WO2008122171A1 - Procédé de pilotage de sécurité et système associé, procédé de génération d'une signature de codage et procédé d'authentification - Google Patents

Procédé de pilotage de sécurité et système associé, procédé de génération d'une signature de codage et procédé d'authentification Download PDF

Info

Publication number
WO2008122171A1
WO2008122171A1 PCT/CN2007/002915 CN2007002915W WO2008122171A1 WO 2008122171 A1 WO2008122171 A1 WO 2008122171A1 CN 2007002915 W CN2007002915 W CN 2007002915W WO 2008122171 A1 WO2008122171 A1 WO 2008122171A1
Authority
WO
WIPO (PCT)
Prior art keywords
image file
security
secure
elliptic curve
operating system
Prior art date
Application number
PCT/CN2007/002915
Other languages
English (en)
Chinese (zh)
Inventor
Chen Lu
Yunfeng Wang
Yanlong Hu
Shichun Mei
Yan Li
Zhong Yu
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2008122171A1 publication Critical patent/WO2008122171A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of communications, and in particular, to a secure boot system and method, a code signature constructing method, and an authentication method.
  • BACKGROUND OF THE INVENTION With the acceleration of the commercialization of 3G (third generation) networks in the world and the increasing demand for mobile internet, the network is not limited to the Internet, which means that the security of mobile terminals is more important. From the perspective of mobile services and terminals, mobile terminals are gradually evolving into handheld terminal tools that integrate basic call services, data services, information acquisition, and electronic payment. With the help of mobile terminals, while enjoying rich 3G multimedia services, mobile terminal systems and applications are also facing a series of security issues. Information security has become a vital part of business mobility.
  • the mobile terminal includes the user's phone book.
  • User privacy information such as SMS, bank account number, password, etc. If the information is illegally obtained by others, such as illegally obtained through viruses and malicious code, or if the user's mobile phone is stolen, it will cause direct or indirect economic loss to the user, so it is necessary to prevent Unauthorized access.
  • 3G networks have been widely commercialized on a global scale, and the number of users has reached hundreds of millions.
  • the sales model of mobile terminals (typically, for example, mobile phones) is basically purchased and sold by operators.
  • operators use the sales model of mobile phones to attract users.
  • the operators require that the purchased mobile phones can only use the USIM/SIM cards issued by the operators themselves, so the security requirements for the lock/lock cards are proposed for the mobile phones, and at the same time, in order to prevent hacker attacks, operators
  • TMP Trusted Computing Platform
  • TCPA Trusted Computing Alliance
  • the key which lasts for a few seconds, cannot meet the actual user needs.
  • a practical alternative password is elliptic curve cryptography.
  • the elliptic curve cipher is the one that currently has the highest encryption strength per bit in the public key cryptosystem.
  • ECC uses a 234-bit key to obtain a much higher security strength than RSA's 2048 bit.
  • the key length between them is up to 9 times, and when the ECC key is larger, the difference between them will be larger.
  • the advantage of the short ECC key is very obvious. As the encryption strength increases, the key length does not change much.
  • a primary object of the present invention is to provide an embedded security processing kernel based on an elliptic curve cryptography, and a system and method for implementing a mobile terminal operating system and application security.
  • a secure boot system for a mobile terminal is provided.
  • the system includes: a security processing kernel, including a CPU, a RAM, and a ROM, for establishing a secure boot program, and completing an authentication process for an operating system software image file or an application system software image file based on an elliptic curve cipher; , connected to the secure processing kernel, including a multimedia processor, a baseband processor, and an external interface device for performing hardware initialization functions.
  • the security guiding system further comprises: an RF signal transceiver module, a baseband signal processing module, a multimedia processor, a terminal flash memory, and a universal interface. According to another embodiment of the present invention, there is also provided a method for constructing a signature based on a secure boot system of the above mobile terminal.
  • the method comprises the following steps: a first step of constructing an image file of an operating system software and an application system software; a second step of generating an elliptic curve book center certificate and a corresponding private key thereof; a third step, based on the second The elliptic curve root certificate center certificate obtained in the step generates an elliptic curve cryptographic parameter set and a key pair; and a fourth step, hashing the image file of the operating system software and the application system software constructed in the first step, generating An image file summary; and a fifth step of elliptic curve signature for the image file summary generated in the fourth step.
  • the hash function is used for the hash operation, and the image file digest length generated in the step is fixed.
  • a code signature authentication method based on the secure boot system of the above mobile terminal.
  • the code signature fails; when the abscissa is not r, the code signature is unqualified; when the abscissa is r, the code signature authentication is passed.
