The invention discloses system and method of temporary secure boot process of an electronic device. The method comprises: generating a first token according to an identification data of the electronic device; sending a request along with the first token to a service provider, the request corresponding to a boot package; receiving a second token and a boot package from the service provider; verifying the second token and the boot package; and executing the boot package according to verification result.
|
1. A method of temporary secure boot process of an electronic device, comprising:
generating a first token according to an identification data of the electronic device;
sending a request along with the first token to a service provider, the request corresponding to a boot package;
receiving a second token and the boot package from the service provider;
verifying the second token and the boot package; and
executing the boot package according to verification result;
wherein the generating of the first token comprises:
generating random data; and
encrypting the identification data and the random data according to a first key.
7. A system for temporary boot up process, comprising:
an electronic device, configured to execute at least an operating system by a processor, the electronic device comprises:
a token generator, configured to generate a first token by encrypting an identification data of the electronic device and a random data according to a first key;
a token verification unit, configured to verify a second token according to the first key of a first key pair;
a boot package execution unit, configured to execute a secure boot package according to the verification of the second token; and
a key pair unit, configured to store at least the first key, the first key being one key of a first key pair.
16. A method for boot package processing, comprising:
receiving a first token along with a request from an electronic device;
verifying an identity of the electronic device according to the first token;
in response to the identity being confirmed, generating a second token comprising at least partial content of the first token;
securing a boot package corresponding to the request; and
sending the second token and the secured boot package to the electronic device;
wherein the step of verifying the identity of the electronic device further comprises decrypting the first token to obtain an identification data of the electronic device and a random data according to a second key of a first key pair,
wherein the first token is generated by a first key of the first key pair.
2. The method of
upon completion of the execution, erasing the boot package and then restarting the electronic device.
3. The method of
decrypting the second token by the first key;
confirming content of the second token with the identification data; and
in response to the second token being confirmed, verifying the boot package by a second key.
5. The method of
6. The method of
8. The system of
a communication interface unit within the electronic device, configured to transmit the first token and receive the second token and the secure boot package; and
a service provider, configured to verify the first token and to generate the second token according to a second key of the first key pair and to generate the secure boot package according to a third key of a second key pair according to the verification result of the first token.
9. The system of
10. The system of
11. The system of
12. The system of
13. The system of
14. The system of
15. The system of
17. The method of
|
|||||||||||||||||||||||||||
This application claims priority of U.S. Provisional No. 61/565,955 filed on Dec. 1, 2011.
1. Field of the Invention
The invention relates to system and method of temporary secure boot process of an electronic device. More particularly, the invention relates to a temporary secure boot process by use of unique device information.
2. Description of the Prior Art
Electronic devices are installed with an operating system. Normally in a boot up process, a bootloader would initiate components of the electronic device and load the operating system so that a user may operate the electronic device to perform various functions. Some user specific data or user-installed programs are also controlled by the operation system. However, when the electronic device encounters error or is sent to the care center for examination, user might not wish to reveals personal data/files during examination, or the electronic device may not be able to boot up as normal.
The invention discloses system and method of temporary secure boot process of an electronic device. A method of temporary secure boot process according to an embodiment of the invention comprises: generating a first token according to an identification data of the electronic device; sending a request along with the first token to a service provider, the request corresponding to a boot package; receiving a second token and a boot package from the service provider; verifying the second token and the boot package; and executing the boot package according to verification result.
Another embodiment of the invention comprises: an electronic device, configured to execute at least an operating system by a processor. The processor comprises: a token generator, configured to generate a first token according to a first key; a token verification unit, configured to verify a second token according to the first key of a first key pair; a boot package execution unit configured to execute a secure boot package according to the verification of the second token; and a key pair unit configured to store at least the first key, the first key being one key of a first key pair. The system further comprises a communication interface unit within the electronic device configured to transmit the first token and receive the second token and the secure boot package; and a service provider configured to verify the first token and to generate the second token according to a second key of the first key pair and the secure boot package according to a third key of a second key pair according to the verification of the first token.
Yet in another embodiment of the invention discloses method for boot package processing. The method comprises: receiving a first token along with a request from an electronic device; verifying an identity of the electronic device according to the first token; in response to the identity being confirmed, generating a second token comprising at least partial content of the first token; securing a boot package corresponding to the request by the second token; and sending the second token and the secured boot package to the electronic device.
These and other objectives of the present invention will no doubt become obvious to those of ordinary skill in the art after reading the following detailed description of the preferred embodiment that is illustrated in the various figures and drawings.
