• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A circuit comprising: a first processing device (302) comprising one or more first platform configuration registers (306) storing one or more data values based on boot measurements relating to a boot sequence implemented by the first processing device; and a secure element (304) comprising a second processing device and one or more second platform configuration registers (308), the first and second platform configuration registers (306, 308) being coupled together by a communication interface (310) adapted to copy said one or more data values from said one or more first platform configuration registers (304) to said one or more second platform configuration registers (308).
    公开号:FR3024915A1
    申请号:FR1457855
    申请日:2014-08-18
    公开日:2016-02-19
    发明作者:Olivier Collart;Benedicte Moriau
    申请人:Proton World International NV;
    IPC主号:
    专利说明:

    [0001] BACKGROUND OF THE INVENTION Field Description The present disclosure relates to the field of methods and devices for providing secure platform module (TPM) services without using a dedicated TPM device.
    [0002] Description of the Prior Art In order to ensure the authenticity and security of hardware and software configurations, it has already been proposed to use a secure platform module (TPM). A TPM is a cryptographic device intended to allow secure computer operation. An essential requirement of a secure computing environment is to ensure the integrity of the boot sequence. To achieve this, the TPM forms a "trust base". In particular, upon powering on a computing device, the boot sequence starts from a trusted state, and this trust is extended until the operating system has fully started and the applications are running. Integrity is ensured at each step by using one or more TPM platform configuration registers (PCRs) to securely store boot measurements. The PCR content can then be cryptographically signed by the TPM and provided to an application or a remote party so that the integrity of the boot sequence can be verified. Secured platform modules can be integrated into a wide range of electronic computing devices, such as smartphones, tablets and laptops. They are generally implemented in the form of hardware devices coupled to the main processor of the electronic device. However, due to limitations in the on-chip and in-feed surface, for many applications such as smartphones and other portable devices, a solution is required to provide TPM services without using a dedicated TPM device. . There are, however, technical difficulties in obtaining such a system while providing high security and fast response times. SUMMARY An object of embodiments of the present disclosure is to at least partially solve one or more needs of the prior art.
    [0003] According to one aspect, there is provided a circuit comprising: a first processing device comprising one or more first platform configuration registers storing one or more data values based on boot measurements relating to a boot sequence implemented by the first processing device; and a secure element comprising a second processing device and one or more second platform configuration registers, the first and second platform configuration registers being coupled together by a communication interface adapted to copy said one or more data values to from said one or more first platform configuration registers to said one or more second platform configuration registers.
    [0004] According to one embodiment, the secure element is further adapted to implement at least one cryptographic function for the authentication of a user of the circuit. According to one embodiment, the first processing device comprises a secure execution environment in which said one or more first platform configuration registers are stored. According to one embodiment, the circuit further comprises a memory storing one or more first software applications adapted to verify the integrity of the boot sequence based on said one or more data values. According to one embodiment, the secure element further comprises a memory storing one or more second software applications to facilitate the transmission of said one or more priming measurements to said one or more first software applications. According to one embodiment, the circuit further comprises one or more drivers for facilitating the transmission of said one or more priming measurements to said one or more first software applications. According to one embodiment, the secure element is adapted to cryptographically sign said one or more data values and to provide the cryptographically signed data values to a requesting element. According to one embodiment, the secure element comprises a memory storing a third software application executable by the second processing device for cryptographically signing said one or more data values. According to one embodiment, the circuit is adapted to allow or deny one or more transactions based on said one or more data values. In another aspect, there is provided a smartphone comprising the aforementioned circuit.
    [0005] In another aspect, there is provided a method of verifying the integrity of a boot sequence comprising: performing a boot sequence by a first processing device; storing, in one or more first platform configuration registers of the first processing device, one or more data values based on boot measurements relating to the boot sequence; transferring one or more data values from said one or more first platform configuration registers to one or more second platform configuration registers of a secure element having a second processing device, the first and second configuration registers of platform being coupled together via a communication interface.
