Secure bootloader for securing digital devices

US 20030056107A1
Filed: 09/17/2001
Published: 03/20/2003
Est. Priority Date: 09/17/2001
Status: Active Grant

First Claim

Patent Images

11. A method for ensuring a secure code re-authoring session during the boot process in a digital device comprising:

A. obtaining a first key and a second key;

B. reading an encrypted object file;

C. computing a first mapping value with said read encrypted object file;

D. decrypting said read encrypted object file;

E. re-encrypting said decrypted object file;

F. storing said re-encrypted object file in a memory;

G. computing a second mapping value with said re-encrypted object file;

H. comparing said first computed mapping value with a mapping value associated with said encrypted object file;

I. storing second mapping value if said comparison was equal; and

J. asserting an error message if said comparison was not equal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure bootloader for securing software and systems in a digital device 110 by ensuring only encrypted and authenticated boot software is loaded and executed in the digital device 110. The encrypted boot software is read into the device 110 and authenticated. If the boot software is not authenticated, then the digital device 110 does not boot.

222 Citations

25 Claims

11. A method for ensuring a secure code re-authoring session during the boot process in a digital device comprising:
- A. obtaining a first key and a second key;
  
  B. reading an encrypted object file;
  
  C. computing a first mapping value with said read encrypted object file;
  
  D. decrypting said read encrypted object file;
  
  E. re-encrypting said decrypted object file;
  
  F. storing said re-encrypted object file in a memory;
  
  G. computing a second mapping value with said re-encrypted object file;
  
  H. comparing said first computed mapping value with a mapping value associated with said encrypted object file;
  
  I. storing second mapping value if said comparison was equal; and
  
  J. asserting an error message if said comparison was not equal.
- View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19)
- - 1. A method for ensuring security during the power-on process of a digital device and its contents comprising:
    - A. computing a first encryption/decryption key;
      
      B. reading a second encryption/decryption key;
      
      C. reading an encrypted object file;
      
      D. computing a mapping value for said encrypted object file;
      
      E. decrypting said encrypted object file;
      
      F. storing said decrypted object file to a storage location;
      
      G. reading a mapping value;
      
      H. comparing said computed mapping value with said read mapping value;
      
      I. executing decrypted object code if said comparison was equal; and
      
      J. asserting an error message if said comparison was not equal.
  - 2. A method for according to claim 1, wherein said second encryption/decryption key is itself encrypted and is decrypted using said first key.
  - 3. A method according to claim 1, further comprising the step of reading an identifier from a second storage location.
  - 4. A method according to claim 3, wherein said identifier comprising a unique device identifier and a unique manufacturer identifier.
  - 5. A method according to claim 3, wherein said identifier comprising a unique device identifier.
  - 6. A method according to claim 3, wherein said step of computing said first key is performed using said identifier.
  - 7. A method according to claim 1, wherein said steps C-F are performed on a portion of said encrypted object file at a time and are repeated until said encrypted object file is completed.
  - 8. A method according to claim 1, wherein said encrypting and decrypting steps are performed using a symmetric key encryption and decryption algorithm.
  - 9. A method according to claim 1, wherein said encrypting and decrypting steps are performed using a public key encryption and decryption algorithm.
  - 10. A method according to claim 1, wherein said step of decrypting said encrypted object file is done using said second encryption/decryption key.
  - 12. A method according to claim 11, comprising the step of reading an identifier from a storage location.
  - 13. A method according to claim 12, wherein said identifier comprising a unique device identifier and a unique manufacturer identifier.
  - 14. A method according to claim 13, wherein said step of obtaining said second key uses said identifier.
  - 15. A method according to claim 12, wherein said step of obtaining first key is done using said unique manufacturer identifier.
  - 16. A method according to claim 11, wherein said step of decrypting said encrypted object code file done using said first key.
  - 17. A method according to claim 11, wherein said encrypting and decrypting steps are performed using a symmetric key encryption and decryption algorithm.
  - 18. A method according to claim 11, wherein said encrypting and decrypting steps are performed using a public key encryption and decryption algorithm.
  - 19. A method according to claim 11, wherein said step of re-encrypting said decrypted object file is done using said second key.

18-1. A method according to claim 11, wherein said steps B-G are performed on a portion of said encrypted object file at a time and are repeated until said encrypted objected file is completed.

20. A digital device for playing secured content with a built-in apparatus for securing said digital device comprising:
- a first storage location for storing content;
  
  a memory for storing program files;
  
  a processor, coupled to said first storage and said memory, to processor configured to decode said content, the processor further comprising;
  
  a read-only memory;
  
  a secure storage location, including an identifier stored therein;
  
  an encryption/decryption circuit, for encrypting and decrypting data using said identifier; and
  
  a mapping value generator, for generating mapping values based on said data for use in authenticating said data.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. A digital device according to claim 20, wherein said processor further comprising a disabled scan-boundary test circuit.
  - 22. A digital device according to claim 20, wherein said processor further comprising a partitioned program memory space for preventing a first program executing within a first partition from interacting with a second program executing within a second partition.
  - 23. A digital device according to claim 20, wherein said processor comprises a digital signal processor.
  - 24. A digital device according to claim 20, wherein said digital device is an audio player
  - 25. A digital device according to claim 20, further comprising an interface for coupling to a personal computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Cammack, William E., Kridner, Jason Douglas

Granted Patent

US 7,237,121 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 21/575 Secure boot

Secure bootloader for securing digital devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

222 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Secure bootloader for securing digital devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

222 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others