The invention discloses system and method for temporary secure boot processing of an electronic device. The electronic device may send request to a service provider for providing a boot package that can only be executed temporarily. To ensure security of the request, the electronic device may generate a token along with the request. In response to the request, the service provider may verify the token to determine identity of request sender. Once confirmed, the service provider sends a secure boot package along with another token. The electronic device also verifies the token and the secure boot package to confirm the identity of the service provider. The electronic device and the service provider may generate the tokens according to particular information held by the two parties only. In addition, to avoid such information being stolen by malicious party, the electronic device may process the request and the token in a secure domain that cannot be accessed by unauthorized user.
Please refer to
The service provider 200 may verify identity of the electronic device 100 and record the activity for security reason. In response to the request and confirmation of the ID token, the service provider 200 may send back a secure boot package along with an authentication token to the electronic device 100. The authentication token is also verified by the electronic device 100 so as to confirm the identity of boot package sender. Once confirmed, the electronic device 100 may execute the boot package temporarily and reboot by normal procedure when the execution of the boot package finishes. Similarly, the boot package and the authentication token may be received by the other electronic device that sends the request and be stored in a storage device that can be accessed by the electronic device 100. For example, when the service provider 200 verifies the ID token sent by a logged-in user, the user then may access the secure boot package and the authentication token by downloading them and storing in the SD/micro SD card or hard-disk memory of a personal computer. The electronic device 100 can access the files from the SD or micro SD card or by connecting to the personal computer via USB connection.
Next please refer to
The token verification unit 140 verifies the authentication token according to another predetermined algorithm, which may be a decryption algorithm known in the art. Both the electronic device 100 and the service provider 200 may possess at least one pair of keys used for encryption and decryption. The key pair is stored in the key pair unit 160. The keys may be stored during manufacturing stage or obtained by a secure procedure, and different electronic device 100 may hold different pair of keys. The key pair may be RSA public and private key pair. The electronic device 100 holds the public key while the service provider 200 holds the private key. The ID token may be generated by encrypting the identification data and the random data by the public key of the electronic device 100, and be verified by the service provider 200 by using the private key for decryption. Therefore, the token generator 130 and the service provider 200 may share corresponding pair of algorithms for encryption and decryption respectively. Similarly, the token verification unit 140 shares corresponding pair of algorithms for decryption with the service provider 200. Details of the token generation and verification will be described later.
The boot package execution unit 150 is configured to execute the boot package received from the service provider 200 upon verification of the authentication token being confirmed. To provide better security, the boot package may be further secured by a key, and the boot package execution unit 150 may verify the secure boot package prior to execution. In this case, as described above, the boot package execution unit 150 may access corresponding key in the key pair unit 160 and use corresponding algorithms for boot package protection. Similar to the tokens, the service provider 200 may secure the boot package by signing or encrypting with a private key and the boot package execution unit 150 may verify the secure boot package by corresponding public key. For example, the boot package may be signed with a signature generated from the private key of the service provider 200. The boot package may be designated to perform specific tasks, such as file system backup, customization, system check and/or others. The electronic device 100 may send request of particular boot package for specific purpose.
The electronic device 100 also comprises a communication interface 170 which is configured to communicate with the service provider 200. The communication interface may transit the ID token, authentication token and boot package between the electronic device 100 and the service provider 200 via suitable transmission protocol. The transmission protocol may be wired or wireless protocol. The communication interface 170 may be configured to communicate with another electronic device, such as a personal computer. The tokens and boot package are transmitted between the electronic device 100 and the service provider 200 via the other electronic device. For example, the communication interface may be a USB interface or memory interface.
In below token generations and verifications will be described in further details.
Next please refer to
In response to the identification token is confirmed, the service provider 200 generates an authentication token according to content of the ID token and the first private key in step 730. To make sure the response from the service device 200 is sent to the right requesting device, the authentication token may comprise the ID data and the random data within the ID token so that it can only be verified by the requesting device that generates these data. To provide better protection, the ID data and random data may be pre-processed by operations such as hash operation prior to encrypting by the first private key. In other embodiment of the invention, the authentication token may also comprise other information that is necessary. Then the boot package corresponding to the request is secured according to a second private key in step 740. The boot package may be signed with a signature generated by the second private key for example. The authentication token is then sent to the requesting device along with the secured boot package in step 750. In one embodiment of the invention, the token and secured boot package may be sent via wireless protocol. In another embodiment of the invention, the authentication token and boot package may be stored in a storage device that can be accessed by the electronic device 100, such as an SD card.
