adapted for library storage
TW201021500A (en) 2008-11-27 2010-06-01 Inventec Corp Cell-phone and confidentiality protection method thereof
US20100250925A1 (en) 2006-01-13 2010-09-30 Keytel Co., Ltd. Encrypted file delivery/reception system, electronic file encryption program, and encrypted file delivery/reception method
US20100290076A1 (en) 2009-05-12 2010-11-18 Satoshi Itoh Electronic device and method of controlling electronic device
US20100332820A1 (en) 2008-02-25 2010-12-30 Hideki Matsushima Information security device and information security system
US20110002462A1 (en) 2003-12-09 2011-01-06 Dominic Kotab Security system and method
US20110021181A1 (en) 2008-03-14 2011-01-27 Avish Jacob Weiner System and method for providing product or service with cellular telephone
TW201108699A (en) 2009-06-24 2011-03-01 Vierfire Software Ltd Authentication method and system
TW201110653A (en) 2009-09-04 2011-03-16 Taisys Technologies Co Ltd Mediate platform, IC card, and method for generating authentication key
US20110066859A1 (en) 2009-09-16 2011-03-17 Gm Global Technology Operations, Inc. Flexible broadcast authentication in resource-constrained systems: providing a tradeoff between communication and computational overheads
US20110093714A1 (en) 2009-10-20 2011-04-21 Infineon Technologies Ag Systems and methods for asymmetric cryptographic accessory authentication
TW201137659A (en) 2010-04-28 2011-11-01 Nexcom Int Co Ltd Data deleting method for computer storage device
US20110274273A1 (en) 2004-11-18 2011-11-10 Michael Stephen Fiske Generation of registration codes, keys and passcodes using non-determinism
TW201141125A (en) 2010-03-03 2011-11-16 Htc Corp System for remotely erasing data, method, server, and mobile device thereof, and computer program product
US20110296174A1 (en) 2010-06-01 2011-12-01 Toshiba Tec Kabushiki Kaisha Communication apparatus and communication method
US20120087493A1 (en) * 2010-10-12 2012-04-12 Research In Motion Limited Method for securing credentials in a remote repository
US8165303B1 (en) 2007-05-03 2012-04-24 Adobe Systems Incorporated Method and apparatus for public key cryptography
US20120240211A1 (en) * 2011-03-14 2012-09-20 Verizon Patent And Licensing Inc. Policy-based authentication
US20120294445A1 (en) 2011-05-16 2012-11-22 Microsoft Corporation Credential storage structure with encrypted password
US8393001B1 (en) 2002-07-26 2013-03-05 Mcafee, Inc. Secure signature server system and associated method
US20130117564A1 (en) * 2011-11-04 2013-05-09 International Business Machines Corporation Managing security for computer services
US8527618B1 (en) * 2004-09-24 2013-09-03 Emc Corporation Repercussionless ephemeral agent for scalable parallel operation of distributed computers

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9628269B2 (en) * 2001-07-10 2017-04-18 Blackberry Limited System and method for secure message key caching in a mobile communication device
JP4731624B2 (en) * 2006-05-21 2011-07-27 インターナショナル・ビジネス・マシーンズ・コーポレーション Assertion message signature

