Certificate generation
US-2018109390-A1 · Apr 19, 2018 · US
Method and apparatus for secure computing device start up
US11048801B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11048801-B2 |
| Application number | US-201815938701-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 28, 2018 |
| Priority date | Mar 28, 2017 |
| Publication date | Jun 29, 2021 |
| Grant date | Jun 29, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention provides methods and devices for secure computing device start up. The method includes generating a public/private key pair and signing a software image and obtaining a first time stamp and a second time stamp. The method further includes combining the signed software image, the first time stamp and the second time stamp into a bundle and deploying the bundle. During secure start up, the method includes authenticating the signed software image, the first time stamp and the second time stamp and booting the computing device if authentication passes. The computing device aborts booting the computing device if the authentication process fails.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for secure computing device start up, the method comprising: generating a public/private key pair and signing a software image using the private key of the public/private key pair; obtaining a first time stamp and a second time stamp; discarding or destroying the private key of the public/private key pair prior to obtaining the second time stamp; combining the signed software image, the first time stamp and the second time stamp into a bundle; deploying the bundle; during secure start up, authenticating the signed software image, the first time stamp and the second time stamp; and booting the computing device if authentication passes. 2. The method according to claim 1 , further including formatting a certificate signing request (CSR) which includes the public key of the public/private key pair and signing the CSR with the private key. 3. The method according to claim 1 , wherein the first time stamp is received from a time stamp authority. 4. The method according to claim 1 , wherein the second time stamp is received from an intermediate certification authority. 5. The method according to claim 1 , wherein authenticating the signed software image includes determining if the first time stamp is present and trusted. 6. The method according to claim 5 , wherein authenticating the signed software image includes determining if the second time stamp is present and trusted. 7. The method according to claim 6 , wherein authenticating the signed software image includes determining if the first time stamp is less than the second time stamp. 8. The method according to claim 7 , wherein authenticating the signed software image includes determining if the second time stamp minus the first time stamp is less or equal to a predetermined value. 9. The method according to claim 1 , wherein the first time stamp and the second time stamp are obtained from a same time stamp authority. 10. A method for signing a software image for use during computing device start up, the method comprising: generating a public/private key pair and signing a software image using the private key of the public/private key pair; obtaining a first time stamp and a second time stamp; discarding or destroying the private key of the public/private key pair prior to obtaining the second time stamp; combining the signed software image, the first time stamp and the second time stamp into a bundle; and deploying the bundle for use during computing device start up. 11. The method according to claim 10 , further including formatting a certificate signing request CSR) which includes the public key of the public/private key pair and signing the CSR with the private key. 12. The method according to claim 10 , wherein the first time stamp is received from a time stamp authority. 13. The method according to claim 10 , wherein the second time stamp is received from an intermediate certification authority. 14. The method according to claim 10 , wherein the first time stamp and the second time stamp are obtained from a same time stamp authority. 15. A device for signing a software image for use during computing device start up, the device comprising: a processor; and machine readable memory storing machine executable instructions which when executed by the processor configure the device to: generate a public/private key pair and sign a software image using the private key of the public/private key pair; obtain a first time stamp and a second time stamp; discard or destroy the private key of the public/private key pair prior to obtaining the second time stamp; combine the signed software image, the first time stamp and the second time stamp into a bundle; and deploy the bundle for use during computing device start up.
Assignees
Inventors
Classifications
Timestamp · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11048801B2 cover?
- The present invention provides methods and devices for secure computing device start up. The method includes generating a public/private key pair and signing a software image and obtaining a first time stamp and a second time stamp. The method further includes combining the signed software image, the first time stamp and the second time stamp into a bundle and deploying the bundle. During secur…
- Who is the assignee on this patent?
- Sierra Wireless Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/575. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 29 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).