  • a secure boot method of a mobile terminal based on the secure boot system of the above mobile terminal is provided.
  • the method comprises the following steps: In the first step, the secure boot program establishes an interrupt vector table in the internal RAM of the secure processing kernel; the second step is to initialize the internal RAM; and the third step is to securely process the kernel boot program to establish access to the internal RAM, Hardware initialization, where the hardware package
  • the security processing core chip off-chip flash memory the fourth step, loading and processing the configuration data in the secure processing kernel off-chip flash memory; the fifth step, loading the operating system software image file, completing the operating system software image file based on the elliptic curve password
  • the sixth step loading the application software image file, completing the authentication of the application software image file based on the elliptic curve password; and the seventh step, after the authentication of the application software image file is passed, forwarding the control to operating system.
  • the secure processing kernel boot program performs different configurations on the internal RAM based on the cold boot and hot boot modes of the mobile terminal.
  • the hardware clock is established based on the loaded configuration data.
  • the process of authenticating the operating system software image file further comprises: activating the data cache to establish a secure high speed data transfer of the internal RAM and the external SDRAM; after the authentication is completed, closing the data cache.
  • the secure processing kernel boot program transfers control to the secure operating system. Also, in the method, during the execution of the secure processing kernel boot program, if the processing fails in any of the first to seventh steps, the JTAG port function is valid.
  • FIG. 1 is a block diagram of a secure boot system of a mobile terminal according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of a code signature constructing method according to a second embodiment of the present invention
  • 4 is a flowchart of a code signature authentication method according to a third embodiment of the present invention
  • FIG. 5 is a flowchart of an application example of a code signature authentication method according to a third embodiment of the present invention
  • FIG. 6 is a fourth embodiment according to the present invention.
  • FIG. 1 is a block diagram of a secure boot system of a mobile terminal according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of a code signature constructing method according to a second embodiment of the present invention
  • the security boot system of the mobile terminal according to the first embodiment of the present invention mainly includes: a security processing kernel (preferably, an embedded security processing kernel) 100, including a CPU 102, a RAM 101.
  • a security processing kernel preferably, an embedded security processing kernel
  • a ROM (internal flash) 103 configured to establish a secure boot program, and complete an authentication process for the operating system software image file or the application system software image file based on the elliptic curve cryptography;
  • the secure operating system 410 connected to the secure processing kernel,
  • a multimedia application processor 205, a baseband processor 204, and an external interface device universal interface 207 are included for executing hardware initialization functions.
  • the security guiding system further includes: a radio frequency signal transceiver module, a baseband signal processing module, a multimedia processor, a terminal flash memory 202, and a universal interface.
  • the software modules related to the system hardware include a password running module of the security kernel, a key management module, an operating system (including a communication protocol stack driver, a file management system), and a multimedia security application.
  • the ROM boot program of the secure processing kernel is started when the mobile terminal is powered on. Through the elliptic curve based password authentication, the instruction sequence of the processor (CPU) is guaranteed to be secure and reliable, and the correctness of the boot code image file or Integrity. With the help of the secure processing kernel, the mobile terminal is initialized to a known safe state, that is, a secure boot program is established.
  • the secure boot program configures the hardware of the mobile terminal, especially for external RAM and external Flash configures, then accesses the security configuration data in the external Flash, loads and authenticates the operating system image file based on the elliptic curve password to ensure that the operating system in the mobile terminal is secure.
  • the secure operating system establishes a software and hardware interrupt vector table, and ensures communication event processing by driving a software registration callback function to the communication protocol layer of the secure operating system.
  • the secure operating system also establishes a file management system, reads the application configuration data, loads and authenticates the application image file based on the elliptic curve password to ensure that the application system is secure.
  • the universal interface 207 can be connected to the USIM/SIM card 211, the SD card 212, the keyboard 213, the speaker/headset 214, the MIC 215 > LCD 216, JTAG 217, and UART/USB 218, and the like.
  • the above-mentioned security processing kernel boot program, operating system, and application system are independently processed, which facilitates integration of products of different manufacturers into one overall secure mobile terminal.