    [0006] According to one embodiment, the method further comprises: requesting, by a first software application, said one or more data values; cryptographically signing said one or more data values by the secure element; and providing, by the secure element, said one or more cryptographically signed data values to the first software application. BRIEF DESCRIPTION OF THE DRAWINGS The above-mentioned and other features and advantages will become apparent with the following detailed description of embodiments, given by way of illustration and not limitation, with reference to the accompanying drawings, in which: FIG. 1 schematically illustrates services provided by a TPM according to an exemplary embodiment; Figure 2 schematically illustrates a printed circuit board of a computing device according to an exemplary embodiment; Figure 3 schematically illustrates a portion of a computing device for providing TPM services according to an exemplary embodiment of the present disclosure; and FIG. 4 is a flowchart illustrating operations in a method of verifying the integrity of a boot sequence according to an exemplary embodiment of the present disclosure.
    [0007] DETAILED DESCRIPTION FIG. 1 schematically illustrates a TPM system 100 implementing a platform integrity verification process provided by a Trusted Platform Module (TPM) implemented in this example 10 by a dedicated cryptographic device 100. A BIOS boot block (BIOS BOOT BLOCK) 102 includes, for example, a non-volatile memory such as a ROM, and provides a basis of confidence for a verification of data. 'integrity. As shown by an arrow between the BIOS boot block 102 and the TPM 100, one or more boot measurements corresponding to the BIOS boot block 102 may be transmitted to the TPM 100. Nodes 104, 108 , 110 and 112 in FIG. 1 represent software that is loaded into a volatile memory, such as RAM (Random Access Memory), during the boot sequence. For example, the BIOS boot block 102 causes a BIOS 104 to be loaded into a volatile memory. As represented by an arrow between the BIOS 104 and the TPM 100, one or more boot measurements associated with the loading of the BIOS 102 may be transmitted to the TPM 100 by the BIOS 104. In addition, one or more auxiliary hardware components (HARDWARE) 106 included in the platform, such as a graphics card, a controller managing the connectivity of the platform or a cryptographic coprocessor, can also be booted in response to the loading of the BIOS 104. The microcode running on these components can also be be measured and transmitted to the TPM. An operating system loader (OS LOADER) 108 is then for example loaded from the nonvolatile memory into the volatile memory, and here again one or more priming measurements can be transmitted to the TPM 100.
    [0008] An operating system (OS) 110 is then for example loaded from the non-volatile memory into the volatile memory, and here again one or more priming measurements can be transmitted to the TPM 100.
    [0009] One or more software applications (APPLICATION) 112 are then for example loaded from the nonvolatile memory, and here again one or more priming measurements may be transmitted to the TPM 100. The secure platform module 100 comprises a bank 114 of one or more platform configuration registers (PCR), and the boot measurements generated during the boot sequence are stored in this register bank. In general, after a reset, the PCR bank 114 contains a null value, and the priming measurements may for example only be stored in the PCR bank 114 using an "extension" instruction to extend the contents of the bank PCR. At the end of the boot sequence, said one or more PCRs 114 each contain, for example, a digest of the chained measurements of the booted software. In one example, each measurement transmitted to a specific PCR updates the PCR value with the PCR formula NEW = H (POR OLD + M), where PCR NEW is the updated PCR value, PCR_OLD is the previous PCR value , M is the measure, and H () is an assimilation function. Thus, the final PCR value at the end of the boot process is a digest of all the measurements passed to the TPM. This final PCR value can only be obtained by transmitting to the PCR the same specific measurements in the same order. The TPM 100 includes, for example, cryptographic functions that enable the measurements stored in the PCR bank 114 to be cryptographically signed. As represented by an arrow 116, the cryptographically signed measurements may be provided to one or more third-party requestors. , such as the operating system 110 and / or one of the applications 112, to verify the integrity of the boot sequence.
    [0010] FIG. 2 schematically illustrates a printed circuit board (PCB) 200 in which TPM (secure platform module) services can be provided. The PCB 200 comprises a SoC 202, which comprises a PROCESSING DEVICE 203. As will be described in more detail below, the processing device 203 comprises, for example, a hardware environment. secure execution allowing the processing and storage of sensitive data. Here, the term "sensitive data" is used to refer to any data that must remain inaccessible to unauthorized third parties. The SoC 202 is for example coupled to a bus 204 through which the processing device 203 of the SoC 202 can communicate with other optional hardware blocks. In the example of FIG. 2, the PCB 200 further comprises an Off-SoC PROCESSING DEVICE 206, coupled to the bus 204, which is for example a cryptographic coprocessor. The device 206 is for example adapted to perform functions that are not supported by the SoC, such as cryptographic functions. As with the processing device 203 of the SoC 202, the processing device 206 may include a secure execution environment for processing and storing sensitive data. However, as will be apparent from the following description, the device 206 may advantageously be omitted by virtue of the new functions of the processing device 203 and the secure element 208 and / or 210. The PCB 200 also comprises, for example, an element integrated secure (ESE) 208 and / or a removable secure element 30 (REMOVABLE SE) 210, each being coupled to the bus 204. CoRute that is known to those skilled in the art, an integrated or removable secure element provides cryptographic functions to authenticate a user of the circuit and / or to perform other operations such as signature generation.
