System and method for safe booting electronic devices

US 7,702,907 B2
Filed: 10/01/2004
Issued: 04/20/2010
Est. Priority Date: 10/01/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving by an electronic device at least one first authentication request sent from a remote terminal, said authentication request including an instruction to initiate a safe boot procedure; and

at least partly in response to receiving the at least one first authentication request, entering a restricted mode, wherein the restricted mode causes a processor within the electronic device to execute only trusted software stored within the electronic device prior to receiving the first authentication request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and method for safe booting an electronic device. In situations such as where a virus is infecting various devices within a network, the present invention provides an authentication centre with the ability to instruct a device on the network to safe boot. During the safe boot, it can be arranged such that no third party applications are run, only backup, restoration, or uninstallation of programs are possible, and/or only programs in the device'"'"'s read-only memory are loaded. The present invention also provides a user with the ability to go through the boot process in a step-by-step manner.

Citations

37 Claims

1. A method, comprising:
- receiving by an electronic device at least one first authentication request sent from a remote terminal, said authentication request including an instruction to initiate a safe boot procedure; and
  
  at least partly in response to receiving the at least one first authentication request, entering a restricted mode, wherein the restricted mode causes a processor within the electronic device to execute only trusted software stored within the electronic device prior to receiving the first authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein entering the restricted mode includes:
    - transmitting to the remote terminal at least one response authentication signal in response to the at least one first authentication request; and
      
      at least partly in response to the remote terminal failing to authenticate the at least one response authentication signal, configuring the electronic device to operate in the restricted mode.
  - 3. The method of claim 2, wherein the at least one response authentication signal comprises at least a 32-bit signed response.
  - 4. The method of claim 2, wherein entering the restricted mode includes:
    - receiving by the electronic device at least one second authentication request from the remote terminal;
      
      transmitting at least one second authentication response to the remote terminal; and
      
      starting operation of the electronic device in the restricted mode in response to the remote terminal authenticating the at least one second authentication response.
  - 5. The method of claim 1, wherein the electronic device comprises a mobile telephone.
  - 6. The method of claim 1, wherein the at least one first authentication request is in the form of a random challenge value comprising a predefined value for initiating the restricted mode.
  - 7. The method of claim 6, wherein entering the restricted mode includes:
    - receiving by the electronic device at least one second authentication request from the remote terminal;
      
      wherein the at least one second authentication request is in the form of a random challenge value comprising a generic random challenge value;
      
      transmitting at least one second authentication response to the remote terminal; and
      
      starting operation of the electronic device in the restricted mode in response to the remote terminal authenticating the at least one second authentication response.
  - 8. The method of claim 1, further comprising:
    - before entering the restricted mode, querying a user of the electronic device about entering the restricted mode.

9. A computer-readable storage medium storing instructions that, when executed by a computer, cause the computer to perform as follows:
- receiving by an electronic device at least one first authentication request sent from a remote terminal; and
  
  at least partly in response to receiving the at least one first authentication request, entering a restricted mode, wherein the restricted mode causes a processor within the electronic device to execute only trusted software stored within the electronic device prior to receiving the first authentication request.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-readable storage medium of claim 9, further storing instructions that, when executed by a computer, cause the computer to perform as follows:
    - transmitting to the remote terminal at least one response authentication signal in response to the at least one first authentication request; and
      
      at least partly in response to the remote terminal failing to authenticate the at least one response authentication signal, configuring the electronic device to operate in the restricted mode.
  - 11. The computer-readable storage medium of claim 9, wherein entering the restricted mode includes:
    - transmitting to the remote terminal at least one response authentication signal in response to the at least one first authentication request, wherein the at least one first authentication request is in the form of a random challenge comprising a predefined value for initiating the restricted mode;
      
      receiving by the electronic device at least one second authentication request from the remote terminal, wherein the at least one second authentication request is in the form of a random challenge comprising a generic random challenge value;
      
      transmitting at least one second authentication response to the remote terminal; and
      
      starting operation of the electronic device in the restricted mode in response to the remote terminal authenticating the at least one second authentication response.
  - 12. The computer-readable storage medium of claim 9, further storing instructions that, when executed by a computer, cause the computer to perform as follows:
    - initiating a safe boot operation in response to actuation of a predesignated key combination by the user.
  - 13. The computer-readable storage medium of claim 9, further storing instructions that, when executed by a computer, cause the computer to perform as follows:
    - initiating a safe boot operation in response to a detection of a fatal system failure.
  - 14. The computer readable storage medium of claim 13, wherein the fatal system failure is detected by a device selected from the group consisting of a base boot manager and a system boot manager.
  - 15. The computer-readable storage medium of claim 9, further storing instructions that, when executed by a computer, cause the computer to perform as follows:
    - before initiating the safe boot procedure, querying a user of the electronic device about the upcoming safe boot procedure.