  • Second Embodiment According to a second embodiment of the present invention, a code signature constructing method is provided based on a secure booting system of a mobile terminal according to a first embodiment of the present invention. As shown in FIG.
  • the method includes the following steps: Step S202, constructing an image file of operating system software and application system software; Step S204, generating an elliptic curve root certificate center certificate and a corresponding private key thereof; Step S206, based on The elliptic curve root certificate center certificate obtained in step S204 generates an elliptic curve cryptographic parameter set and a key pair; step S208, hashing the image file of the operating system software and the application system software constructed in step S202 Generating an image file summary; and step S210, performing an elliptic curve signature for the image file summary generated in step S208.
  • step S208 a hash function is used to perform a hash operation, and the image file digest length generated in the step is fixed.
  • Step 301 for various source files (C language programs, in the secure boot program,
  • the assembler program generates an embedded loadable format (ELF) file after compiling the ARM compiler, and performs ARM connector processing on these object files and the C/C++ runtime library file carried by the ARM processor system to generate an ELF format.
  • ELF embedded loadable format
  • the image file (image), after which the image file is written into the ROM 103 in the secure processing core 100 of Fig. 1, and + ' 3 ⁇ 4 ⁇ * ⁇ is also generated in this step.
  • Step 302 the operator or manufacturer first needs to establish a certificate center (CA) website that supports the elliptic curve public key cipher, optionally, a government or commercial public CA that supports elliptic curve cryptography
  • CA certificate center
  • the user securely applies an elliptic curve cryptographic public key certificate through the elliptic curve cryptographic CA center, which can be used to securely process the root CA certificate in the kernel, and complete the signature of other public key certificates and software modules through the certificate;
  • the internal format of the elliptic curve digital signature certificate is previously specified by CCITT X.509, which may include the following aspects: certificate version number, digital certificate serial number, certificate owner name, signature algorithm, and issuance of a digital certificate.
  • a code signature authentication method is provided based on the secure boot system according to the first embodiment of the present invention.
  • Step S410 recognizing the positive code signature based on the value of the abscissa of X calculated in step S408.
  • the code signature fails; when the abscissa is not r, the code signature is unqualified; when the abscissa is r, the code signature recognizes that iiE passes.
  • the processing flow of the method according to the embodiment is as shown in FIG.
  • Step 502 the secure kernel boot program verifies the signature (r, s) of the image file (operating system or application system software), and checks whether it exceeds the ellipse The range of the curve base point group level, if it is, it means the illegal signature, the security kernel boot program goes to step 508, the security authentication fails, and then enters the JTAG ordinary file image file download mode or the product stage mobile terminal in the product development stage.
  • the mobile terminal in the product phase detects the security inconsistency and directly shuts down; Step 507, after verifying the correctness of the calculation of the signature itself, indicating that the operating system or the application software image file signature has not been tampered with, the secure kernel boot program completes the operation. System software or application system software security certification.
  • a secure boot method of a mobile terminal is provided. As shown in FIG.
  • Step S602 The secure boot program establishes an interrupt vector table in an internal RAM of the secure processing kernel; step S604, initializes an internal RAM; and step S606, the secure processing kernel boot program establishes an internal RAM Accessing, performing hardware initialization, wherein the hardware includes secure processing of the core off-chip flash memory; step S608, loading and processing configuration data in the secure processing kernel off-chip flash memory; and step S610, loading the operating system software image file, based on the elliptic curve
  • the password completes the authentication of the operating system software image file; Step S612, loading the application software image file, completing the authentication of the application system software image file based on the elliptic curve password; and step S614, the authentication of the application system software image file After passing, the control is forwarded to the application system.
  • step S604 the secure processing kernel boot program performs different configurations on the internal RAM based on the cold boot and hot boot modes of the mobile terminal. And, in step S608, a hardware clock is established based on the loaded configuration data to match the memory access period.
  • the process of authenticating the operating system software image file further comprises: activating the data cache to establish a secure high speed data transfer of the internal RAM and the external SDRAM; after the authentication is completed, closing the data cache. And, in this step, after the authentication of the operating system software image file is passed, the secure processing kernel boot program transfers control to the secure operating system.