    [0011] A real time clock (RTC) 212 is also coupled to the bus 204 and can provide time information to platform services. The PCB 200 also includes, for example, a volatile memory 214, such as a random access memory (RAM), and / or a nonvolatile memory 216, such as a FLASH 216, coupled to the bus 204. or a plurality of input / output interfaces (I / O INTERFACES) 218 coupled to the SoC 202 and the bus 204, which for example include video drivers, keyboards, touch screens, etc. The PCB 200 may further include a power control circuit (PC) 220, coupled to the SoC 202 and the bus 204, which controls the shutdown of the power supply and the power supply of the SoC 202 and / or one or more other devices on the PCB 200.
    [0012] As will be described in more detail below, rather than having a dedicated TPM device, the TPM services provided in the system 100 of FIG. 1 are shared between the processing device 203 and one or both of them. secure elements 208 and 210.
    [0013] FIG. 3 schematically illustrates a portion 300 of a computing device in which the functions of a TPM are implemented by a main processing device 302 and a secure element 304 of the electronic device. In particular, the implementation of FIG. 3 allows, for example, at least the verification of the integrity of the boot sequence. The main processing device 302 is, for example, the processing device implementing the boot sequence of the device, such as the SoC 202 processing device 203 in FIG. 2. The secure element 304 could be an integrated secure element, as the element 208 of Figure 2, or a removable secure element, as the element 210 of Figure 2. The processing device 302 comprises one or more platform configuration registers in a bank 306, which are for example maintained in a secure execution environment (TEE) of the processing device 302. As is known to those skilled in the art, a TEE includes hardware and software for isolating certain data and other operations from others. parts of the device to ensure security against software attacks.
    [0014] The TPM functionality of the processing device 302, which will be described in more detail below, is for example controlled by a TPM SOFTWARE STACK (TPM) 307, which also provides TPM services to applications running on the platform.
    [0015] The PCR bank 306 is for example adapted to receive priming measurements generated during the boot sequence of the processing device 302. These measurements correspond, for example, to code measurements made during the booting of the platform. The booting measures concern for example the loading of a BIOS, an operating system, and / or one or more applications. In some embodiments, bootstrap measures may also be generated in connection with the loading of one or more hardware drivers, thereby adding security to the operation of such hardware. For example, the bootstrap may relate to loading a display driver, keyboard driver, and / or modem driver to add security to the data display. , to protect data entered by a user, and / or to protect transaction data.
    [0016] The secure element 304 comprises one or more other PCR libraries 308. A connection 310, authenticated using physical or logical protections, connects the processing device 302 and the secure element 304, and in particular couples the PCR bank 306 to PCR library 308 to allow data from PCR library 306 to be transferred to PCR library 308. In some embodiments, a transfer is performed each time PCR library 306 is expanded, so that PCR 308 is constantly updated. Alternatively, the PCR library 308 is, for example, only synchronized once at the end of the platform priming process, one time the PCR library 306 has received all the measurements made by the processing device 302. indeed, in some cases, the secure element 304 may not be available as quickly as the processor 302 during the boot process. The secure element 304 comprises, for example, various functional blocks represented in FIG. 3, which are for example implemented by software executed by a device for processing the secure element (not illustrated in FIG. 3). In particular, the secure element comprises a virtual machine (VM) 312 providing services to applications (applets). In the example of FIG. 3, the software architecture of the secure element comprises, for example, the virtual machine 312 in order to allow independent application providers to load applets, the virtualization providing a firewall between the applications. applets and avoiding conflicts between applets. Secure element 304 also includes a TPM library (TPM LIBRARY) 314, called by the virtual machine, which includes code for controlling TPM data and providing TPM services to virtual machine 312. TPM data includes keys encryption device cryptographically signing the contents of the PCR bank 308, and / or other relevant data. The applets of the secure element 304 support communications between the secure element 304 and one or more other elements that may require verification of the integrity of the boot sequence implemented by the processor 302. For example, the secure element 304 includes a Java Card (JC) applet 316 supporting