Secure booting of a computing device with authorized and trusted software is important to original equipment manufacturers (OEMs), network service providers that provide wireless and/or wired network connectivity to the computing device, and the end user of the device. The OEM has an interest in protecting the devices that they manufacture from running unauthorized software that could damage or degrade the performance of the device. Network service providers, such as wide-area network (WAN), cable Internet providers, WiFi network providers, have an interest in preventing unauthorized software from being run on computing devices utilizing their networks, because such unauthorized software may degrade the performance of the network, the computing device, or both. The end user has an interest in protecting their device from running unauthorized software which could damage their computing device (perhaps even beyond repair) or which may compromise the security of sensitive data on the computing device.
When the device is booted, the secure software is loaded into volatile memory of the computing device by a boot loader and authenticated before the computing device becomes fully operational. Computing devices may be configured to operate in a low power mode in which some components of the computing device are powered down to conserve power. Mobile computing devices, such as a smartphone, smartwatch, tablet, or laptop computer, may be configured to enter a low power operating mode to conserve power of a battery or other onboard power source. Other computing devices may have external power supplies, but enter into a low power mode to reduce power consumption by the computing device when the device is idle. However, when the computing device exits the low power mode, the computing device may need to completely reload and re-authenticate any secure executable content that was loaded and authenticated at the time that the device was initially booted from a cold boot to ensure that all of the required software is available in volatile memory and that the software has not been corrupted or modified.
An example method for operating a computing device according to the disclosure includes determining whether a threshold condition for exiting a first power mode has been satisfied, identifying one or more segments of a volatile memory that were powered down while the computing device was operating in the first power mode responsive to the threshold condition being satisfied, identifying one or more segments of software that were stored in the one or more segments of the volatile memory that were powered down, restoring, from a non-volatile memory, the one or more segments of the software to the one or more segments of the volatile memory that were powered down, and authenticating the one or more segments of the software.
Implementations of such a method can include one or more of the following features. Booting the computing device, using the software, in a second power mode responsive to authenticating the one or more segments of the software restored to the volatile memory, the first power mode being a lower power mode than the second power mode. Powering up the one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode responsive to the threshold condition being satisfied. Identifying the one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode includes determining the based on a power mode type associated with the first power mode. Determining the one or more segments of the volatile memory includes determining the one or more segments of the volatile memory based on a hardware configuration of the computing device. Executing a power mode recovery handler stored in one or more other memory segments that were not powered down while operating the computing device in the first power mode. Determining the first power mode under which to operate the computing device, selecting one or more memory banks to be powered down based on the first power mode, and powering down the selected memory banks. The software can include secure executable software. The secure executable software can include a secure executable software image.
An example computing device according to the disclosure includes means for determining whether a threshold condition for exiting a first power mode has been satisfied, means for identifying one or more segments of a volatile memory that were powered down while the computing device was operating in the first power mode responsive to the threshold condition being satisfied, means for identifying one or more segments of software that were stored in the one or more segments of the volatile memory that were powered down, means for restoring, from a non-volatile memory, the one or more segments of the software to the one or more segments of the volatile memory that were powered down, and means for authenticating the one or more segments of the software.
Implementations of such an apparatus can include one or more of the following features. Means for booting the computing device, using the software, into a second power mode responsive to authenticating the one or more segments of the software restored to the volatile memory, the first power mode being a lower power mode than the second power mode. Means for powering up the one or more segments of the volatile memory that were powered down during the first power mode responsive to the threshold condition being satisfied. The means for identifying one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode includes means for determining the one or more segments of the volatile memory based on a power mode type associated with the first power mode. The means for determining the one or more segments of the volatile memory includes means for determining the one or more segments of the volatile memory based on a hardware configuration of the computing device. Means for executing a power mode recovery handler stored in one or more segments of the volatile memory that were not powered down while the computing device was operating in the first power mode. Means for determining the first mode under which to operate the computing device, means for selecting one or more memory banks to be powered down based on the first power mode, and means for powering down the selected memory banks. The software can include secure executable software. The secure executable software can include a secure executable software image.