In one embodiment of the invention, the electronic device may be a handheld device such as smart phone, tablet, game console, PDA, multimedia player and/or other devices. In one embodiment of the invention, the temporary secure boot process may be initiated by specific user input, such as long press of power button and home key during device boot up. Yet in another embodiment of the invention, the temporary secure boot process may be executed by a boot loader in a secure domain or other software implemented by TrustZone technology, the tokens and boot package may be transmitted via wireless transmission or via hardwire connection to a storage device, such as SD card, USB external memory, etc.
Those skilled in the art will readily observe that numerous modifications and alterations of the device and method may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.
| Patent | Priority | Assignee | Title |
| Patent | Priority | Assignee | Title |
| 6799197, | Aug 29 2000 | McAfee, Inc | Secure method and system for using a public network or email to administer to software on a plurality of client computers |
| 6975727, | Jun 22 1999 | Entrust Corporation | Dynamic security credential generation system and method |
| 7051206, | Nov 07 2000 | Unisys Corporation | Self-authentication of value documents using digital signatures |
| 7428750, | Mar 24 2003 | Microsoft Technology Licensing, LLC | Managing multiple user identities in authentication environments |
| 7552333, | Aug 04 2000 | First Data Corporation | Trusted authentication digital signature (tads) system |
| 7681048, | Apr 27 2006 | Spectra Logic Corporation | Data encryption using a key and moniker for mobile storage media adapted for library storage |
| 8165303, | May 03 2007 | Adobe Inc | Method and apparatus for public key cryptography |
| 8301884, | Sep 16 2002 | SAMSUNG ELECTRONICS CO , LTD | Method of managing metadata |
| 8393001, | Jul 26 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Secure signature server system and associated method |
| 8452969, | Sep 16 2009 | GM Global Technology Operations LLC | Flexible broadcast authentication in resource-constrained systems: providing a tradeoff between communication and computational overheads |
| 8527618, | Sep 24 2004 | EMC IP HOLDING COMPANY LLC | Repercussionless ephemeral agent for scalable parallel operation of distributed computers |
| 20020073306, | |||
| 20020112161, | |||
| 20040111331, | |||
| 20040123109, | |||
| 20050097316, | |||
| 20070214370, | |||
| 20070269042, | |||
| 20080028209, | |||
| 20080082813, | |||
| 20080184218, | |||
| 20080189550, | |||
| 20080244271, | |||
| 20100005304, | |||
| 20100031034, | |||
| 20100050241, | |||
| 20100250925, | |||
| 20100290076, | |||
| 20100332820, | |||
| 20110002462, | |||
| 20110021181, | |||
| 20110066859, | |||
| 20110093714, | |||
| 20110274273, | |||
| 20110296174, | |||
| 20120087493, | |||
| 20120240211, | |||
| 20120294445, | |||
| 20130117564, | |||
| CN101379506, | |||
| CN101398764, | |||
| CN102007505, | |||
| CN1731726, | |||
| EP725512, | |||
| TW200539706, | |||
| TW200629085, | |||
| TW200841187, | |||
| TW200915183, | |||
| TW200951848, | |||
| TW201021500, | |||
| TW201108699, | |||
| TW201110653, | |||
| TW201137659, | |||
| TW201141125, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Nov 14 2012 | HSIEN, CHAO-CHUNG | HTC Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 029333 | /0916 | |
| Nov 21 2012 | HTC Corporation | (assignment on the face of the patent) | / |
| Date | Maintenance Fee Events |
| Aug 08 2019 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
| Aug 09 2023 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Date | Maintenance Schedule |
| Feb 23 2019 | 4 years fee payment window open |
| Aug 23 2019 | 6 months grace period start (w surcharge) |
| Feb 23 2020 | patent expiry (for year 4) |
| Feb 23 2022 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Feb 23 2023 | 8 years fee payment window open |
| Aug 23 2023 | 6 months grace period start (w surcharge) |
| Feb 23 2024 | patent expiry (for year 8) |
| Feb 23 2026 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Feb 23 2027 | 12 years fee payment window open |
| Aug 23 2027 | 6 months grace period start (w surcharge) |
| Feb 23 2028 | patent expiry (for year 12) |
| Feb 23 2030 | 2 years to revive unintentionally abandoned end. (for year 12) |