an ISO 7816 communication protocol enabling communications via an ISO 7816 (IS07816 DRIVER) driver 318 with a TPM software stack (TPM SOFTWARE). STACK) 320 which may be the same as the software stack 307. The standard TPM commands sent by the TPM software stack to the TPM are packaged by the driver and unpacked by the Java Card applet 316. Once the commands are unpacked, the Java Card 316 applet can process the TPM 3024915 11 commands through the Virtual Machine service through the TPM 314 library. CORE this is represented by an arrow pointing Between the driver 318 and the TPM library 314, the TPM library 314 can additionally or instead provide TPM services to the software stack 320 via the driver 318 without using the virtual machine layer (applet 316). . In addition, a non-ISO 7816 (NON-1S07816 DRIVER) driver 319 may be provided between the TPM library 314 and the TPM software stack 320 in addition to or instead of the driver 318. No applets are used in this example. between the TPM library 314 and the driver 319. The hardware configuration uses for example an SPI bus (serial peripheral interface) or a SWP bus (single-wire protocol) between the TPM library 314 and the driver 318 and / or the driver 319, the bus or the buses being for example shared with the processing device 302. In addition to or instead, the secure element 304 can store a Java Card applet (APPLET) 322 allowing communications with an application 324 by using non-standard 20 TPM commands. For example, the integrity check provided by PCR 308 data could be used for a range of applications, for example as part of an authentication process. In one embodiment, a digital signature is generated by secure element 304 to authenticate a financial transaction, such as the amount, currency, and / or destination account. Such a signature furthermore includes, for example, data from the PCR bank 308, and these data are verified before the authorization of the transaction. The operation of the circuit of Fig. 3 will now be described in more detail with reference to the flowchart of Fig. 4. In a first operation 402 of Fig. 4, a boot sequence of the processing device is started. This follows, for example, a period of power off of the portion 300 of the computer device of FIG. 3, and the boot sequence is for example automatically initiated at power on. In a next operation 404, one or more bootstrapping are generated during the boot sequence.
    [0017] In some embodiments, the PCRs are stored in a TEE that is not immediately available at the beginning of the boot sequence. In this case, as shown in an operation 406, until the TEE has been loaded, these priming measurements may be temporarily stored by the processing device 302, and / or certain measurements may be transmitted directly. to the secure element 304 to be stored in the PCR bank 308 as shown by a dotted arrow from the operation 406 to an operation 412 described hereinafter.
    [0018] In a subsequent operation 408, priming measurements are transmitted to the PCR bank 306 of the processing device 302, for example in a TEE. The priming measurements are stored in the PCRs as PCR values calculated on the basis of the priming measurements. As shown by block 410, one or more other priming steps may be generated during the priming sequence, and added to PCRs 306 in step 408. In addition, periodically each time a new Priming measurement is passed to the PCRs 306, or at the end of a priming sequence after all measurements have been made, the priming measurements are copied into the PCR 308 of the secure element 304. As previously described, the bootstrap measurements can then be cryptographically signed and used during a verification of the integrity of the boot sequence. Although this is not illustrated in FIG. 4, checking the integrity of the boot sequence involves, for example, comparing one or more priming measurements to a reference value. If the bootstrap matches 3024915 13 with the reference value, the boot sequence is for example considered valid. Advantageously, in the embodiments described herein, the functions of a TPM are implemented using PCRs of both the processing device executing the boot sequence and the secure element, and the measurements of the TPM. are transferred via a secure connection between the two PCR banks. In this way, the PCRs of the processing device can be available very quickly during the boot sequence, and the PCRs of the secure element can provide a very secure interface with other elements requesting access to the bootstrap . With the description thus made of at least one illustrative embodiment, various alterations, modifications and improvements will readily occur to those skilled in the art. For example, it will be clear to one skilled in the art that although embodiments have been described in which the PCR of the processing device is stored in a TEE to provide additional security, this functionality is optional. In addition, it will be clear to those skilled in the art that the various elements described in connection with the various embodiments could be combined, in the alternative embodiments, in any combinations.