An example computing device according to according to the disclosure includes a volatile memory, a non-volatile memory, software for booting the computing device stored in the non-volatile memory, and a processor communicatively coupled to the volatile memory and the non-volatile memory. The processor is configured to determine whether a threshold condition for exiting a first power mode has been satisfied, identify one or more segments of the volatile memory of the volatile memory that were powered down during the first power mode responsive to the threshold condition being satisfied, identify one or more segments of software that were stored in the one or more segments of the volatile memory that were powered down, restore, from the non-volatile memory, the one or more segments of the software to the one or more segments of the volatile memory that were powered down, and authenticate the one or more segments of the software restored to the non-volatile memory.
Implementations of such a computing device can include one or more of the following features. The processor is further configured to boot the computing device using the software into a second power mode responsive to authenticating the one or more segments of the software copied to the volatile memory. The processor is further configured to power up the one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode responsive to the threshold condition being satisfied. The processor being configured to identify one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode is further configured to determine the one or more segments of the volatile memory based on a power mode type associated with the first power mode. The processor is configured to determine the one or more segments of the volatile memory based at least in part on a hardware configuration of the computing device. The processor is further configured to execute a power mode recovery handler stored in one or more segments of the volatile memory that were not powered down while the computing device was operating in the first power mode. The processor is further configured to determine the first mode under which to operate the computing device, select one or more memory banks to be powered down based on the first power mode, and power down the selected memory banks. The software can include secure executable software. The secure executable software can include a secure executable software image.
An example non-transitory, computer-readable medium, having stored thereon computer-readable instructions for operating a computing device, according to the disclosure includes instructions configured to cause the computing device to determine whether a threshold condition for exiting a first power mode has been satisfied, identify one or more segments of a volatile memory that were powered down while computing device was operating in the first power mode responsive to the threshold condition being satisfied, identify one or more segments of software that were stored in the one or more segments of the volatile memory that were powered down, restore, from a non-volatile memory, the one or more segments of the software to the one or more segments of the volatile memory that were powered down, and authenticate the one or more segments of the software.
Implementations of such a non-transitory, computer-readable medium can include one or more of the following features. Instructions configured to cause the computing device to boot the computing device, using the software, into a second power mode responsive to authenticating the one or more segments of the software restored to the volatile memory. Instructions configured to cause the computing device to power up the one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode responsive to determining that the threshold condition has been satisfied. The instructions configured to cause the computing device to identify one or more segments of the volatile memory that were powered down while the computing device was operating in the first power mode include instructions configured to cause the computing device to determine the one or more segments of the volatile memory based on a power mode type associated with the first power mode. The instructions configured to cause the computing device to determine the one or more segments of the volatile memory include instructions configured to cause the computing device to determine the one or more segments of the volatile memory based on a hardware configuration of the computing device. Instructions configured to cause the computing device to execute a power mode recovery handler stored in one or more segments of the volatile memory that were not powered down while the computing device was operating in the first power mode. Instructions configured to cause the computing device to determine the first power mode under which to operate the computing device, select one or more memory banks to be powered down based on the first power mode, and power down the selected memory banks. The software can include secure executable software. The secure executable software can include a secure executable software image.
Like reference symbols in the various drawings indicate like elements, in accordance with certain example implementations.
