MANAGING BOOTING OF SECURE DEVICES WITH UNTRUSTED SOFTWARE

US 20120210113A1
Filed: 02/14/2011
Published: 08/16/2012
Est. Priority Date: 02/14/2011
Status: Active Grant

First Claim

Patent Images

1. On a device having a collection of hardware resources designated as a security block, a method of executing an unsigned operating system, said method comprising:

loading an operating system;

determining that said operating system has not been signed by a trusted entity;

determining that said device is in a first operational mode, said first operational mode allowing execution of unsigned operating systems;

responsive to determining that said device is in said first operational mode, disabling operating system access to said security block; and

executing said operating system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a “factory mode” for the device. The “factory mode” allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the “factory mode”. In contrast to the “factory mode”, the secure mode of the device is referred to herein as a “product mode”. There develops a need to manage, in a secure manner, transitions between the “product mode” and the “factory mode”.

32 Citations

View as Search Results

23 Claims

1. On a device having a collection of hardware resources designated as a security block, a method of executing an unsigned operating system, said method comprising:
- loading an operating system;
  
  determining that said operating system has not been signed by a trusted entity;
  
  determining that said device is in a first operational mode, said first operational mode allowing execution of unsigned operating systems;
  
  responsive to determining that said device is in said first operational mode, disabling operating system access to said security block; and
  
  executing said operating system.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein said security block stores processor fuse settings.
  - 3. The method of claim 1 wherein said security block stores device provisioning data.
  - 4. The method of claim 1 wherein said security block stores authentication keys.
  - 5. The method of claim 1 further comprising erasing stored user data.

6. A secure device comprising:
- a security block; and
  
  a processor adapted to;
  
  load an operating system;
  
  determine that said operating system has not been signed by a trusted entity;
  
  determine that said device is in a first operational mode, said first operational mode allowing execution of unsigned operating systems;
  
  disable operating system access to said security block; and
  
  execute said unsigned operating system.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 19, 20)
- - 7. The secure device of claim 6 further comprising a write-protected read only memory storing a boot loader.
  - 8. The secure device of claim 6 wherein said memory comprises embedded multi media card memory.
  - 9. The secure device of claim 8 wherein said security block comprises secure persistent storage.
  - 10. The secure device of claim 9 wherein said secure persistent storage comprises a relay protected memory block.
  - 11. The secure device of claim 6 wherein said security block stores processor fuse settings.
  - 12. The secure device of claim 6 wherein said security block stores a device-specific cryptographic key.
  - 13. The secure device of claim 6 wherein said security block stores device provisioning data.
  - 14. The secure device of claim 6 wherein said processor is adapted to erase stored user data.
  - 15. The secure device of claim 6 wherein said security block stores an authentication key.
  - 16. The secure device of claim 6 further comprising a write-protected read only memory storing a boot loader and wherein the processor is further adapted to:
    - load said boot loader; and
      
      under instructions from said boot loader, load said operating system.
  - 19. The computer readable medium of claim 15 wherein said security block stores a device-specific cryptographic key
  - 20. The computer readable medium of claim 15 wherein said security block stores a relay protected memory block

17. A computer readable medium containing computer-executable instructions that, when performed by a processor in a secure device, wherein the secure device includes a security block, cause said processor to:
- load an operating system;
  
  determine that said operating system has not been signed by a trusted entity;
  
  determine that said device is in a first operational mode, said first operational mode allowing execution of unsigned operating systems;
  
  disable operating system access to said security block; and
  
  execute said unsigned operating system.
- View Dependent Claims (18, 21, 22, 23)
- - 18. The computer readable medium of claim 17 wherein said security block stores processor fuse settings.
  - 21. The computer readable medium of claim 17 wherein said security block stores device provisioning data.
  - 22. The computer readable medium of claim 17 wherein said computer-executable instructions cause said processor to erase stored user data.
  - 23. The computer readable medium of claim 17 wherein said security block stores an authentication key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Wood, Robert Henderson, Bowman, Roger Paul, Whitehouse, Oliver

Granted Patent

US 9,117,083 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575   Secure boot

G06F 2221/033   Test or assess software

G06F 2221/2105   Dual mode as a secondary as...

MANAGING BOOTING OF SECURE DEVICES WITH UNTRUSTED SOFTWARE

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING BOOTING OF SECURE DEVICES WITH UNTRUSTED SOFTWARE

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links