Patent Citations (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0725512A2 (en) 1995-02-03 1996-08-07 International Business Machines Corporation Data communication system using public keys
US6975727B1 (en) 1999-06-22 2005-12-13 Entrust Limited Dynamic security credential generation system and method
US20080082813A1 (en) 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
US7552333B2 (en) 2000-08-04 2009-06-23 First Data Corporation Trusted authentication digital signature (tads) system
US6799197B1 (en) 2000-08-29 2004-09-28 Networks Associates Technology, Inc. Secure method and system for using a public network or email to administer to software on a plurality of client computers
US20020073306A1 (en) * 2000-09-08 2002-06-13 Gaspare Aluzzo System and method for protecting information stored on a computer
US7051206B1 (en) 2000-11-07 2006-05-23 Unisys Corporation Self-authentication of value documents using digital signatures
US20020112161A1 (en) 2001-02-13 2002-08-15 Thomas Fred C. Method and system for software authentication in a computer system
US20080028209A1 (en) 2002-02-28 2008-01-31 Dare Peter R Method and system for key certification
US20040111331A1 (en) 2002-06-25 2004-06-10 Dai Nippon Printing Co., Ltd. Electronic contract system
US8393001B1 (en) 2002-07-26 2013-03-05 Mcafee, Inc. Secure signature server system and associated method
US20040123109A1 (en) 2002-09-16 2004-06-24 Samsung Electronics Co., Ltd. Method of managing metadata
US8301884B2 (en) 2002-09-16 2012-10-30 Samsung Electronics Co., Ltd. Method of managing metadata
US7428750B1 (en) 2003-03-24 2008-09-23 Microsoft Corporation Managing multiple user identities in authentication environments
US20050097316A1 (en) 2003-11-01 2005-05-05 Kim Dae-Youb Digital signature method based on identification information of group members, and method of acquiring identification information of signed-group member, and digital signature system for performing digital signature based on identification information of group members
US20110002462A1 (en) 2003-12-09 2011-01-06 Dominic Kotab Security system and method
US20100005304A1 (en) 2004-03-12 2010-01-07 Hiroshi Maruyama Security and ticketing system control and management
TW200539706A (en) 2004-04-02 2005-12-01 Matsushita Electric Ind Co Ltd Unauthorized contents detection system
US20080189550A1 (en) 2004-09-21 2008-08-07 Snapin Software Inc. Secure Software Execution Such as for Use with a Cell Phone or Mobile Device
US8527618B1 (en) * 2004-09-24 2013-09-03 Emc Corporation Repercussionless ephemeral agent for scalable parallel operation of distributed computers
US20110274273A1 (en) 2004-11-18 2011-11-10 Michael Stephen Fiske Generation of registration codes, keys and passcodes using non-determinism
TW200629085A (en) 2004-12-08 2006-08-16 Microsoft Corp Method and system for securely provisioning a client device
CN1731726A (en) 2005-08-09 2006-02-08 刘津立 Safety infrastructure and value-added project composed by mobile phone association server
US20100250925A1 (en) 2006-01-13 2010-09-30 Keytel Co., Ltd. Encrypted file delivery/reception system, electronic file encryption program, and encrypted file delivery/reception method
CN101379506A (en) 2006-02-10 2009-03-04 高通股份有限公司 Method and apparatus for securely booting from an external storage device
US20070214370A1 (en) 2006-03-07 2007-09-13 Kabushiki Kaisha Toshiba Portable terminal
US7681048B2 (en) 2006-04-27 2010-03-16 Matthew Thomas Starr Data encryption using a key and moniker for mobile storage media adapted for library storage
US20070269042A1 (en) 2006-05-17 2007-11-22 Kyocera Mita Corporation Image forming apparatus and image forming system
US20080184218A1 (en) * 2007-01-24 2008-07-31 Kenneth Largman Computer system architecture and method having isolated file system management for secure and reliable data processing
TW200841187A (en) 2007-02-02 2008-10-16 Microsoft Corp Bidirectional dynamic offloading of tasks between a host and mobile device
US20080244271A1 (en) 2007-03-28 2008-10-02 Legend Holdings Ltd Method and system for authentication based on wireless identification, wireless identification and server
US8165303B1 (en) 2007-05-03 2012-04-24 Adobe Systems Incorporated Method and apparatus for public key cryptography
CN101398764A (en) 2007-09-25 2009-04-01 智多星电子科技有限公司 Portable usb device that boots a computer as a server with security measure
TW200915183A (en) 2007-09-25 2009-04-01 Super Talent Electronics Inc Portable USB device that boots a computer as a server with security measure
US20100332820A1 (en) 2008-02-25 2010-12-30 Hideki Matsushima Information security device and information security system
TW200951848A (en) 2008-03-14 2009-12-16 Avish Jacob Weiner System and method for providing product or service with cellular telephone
CN102007505A (en) 2008-03-14 2011-04-06 艾维什·雅各布·温纳 System and method for providing product or service with cellular telephone
US20110021181A1 (en) 2008-03-14 2011-01-27 Avish Jacob Weiner System and method for providing product or service with cellular telephone
US20100031034A1 (en) 2008-07-29 2010-02-04 Samsung Electronics Co., Ltd. Method and apparatus for protecting file in direct printing
US20100050241A1 (en) 2008-08-20 2010-02-25 Mei Yan Accessing memory device content using a network
TW201021500A (en) 2008-11-27 2010-06-01 Inventec Corp Cell-phone and confidentiality protection method thereof
US20100290076A1 (en) 2009-05-12 2010-11-18 Satoshi Itoh Electronic device and method of controlling electronic device
TW201108699A (en) 2009-06-24 2011-03-01 Vierfire Software Ltd Authentication method and system
TW201110653A (en) 2009-09-04 2011-03-16 Taisys Technologies Co Ltd Mediate platform, IC card, and method for generating authentication key
US20110066859A1 (en) 2009-09-16 2011-03-17 Gm Global Technology Operations, Inc. Flexible broadcast authentication in resource-constrained systems: providing a tradeoff between communication and computational overheads
US8452969B2 (en) 2009-09-16 2013-05-28 GM Global Technology Operations LLC Flexible broadcast authentication in resource-constrained systems: providing a tradeoff between communication and computational overheads
US20110093714A1 (en) 2009-10-20 2011-04-21 Infineon Technologies Ag Systems and methods for asymmetric cryptographic accessory authentication
TW201141125A (en) 2010-03-03 2011-11-16 Htc Corp System for remotely erasing data, method, server, and mobile device thereof, and computer program product
TW201137659A (en) 2010-04-28 2011-11-01 Nexcom Int Co Ltd Data deleting method for computer storage device
US20110296174A1 (en) 2010-06-01 2011-12-01 Toshiba Tec Kabushiki Kaisha Communication apparatus and communication method
US20120087493A1 (en) * 2010-10-12 2012-04-12 Research In Motion Limited Method for securing credentials in a remote repository
US20120240211A1 (en) * 2011-03-14 2012-09-20 Verizon Patent And Licensing Inc. Policy-based authentication
US20120294445A1 (en) 2011-05-16 2012-11-22 Microsoft Corporation Credential storage structure with encrypted password
US20130117564A1 (en) * 2011-11-04 2013-05-09 International Business Machines Corporation Managing security for computer services

