Secure management of configuration parameters in a computing platform

US 8,122,244 B2
Filed: 07/14/2003
Issued: 02/21/2012
Est. Priority Date: 07/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method of configuring a processing device, comprising the steps of:

accessing a certificate bound to the processing device;

authenticating the certificate;

reading configuration parameters from the certificate, if properly authenticated;

configuring the processing device hardware responsive to the configuration parameters to set one or more of;

a speed of a hardware component of the processing device or access to one or more otherwise inaccessible memory locations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform (10) protects system firmware (30) using a manufacturer certificate (36). The manufacturer certificate binds the system firmware (30) to the particular computing platform (10). The manufacturer certificate also stores configuration parameters and device identification numbers. A secure run-time platform data checker (200) and a secure run-time checker (202) check the system firmware during operation of the computing platform (10) to ensure that the system firmware (30) or information in the manufacturer certificate (36) has not been altered. Application software files (32) and data files (34) are bound to the particular computing device (10) by a platform certificate (38). Configuration parameters may be stored in a data file (34) with an associated platform certificate (38).

64 Citations

View as Search Results

27 Claims

1. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated;
  
  configuring the processing device hardware responsive to the configuration parameters to set one or more of;
  
  a speed of a hardware component of the processing device or access to one or more otherwise inaccessible memory locations.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the steps of accessing the certificate, authenticating the certificate, and reading configuration parameters from the certificate are performed whenever the processing device is initially powered.
  - 3. The method of claim 2 wherein the steps of accessing the certificate, authenticating the certificate, and reading configuration parameters from the certificate are repeated upon a system reset or boot.
  - 4. The method of claim 1 further comprising the step of configuring software in the processing device responsive to the configuration parameters.
  - 5. The method of claim 1 wherein the step of configuring the hardware of the processing device includes the step of selectively enabling or disabling operation of one or more hardware components in addition to the setting one or more of:
    - a speed of a hardware component of the processing device, access to one or more otherwise inaccessible memory locations.

6. A processing device comprising:
- processing circuitry;
  
  a memory coupled to the processing circuitry;
  
  wherein the processing circuitry;
  
  accesses a certificate bound to the processing device and stored in the memory;
  
  authenticates the certificate;
  
  reads configuration parameters from the certificate, if properly authenticated;
  
  configures the processing device responsive to the configuration parameters to set one or more of;
  
  a speed of a hardware component of the processing device or access to one or more otherwise inaccessible memory locations.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The processing device of claim 6 wherein the processing circuitry accesses the certificate, authenticates the certificate, and reads configuration parameters from the certificate whenever the processing device is initially powered.
  - 8. The processing device of claim 7 wherein the processing circuitry accesses the certificate, authenticates the certificate, and reads configuration parameters from the certificate upon a system reset or boot.
  - 9. The processing device of claim 6 wherein the processing circuitry configures software in the processing device responsive to the configuration parameters.
  - 10. The processing device of claim 6 wherein the certificate can be created and modified only by the manufacturer of the processing device.

11. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from a data file associated with the certificate, if the certificate is properly authenticated;
  
  configuring the processing device responsive to the configuration parameters to set one or more of;
  
  a speed of a hardware component of the processing device, or access to one or more otherwise inaccessible memory locations.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11 wherein the steps of accessing the certificate, authenticating the certificate, and reading configuration parameters are performed whenever the processing device is initially powered.
  - 13. The method of claim 12 wherein the steps of accessing the certificate, authenticating the certificate, and reading configuration parameters are repeated upon a system reset or boot.
  - 14. The method of claim 11 and further comprising the step of configuring software in the processing device responsive to the configuration parameters.

15. A processing device comprising:
- processing circuitry;
  
  a memory coupled to the processing circuitry;
  
  wherein the processing circuitry;
  
  accesses a certificate bound to the processing device and stored in the memory;
  
  authenticates the certificate;
  
  reads configuration parameters from a data file associated with the certificate, if the certificate is properly authenticated;
  
  configures the processing device responsive to the configuration parameters to set one or more of a speed of a hardware component of the processing device, or access to one or more otherwise inaccessible memory locations.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The processing device of claim 15 wherein the processing circuitry accesses the certificate, authenticates the certificate, and reads configuration parameters whenever the processing device is initially powered.
  - 17. The processing device of claim 16 wherein the processing circuitry accesses the certificate, authenticates the certificate, and reads configuration parameters upon a system reset or boot.
  - 18. The processing device of claim 15 wherein the processing circuitry configures software in the processing device responsive to the configuration parameters.
  - 19. The processing device of claim 15 wherein the certificate can be created and modified only by the manufacturer of the processing device.

20. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  restoring performance characteristics of the device to a predetermined setting.
- View Dependent Claims (21)
- - 21. The method of claim 20 wherein said step of restoring performance characteristics includes periodic comparison of current hardware performance characteristics with the performance characteristics specified by the configuration parameters.

22. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  configuring the speed of the processing device responsive to the configuration parameters.

23. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  configuring a memory speed for the processing device responsive to the configuration parameters.

24. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  configuring a bus speed for the processing device responsive to the configuration parameters.

25. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  selectively enabling or disabling network hardware responsive to the configuration parameters.

26. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  selectively enabling or disabling audio hardware responsive to the configuration parameters.

27. A method of configuring a processing device, comprising the steps of:
- accessing a certificate bound to the processing device;
  
  authenticating the certificate;
  
  reading configuration parameters from the certificate, if properly authenticated; and
  
  selectively enabling or disabling video hardware responsive to the configuration parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Azema, Jerome, Chateau, Alain, Balard, Eric
Primary Examiner(s)
Gergiso, Techane

Application Number

US10/618,873
Publication Number

US 20040025011A1
Time in Patent Office

3,144 Days
Field of Search

713/156, 709/227
US Class Current

713/156
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/10   Protecting distributed prog...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2212/1052   Security improvement

G06F 2221/2153   Using hardware token as a s...

H04L 2209/603   Digital right managament [DRM]

H04L 2209/80   Wireless network architectu...

H04L 9/0822   using key encryption key

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure management of configuration parameters in a computing platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure management of configuration parameters in a computing platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links