  • Step 701 When the mobile terminal is powered on or initialized, the boot sequence is embedded from FIG.
  • the secure processing kernel 100 begins executing code, and the secure bootloader and bootloader reside in the ROM 103 of the secure processing kernel.
  • the secure bootloader first creates an exception (interrupt) vector table in the internal RAM 101, including software, hardware (IRQ).
  • the indirect address of the interrupt handler or handle refers to 40; and the interrupt handler or handle is in the boot ROM 103 of the secure processing kernel and cannot be modified.
  • the exception vector in the ROM is configured so that the exception handler address loader counter (PC) is used when the exception is generated.
  • the internal RAM 101 contains a minimum configuration such as a secure code base, does not need to be reloaded, and has established access to the internal RAM 101.
  • the cold start occurs when the mobile terminal is powered on, or is caused by a watchdog timeout event; Step 703, after the security processing kernel boot program establishes the internal RAM 101 access, performs hardware initialization work, especially the embedded security processing kernel.
  • the off-chip Flash 202 establishes a driver; Step 704 and Step 705, add configuration data in the off-chip Flash 202 to obtain data of the operating system software image size, and establish a hardware clock based on the configuration data to match the memory.
  • step 706 loading an operating system software image file from the Flash 202 into the SDRAM 201;
  • step 707 to step 709 the authentication of the operating system software image file is completed based on the elliptic curve cryptography, and the specific authentication process is as shown in FIG. 5.
  • the data cache function in step 709 establishes the internal RAM 101 and the external SDRAM 201. Secure high-speed data transmission, and after the authentication is completed, this high-speed data caching function should be turned off to prevent the security data of the authentication process, such as the root certificate private key, the operating system image file hash value, and other highly sensitive information from leaking; After the authentication is passed, the security processing kernel boot program transfers control to the operating system, and the mobile terminal security operating system platform is established.
  • the operating system software is the second phase of the mobile terminal boot process, including complex wireless device related processes.
  • the communication protocol driver software Step 710, loading the NAND driver according to the loaded external memory 202 configuration data; Steps 711 and 712, booting the 4 message block (MIBIB) from the NAND multi-image loading application system software image header Information, including information such as the offset position and size of the application image file, Dynamically loading the application system image file based on the header information; Step 713, based on the process shown in FIG. 5, authenticating the application system image file, after the authentication is successful, the control is forwarded to the application system, thereby completing the secure booting of the mobile terminal, and Establish a trusted security platform.
  • MIBIB 4 message block
  • Step 715 JTAG default status
  • the JTAG port function is valid if it fails during the execution of the secure kernel bootloader.
  • an error message is displayed in an area of the internal memory 101 to provide user debugging and tracking problems.
  • the JTAG function is active, a new image can be downloaded to the internal ROM 102, the internal ROM 102 is used for secure booting of the mobile terminal, and the external FLASH 202 is used for non-secure booting of the mobile terminal.
  • the mobile terminal is at UART USB 218 download mode.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un procédé de pilotage de sécurité comprenant l'étape 1 dans laquelle une table de vecteurs d'interruption est établie dans la RAM interne d'un noyau de traitement de sécurité au cours d'une procédure (S602) de pilotage de sécurité; l'étape 2 dans laquelle la RAM interne est initialisée (S604); l'étape 3 dans laquelle la procédure de pilotage du noyau de traitement de sécurité établit la consultation de la RAM interne et initialise le matériel, ledit matériel comprenant une mémoire flash extérieure à la puce du noyau de traitement de sécurité (S606); l'étape 4 dans laquelle les dates configurées dans la mémoire flash extérieure à la puce du noyau de traitement de sécurité sont chargées et traitées (S608); l'étape 5 dans laquelle un fichier de mappage de logiciel du système d'exploitation est chargé et est authentifié à partir d'un cryptosystème à courbe elliptique (S610); l'étape 6 dans laquelle un fichier de mappage de logiciel du système d'application est chargé et est authentifié à partir d'un cryptosystème à courbe elliptique (S612); et l'étape 7 dans laquelle, suite à l'authentification réussie du fichier de mappage de logiciel du système d'application, la commande est transmise au système d'application (S614). L'invention concerne également un système de pilotage de sécurité, un procédé de génération d'une signature de codage et un procédé d'authentification de la signature de codage.
PCT/CN2007/002915 2007-04-06 2007-10-10 Procédé de pilotage de sécurité et système associé, procédé de génération d'une signature de codage et procédé d'authentification WO2008122171A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200710100428 CN101034991B (zh) 2007-04-06 2007-04-06 安全引导***及方法、代码签名构造方法及认证方法
CN200710100428.3 2007-04-06