Non-Patent Citations (13)

* Cited by examiner, † Cited by third party
Title
Notice of Allowance mailed on Jan. 28,2015 for the Taiwan application No. 101144442, filing date: Nov. 28, 2012, p. 1-5.
Notice of Allowance mailed on Nov. 16, 2015 for the U.S. Appl. No. 14/686,752, filed Apr. 14, 2015, p. 1-20.
Notice of Allowance mailed on Sep. 14, 2015 for the U.S. Appl. No. 13/682,739, filed Nov. 21, 2012, p. 1-18.
Office action mailed on Apr. 30, 2015 for the U.S. Appl. No. 13/682,739, filed Nov. 21, 2012, p. 1-41.
Office action mailed on Dec. 29, 2014 for the Taiwan application No. 101144444, filed Nov. 28, 2012, p. 1-9.
Office action mailed on Feb. 11, 2014 for the U.S. Appl. No. 13/682,739, filed Nov. 21, 2012, p. 1-23.
Office action mailed on Feb. 2, 2015 for the China application No. 201210510215.9, filing date Dec. 3, 2012, p. 1-13.
Office action mailed on Jul. 17, 2014 for the U.S. Appl. No. 13/682,739, filed Nov. 21, 2012, p. 1-27.
Office action mailed on Jun. 16, 2014 for the Taiwan application No. 101144442, filing date Nov. 28, 2012, p. 1-9.
Office action mailed on May. 29, 2015 for the China application No. 201210511241.3, filing date Dec. 3, 2012, p. 1-6.
Office action mailed on Sep. 24, 2014 for the U.S. Appl. No. 13/674,068, filed Nov. 11, 2012, p. 1-17.
Yandji et al., "Research on a Normal File Encryption and Decryption," Computer and Management (Caman), 2011 IEEE International Conference on Year: 2011, pp. 1-4.
Zugenmaier et al., "Transparent Encryption for External Storage Media with Key Management Adapted to Mobile Use," Annual Computer Security Applications Conference, 2009 IEEE computer society, ACSAC.2009.38 Year: 2009 pp. 333-339.

Also Published As

Publication number Publication date
US20150222438A1 (en) 2015-08-06
TWI484812B (en) 2015-05-11
TW201324225A (en) 2013-06-16
TWI489315B (en) 2015-06-21
CN103177223B (en) 2016-01-20
TW201325174A (en) 2013-06-16
US9240889B2 (en) 2016-01-19
CN103218571A (en) 2013-07-24
US20130145166A1 (en) 2013-06-06
TWI463349B (en) 2014-12-01
US9054874B2 (en) 2015-06-09
US20130145171A1 (en) 2013-06-06
CN103218571B (en) 2017-04-12
CN103136463A (en) 2013-06-05
CN103136463B (en) 2016-08-31
TW201329779A (en) 2013-07-16
US20130145140A1 (en) 2013-06-06
CN103177223A (en) 2013-06-26
US9276753B2 (en) 2016-03-01

Similar Documents

Publication Publication Date Title
US9270466B2 (en) System and method for temporary secure boot of an electronic device
US10721080B2 (en) Key-attestation-contingent certificate issuance
US9281949B2 (en) Device using secure processing zone to establish trust for digital rights management
CN108335105B (en) Data processing method and related equipment
US20160132681A1 (en) Method for performing a secure boot of a computing system and computing system
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
JP2020519050A (en) Cryptographic chip with identity verification
JP2012065123A (en) Ic card system, communication terminal therefor and portable terminal therefor
JP6199712B2 (en) Communication terminal device, communication terminal association method, and computer program
KR20070059891A (en) Application authentication security system and method thereof
CN109474431B (en) Client authentication method and computer readable storage medium
CN113127844A (en) Variable access method, device, system, equipment and medium
KR20210132721A (en) Secure communication when accessing the network
CN109302442B (en) Data storage proving method and related equipment
KR102026279B1 (en) How to manage your application
CN110659522B (en) Storage medium security authentication method and device, computer equipment and storage medium
US20200195638A1 (en) Secure access to encrypted data of a user terminal
CN111246480A (en) Application communication method, system, equipment and storage medium based on SIM card
US10382430B2 (en) User information management system; user information management method; program, and recording medium on which it is recorded, for management server; program, and recording medium on which it is recorded, for user terminal; and program, and recording medium on which it is recorded, for service server
CN115361168B (en) Data encryption method, device, equipment and medium
CN113987461A (en) Identity authentication method and device and electronic equipment
CN115361140A (en) Method and device for verifying security chip key
CN115442805A (en) Key retrieving method, server and identification card

Legal Events

Date Code Title Description
AS Assignment

Owner name: HTC CORPORATION, TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HSIEN, CHAO-CHUNG;REEL/FRAME:029333/0916

Effective date: 20121114

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8