Described herein are methods, systems, devices, computer readable media, and other implementations, for operating a computing device in one or more power modes. When performing a cold-boot, the computing device can be configured to execute a boot-loader that loads and authenticates a secure executable software (for example, an image) that contains software, data, configuration parameters, and other information for booting up and operating the computing device. The computing device can be configured to operate in one or more low power modes to conserve power. The computing device can be configured to power down various components of the computing device that are not necessary to the operation of the computing device while in a particular low power mode in order to conserve power. The computing device can be configured to maintain hardware, software, or a combination thereof configured to cause the computing device to exit from one power mode and to enter into another power mode responsive to predetermined conditions. For example, the computing device transitions from a first power mode to a second power mode where the first power mode is a lower power mode than the first power mode or vice versa. One of the power modes may be a full power mode of operations in which the power consumption of the computing device has not been reduced. The particular conditions that trigger the computing device to enter into the low power operating mode or exit from the low power operating mode can depend on the hardware, software, and the configuration of the particular device. Some devices may be configured to be capable of entering into more than one low power mode, where each low power reduces the power consumption and/or the functionality of the device to a different extent compared to a full power mode in which no steps to reduce power consumption by the computing device have been taken. One way that the computing device can be configured to reduce power consumption is by powering down at least a portion of the volatile memory of the computing device. Powering down the volatile memory of the computing device causes the information stored therein to be lost. If at least a portion of this information includes executable software required to operate the computing device in another power mode and the computing device exits the current power mode to this other power mode, then the lost information must be recovered from the secure executable image stored in non-volatile memory and re-authenticated before the device can be booted up in the other power mode. In conventional computing devices, the entire secure executable image would need to be reloaded and re-authenticated in this situation. This approach can add significant latency to the process of returning the device the normal operating mode from a low power operating mode. The techniques disclosed herein can improve the speed at which the computing device can return to full operational mode after entering into a low power operating mode by determining which information was lost due to components of the computing device being powered down in the low power operating mode and to selectively reload and re-authenticate only those components that need to be recovered. These techniques can significantly improve the performance of the computing device when exiting from a low power operating mode without compromising the security of the computing device.
The computing device comprises an integrated circuit 110 that includes a processor 115 and a read-only memory (ROM) 120. The integrated circuit 110 can be a system on a chip (SoC) or other similar device that integrates components of a computing device on an integrated circuit. The ROM 120 comprises non-volatile memory that can only be read once the data has been written to the memory and retains the data even if power to the ROM 120 is lost. The ROM 120 can comprise programmable read-only memory (PROM), field-programmable read-only memory (FPROM), one-time programmable non-volatile memory (OTP NVM), and/or other forms of digital memory in which each bit of data is represented by a fuse or antifuse. Other types of read-only memory can also be used.
The computing device 100 can also include a volatile memory 150 and a non-volatile memory 160. The volatile memory 150 and/or the non-volatile memory 160 may be included on the integrated circuit 110 or one or both of the volatile memory 150 and the non-volatile memory 160 may be external to the integrated circuit 110. Where the volatile memory 150 and/or the non-volatile memory 160 are located external to the integrated circuit 110, these components can be communicatively coupled to the processor 115 and/or other components of the integrated circuit 110 via a data bus. The volatile memory 150 can comprise memory that is configured to maintain the data stored therein while power is provided to the volatile memory 150. The contents of the volatile memory 150 will be lost if the power supply to the computing device 100 is lost. The volatile memory 150 can comprise synchronous dynamic random-access memory (SDRAM), double data rate synchronous dynamic random-access memory (DDR SDRAM), other types of volatile memory, or a combination thereof.
The volatile memory 150 can be configured such that portions of the volatile memory 150 can be powered down while retaining power to the remaining portions of the volatile memory 150, and thus, retaining the contents of the portions of the volatile memory that are not powered down. Portions of the volatile memory 150 and other components of the computing device 100 can be configured to be powered down when the computing device 100 enters into a low power mode in order to reduce power consumption by the computing device 100. The size of the portions of the volatile memory 150 that may be independently powered down can vary based on the particular hardware implementation of the volatile memory 150. Some implementations of the volatile memory 150 can be divided into memory banks which may be independently powered down or powered up. Each memory bank comprises a logical unit of storage that is dependent on the hardware implementing the volatile memory 150. The size of a memory bank may be determined by a memory controller associated with the integrated circuit 110 (not shown) and the organization of hardware components of the volatile memory 150. SDRAM and DDR SDRAM can be organized into memory banks that comprise multiple rows and columns of storage units that may be spread out over more than one integrated circuit. The size of a memory bank may be determined by number of bits in a column and a row of memory. The number of bits comprising a memory bank can depend on the memory bus width. Thus, the size of a memory bank may be equal to the number of bits that may be read in a read operation or the number of bits that may be written in a write operation.