Publications (1)

Publication Number Publication Date
WO2008122171A1 true WO2008122171A1 (fr) 2008-10-16

Family

ID=38731311

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/002915 WO2008122171A1 (fr) 2007-04-06 2007-10-10 Procédé de pilotage de sécurité et système associé, procédé de génération d'une signature de codage et procédé d'authentification

Country Status (2)

Country Link
CN (1) CN101034991B (fr)
WO (1) WO2008122171A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880828A (zh) * 2012-09-07 2013-01-16 普华基础软件股份有限公司 一种针对虚拟化支撑环境的入侵检测与恢复***
CN111401929A (zh) * 2020-04-02 2020-07-10 浙江大华技术股份有限公司 设备防窜货方法、***、计算机设备及存储介质
CN117648701A (zh) * 2024-01-29 2024-03-05 威胜信息技术股份有限公司 一种嵌入式操作***安全启动机制实现方法及电子终端

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2336944A1 (fr) * 2008-10-10 2011-06-22 Panasonic Corporation Dispositif de traitement d'informations, système d'authentification, dispositif d'authentification, procédé de traitement d'informations, programme de traitement d'informations, support d'enregistrement, et circuit intégré
CN101742730B (zh) * 2008-11-27 2012-10-10 爱思开电讯投资(中国)有限公司 一种基于智能卡的机卡绑定方法以及用于该方法的移动终端
EP2284705B1 (fr) * 2009-08-03 2018-04-25 C.R.F. Società Consortile per Azioni Dispositif miprogrammable configuré pour détecter une corruption d'une mémoire de programme grâce à un calcul de signature
CN102088354B (zh) * 2011-03-22 2013-09-11 李小华 基于数字移动通信的软件授权认证方法
CN102693138A (zh) * 2011-03-24 2012-09-26 国民技术股份有限公司 一种在***引导阶段访问硬件设备的方法
CN103490895B (zh) * 2013-09-12 2016-09-14 电小虎能源科技(北京)有限公司 一种应用国密算法的工业控制身份认证方法及装置
CN103870745B (zh) * 2014-04-01 2017-08-29 联想(北京)有限公司 电子设备和安全启动电子设备的方法
CN106096420A (zh) * 2016-06-15 2016-11-09 京信通信技术(广州)有限公司 嵌入式设备安全启动的方法和装置
EP3602375A4 (fr) * 2017-03-28 2020-12-16 Sierra Wireless, Inc. Procédé et appareil pour démarrer un dispositif informatique sécurisé
US10503892B2 (en) 2017-06-25 2019-12-10 Microsoft Technology Licensing, Llc Remote attestation for multi-core processor
CN109542518B (zh) * 2018-10-09 2020-12-22 华为技术有限公司 芯片和启动芯片的方法
CN109492352B (zh) * 2018-10-09 2021-01-29 华为技术有限公司 一种设备标识组合引擎的实现方法及装置
CN109508535B (zh) * 2018-10-30 2021-07-13 百富计算机技术(深圳)有限公司 固件安全认证方法、装置和支付终端

