公开(公告)号：US08607343B2

公开(公告)日：2013-12-10

申请号：US13246802

申请日：2011-09-27

申请人： Jason D. Gosnell ,  Jerrold V. Hauck ,  Michael Brouwer ,  Tahoma Toelkes

发明人： Jason D. Gosnell ,  Jerrold V. Hauck ,  Michael Brouwer ,  Tahoma Toelkes

IPC分类号： G06F12/14 ,  G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00 ,  H04L9/28

CPC分类号： G06F21/575

摘要： Securely installing and booting software of a device to run OS authorized according to a ticket that is validated by a nonce generated by application processor (AP) in booted OS stage prior to entering a restore mode is described. AP in booted OS stage generates a pre-flight nonce that is stored in a trusted location (effaceable storage). AP in booted OS stage performs one-way hash of pre-flight nonce and sends the hashed pre-flight nonce to ticket authorization server. AP enters restore mode. AP in first stage bootloader receives a ticket from the ticket authorization server including a signed copy of the hashed pre-flight nonce. AP in first stage bootloader validates the signed ticket by comparing one-way hash of the pre-flight nonce stored in the trusted location and the hashed nonce in the signed ticket. Pre-flight nonce expires after timeout period and upon reboot of AP. Other embodiments are also described.

摘要翻译： 描述在进入恢复模式之前，安全地启动设备的软件，以运行根据由应用处理器（AP）在引导的OS阶段中生成的随机数进行验证的故障单授权的操作系统。 引导OS阶段的AP产生存储在受信任位置（可消除存储）中的预飞行时间间隔。 引导OS阶段的AP执行飞行前随机数的单向哈希，并将散列的飞行前随机数发送到授权服务器。 AP进入恢复模式。 第一阶段引导加载程序中的AP从票授权服务器接收到包含散列的飞行前随机数的签名副本的故障单。 第一级引导程序中的AP通过比较存储在可信位置中的飞行前nonce的单向哈希和签名的机票中的散列随机数来验证签名的机票。 超时时间段超时后和AP重新启动时间过期。 还描述了其它实施例。

公开(公告)号：US20120311313A1

公开(公告)日：2012-12-06

申请号：US13246802

申请日：2011-09-27

申请人： Jason D. Gosnell ,  Jerrold V. Hauck ,  Michael Brouwer ,  Tahoma Toelkes

发明人： Jason D. Gosnell ,  Jerrold V. Hauck ,  Michael Brouwer ,  Tahoma Toelkes

IPC分类号： G06F15/177

CPC分类号： G06F21/575

摘要： Securely installing and booting software of a device to run OS authorized according to a ticket that is validated by a nonce generated by application processor (AP) in booted OS stage prior to entering a restore mode is described. AP in booted OS stage generates a pre-flight nonce that is stored in a trusted location (effaceable storage). AP in booted OS stage performs one-way hash of pre-flight nonce and sends the hashed pre-flight nonce to ticket authorization server. AP enters restore mode. AP in first stage bootloader receives a ticket from the ticket authorization server including a signed copy of the hashed pre-flight nonce. AP in first stage bootloader validates the signed ticket by comparing one-way hash of the pre-flight nonce stored in the trusted location and the hashed nonce in the signed ticket. Pre-flight nonce expires after timeout period and upon reboot of AP. Other embodiments are also described.

摘要翻译： 描述在进入恢复模式之前，安全地启动设备的软件，以运行根据由应用处理器（AP）在引导的OS阶段中生成的随机数进行验证的故障单授权的操作系统。 引导OS阶段的AP产生存储在受信任位置（可消除存储）中的预飞行时间间隔。 引导OS阶段的AP执行飞行前随机数的单向哈希，并将散列的飞行前随机数发送到授权服务器。 AP进入恢复模式。 第一阶段引导加载程序中的AP从票授权服务器接收到包含散列的飞行前随机数的签名副本的故障单。 第一级引导程序中的AP通过比较存储在可信位置中的飞行前nonce的单向哈希和签名的机票中的散列随机数来验证签名的机票。 超时时间段超时后和AP重新启动时间过期。 还描述了其它实施例。