SECURE BOOT WITH OPTIONAL COMPONENTS METHOD
First Claim
Patent Images
1. A device connectable to a server, comprising:
- a storing unit configured to store a plurality of pieces of software and a plurality of certificates associated with the plurality of pieces of the software, each of the plurality of pieces of the software being assigned to one certificate, each of the plurality of certificates being used to verify each of the plurality of pieces of the software;
a setting unit configured to set to the device one of the plurality of pieces of software as enabled one of the plurality of pieces of software, the enabled one of the plurality of pieces of software being capable of being executed at the device;
an executing unit configured to verify the enabled one of the plurality of pieces of software using the certificate associated with the enabled one of the plurality of pieces of software, and to execute the enabled and verified one of the plurality of pieces of software after the verification;
a receiving unit configured to receive from the server, a plurality of updated certificates corresponding to predetermined certificates determined to be updated among the plurality of the certificates by the server, the server determining the certificates to be updated without detecting which one of the plurality of updated certificates is corresponding to the enabled one of the plurality of pieces of software; and
a selecting unit configured to select, from the received plurality of the updated certificates, one updated certificate corresponding to the certificate associated with the enabled one of the plurality of pieces of software,wherein the executing unit is configured to verify the enabled one of the plurality of pieces of software using the one updated and selected certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is executed which is for managing the optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit which stores a plurality of pieces of software and a plurality of certificates; a receiving unit which receives the certificates; and a selecting unit which selects one of the certificates. The device further includes an executing unit which verifies an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.
116 Citations
15 Claims
-
1. A device connectable to a server, comprising:
-
a storing unit configured to store a plurality of pieces of software and a plurality of certificates associated with the plurality of pieces of the software, each of the plurality of pieces of the software being assigned to one certificate, each of the plurality of certificates being used to verify each of the plurality of pieces of the software; a setting unit configured to set to the device one of the plurality of pieces of software as enabled one of the plurality of pieces of software, the enabled one of the plurality of pieces of software being capable of being executed at the device; an executing unit configured to verify the enabled one of the plurality of pieces of software using the certificate associated with the enabled one of the plurality of pieces of software, and to execute the enabled and verified one of the plurality of pieces of software after the verification; a receiving unit configured to receive from the server, a plurality of updated certificates corresponding to predetermined certificates determined to be updated among the plurality of the certificates by the server, the server determining the certificates to be updated without detecting which one of the plurality of updated certificates is corresponding to the enabled one of the plurality of pieces of software; and a selecting unit configured to select, from the received plurality of the updated certificates, one updated certificate corresponding to the certificate associated with the enabled one of the plurality of pieces of software, wherein the executing unit is configured to verify the enabled one of the plurality of pieces of software using the one updated and selected certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for a device connectable to a server comprising:
-
storing a plurality of pieces of software and a plurality of certificates associated with the plurality of pieces of the software, each of the plurality of pieces of the software being assigned to one certificate, each of the plurality of certificates being used to verify each of the plurality of pieces of the software; setting to the device one of the plurality of pieces of software as enabled one of the plurality of pieces of software, the enabled one of the plurality of pieces of software being capable of being executed at the device; verifying the enabled one of the plurality of pieces of software using the certificate associated with the enabled one of the plurality of pieces of software, and executing the enabled and verified one of the plurality of pieces of software after the verification; receiving from the server, a plurality of updated certificates corresponding to predetermined certificates determined to be updated among the plurality of the certificates by the server, the server determining the certificates to be updated without detecting which one of the plurality of updated certificates is corresponding to the enabled one of the plurality of pieces of software; and selecting, from the received plurality of the updated certificates, one updated certificate corresponding to the certificate associated with the enabled one of the plurality of pieces of software, wherein the executing verifies the enabled one of the plurality of pieces of software using the one updated and selected certificate.
-
-
14. A computer-readable recording medium recording a program for device connectable to a server, the program comprising:
-
storing a plurality of pieces of software and a plurality of certificates associated with the plurality of pieces of the software, each of the plurality of pieces of the software being assigned to one certificate, each of the plurality of certificates being used to verify each of the plurality of pieces of the software; setting to the device one of the plurality of pieces of software as enabled one of the plurality of pieces of software, the enabled one of the plurality of pieces of software being capable of being executed at the device; verifying the enabled one of the plurality of pieces of software using the certificate associated with the enabled one of the plurality of pieces of software, and executing the enabled and verified one of the plurality of pieces of software after the verification; receiving from the server, a plurality of updated certificates corresponding to predetermined certificates determined to be updated among the plurality of the certificates by the server, the server determining the certificates to be updated without detecting which one of the plurality of updated certificates is corresponding to the enabled one of the plurality of pieces of software; and selecting, from the received plurality of the updated certificates, one updated certificate corresponding to the certificate associated with the enabled one of the plurality of pieces of software, wherein the executing verifies the enabled one of the plurality of pieces of software using the one updated and selected certificate.
-
-
15. An integrity circuit used for a device connectable to a server comprising:
-
a storing unit configured to store a plurality of pieces of software and a plurality of certificates associated with the plurality of pieces of the software, each of the plurality of pieces of the software being assigned to one certificate, each of the plurality of certificates being used to verify each of the plurality of pieces of the software; a setting unit configured to set to the device one of the plurality of pieces of software as enabled one of the plurality of pieces of software, the enabled one of the plurality of pieces of software being capable of being executed at the device; an executing unit configured to verify the enabled one of the plurality of pieces of software using the certificate associated with the enabled one of the plurality of pieces of software, and to execute the enabled and verified one of the plurality of pieces of software after the verification; a receiving unit configured to receive from the server, a plurality of updated certificates corresponding to predetermined certificates determined to be updated among the plurality of the certificates by the server, the server determining the certificates to be updated without detecting which one of the plurality of updated certificates is corresponding to the enabled one of the plurality of pieces of software; and a selecting unit configured to select, from the received plurality of the updated certificates, one updated certificate corresponding to the certificate associated with the enabled one of the plurality of pieces of software, wherein the executing unit is configured to verify the enabled one of the plurality of pieces of software using the one updated and selected certificate.
-
Specification