    权利要求:
    Claims (12)
    [0001]
    REVENDICATIONS1. A circuit comprising: a first processing device (302) comprising one or more first platform configuration registers (306) storing one or more data values based on boot measurements relating to a boot sequence implemented by the first treatment device; and a secure element (304) comprising a second processing device and one or more second platform configuration registers (308), the first and second platform configuration registers (306, 308) being coupled to each other by a bridge interface (308). communication (310) adapted to copy said one or more data values from said one or more first platform configuration registers (306) to said one or more second platform configuration registers (308).
    [0002]
    2. Circuit according to claim 1, wherein the secure element (108, 110) is further adapted to implement at least one cryptographic function for authentication of a user of the circuit. 20
    [0003]
    The circuit of claim 1 or 2, wherein the first processing device (302) comprises a secure execution environment (TEE) in which said one or more first platform configuration registers (306) are stored. 25
    [0004]
    The circuit of any one of claims 1 to 3, further comprising a memory (214) storing one or more first software applications (320, 324) adapted to verify the integrity of the boot sequence based on said one or more data values. 30
    [0005]
    The circuit of claim 4, wherein the secure element (304) further comprises a memory storing one or more second software applications (316,322) to facilitate the transmission of said one or more priming measurements to said one or more first software applications (320, 324).
    [0006]
    The circuit of claim 4 or 5, further comprising one or more drivers (318, 319) for facilitating the transmission of said one or more boot measurements to said one or more first software applications (320, 324).
    [0007]
    The circuit of any one of claims 1 to 6, wherein the secure element (304) is adapted to cryptographically sign said one or more data values and to provide the cryptographically signed data values to a requesting element.
    [0008]
    The circuit of claim 7, wherein the secure element (208, 210) comprises a memory storing a third software application (314) executable by the second processing device for cryptographically signing said one or more data values.
    [0009]
    The circuit of any one of claims 1 to 8 adapted to allow or deny one or more transactions based on said one or more data values.
    [0010]
    10. Smartphone comprising the circuit of any one of claims 1 to 9.
    [0011]
    11. A method of verifying the integrity of a boot sequence comprising: providing a boot sequence by a first processing device (203); storing, in one or more first platform configuration registers (306) of the first processing device, one or more data values based on priming measurements relating to the boot sequence; transferring one or more data values from said one or more first platform configuration registers (306) to one or more second platform configuration registers (308) of a secure element (304) having a second processing device the first and second platform configuration registers being coupled to one another via a communication interface (310).
    [0012]
    The method of claim 11, further comprising: requesting, by a first software application (320, 324), said one or more data values; cryptographically signing said one or more data values by the secure element; and providing, by the secure element (304), said one or more data values cryptographically signed to the first software application (320, 324).
    类似技术:
    公开号 | 公开日 | 专利标题
    EP2988243B1|2016-10-05|Device and method to insure secure platform module services
    EP2962241B1|2019-02-20|Continuation of trust for platform boot firmware
    EP2791817B1|2018-07-25|Cryptographic certification of secure hosted execution environments
    JP6053786B2|2016-12-27|Firmware-based Trusted Platform Module | for ARM® Trust Zone implementation
    US20180152454A1|2018-05-31|Method and apparatus for managing program of electronic device
    US7974416B2|2011-07-05|Providing a secure execution mode in a pre-boot environment
    US9536080B2|2017-01-03|Method for validating dynamically loaded libraries using team identifiers
    US10032030B2|2018-07-24|Trusted kernel starting method and apparatus
    US8590040B2|2013-11-19|Runtime platform firmware verification
    CN109669734B|2021-10-22|Method and apparatus for starting a device