16. A system, comprising:
- an electronic device; and
  
  a remote terminal configured to communicate with the electronic device, the remote terminal being configured to transmit at least one first authentication request to the electronic device, and wherein the electronic device is configured to, after the remote terminal transmits the at least one first authentication request, initiate a safe boot procedure, wherein the safe boot procedure causes a processor within the electronic device to execute only trusted software stored within the electronic device prior to receiving the first authentication request.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The system of claim 16, wherein the electronic device is configured to, in response to the transmission of the at least one first authentication request, set at least one internal flag on the electronic device indicating that the electronic device should boot in a safe mode, and wherein the remote terminal is configured to fail to authenticate at least one response authentication signal from the electronic device, causing the electronic device to at least partly initiate a safe boot procedure on the electronic device.
  - 18. The system of claim 16, wherein the at least one response authentication signal comprises a 32-bit signed response.
  - 19. The system of claim 16, wherein the electronic device comprises a mobile telephone.
  - 20. The system of claim 16, wherein the remote terminal comprises a cellular network authentication center within the network.
  - 21. The system of claim 16, wherein, before the safe boot procedure is initiated, the remote terminal is configured to query a user of the remote terminal about the upcoming safe boot procedure.

22. An apparatus, comprising:
- a processor; and
  
  memory having stored therein computer readable instructions that, when executed by the processor, causes the apparatus to perform the following;
  
  receiving by the apparatus at least one first authentication request from a remote terminal, andat least partly in response to receiving the at least one first authentication request, entering a restricted mode, wherein the restricted mode causes the processor within the apparatus to execute only trusted software, wherein the trusted software is stored within the apparatus prior to receiving the first authentication request.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The apparatus of claim 22, wherein entering the restricted mode includes:
    - transmitting to the remote terminal at least one response authentication signal in response to the at least one first authentication request; and
      
      at least partly in response to the remote terminal failing to authenticate the at least one response authentication signal, configuring the apparatus to operate in the restricted mode.
  - 24. The apparatus of claim 23, wherein the at least one response authentication signal comprises a 32-bit signed response.
  - 25. The apparatus of claim 22, wherein at least a portion of the trusted software is pre-stored on read-only memory.
  - 26. The apparatus of claim 22, wherein the at least one first authentication request is in the form of a random challenge comprising a predefined value for initiating the restricted mode.
  - 27. The apparatus of claim 22, wherein the memory further has stored therein computer readable instructions that, when executed by the processor, causes the apparatus to further perform:
    - before entering the restricted mode, querying a user of the electronic device about entering the restricted mode.

28. An apparatus, comprising:
- a processor, configured to perform the following;
  
  determine that a remote electronic device should be set to safe mode;
  
  in response to the determination, transmit at least one authentication request with a challenge value to the remote electronic device, the challenge value being predetermined to fail the authentication;
  
  receiving from the remote electronic device at least one response authentication signal in response to the at least one authentication request; and
  
  rejecting the authentication.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The apparatus claim 28, wherein the at least one authentication request comprises a safe-boot-specific random challenge.
  - 30. The apparatus of claim 28, wherein the at least one response authentication signal comprises a 32-bit signed response.
  - 31. The apparatus of claim 28, wherein the remote terminal comprises a global system for mobile communications network authentication centre.
  - 32. The apparatus of claim 28, wherein the remote electronic device comprises a Serving general packet radio service Support Node.
  - 33. The apparatus of claim 28, wherein the remote terminal comprises a radio frequency identification device.
  - 34. The apparatus of claim 28, wherein the at least one authentication request is sent over wireless local area network connection.

35. A computer readable medium, storing computer-executable instructions that, when executed by a computer, cause the following to occur:
- determining that a remote electronic device should be set to a safe mode;
  
  in response to the determination, transmitting at least one authentication request with a challenge value to the remote electronic device, the challenge value being predetermined to fail the authentication;
  
  receiving from the remote electronic device at least one response authentication signal in response to the at least one authentication request; and
  
  rejecting the authentication
- View Dependent Claims (36, 37)
- - 36. The computer readable medium of claim 35, wherein the authentication request comprises a safe-boot-specific random challenge.
  - 37. The computer readable medium of claim 35, wherein the at least one response authentication signal comprises a 32-bit signed response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Parnanen, Matti, Paatero, Lauri, Vaha-Sipila, Antti
Primary Examiner(s)
Cervetti; David Garcia

Application Number

US10/956,421
Publication Number

US 20060075216A1
Time in Patent Office

2,027 Days
Field of Search

713164-166, 713/191, 726/3
US Class Current

713/166
CPC Class Codes

G06F 21/575   Secure boot

H04L 63/08   for authentication of entit...

H04W 12/06   Authentication

System and method for safe booting electronic devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for safe booting electronic devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links