发明名称 |
Ticket-based personalization |
摘要 |
Securely installing and booting software of a device to run OS authorized according to a ticket that is validated by a nonce generated by application processor (AP) in booted OS stage prior to entering a restore mode is described. AP in booted OS stage generates a pre-flight nonce that is stored in a trusted location (effaceable storage). AP in booted OS stage performs one-way hash of pre-flight nonce and sends the hashed pre-flight nonce to ticket authorization server. AP enters restore mode. AP in first stage bootloader receives a ticket from the ticket authorization server including a signed copy of the hashed pre-flight nonce. AP in first stage bootloader validates the signed ticket by comparing one-way hash of the pre-flight nonce stored in the trusted location and the hashed nonce in the signed ticket. Pre-flight nonce expires after timeout period and upon reboot of AP. Other embodiments are also described. |
申请公布号 |
US8607343(B2) |
申请公布日期 |
2013.12.10 |
申请号 |
US201113246802 |
申请日期 |
2011.09.27 |
申请人 |
GOSNELL JASON D.;HAUCK JERROLD V.;BROUWER MICHAEL;TOELKES TAHOMA;APPLE INC. |
发明人 |
GOSNELL JASON D.;HAUCK JERROLD V.;BROUWER MICHAEL;TOELKES TAHOMA |
分类号 |
G06F12/14;G06F7/04;H04L9/00;H04L9/28;H04L9/32;H04L29/06 |
主分类号 |
G06F12/14 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|