(1) Field of the Invention
The present invention relates to a device connectable to a server, and including: a storing unit which stores a plurality of pieces of software and a plurality of certificates that are associated with the plurality of pieces of the software and are used to verify the plurality of pieces of the software; and an executing unit which verifies the plurality of pieces of the software using the certificates and executes the plurality of pieces of the software after the verification.
(2) Description of the Related Art
Initiatives such as the Trusted Computing Group's (TCG) Mobile Trusted Module (MTM) documents TCG Mobile Reference Architecture version 1.0 12 Jun. 2007 and TCG Mobile Trusted Module Specification version 1.0 12 Jun. 2007 describe how to start-up a device in an assured and trusted fashion. These methods have been thoroughly reviewed to ensure that trust and security is maintained throughout the boot process, so provide a useful baseline for those wanting to implement a device that can boot securely. A key component of this secure boot process is a RIM Certificate. This is a signed structure that defines what the current expected platform state should be, represented by a hash of a set of Platform Configuration Registers (PCRs), which themselves contain known, publically defined hash values. These PCRs act as integrity measurement information that may be recorded in RIM Certificates to define an expected machine state. In addition, the RIM Certificate also specifies a PCR to be extended if the current state is verified. This extend process takes a specified PCR and calculates a new hash value based on the previous PCR value concatenated with a new known value defined within the RIM Certificate. A typical secure boot sequence as defined by the TCG starts with the initialisation and self-verification of the core components such as the roots of trust for verification and for measurement (the RTV+RTM), the MTM itself and associated core MTM interface components. Next, additional components that support other parts of the firmware are started in a trusted fashion, for example, each of them is verified on their starting by another component having been booted before them. And finally the operating system runs to provide a secure and trusted path for client applications to access MTM services.
The TCG specifications provide facilities for auditing, recognising that portable devices such as mobile phones have limited resources. Although they define these auditing features are optional with an MTM, but this makes problems shown below.
In TCG specifications, the RIM certificates can be updated. However, the specification does not show how to update the RIM certificates in a system which has one or more optional components.
Here, optional components mean, for example, application software which can be activated after extra contract by a user. Here, “activated (or enabled)” means changing a state of the application software to a state the user can run the application software. Unless the software is activated, the user cannot use the application software, even if the application software itself is pre-installed in the machine or downloaded from a server.
As described above, whether an optional component is activated or not is depending on, for example, each user's decision. So, the server for sending updated RIM certificates to the machine needed to know which components are activated for each machine in order to send updated certificates corresponding to the activated components.
However, it is very cumbersome and takes much cost to make a customized set for each machine.
In US Patent application publication 2005/0138414 by Zimmer et al a verified boot method with optional components is disclosed, but it does not teach how to solve this problem.
In U.S. Pat. No. 6,477,648 by Schell et al a verified boot method with components that may fail verification is disclosed, but it does not teach how to solve this problem.
What is needed, therefore, is a machine and a server for updating certificates without making a customized set of updated certificates for each machine even if the machine has optional components.