Apparatus and method of reading a program into a processor

US 6,141,756 A
Filed: 04/27/1998
Issued: 10/31/2000
Est. Priority Date: 04/27/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising the steps of:

entering a bootstrap mode of a processor;

during the bootstrap mode;

reading, into a memory within the processor, a bootstrap program from a device external to the processor;

decrypting the bootstrap program using a key embedded inside the processor, yielding a decrypted program;

performing authentication verification on the decrypted program;

executing, by the processor, the decrypted program only after the decrypted program is authenticated, and when the decrypted program fails to be authenticated, inhibiting execution of the decrypted program by the processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The following describes an apparatus for and method of providing a secure method of downloading a program into a processor (101) from a device (103) external to the processor (101). The program may be encrypted (207) prior to its entry into the external device (103). The program may also have authentication information added (203 and 207) to it. Authentication information may be provided on an unencrypted and/or an encrypted program. The processor (101) decrypts (307) and/or successfully authenticates (311) the program before allowing the program to be executed by the processor (101).

Citations

26 Claims

1. A method comprising the steps of:
- entering a bootstrap mode of a processor;
  
  during the bootstrap mode;
  
  reading, into a memory within the processor, a bootstrap program from a device external to the processor;
  
  decrypting the bootstrap program using a key embedded inside the processor, yielding a decrypted program;
  
  performing authentication verification on the decrypted program;
  
  executing, by the processor, the decrypted program only after the decrypted program is authenticated, and when the decrypted program fails to be authenticated, inhibiting execution of the decrypted program by the processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising the steps of:
    - determining if the bootstrap program was properly encrypted;
      
      when the bootstrap program was not properly encrypted, inhibiting execution of the program by the processor.
  - 3. The method of claim 1, wherein the bootstrap program is stored as an encrypted bootstrap program in the device external to the processor.
  - 4. The method of claim 1, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of stopping the processor from executing any code from the decrypted bootstrap program until a restart of the processor.
  - 5. The method of claim 1, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of entering the processor into an infinite loop.
  - 6. The method of claim 1, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of indicating the failure to authenticate with an error message.
  - 7. The method of claim 1, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of starting the process again, beginning with the entering step.
  - 8. The method of claim 3, wherein a key needed to decrypt the bootstrap program is not stored on the device external to the processor.
  - 9. The method of claim 3, wherein the step of performing authentication verification comprises the step of performing a checksum on the decrypted program.
  - 10. The method of claim 3, wherein the step of performing authentication verification comprises the step of performing a hash on the decrypted program.
  - 11. The method of claim 3, wherein the step of performing authentication verification comprises the step of performing an encrypted checksum on the decrypted program.
  - 12. The method of claim 3, wherein the step of performing authentication verification comprises the step of checking a digital signature of the decrypted program.
  - 13. The method of claim 3, wherein the key embedded inside the processor is a public decryption key.
  - 14. The method of claim 3, wherein the key embedded inside the processor is a private decryption key.
  - 15. The method of claim 3, wherein the key embedded inside the processor is a symmetric decryption key.
  - 16. The method of claim 3, wherein the key embedded inside the processor is processed into another key that is used to decrypt the program.
  - 17. The method of claim 3, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of preventing the processor from exiting the bootstrap mode unless the decrypted program is authenticated.

18. A processor comprising:
- a first memory, arranged and constructed to obtain a bootstrap program from a device external to the processor during a bootstrap mode;
  
  a decryption processor, operably coupled to the first memory, arranged and constructed to decrypt the bootstrap program utilizing a key stored within the processor during the bootstrap mode;
  
  a second memory arranged and constructed to store, during the bootstrap mode, the decrypted program for subsequent execution by the processor;
  
  wherein the processor is arranged and constructed to performing authentication verification on the decrypted program and execute the decrypted program only after successful authentication of the decrypted program as an intended program.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The processor of claim 18, wherein the bootstrap program is stored as an encrypted bootstrap program in the device external to the processor.
  - 20. The processor of claim 19, wherein a key needed to decrypt the bootstrap program is not stored on the device external to the processor.
  - 21. The processor of claim 18, wherein the processor is arranged and constructed to inhibit execution of the decrypted program by stopping the processor from executing any code from the decrypted bootstrap program until the processor restarts.
  - 22. The processor of claim 18, wherein the processor is arranged and constructed to exit the bootstrap mode only after successful authentication of the decrypted program.

23. A method comprising the steps of:
- entering a bootstrap mode of a processor;
  
  during the bootstrap mode;
  
  reading, by a first memory within the processor, a bootstrap program stored as an encrypted bootstrap program in a device external to the processor;
  
  decrypting the bootstrap program, yielding a decrypted program;
  
  performing authentication verification on the decrypted program;
  
  when the program is authenticated, executing, by the processor, the decrypted program;
  
  when the decrypted program fails to be authenticated, inhibiting execution of the decrypted program by the processor.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23, wherein a key needed to decrypt the bootstrap program is not stored on the device external to the processor.
  - 25. The method of claim 23, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of stopping the processor from executing any code from the decrypted bootstrap program until a restart of the processor.
  - 26. The method of claim 23, wherein the step of inhibiting execution of the decrypted program by the processor comprises the step of preventing the processor from exiting the bootstrap mode unless the decrypted program is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Bright, Michael W., Marquardt, Kelly Jo, Fuchs, Kenneth Carl
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
Callahan, Paul E.

Application Number

US09/067,110
Time in Patent Office

918 Days
Field of Search

380/4, 380/25, 380/287, 395/186, 713/200, 713/2, 713/189, 713/190, 713/191, 713/193, 705/57
US Class Current

726/22
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/6209   to a single file or object,...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/1097   Boot, Start, Initialise, Power

G06F 2221/2147   Locking files

Apparatus and method of reading a program into a processor

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method of reading a program into a processor

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links