METHOD AND APPARATUS FOR DETERRING A TIMING-BASED GLITCH ATTACK DURING A SECURE BOOT PROCESS

US 20140025960A1
Filed: 07/23/2012
Published: 01/23/2014
Est. Priority Date: 07/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number, comprising:

the device generating a pseudorandom number specific to a particular execution of a secure boot process;

the device combining the device-specific number and the pseudorandom number to generate a diversity value; and

the device changing a timing of at least one process step of the secure boot process based on the diversity value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number. In the method, the device generates a pseudorandom number specific to a particular execution of a secure boot process. The device combines the device-specific number and the pseudorandom number to generate a diversity value. The device may change a timing of at least one process step of the secure boot process based on the diversity value. Also, the device may change an order of process steps of the secure boot process based on the diversity value.

26 Citations

View as Search Results

36 Claims

1. A method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number, comprising:
- the device generating a pseudorandom number specific to a particular execution of a secure boot process;
  
  the device combining the device-specific number and the pseudorandom number to generate a diversity value; and
  
  the device changing a timing of at least one process step of the secure boot process based on the diversity value.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as defined in claim 1, wherein the device-specific number comprises a securely stored device-specific key.
  - 3. A method as defined in claim 1, wherein the device-specific number comprises a serial number.
  - 4. A method as defined in claim 1, wherein the device cryptographically combines the device-specific key and the pseudorandom number to generate the diversity value.
  - 5. A method as defined in claim 1, further comprising:
    - the device changing an order of process steps of the secure boot process based on the diversity value.

6. An apparatus with a device-specific number, comprising:
- means for generating a pseudorandom number specific to a particular execution of a secure boot process;
  
  means for combining the device-specific number and the pseudorandom number to generate a diversity value; and
  
  means for changing a timing of at least one process step of the secure boot process based on the diversity value.
- View Dependent Claims (7, 8, 9, 10)
- - 7. An apparatus as defined in claim 6, wherein the device-specific number comprises a securely stored device-specific key.
  - 8. An apparatus as defined in claim 6, wherein the device-specific number comprises a serial number.
  - 9. An apparatus as defined in claim 6, wherein the device-specific key and the pseudorandom number are cryptographically combined to generate the diversity value.
  - 10. An apparatus as defined in claim 6, further comprising:
    - means for changing an order of process steps of the secure boot process based on the diversity value.

11. An apparatus with a device-specific number, comprising:
- a processor configured to;
  
  generate a pseudorandom number specific to a particular execution of a secure boot process;
  
  combine the device-specific number and the pseudorandom number to generate a diversity value; and
  
  change a timing of at least one process step of the secure boot process based on the diversity value.
- View Dependent Claims (12, 13, 14, 15)
- - 12. An apparatus as defined in claim 11, wherein the device-specific number comprises a securely stored device-specific key.
  - 13. An apparatus as defined in claim 11, wherein the device-specific number comprises a serial number.
  - 14. An apparatus as defined in claim 11, wherein the processor is further configured to cryptographically combine the device-specific key and the pseudorandom number to generate the diversity value.
  - 15. An apparatus as defined in claim 11, wherein the processor is further configured to:
    - change an order of process steps of the secure boot process based on the diversity value.

16. A computer program product, comprising:
- computer-readable medium, comprising;
  
  code for causing a computer to generate a pseudorandom number specific to a particular execution of a secure boot process;
  
  code for causing a computer to combine a device-specific number and the pseudorandom number to generate a diversity value; and
  
  code for causing a computer to change a timing of at least one process step of the secure boot process based on the diversity value.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A computer program product as defined in claim 16, wherein the device-specific number comprises a securely stored device-specific key.
  - 18. A computer program product as defined in claim 16, wherein the device-specific number comprises a serial number.
  - 19. A computer program product as defined in claim 16, wherein the device-specific key and the pseudorandom number are cryptographically combined to generate the diversity value.
  - 20. A computer program product as defined in claim 16, wherein the computer-readable medium further comprises:
    - code for causing a computer to change an order of process steps of the secure boot process based on the diversity value.

21. A method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number, comprising:
- the device generating a pseudorandom number specific to a particular execution of a secure boot process;
  
  the device combining the device-specific number and the pseudorandom number to generate a diversity value; and
  
  the device changing an order of process steps of the secure boot process based on the diversity value.
- View Dependent Claims (22, 23, 24)
- - 22. A method as defined in claim 21, wherein the device-specific number comprises a securely stored device-specific key.
  - 23. A method as defined in claim 21, wherein the device-specific number comprises a serial number.
  - 24. A method as defined in claim 21, wherein the device cryptographically combines the device-specific key and the pseudorandom number to generate the diversity value.

25. An apparatus with a device-specific number, comprising:
- means for generating a pseudorandom number specific to a particular execution of a secure boot process;
  
  means for combining the device-specific number and the pseudorandom number to generate a diversity value; and
  
  means for changing an order of process steps of the secure boot process based on the diversity value.
- View Dependent Claims (26, 27, 28)
- - 26. An apparatus as defined in claim 25, wherein the device-specific number comprises a securely stored device-specific key.
  - 27. An apparatus as defined in claim 25, wherein the device-specific number comprises a serial number.
  - 28. An apparatus as defined in claim 25, wherein the device-specific key and the pseudorandom number are cryptographically combined to generate the diversity value.

29. An apparatus with a device-specific number, comprising:
- a processor configured to;
  
  generate a pseudorandom number specific to a particular execution of a secure boot process;
  
  combine the device-specific number and the pseudorandom number to generate a diversity value; and
  
  change an order of process steps of the secure boot process based on the diversity value.
- View Dependent Claims (30, 31, 32)
- - 30. An apparatus as defined in claim 29, wherein the device-specific number comprises a securely stored device-specific key.
  - 31. An apparatus as defined in claim 29, wherein the device-specific number comprises a serial number.
  - 32. An apparatus as defined in claim 29, wherein the processor is further configured to cryptographically combine the device-specific key and the pseudorandom number to generate the diversity value.

33. A computer program product, comprising:
- computer-readable medium, comprising;
  
  code for causing a computer to generate a pseudorandom number specific to a particular execution of a secure boot process;
  
  code for causing a computer to combine a device-specific number and the pseudorandom number to generate a diversity value; and
  
  code for causing a computer to change an order of process steps of the secure boot process based on the diversity value.
- View Dependent Claims (34, 35, 36)
- - 34. A computer program product as defined in claim 33, wherein the device-specific number comprises a securely stored device-specific key.
  - 35. A computer program product as defined in claim 33, wherein the device-specific number comprises a serial number.
  - 36. A computer program product as defined in claim 33, wherein the device-specific key and the pseudorandom number are cryptographically combined to generate the diversity value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
McLEAN, Ivan

Granted Patent

US 9,141,809 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/60   Protecting data

G06F 21/71   to assure secure computing ...

METHOD AND APPARATUS FOR DETERRING A TIMING-BASED GLITCH ATTACK DURING A SECURE BOOT PROCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR DETERRING A TIMING-BASED GLITCH ATTACK DURING A SECURE BOOT PROCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links