The non-volatile memory (NVM) 160 comprises persistent memory that is configured to maintain the data stored therein even if power to the non-volatile memory 160 is lost. The non-volatile memory 160 can be configured to be written to multiple times. The NVM 160 can comprise flash memory, other types of non-volatile memory, or a combination thereof. The non-volatile memory 160 can be used to store a secure executable image 140a that includes executable program code, configuration data, and/or other information that can be used to boot the computing device 100. The secure executable image 140a can include executable program code, configuration data, and/or other information that can be used to operate the computing device 100 in one or more low power modes and a full power mode in which components or portions thereof of the computing device 100 have not been powered down in order to reduce power consumption by the computing device 100. The secure executable image 140a can also include executable program code, configuration data, and/or other information that can be used to place the computing device 100 in a low power mode and to return the computing device to the full power mode from a low power mode. Contents of the secure executable image 140a can be copied from the NVM 160 to the volatile memory 150 (represented by secure executable image 140b) during a cold boot process in which the computing device 100 is started up from a powered down state in which the operating system, startup applications, and various hardware components are powered up and configured to operate the computing device 100 in the full power mode. The secure executable image 140b and/or other software can be stored in the NVM 160 and copied to the volatile memory 150. One or more segments of such software may need to be restored to segments of the volatile memory 150 that were powered down when the computing device 100 entered into a low power state.
The ROM 120 can include a primary boot loader 125 that comprises executable program code and configuration data for starting the boot process. The primary boot loader 125 can be stored in a portion of the ROM 120 that the processor 115 is configured to access at the start of the boot process. The primary boot loader 125 can be configured to copy the secondary boot loader 180a from the NVM 160 to the volatile memory 150 and to begin executing the secondary boot loader 180b from the volatile memory 150, to authenticate the secondary boot loader, and to hash-verify the secondary boot loader. The secondary boot loader can be hash-verified by generating a hash value of the secondary boot loader executable content and comparing the hash value to a reference hash value to determine whether the secondary boot loader has been corrupted or altered. If this authentication and verification fails, then the primary boot loader 125 can be configured to abort the boot process. The specific authentication and validation performed by the primary boot loader 125 can vary from implementation to implementation. The secondary boot loader 180b can be configured to copy the contents of the secure executable image 140a from the NVM 160 to the volatile memory 150, to authenticate the contents, and to hash-verify the contents. If this authentication and verification fails, then the secondary boot loader 180b can be configured to abort the boot process. The secondary boot loader 180b can be configured to continue booting the computing device 100 into the full power mode utilizing the secure executable image 140b stored in the volatile memory 150. As discussed above, when the computing device 100 enters into a low power mode, one or more segments of the volatile memory 150 can be powered down to conserve power. The examples that follow in
The memory banks 255a-255d of the volatile memory do not contain any data at this stage. The contents of the volatile memory 150 would have been lost when the memory was powered down prior to the cold boot of the computing device 100. While the volatile memory 150 illustrated in
The memory banks 255a-255d of the volatile memory do not contain any data at this stage. The contents of the volatile memory 150 would have been lost when the memory was powered down prior to the cold boot of the computing device 100. While the volatile memory 150 illustrated in
The computing device 100 can be configured to support each of the three example low power modes illustrated in
A determination whether a threshold condition for exiting a first power has been satisfied can be made (stage 305). The first power mode can be configured to exit the first power mode and to operate under a second power mode responsive to the threshold condition being satisfied. The first power mode is a lower power mode than the second power mode, meaning that the computing device 100 is configured to consume less power overall when operating in the first power mode than in the second power mode. The executable program code included in the secure executable image 140b in a memory bank of the volatile memory 150 that has not been powered down in response to the computing device 100 entering into the first power mode can include a power mode recovery handler. The processor 115 can be configured to periodically execute the power mode recovery handler to determine whether one or more conditions have been satisfied to exit the first power mode (or whichever power mode under which the computing device happens to be operating). For example, user activity on the computing device 100 may have been detected through inputs received via one or more user interfaces of the computing device 100, one or more sensors of the computing device 100 may have detected a condition which the computing device 100 should respond to by exiting the low power mode, the expiration of a timer which indicates that the computing device 100 should exit the first power mode. In some implementations, the computing device 100 can be configured to enter into one or more types of low power mode in which different components of the computing device or portions of these components are powered down in order to conserve power. Each of these low power modes may be associated with one or more threshold conditions that must be satisfied before the computing device 100 will be triggered to enter into and one or more threshold conditions that must be satisfied before the computing device 100 will be triggered to exit from that particular low power mode. The power mode recovery handler can be configured to proceed to stage 310 responsive to the one or more threshold conditions for exiting the first power mode being satisfied. Otherwise, the power mode recovery handler can return to stage 305 until being executed again by the processor 115 of the computing device 100. Alternatively, each power mode can be associated with one or more threshold conditions that must be satisfied before the computing device 100 will be triggered to enter into the power mode, and the computing device 100 can be configured to exit the low power mode responsive to the one or more entry conditions for another low power mode being satisfied.
