What technology area does this patent fall under?

Primary CPC classification G06F21/575. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jan 26 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for secure boot of embedded device

US10902127B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10902127-B2
Application number	US-201816210300-A
Country	US
Kind code	B2
Filing date	Dec 5, 2018
Priority date	Dec 5, 2018
Publication date	Jan 26, 2021
Grant date	Jan 26, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus is an embedded-system device. The embedded-system device loads a first boot loader from a read only section of a storage device in an initialization process of the embedded-system device. The embedded-system device also loads, by the first boot loader, a public key from the read only section. The embedded-system device further generates a first verification code for static code and data stored in a first section of the storage device. The embedded-system device then decrypts, by the first boot loader, an encrypted signature stored in the first section by using the public key to obtain a second verification code. The embedded-system device determines integrity of the static code and data based on the first verification code and the second verification code.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of utilizing an embedded-system device, comprising: loading, on a processor of the embedded-system device, a first boot loader from a read only section of a storage device in an initialization process of the embedded-system device; loading, by the first boot loader, a public key from the read only section; generating a first calculated verification code for first static code and data stored in a first section of a plurality of sections in a multiple-time programmable region of the storage device, wherein the first static code and data in the first section constitute a second boot loader; decrypting, by the first boot loader, a first encrypted signature stored in the first section by using the public key to obtain a first stored verification code; determining integrity of the first static code and data in the first section based on the first calculated verification code and the first stored verification code; generating, by the first boot loader, a respective additional calculated verification code for additional code and data stored in each of one or more additional sections of the plurality of sections other than the first section in the multiple-time programmable region; decrypting, by the first boot loader, a respective additional encrypted signature stored in each of the one or more additional sections by using the public key to obtain a respective additional stored verification code; and determining, by the first boot loader, whether integrity of the additional code and data stored in each of the one or more additional sections is verified based on whether the respective additional calculated verification code matches the respective additional stored verification code; loading, by the first boot loader, the second boot loader when the integrity of the first static code and data in the first section is verified; and loading, by the second boot loader, the additional code and data stored in each of the one or more additional sections when the integrity of the additional code and data stored in each of the one or more additional sections is verified. 2. The method of claim 1 , further comprising: loading signing code from the read only section, wherein the first calculated verification code is generated by employing the signing code. 3. The method of claim 1 , wherein the integrity of the first static code and data is determined to be verified when the first calculated verification code matches the first stored verification code. 4. The method of claim 1 , wherein the integrity of the first static code and data is determined to be tampered when the first calculated verification code does not match the first stored verification code, the method further comprising: aborting the initialization process. 5. The method of claim 1 , wherein the first section includes a header part and a data part, wherein the first encrypted signature is stored in the header part. 6. The method of claim 1 , further comprising: aborting the initialization process when integrity of any of the one or more additional sections is tampered. 7. The method of claim 1 , wherein the first section is divided into a plurality of sub-sections each including a data part storing code and data for a respective functionality and a header part, wherein the code and data stored in the first section include header parts and data parts of all of the plurality of sub-sections. 8. An apparatus, the apparatus being an embedded-system device, comprising: a memory; and at least one processor coupled to the memory and configured to: load a first boot loader from a read only section of a storage device in an initialization process of the embedded-system device; load, by the first boot loader, a public key from the read only section; generate a first calculated verification code for first static code and data stored in a first section of a plurality of sections in a multiple-time programmable region of the storage device, wherein the first static code and data in the first section constitute a second boot loader; decrypt, by the first boot loader, a first encrypted signature stored in the first section by using the public key to obtain a first stored verification code; determine integrity of the first static code and data in the first section based on the first calculated verification code and the first stored verification code; generate, by the first boot loader, a respective additional calculated verification code for additional code and data stored in each of one or more additional sections of the plurality of sections other than the first section in the multiple-time programmable region; decrypt, by the first boot loader, a respective additional encrypted signature stored in each of the one or more additional sections by using the public key to obtain a respective additional stored verification code; and determine, by the first boot loader, whether integrity of the additional code and data stored in each of the one or more additional sections is verified based on whether the respective additional calculated verification code matches the respective additional stored verification code; load, by the first boot loader, the second boot loader when the integrity of the first static code and data in the first section is verified; and load, by the second boot loader, the additional code and data stored in each of the one or more additional sections when the integrity of the additional code and data stored in each of the one or more additional sections is verified. 9. The apparatus of claim 8 , wherein the at least one processor is further configured to: load signing code from the read only section, wherein the first calculated verification code is generated by employing the signing code. 10. The apparatus of claim 8 , wherein the integrity of the first static code and data is determined to be verified when the first calculated verification code matches the first stored verification code. 11. The apparatus of claim 8 , wherein the integrity of the first static code and data is determined to be tampered when the first calculated verification code does not match the first stored verification code, wherein the at least one processor is further configured to: abort the initialization process. 12. The apparatus of claim 8 , wherein the first section includes a header part and a data part, wherein the first encrypted signature is stored in the header part. 13. The apparatus of claim 8 , wherein the at least one processor is further configured to: abort the initialization process when integrity of any of the one or more additional sections is tampered. 14. A non-transitory computer-readable medium storing computer executable code for operating an embedded-system device, comprising code to: load, on a processor of the embedded-system device, a first boot loader from a read only section of a storage device in an initialization process of the embedded-system device; load, by the first boot loader, a public key from the read only section; generate a first calculated verification code for first static code and data stored in a first section of a plurality of sections in a multiple-time programmable region of the storage device, wherein the first static code and data in the first section constitute a second boot loader; decrypt, by the first boot loader, a first encrypted signature stored in the first section by using the public key to obtain a first stored verification code; determine integrity of the first static code and data in the first section based on the first calculated verification code and the first stored verification co

Assignees

American Megatrends Int Llc

Inventors

Classifications

G06F21/575Primary
Secure boot · CPC title
H04L9/3247
involving digital signatures · CPC title
G06F9/4401
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
G06F21/64
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
H04L9/30
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title

Patent family

Related publications grouped by family.

View patent family 70970192

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10902127B2 cover?: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus is an embedded-system device. The embedded-system device loads a first boot loader from a read only section of a storage device in an initialization process of the embedded-system device. The embedded-system device also loads, by the first boot loader, a public key from the read on…
Who is the assignee on this patent?: American Megatrends Int Llc
What technology area does this patent fall under?: Primary CPC classification G06F21/575. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jan 26 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).