SYSTEM AND METHOD FOR TEMPORARY SECURE BOOT OF AN ELECTRONIC DEVICE
The invention discloses system and method of temporary secure boot process of an electronic device. The method comprises: generating a first token according to an identification data of the electronic device; sending a request along with the first token to a service provider, the request corresponding to a boot package; receiving a second token and a boot package from the service provider; verifying the second token and the boot package; and executing the boot package according to verification result.
Latest HTC CORPORATION Patents:
- METHOD FOR CONTROLLING SHOOTING PARAMETERS OF CAMERA AND TRACKING DEVICE
- HANDHELD CONTROLLER
- Virtual reality system and object detection method applicable to virtual reality system
- MICRO-MOTION SENSING DEVICE AND SENSING METHOD THEREOF
- Method for interacting with virtual world, host, and computer readable storage medium
This application claims priority of U.S. Provisional No. 61/565,955 filed on Dec. 1, 2011.
BACKGROUND OF THE INVENTION1. Field of the Invention
The invention relates to system and method of temporary secure boot process of an electronic device. More particularly, the invention relates to a temporary secure boot process by use of unique device information.
2. Description of the Prior Art
Electronic devices are installed with an operating system. Normally in a boot up process, a bootloader would initiate components of the electronic device and load the operating system so that a user may operate the electronic device to perform various functions. Some user specific data or user-installed programs are also controlled by the operation system. However, when the electronic device encounters error or is sent to the care center for examination, user might not wish to reveals personal data/files during examination, or the electronic device may not be able to boot up as normal.
SUMMARY OF THE INVENTIONThe invention discloses system and method of temporary secure boot process of an electronic device. A method of temporary secure boot process according to an embodiment of the invention comprises: generating a first token according to an identification data of the electronic device; sending a request along with the first token to a service provider, the request corresponding to a boot package; receiving a second token and a boot package from the service provider; verifying the second token and the boot package; and executing the boot package according to verification result.
Another embodiment of the invention comprises: an electronic device, configured to execute at least an operating system by a processor. The processor comprises: a token generator, configured to generate a first token according to a first key; a token verification unit, configured to verify a second token according to the first key of a first key pair; a boot package execution unit configured to execute a secure boot package according to the verification of the second token; and a key pair unit configured to store at least the first key, the first key being one key of a first key pair. The system further comprises a communication interface unit within the electronic device configured to transmit the first token and receive the second token and the secure boot package; and a service provider configured to verify the first token and to generate the second token according to a second key of the first key pair and the secure boot package according to a third key of a second key pair according to the verification of the first token.
Yet in another embodiment of the invention discloses method for boot package processing. The method comprises: receiving a first token along with a request from an electronic device; verifying an identity of the electronic device according to the first token; in response to the identity being confirmed, generating a second token comprising at least partial content of the first token; securing a boot package corresponding to the request by the second token; and sending the second token and the secured boot package to the electronic device.
These and other objectives of the present invention will no doubt become obvious to those of ordinary skill in the art after reading the following detailed description of the preferred embodiment that is illustrated in the various figures and drawings.
The invention discloses system and method for temporary secure boot processing of an electronic device. The electronic device may send request to a service provider for providing a boot package that can only be executed temporarily. To ensure security of the request, the electronic device may generate a token along with the request. In response to the request, the service provider may verify the token to determine identity of request sender. Once confirmed, the service provider sends a secure boot package along with another token. The electronic device also verifies the token and the secure boot package to confirm the identity of the service provider. The electronic device and the service provider may generate the tokens according to particular information held by the two parties only. In addition, to avoid such information being stolen by malicious party, the electronic device may process the request and the token in a secure domain that cannot be accessed by unauthorized user.
