Certifying Authenticity of Stored Code and Code Updates
US-2019229913-A1 · Jul 25, 2019 · US
Cryptography module for controlling device
US12430448B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12430448-B2 |
| Application number | US-201917053225-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 22, 2019 |
| Priority date | Jun 20, 2018 |
| Publication date | Sep 30, 2025 |
| Grant date | Sep 30, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A cryptography module for at least temporarily controlling an operation of at least one computing device. The cryptography module is designed to check at least one memory area of a memory unit capable of being accessed by the computing device, and to control the operation of the at least one computing device as a function of the check.
First claim
Opening claim text (preview).
What is claimed is: 1. A cryptography module configured to at least temporarily control an operation of at least one computing device, the cryptography module being configured to: check at least one memory area of a memory unit accessible by the computing device; and control the operation of the at least one computing device as a function of the check, wherein the cryptography module is configured to hold the computing device in a reset state, the cryptography module being configured to hold the computing device in the reset state until the check is completed, wherein the cryptography module is configured to provide the computing device with first data including cryptographic keys, and wherein, as a function of whether a type of a content in the at least one memory area that has been checked is a bootloader or regular software for execution only after execution of the bootloader, the cryptography module provides access to a first subset of the cryptographic keys and denies access to a second subset of the cryptographic keys. 2. The cryptography module as recited in claim 1 , wherein the cryptography module is configured to carry out the check of the at least one memory area using a key-based message authentication code, CMAC. 3. The cryptography module as recited in claim 1 , wherein the cryptography module includes a memory unit integrated into the cryptography module storing at least one reference value and/or one reference layout for the at least one memory area. 4. The cryptography module as recited in claim 3 , wherein the cryptography module is designed to carry out the check as a function of the reference value. 5. The cryptography module as recited in claim 1 , wherein the cryptography module is configured to establish, within the scope of the check, whether the content of the at least one memory area corresponds to a predefined memory content, and to end the reset state for the computing device if the check has indicated that the content of the at least one memory area corresponds to the predefined memory content, the cryptography module being configured to continue to hold the computing device in the reset state when the check has indicated that the content of the at least one memory area does not correspond to the predefined memory content. 6. The cryptography module as recited in claim 1 , wherein the at least one memory area includes the bootloader for the computing device provided for execution on the computing device. 7. The cryptography module as recited in claim 1 , wherein the cryptography module is designed as a hardware circuit. 8. A method for operating a cryptography module for at least temporarily controlling an operation of at least one computing device, the method comprising the following steps: checking, by the cryptography module, at least one memory area of a memory unit accessible by the computing device; and controlling the operation of the at least one computing device as a function of the check, wherein the cryptography module is configured to hold the computing device in a reset state, the cryptography module being configured to hold the computing device in the reset state until the check is completed, wherein the cryptography module is configured to provide the computing device with first data including cryptographic keys, and wherein, as a function of whether a type of a content in the at least one memory area that has been checked is a bootloader or regular software for execution only after execution of the bootloader, the cryptography module provides access to a first subset of the cryptographic keys and denies access to a second subset of the cryptographic keys. 9. The method as recited in claim 8 , wherein the cryptography module carries out the check of the at least one memory area using a key-based message authentication code, CMAC, the cryptography module including a memory unit integrated into cryptography module for storing at least one reference value, and carrying out the check as a function of the reference value. 10. The method as recited in claim 8 , wherein the cryptography module holds the computing device in a reset state, the cryptography module holding the computing device in the reset state until the check is completed. 11. The method as recited in claim 10 , wherein the cryptography module establishes, within the scope of the check, whether the content of the at least one memory area corresponds to a predefined memory content and ends the reset state for the computing device when the check has indicated that the content of the at least one memory area corresponds to the predefined memory content, the cryptography module holding the computing device in the reset state when the check has indicated that the content of the at least one memory area does not correspond to the predefined memory content. 12. A computing device including at least one cryptography module, the cryptography module configured to at least temporarily control an operation of at least one computing device, the cryptography module being configured to: check at least one memory area of a memory unit accessible by the computing device; and control the operation of the at least one computing device as a function of the check, wherein the cryptography module is configured to hold the computing device in a reset state, the cryptography module being configured to hold the computing device in the reset state until the check is completed, wherein the cryptography module is configured to provide the computing device with first data including cryptographic keys, and wherein, as a function of whether a type of a content in the at least one memory area that has been checked is a bootloader or regular software for execution only after execution of the bootloader, the cryptography module provides access to a first subset of the cryptographic keys and denies access to a second subset of the cryptographic keys.
Assignees
Inventors
Classifications
- G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
using dedicated hardware · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Security improvement · CPC title
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12430448B2 cover?
- A cryptography module for at least temporarily controlling an operation of at least one computing device. The cryptography module is designed to check at least one memory area of a memory unit capable of being accessed by the computing device, and to control the operation of the at least one computing device as a function of the check.
- Who is the assignee on this patent?
- Bosch Gmbh Robert
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 30 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).