    KR20150008546A|2015-01-23|Method and apparatus for executing secure download and function
    FR2980286A1|2013-03-22|Microcontroller, has dedicated secure connection coupled between processor and set of key resources, where connection transports command for set of keys including identifier, and obtains one of set of keys in accordance with identifier
    EP2397959B1|2017-11-08|System and method for N-ary locality in a security co-processor
    US9483636B2|2016-11-01|Runtime application integrity protection
    US7971048B2|2011-06-28|System and method for establishing a trust domain on a computer platform
    US10229272B2|2019-03-12|Identifying security boundaries on computing devices
    EP3207488B1|2020-04-29|Identifying security boundaries on computing devices
    CN107908977B|2020-02-18|TrustZone-based intelligent mobile terminal trust chain security transmission method and system
    EP1728354A1|2006-12-06|Method for dynamically authenticating programmes with an electronic portable object
    US20170255775A1|2017-09-07|Software verification systems with multiple verification paths
    WO2019103902A1|2019-05-31|Software packages policies management in a securela booted enclave
    EP2048576A1|2009-04-15|Secure method for updating a program that runs automatically and portable electronic device implementing same
    JP6564549B1|2019-08-21|Validity authentication activation management system
    TW201007458A|2010-02-16|Data processing system for integrating transmission interfaces and method thereof
    EP3179400A1|2017-06-14|Method for loading a computing resource into an electronic device, electronic module and corresponding computer program
    同族专利:
    公开号 | 公开日
    CN204990315U|2016-01-20|
    FR3024915B1|2016-09-09|
    CN110084043A|2019-08-02|
    CN105373731B|2019-03-19|
    US10275599B2|2019-04-30|
    EP2988243B1|2016-10-05|
    US20160050071A1|2016-02-18|
    CN105373731A|2016-03-02|
    EP2988243A1|2016-02-24|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    EP2063358A2|2007-11-13|2009-05-27|Vodafone Group PLC|Telecommunications device security|
    US7191464B2|2001-10-16|2007-03-13|Lenovo Pte. Ltd.|Method and system for tracking a secure boot in a trusted computing environment|
    US8608057B1|2002-12-26|2013-12-17|Diebold Self-Service Systems, Division Of Diebold, Incorporated|Banking machine that operates responsive to data bearing records|
    US20060112267A1|2004-11-23|2006-05-25|Zimmer Vincent J|Trusted platform storage controller|
    US7836299B2|2005-03-15|2010-11-16|Microsoft Corporation|Virtualization of software configuration registers of the TPM cryptographic processor|
    US20060230439A1|2005-03-30|2006-10-12|Smith Ned M|Trusted platform module apparatus, systems, and methods|
    US7900059B2|2005-12-13|2011-03-01|International Business Machines Corporation|Sealing of data for applications|
    US20080046752A1|2006-08-09|2008-02-21|Stefan Berger|Method, system, and program product for remotely attesting to a state of a computer system|
    US8522018B2|2006-08-18|2013-08-27|Fujitsu Limited|Method and system for implementing a mobile trusted platform module|
    US8510859B2|2006-09-26|2013-08-13|Intel Corporation|Methods and arrangements to launch trusted, co-existing environments|
    US8433924B2|2006-12-18|2013-04-30|Lenovo Pte. Ltd.|Apparatus, system, and method for authentication of a core root of trust measurement chain|
    US9015454B2|2008-05-02|2015-04-21|Hewlett-Packard Development Company, L.P.|Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys|
    US20110138475A1|2008-07-30|2011-06-09|Telefonaktiebolaget L M Ericsson |Systems and method for providing trusted system functionalities in a cluster based system|
    US8161285B2|2008-09-26|2012-04-17|Microsoft Corporation|Protocol-Independent remote attestation and sealing|
    EP2399217B1|2009-02-18|2018-05-30|Panasonic Intellectual Property Management Co., Ltd.|Information processing device and information processing method|
    US8245053B2|2009-03-10|2012-08-14|Dell Products, Inc.|Methods and systems for binding a removable trusted platform module to an information handling system|
    GB201000288D0|2010-01-11|2010-02-24|Scentrics Information Security|System and method of enforcing a computer policy|
    CN102656592A|2010-02-16|2012-09-05|松下电器产业株式会社|Information processing device, information processing system, software routine execution method, and remote attestation method|