Please refer to
The service provider 200 may verify identity of the electronic device 100 and record the activity for security reason. In response to the request and confirmation of the ID token, the service provider 200 may send back a secure boot package along with an authentication token to the electronic device 100. The authentication token is also verified by the electronic device 100 so as to confirm the identity of boot package sender. Once confirmed, the electronic device 100 may execute the boot package temporarily and reboot by normal procedure when the execution of the boot package finishes. Similarly, the boot package and the authentication token may be received by the other electronic device that sends the request and be stored in a storage device that can be accessed by the electronic device 100. For example, when the service provider 200 verifies the ID token sent by a logged-in user, the user then may access the secure boot package and the authentication token by downloading them and storing in the SD/micro SD card or hard-disk memory of a personal computer. The electronic device 100 can access the files from the SD or micro SD card or by connecting to the personal computer via USB connection.
Next please refer to
The token verification unit 140 verifies the authentication token according to another predetermined algorithm, which may be a decryption algorithm known in the art. Both the electronic device 100 and the service provider 200 may possess at least one pair of keys used for encryption and decryption. The key pair is stored in the key pair unit 160. The keys may be stored during manufacturing stage or obtained by a secure procedure, and different electronic device 100 may hold different pair of keys. The key pair may be RSA public and private key pair. The electronic device 100 holds the public key while the service provider 200 holds the private key. The ID token may be generated by encrypting the identification data and the random data by the public key of the electronic device 100, and be verified by the service provider 200 by using the private key for decryption. Therefore, the token generator 130 and the service provider 200 may share corresponding pair of algorithms for encryption and decryption respectively. Similarly, the token verification unit 140 shares corresponding pair of algorithms for decryption with the service provider 200. Details of the token generation and verification will be described later.
The boot package execution unit 150 is configured to execute the boot package received from the service provider 200 upon verification of the authentication token being confirmed. To provide better security, the boot package may be further secured by a key, and the boot package execution unit 150 may verify the secure boot package prior to execution. In this case, as described above, the boot package execution unit 150 may access corresponding key in the key pair unit 160 and use corresponding algorithms for boot package protection. Similar to the tokens, the service provider 200 may secure the boot package by signing or encrypting with a private key and the boot package execution unit 150 may verify the secure boot package by corresponding public key. For example, the boot package may be signed with a signature generated from the private key of the service provider 200. The boot package may be designated to perform specific tasks, such as file system backup, customization, system check and/or others. The electronic device 100 may send request of particular boot package for specific purpose.
The electronic device 100 also comprises a communication interface 170 which is configured to communicate with the service provider 200. The communication interface may transit the ID token, authentication token and boot package between the electronic device 100 and the service provider 200 via suitable transmission protocol. The transmission protocol may be wired or wireless protocol. The communication interface 170 may be configured to communicate with another electronic device, such as a personal computer. The tokens and boot package are transmitted between the electronic device 100 and the service provider 200 via the other electronic device. For example, the communication interface may be a USB interface or memory interface.
In below token generations and verifications will be described in further details.
Next please refer to
In response to the identification token is confirmed, the service provider 200 generates an authentication token according to content of the ID token and the first private key in step 730. To make sure the response from the service device 200 is sent to the right requesting device, the authentication token may comprise the ID data and the random data within the ID token so that it can only be verified by the requesting device that generates these data. To provide better protection, the ID data and random data may be pre-processed by operations such as hash operation prior to encrypting by the first private key. In other embodiment of the invention, the authentication token may also comprise other information that is necessary. Then the boot package corresponding to the request is secured according to a second private key in step 740. The boot package may be signed with a signature generated by the second private key for example. The authentication token is then sent to the requesting device along with the secured boot package in step 750. In one embodiment of the invention, the token and secured boot package may be sent via wireless protocol. In another embodiment of the invention, the authentication token and boot package may be stored in a storage device that can be accessed by the electronic device 100, such as an SD card.
In one embodiment of the invention, the electronic device may be a handheld device such as smart phone, tablet, game console, PDA, multimedia player and/or other devices. In one embodiment of the invention, the temporary secure boot process may be initiated by specific user input, such as long press of power button and home key during device boot up. Yet in another embodiment of the invention, the temporary secure boot process may be executed by a boot loader in a secure domain or other software implemented by TrustZone technology, the tokens and boot package may be transmitted via wireless transmission or via hardwire connection to a storage device, such as SD card, USB external memory, etc.