One or more segments of the volatile memory that were powered down during the low power mode can be identified responsive to the one or more threshold conditions having been satisfied (stage 310). The power mode recovery handler can be configured to determine which of the memory banks of the volatile memory 150 were powered down in response to the computing device 100 entering into the first power mode. Information indicating which memory banks were powered down may be stored in a portion of the volatile memory 150 that was not powered down or in the NVM 160. A power mode type can be associated with each power mode, and the power mode type can be used to look up which components of the computing device 100 were powered down in response to operating the computing device in that power mode. The power mode recovery handler can be configured to access this information and to determine which memory banks were powered down. The secure executable image 140a can also include information can be used by the power mode recovery handler to determine which memory banks were powered down. Other components of the computing device 100 may have also been powered down while the computing device was operating in the first power mode. The power mode recovery handler can be configured to determine which other components of the computing device 100 were also powered down while the computing device was operating in the first power mode.
One or more segments of software that were stored in the one or more segments of the volatile memory that were powered down can be identified (stage 315). The software can comprise a secure executable image, such as the secure executable image 140b. The power mode recovery handler can also configured to identify the segments of the secure executable image 140b that were stored in the memory banks that were powered down and to copy the corresponding segments from the secure executable image 140a stored in the NVM 160 to the respective memory bank of the volatile memory 150 from which the data was lost when the memory bank was powered down.
One or more segments of the secure image can be restored, from the non-volatile memory, to the one or more segments of the volatile memory that were powered down (stage 320). The power mode recovery handler can be configured to copy the one or more segments of the secure executable image 140a to the volatile memory 150 to replace the segments of the secure executable image 140 that were lost when the memory banks of the volatile memory were powered down. The power mode recovery handler can be configured to access this information and to determine which segments of the secure executable image 140b were stored in the memory banks that were powered down. The secure executable image 140a can also include information can be used by the power mode recovery handler to determine which segments of the secure executable image 140b were stored in memory banks that were powered down.
The one or more segments of the secure image copied to the volatile memory can be authenticated and/or hash-verified (stage 325). The power mode recovery hander can be configured to authenticate the segments that were copied to the volatile memory 150 to ensure that the segments have not been corrupted or manipulated by an attacker or by malicious code that had been executed on the computing device 100. The power mode recovery handler can be configured to authenticate and/or hash-verify each of the one or more segments. The power mode recovery handler can be configured to hash-verify each of the one or more segment by computing a hash value of the segment that was copied to the volatile memory 150 and to compare the hash value to a hash value stored in the secure executable image 140a. The hash value can be stored in a hash segment of the secure executable image 140a, such as the hash segment 245h illustrated in the example of
The computing device can be booted using the secure image into the second power mode responsive to authenticating the one or more segments of the software restored to the volatile memory (stage 330). As discussed above, the first power mode is a lower power mode than the second power mode. Once the secure executable image 140b and/or other software has been recovered in the volatile memory 150 and the segments of the secure executable image 140b that were recovered have been authenticated, the processor 115 can be configured to execute a boot sequence using executable content from the secure executable image 140b to boot the computing device in the full power mode. An advantage of this approach is that the computing device 100 can recover from the low power mode much faster than would be possible in conventional approaches to recovery from such a low power mode, in which the entire secure executable image would need to be recopied to the volatile memory 150 from the NVM 160 and re-authenticated.