    EP2537115B1|2010-02-16|2015-05-13|Nokia Technologies OY|Method and apparatus to reset platform configuration register in mobile trusted module|
    KR101533876B1|2010-03-05|2015-07-03|인터디지탈 패튼 홀딩스, 인크|Method and apparatus for providing security to devices|
    US8959363B2|2010-06-03|2015-02-17|Intel Corporation|Systems, methods, and apparatus to virtualize TPM accesses|
    US20120011354A1|2010-07-02|2012-01-12|Encryptakey, Inc.|Boot loading of secure operating system from external device|
    US8832452B2|2010-12-22|2014-09-09|Intel Corporation|System and method for implementing a trusted dynamic launch and trusted platform module using secure enclaves|
    EP2710509A4|2011-05-18|2015-02-25|Nokia Corp|Secure boot with trusted computing group platform registers|
    EP2761438A4|2011-09-30|2015-04-22|Intel Corp|Authenticated launch of virtual machines and nested virtual machine managers|
    EP2798559B1|2011-12-29|2019-03-13|Intel Corporation|Methods and apparatus for trusted boot optimization|
    US8782387B2|2011-12-31|2014-07-15|International Business Machines Corporation|Secure boot of a data breakout appliance with multiple subsystems at the edge of a mobile data network|
    US8793504B2|2012-02-22|2014-07-29|International Business Machines Corporation|Validating a system with multiple subsystems using trusted platform modules and virtual platform modules|
    GB2513826A|2012-06-29|2014-11-12|Ibm|Trusted boot of a virtual machine|
    WO2014072579A1|2012-11-08|2014-05-15|Nokia Corporation|Partially virtualizing pcr banks in mobile tpm|
    US9294282B1|2013-07-01|2016-03-22|Amazon Technologies, Inc.|Cryptographically verified repeatable virtualized computing|
    US9122893B1|2014-02-24|2015-09-01|International Business Machines Corporation|Trusted platform module switching|
    FR3024915B1|2014-08-18|2016-09-09|Proton World Int Nv|DEVICE AND METHOD FOR PROVIDING SECURE PLATFORM MODULE SERVICES|US7990724B2|2006-12-19|2011-08-02|Juhasz Paul R|Mobile motherboard|
    FR3024915B1|2014-08-18|2016-09-09|Proton World Int Nv|DEVICE AND METHOD FOR PROVIDING SECURE PLATFORM MODULE SERVICES|
    US9858231B2|2015-06-22|2018-01-02|Google Llc|Operating system card for multiple devices|
    FR3043229B1|2015-11-03|2018-03-30|Proton World International N.V.|SECURE STARTING OF AN ELECTRONIC CIRCUIT|
    FR3043228B1|2015-11-03|2018-03-30|Proton World International N.V.|STARTING THE CONTROL OF AN ELECTRONIC CIRCUIT|
    DE102015016637B4|2015-12-21|2022-02-24|Giesecke+Devrient Mobile Security Gmbh|Micro-controller unit MCU with selectively configurable components|
    US10541816B2|2016-06-01|2020-01-21|International Business Machines Corporation|Controlling execution of software by combining secure boot and trusted boot features|
    US10320571B2|2016-09-23|2019-06-11|Microsoft Technology Licensing, Llc|Techniques for authenticating devices using a trusted platform module device|
    DE102018009365A1|2018-11-29|2020-06-04|Giesecke+Devrient Mobile Security Gmbh|Secure element as an upgradable Trusted Platform Module|
    FR3091600B1|2019-01-08|2021-01-08|St Microelectronics Rousset|Secure element with customizable functions and corresponding management method|
    EP3872664A1|2020-02-28|2021-09-01|Unify Patente GmbH & Co. KG|Main board with integrated trusted platform module for a computer device and method for producing a main board with integrated trusted platform module|
    法律状态:
    2015-07-27| PLFP| Fee payment|Year of fee payment: 2 |
    2016-02-19| PLSC| Search report ready|Effective date: 20160219 |
    2016-05-13| CA| Change of address|Effective date: 20160413 |
    2016-07-20| PLFP| Fee payment|Year of fee payment: 3 |
    2018-05-25| ST| Notification of lapse|Effective date: 20180430 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1457855A|FR3024915B1|2014-08-18|2014-08-18|DEVICE AND METHOD FOR PROVIDING SECURE PLATFORM MODULE SERVICES|FR1457855A| FR3024915B1|2014-08-18|2014-08-18|DEVICE AND METHOD FOR PROVIDING SECURE PLATFORM MODULE SERVICES|
    EP15159616.0A| EP2988243B1|2014-08-18|2015-03-18|Device and method to insure secure platform module services|
    US14/674,761| US10275599B2|2014-08-18|2015-03-31|Device and method for providing trusted platform module services|
    CN201510509303.0A| CN105373731B|2014-08-18|2015-08-18|For providing the device and method of credible platform module service|
    CN201910120428.2A| CN110084043A|2014-08-18|2015-08-18|For providing the device and method of credible platform module service|
    CN201520624984.0U| CN204990315U|2014-08-18|2015-08-18|Circuit and smart phone|
    [返回顶部]