Those skilled in the art will readily observe that numerous modifications and alterations of the device and method may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.
Claims
1. A method of temporary secure boot process of an electronic device, comprising:
- generating a first token according to an identification data of the electronic device;
- sending a request along with the first token to a service provider, the request corresponding to a boot package;
- receiving a second token and a boot package from the service provider;
- verifying the second token and the boot package; and
- executing the boot package according to verification result.
2. The method of claim 1, further comprising:
- restarting the electronic device upon completion of the execution.
3. The method of claim 1, wherein the generating of the first token comprises:
- generating random data; and
- encrypting the identification data and the random data according to a first key.
4. The method of claim 1, wherein the verifying of the second token and the boot package comprises:
- decrypting the second token by the first key;
- confirming content of the second token with the identification data; and
- in response to the second token being confirmed, verifying the boot package by a second key.
5. The method of claim 4, further comprises clearing the random data from the electronic device.
6. The method of claim 1, wherein the identification data is one of the following: device serial number, IMEI number, MAC address and IMSI number.
7. The method of claim 1, wherein the executing of boot package is executed in a secure domain of the electronic device.
8. A system for temporary boot up process, comprising:
- an electronic device, configured to execute at least an operating system by a processor, the processor comprises: a token generator, configured to a first token according to a first key; a token verification unit, configured to verify a second token according to the first key of a first key pair; a boot package execution unit, configured to execute a secure boot package according to the verification of the second token; and a key pair unit, configured to store at least the first key, the first key being one key of a first key pair.
9. The system of claim 8, further comprising:
- a communication interface unit within the electronic device, configured to transmit the first token and receive the second token and the secure boot package; and
- a service provider, configured to verify the first token and to generate the second token according to a second key of the first key pair and to generate the secure boot package according to a third key of a second key pair according to the verification result of the first token.
10. The system of claim 8, wherein the token generator is further configured to generate the first token by encrypting an identification data of the electronic device and a random data according to the first key.
11. The system of claim 9, wherein the service provider is further configured to generate the second token by encrypting content of the first token according to the second key, and to generate the secure boot package by signing a boot package with the third key.
12. The system of claim 8, wherein the boot package execution unit is further configured to verify the secure boot package according to a fourth key of a second key pair.
13. The system of claim 12, wherein the first key pair is a RSA key pair, the first key is a public key and the second key is a private key; the second key pair is another RSA key pair, the fourth key is a public key and the third key is a private key.
14. The system of claim 12, wherein the fourth key is encrypted within the second token by the service provider, and is obtained by the electronic device by decrypting the second token.
15. The system of claim 8, wherein the secure boot package is downloaded into a storage device accessible by the electronic device.
16. The system of claim 8, wherein the processor is further configured to restart the electronic device upon execution completion of the secure boot package, and execute the operating system.
17. The system of claim 8, wherein the token generator, the token verification unit, the boot package execution unit and the key pair unit are implemented in a secure domain of the electronic device, the secure domain is unable to be accessed by the operating system.
18. A method for boot package processing, comprising:
- receiving a first token along with a request from an electronic device;
- verifying an identity of the electronic device according to the first token;
- in response to the identity being confirmed, generating a second token comprising at least partial content of the first token;
- securing a boot package corresponding to the request; and
- sending the second token and the secured boot package to the electronic device.
19. The method of claim 18, wherein the step of verifying the identity of the electronic device further comprises decrypting the first token to obtain an identification data of the electronic device and a random data according to a second key of a first key pair, wherein the first token is generated by a first key of the first key pair.
20. The method of claim 19, wherein the step of generating the second token further comprises encrypting at least the identification data and the random data by the first key.
Type: Application
Filed: Nov 21, 2012
Publication Date: Jun 6, 2013
Patent Grant number: 9270466
Applicant: HTC CORPORATION (Taoyuan County)
Inventor: HTC CORPORATION (Taoyuan County)
Application Number: 13/682,752
International Classification: G06F 21/57 (20060101);