A primary boot loader can be executed from a read-only memory (stage 405). A secondary boot loader can be loaded from non-volatile memory to volatile memory (stage 410). The processor 115 can be configured to execute the primary boot loader 125 located in the ROM 120 of the integrated circuit 110. The primary boot loader can be configured to perform initial setup functions including copying a secondary boot loader 180a from the NVM 160 to create a copy of the secondary boot loader 180b in the volatile memory. The secondary boot loader can be authenticated and hash-verified prior to executing the secondary boot loader. If the authentication or verification of the secondary boot loader fails, then the boot process can be aborted.
The secondary boot loader can be executed (stage 415). The primary boot loader 125 can be configured to cause the processor 115 to jump to the secondary boot loader 180b loaded into the volatile memory 150. The secondary boot loader 180b, when executed, can be configured to set up and execute core components of the operating system, applications, configure hardware components of the computing device 100, and to perform other functions to cause the computing device 100 to operate in at predetermined power operating mode.
One or more secure executable images can be loaded from the non-volatile memory 160 into the volatile memory 150 (stage 420). The secondary boot loader can be configured to copy, authenticate, and hash-verify each of the one or more secure executable images that are loaded into the volatile memory 150. Should the authentication or verification fail, the secondary boot loader can be configured to abort the boot process. Other software can be loaded in addition to the secure executable image(s) and the other software can be authenticated and hash-verified.
The one or more secure executable images can be executed to cause the computing device to boot up to the predetermined power mode (stage 425). The secondary boot loader 180b can be configured to access and execute one or more components off the secure executable image 140b as the secondary boot loader 180b is configuring the computing device 100 for operation. The power mode recovery handler and power mode entry handler can be loaded into the volatile memory 150 by the secondary boot loader 180b for handling of entry into and recovery from the power modes supported by the computing device 100.
A determination that a threshold condition for entering a power mode can be made (stage 505). The executable program code included in the secure executable image 140a and the secure executable image 140b can include a power mode entry handler. The power mode entry handler can be configured to monitor activity on the computing device 100 for certain events and to transition the computing device 100 from one power mode to another power mode in order to conserve power. The threshold condition can include determining that the computing device 100 has been in an idle state for a predetermined period of time, determining that the current time or date and time falls within a predetermined range during which the computing device 100 is expected to be in a low power mode, and/or other criteria.
A power mode under which the device can be operated can be determined (stage 510). The power mode can be a power mode that is a lower power mode than that under which the computing device 100 is currently operating. The power mode can be selected to conserve power by reducing the amount of power consumed by the computing device 100 overall. The power mode entry handler can be configured to determine the power mode based on the threshold criteria that were satisfied. Where the computing device 100 is capable of supporting more than one power mode, the power mode entry handler can be configured to enter a power mode associated with the threshold criteria that were satisfied. The power mode entry criteria for each of the power modes can be defined in the secure executable image 140a, or may be included in the ROM 120 or the NVM 160.
One or more memory banks to be powered down can be selected based on the power mode determined in stage 510 (stage 515). The power mode entry handler can be configured to select one or more memory banks based on the power mode determined in stage 510. The power mode entry handler can be configured to select memory banks to be powered down that do not include executable program code, configuration data, or other information needed to operate the power mode entry handler and the power mode recovery handler. The number of memory banks that are powered down can depend on the configuration of the hardware comprising the volatile memory 150, the capacity of an onboard power source (if one is present), the configuration of other components of the computing device 100, and the amount by which the power consumption of the computing device is desired to be reduced.