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1297635A (zh) * 1998-02-18 2001-05-30 西门子公司 用于在计算机上借助于椭圆曲线加密处理的方法和装置
JP2003124919A (ja) * 2001-10-10 2003-04-25 Sharp Corp 暗号通信装置
CN1808456A (zh) * 2006-02-24 2006-07-26 上海方正信息安全技术有限公司 在便携式终端主机上添加可信平台的方法
CN1816192A (zh) * 2005-02-04 2006-08-09 法国无线电话公司 用于应用的执行的安全管理的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1297635A (zh) * 1998-02-18 2001-05-30 西门子公司 用于在计算机上借助于椭圆曲线加密处理的方法和装置
JP2003124919A (ja) * 2001-10-10 2003-04-25 Sharp Corp 暗号通信装置
CN1816192A (zh) * 2005-02-04 2006-08-09 法国无线电话公司 用于应用的执行的安全管理的方法
CN1808456A (zh) * 2006-02-24 2006-07-26 上海方正信息安全技术有限公司 在便携式终端主机上添加可信平台的方法

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880828A (zh) * 2012-09-07 2013-01-16 普华基础软件股份有限公司 一种针对虚拟化支撑环境的入侵检测与恢复***
CN111401929A (zh) * 2020-04-02 2020-07-10 浙江大华技术股份有限公司 设备防窜货方法、***、计算机设备及存储介质
CN111401929B (zh) * 2020-04-02 2023-04-07 浙江大华技术股份有限公司 设备防窜货方法、***、计算机设备及存储介质
CN117648701A (zh) * 2024-01-29 2024-03-05 威胜信息技术股份有限公司 一种嵌入式操作***安全启动机制实现方法及电子终端
CN117648701B (zh) * 2024-01-29 2024-04-09 威胜信息技术股份有限公司 一种嵌入式操作***安全启动机制实现方法及电子终端

Also Published As

Publication number Publication date
CN101034991A (zh) 2007-09-12
CN101034991B (zh) 2011-05-11

Similar Documents

Publication Publication Date Title
WO2008122171A1 (fr) Procédé de pilotage de sécurité et système associé, procédé de génération d'une signature de codage et procédé d'authentification
CN109074466B (zh) 用于服务器的平台证明和注册
EP3308522B1 (fr) Système, appareil et procédé de transfert de propriété d'un dispositif entre propriétaires multiples
US9501652B2 (en) Validating sensitive data from an application processor to modem processor
US8560820B2 (en) Single security model in booting a computing device
JP5576983B2 (ja) 非ローカル記憶装置からのサブシステムのセキュアなブート及び構成
WO2016011778A1 (fr) Procédé et appareil de traitement de données
US20140298412A1 (en) System and Method for Securing a Credential via User and Server Verification
US20080077592A1 (en) method and apparatus for device authentication
US20140066015A1 (en) Secure device service enrollment
US20090259855A1 (en) Code Image Personalization For A Computing Device
CN108200078B (zh) 签名认证工具的下载安装方法及终端设备
JP2004508619A (ja) トラステッド・デバイス
WO2006089473A1 (fr) Méthode pour effectuer l’authentification d’accès réseau
WO2019051839A1 (fr) Procédé et dispositif de traitement de données
US11822664B2 (en) Securely signing configuration settings
WO2012126393A1 (fr) Procédé et système d'interaction d'informations de sécurité reposant sur internet
WO2020088323A1 (fr) Procédé et dispositif d'exposition de capacité
TW202137199A (zh) 生物支付設備的認證方法、裝置、電腦設備和儲存媒體
CN113094686A (zh) 认证方法及相关设备、计算机可读存储介质
US20060107054A1 (en) Method, apparatus and system to authenticate chipset patches with cryptographic signatures
CN111125705B (zh) 一种能力开放方法及装置
CN110858246B (zh) 安全代码空间的认证方法和***、及其注册方法
JP5806187B2 (ja) 秘密情報の交換方法およびコンピュータ
CN115618306A (zh) 一种软件保护方法、装置、***、cpu芯片及电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07816529

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07816529

Country of ref document: EP

Kind code of ref document: A1