The selected memory banks can be powered down (stage 520). The power mode entry handler can be configured to power down the selected one or more memory banks of the volatile memory 150. Other components of the computing device 100 can also be powered down in response to the determination to enter the low power mode. The particular components to be powered down can be determined based on the low power mode that the device is entering into. The power mode recovery handler can be executed periodically to determine whether a threshold condition or conditions associated with the low power mode have been satisfied and can be configured to restore the operation of the computing device 100 in the second power mode as discussed with respect to
As shown, the computing device 600 can include a network interface 605 that can be configured to provide wired and/or wireless network connectivity to the computing device 600. The network interface can include one or more local area network transceivers that can be connected to one or more antennas. The one or more local area network transceivers comprise suitable devices, circuits, hardware, and/or software for communicating with and/or detecting signals to/from one or more of the WLAN access points, and/or directly with other wireless devices within a network. The network interface 605 can also include, in some implementations, one or more wide area network transceiver(s) that can be connected to the one or more antennas. The wide area network transceiver can comprise suitable devices, circuits, hardware, and/or software for communicating with and/or detecting signals from one or more of, for example, the WWAN access points and/or directly with other wireless devices within a network.
The processor(s) (also referred to as a controller) 610 can be connected to the network interface and/or other components of the computing device 600. The processor can include one or more microprocessors, microcontrollers, and/or digital signal processors that provide processing functions, as well as other calculation and control functionality. The processor 610 can be coupled to storage media (e.g., memory) 615 for storing data and software instructions for executing programmed functionality within the mobile device. The memory 615 can be on-board the processor 610 (e.g., within the same IC package), and/or the memory can be external memory to the processor and functionally coupled over a data bus.
A number of software modules and data tables can reside in memory 615 and can be utilized by the processor 610 in order to manage both communications with remote devices/nodes, and/or perform the various security processes disclosed herein. As illustrated in
The application module 620 can be a process running on the processor 610 of the computing device 600, which can request information from the application module 620 or other data from one of the other modules of the computing device 600. Applications typically run within an upper layer of the software architectures and can be implemented in a rich execution environment of the computing device 600. The application module 620 can be configured to perform one or more of the processes disclosed herein.
The processor 610 can include a trusted execution environment 680 and/or the computing device 600 may include a secure component 690. The trusted execution environment 680 and/or the secure component 690 can be used to implement at least a portion of the processes disclosed herein. The trusted execution environment 680 and/or the secure component 690 can be used to provide a secure computing environment for implementing the processes disclosed herein that can prevent the unauthorized party from tampering with and/or potentially disabling the processes disclosed herein.
The trusted execution environment 680 can be implemented as a secure area of the processor 610 that can be used to process and store sensitive data. The trusted execution environment 680 can be configured to execute trusted applications that provide end-to-end security for sensitive data by enforcing confidentiality, integrity, and protection of the sensitive data stored therein. The trusted execution environment 680 can be used to store encryption keys, secure application program code, and/or other sensitive information.
The computing device 600 can include a secure component 690 (also referred to herein as a trusted component). The computing device can include the secure component 690 in addition to or instead of the trusted execution environment 680. The secure component 690 can comprise autonomous and tamper-resistant hardware that can be used to execute secure applications and/or processes. The secure component 690 can be used to implement the processes for mitigating attacks on the baseband process disclosed herein and may implement these processes in combination with the trusted execution environment 680. The secure component 690 can be configured to store sensitive data and to provide confidentiality, integrity, and protection to the data stored therein. The secure component 690 can be used to store encryption keys, user data, and/or other sensitive data. The secure component 690 can be integrated with the hardware of the computing device in a permanent or semi-permanent fashion can be used to securely store data and/or provide a secure execution environment for applications.
The computing device 600 can further include a user interface 650 providing suitable interface systems, such as a microphone/speaker 655, a keypad 660, and a display 665 that allows user interaction with the computing device 600. The microphone/speaker 655. The keypad 660 can comprise suitable buttons for user input. The display 665 can include a suitable display, such as, for example, a backlit LCD display, and can further include a touch screen display for additional user input modes.
Computer programs (also known as programs, software, software applications or code) include machine instructions for a programmable processor, and may be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms “processor-readable medium” and “machine-readable medium” refer to any non-transitory computer program product, apparatus and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a non-transitory machine-readable medium that receives machine instructions as a machine-readable signal.
Memory may be implemented within the computing-based device or external to the device. As used herein the term “memory” refers to any type of long term, short term, volatile, nonvolatile, or other memory and is not to be limited to any particular type of memory or number of memories, or type of media upon which memory is stored.
If implemented in-part by hardware or firmware along with software, the functions may be stored as one or more instructions or code on a computer-readable medium. Examples include computer-readable media encoded with a data structure and computer-readable media encoded with a computer program. Computer-readable media includes physical computer storage media. A storage medium may be any available medium that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage, semiconductor storage, or other storage devices, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer; disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly or conventionally understood. As used herein, the articles “a” and “an” refer to one or to more than one (i.e., to at least one) of the grammatical object of the article. By way of example, “an element” means one element or more than one element. “About” and/or “approximately” as used herein when referring to a measurable value such as an amount, a temporal duration, and the like, encompasses variations of ±20% or ±10%, ±5%, or +0.1% from the specified value, as such variations are appropriate in the context of the systems, devices, circuits, methods, and other implementations described herein. “Substantially” as used herein when referring to a measurable value such as an amount, a temporal duration, a physical attribute (such as frequency), and the like, also encompasses variations of ±20% or ±10%, ±5%, or +0.1% from the specified value, as such variations are appropriate in the context of the systems, devices, circuits, methods, and other implementations described herein.
As used herein, including in the claims, “or” as used in a list of items prefaced by “at least one of” or “one or more of” indicates a disjunctive list such that, for example, a list of “at least one of A, B, or C” means A or B or C or AB or AC or BC or ABC (i.e., A and B and C), or combinations with more than one feature (e.g., AA, AAB, ABBC, etc.). Also, as used herein, unless otherwise stated, a statement that a function or operation is “based on” an item or condition means that the function or operation is based on the stated item or condition and may be based on one or more items and/or conditions in addition to the stated item or condition.
As used herein, a mobile device or station (MS) refers to a device such as a cellular or other wireless communication device, a smartphone, tablet, personal communication system (PCS) device, personal navigation device (PND), Personal Information Manager (PIM), Personal Digital Assistant (PDA), laptop or other suitable mobile device which is capable of receiving wireless communication and/or navigation signals, such as navigation positioning signals. The term “mobile station” (or “mobile device” or “wireless device”) is also intended to include devices which communicate with a personal navigation device (PND), such as by short-range wireless, infrared, wireline connection, or other connection—regardless of whether satellite signal reception, assistance data reception, and/or position-related processing occurs at the device or at the PND. Also, “mobile station” is intended to include all devices, including wireless communication devices, computers, laptops, tablet devices, etc., which are capable of communication with a server, such as via the Internet, WiFi, or other network, and to communicate with one or more types of nodes, regardless of whether satellite signal reception, assistance data reception, and/or position-related processing occurs at the device, at a server, or at another device or node associated with the network. Any operable combination of the above are also considered a “mobile station.” A mobile device may also be referred to as a mobile terminal, a terminal, a user equipment (UE), a device, a Secure User Plane Location Enabled Terminal (SET), a target device, a target, or by some other name.
While some of the techniques, processes, and/or implementations presented herein may comply with all or part of one or more standards, such techniques, processes, and/or implementations may not, in some embodiments, comply with part or all of such one or more standards.
The present Application claims the benefit of and priority to U.S. Provisional Application Ser. No. 62/466,207 entitled “SELECTIVE RESTORATION AND AUTHENTICATION OF A SECURE IMAGE,” filed Mar. 2, 2017, which is assigned to the assignee hereof, and expressly incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
62466207 | Mar 2017 | US |