(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2003/0014663 A1
`Sormunen et al.
`(43) Pub. Date:
`Jan. 16, 2003
`
`US 20030014663A1
`
`(54) METHOD FOR SECURING AN
`ELECTRONIC DEVICE, ASECURITY
`SYSTEMAND AN ELECTRONIC DEVICE
`(75) Inventors: Toni Sormunen, Lempaala (FI); Risto
`Ronkka, Tampere (FI); Antti Kiiveri,
`Oulu (FI)
`Correspondence Address:
`WARE FRESSOLAWAN DER SLUYS &
`ADOLPHSON, LLP
`BRADFORD GREEN BUILDING 5
`755 MAIN STREET, PO BOX 224
`MONROE, CT 06468 (US)
`
`(73) Assignee: Nokia Corporation
`
`(21) Appl. No.:
`
`10/173,569
`
`22) Filled:
`
`Jun. 14, 2002
`
`(30)
`
`Foreign Application Priority Data
`
`Jun. 15, 2001 (FI)............................................. 2OO11278
`Publication Classification
`(51) Int. Cl." ....................................................... H04L 9/00
`(52) U.S. Cl. .............................................................. 713/200
`(57)
`ABSTRACT
`s the T.R.
`R a's t to a
`d
`thneSS Of an electronic deVIce. At leaSt IrSt and Secon
`check-up data are Stored in the electronic device. In the
`method, a boot program is started, in which boot program at
`least first and Second boot Steps are taken. In the first boot
`Step, the trustworthiness of Said at least first check-up data
`is examined, wherein if the check-up shows that Said at least
`first check-up data is trusted, Said Second check-up data
`related to at least the Second boot Step is examined to
`confirm the trustworthiness of the second boot step. If the
`check-up shows that at least one Second check-up data
`related to the Second boot Step is trusted, Said Second boot
`Step is taken after Said first boot Step.
`p
`p
`
`
`
`
`
`
`
`
`
`
`
`2b
`
`2e
`
`DSP
`
`OTPROM
`
`4-MSMGR.
`EXPANSION3a
`
`
`
`IPR2020-01218
`Sony EX1013 Page 1
`
`

`

`Patent Application Publication Jan. 16, 2003 Sheet 1 of 6
`
`US 2003/0014663 A1
`
`
`
`
`
`$3
`
`
`
`
`
`
`
`
`
`
`
`
`
`i
`
`5
`
`IPR2020-01218
`Sony EX1013 Page 2
`
`

`

`Patent Application Publication
`
`Jan. 16, 2003 Sheet 2 of 6
`
`US 2003/0014663 A1
`
`
`
`
`
`CIESSE? He! WOO
`
`
`
`
`
`
`
`d
`
`C
`O
`
`l
`O
`D
`I
`?
`
`|| X|OOTE
`
`LOO™E
`
`
`
`XOOT WIS
`
`*
`
`*--------+---------------------à
`
`
`
`
`
`Bºn IVNOIS, F?R?
`
`IPR2020-01218
`Sony EX1013 Page 3
`
`

`

`Patent Application Publication
`
`Jan. 16, 2003 Sheet 3 of 6
`
`US 2003/0014663 A1
`
`G09
`
`CY)
`O)
`
`SLNENOd|NOO
`
`~ | 09
`
`
`
`
`
`
`
`
`
`IPR2020-01218
`Sony EX1013 Page 4
`
`

`

`Patent Application Publication
`
`Jan. 16, 2003 Sheet 4 of 6
`
`US 2003/0014663 A1
`
`
`
`
`
`
`
`
`
`
`
`61
`
`
`
`?07 GICI
`
`IPR2020-01218
`Sony EX1013 Page 5
`
`

`

`Patent Application Publication Jan. 16, 2003 Sheet 5 of 6
`
`US 2003/0014663 A1
`
`SECURING
`
`START-UP OF THE FIRST BOOT BLOCK
`5011 OF THE BOOT PROGRAM
`
`502
`
`COMPUTE DIGITAL SIGNATURE ON BASIS OF
`DATA STORED IN ROM
`
`503
`
`COMPARE WITH DIGITAL SIGNATURE
`STORED N ROM
`
`505
`
`
`
`
`
`COMPUTE DIGITAL SIGNATURE FROM
`DAA OF SECOND BOOT BLOCK STORED
`N FLASH MEMORY
`
`506
`
`COMPARE WITH DGITAL SIGNATURE
`STORED IN FLASH MEMORY
`
`YES
`
`507
`
`COMPUTE DIGITAL SIGNATURE OF
`SOFTWARE STORED IN FLASH MEMORY
`
`
`
`
`
`508
`
`50
`
`COMPARE WITH DIGITAL SIGNATURE
`STORED IN FLASH MEMORY
`
`
`
`
`
`START OTHER
`PROGRAM/PROGRAMS
`
`Fig. 5
`
`504
`-
`
`END
`
`IPR2020-01218
`Sony EX1013 Page 6
`
`

`

`Patent Application Publication
`
`US 2003/0014663 A1
`
`|
`
`909909|
`809 )|
`
`| 09
`
`| 09
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IPR2020-01218
`Sony EX1013 Page 7
`
`

`

`US 2003/0014663 A1
`
`Jan. 16, 2003
`
`METHOD FOR SECURING AN ELECTRONIC
`DEVICE, ASECURITY SYSTEMAND AN
`ELECTRONIC DEVICE
`
`TECHNICAL FIELD OF THE INVENTION
`0001. The present invention relates to a method for
`Securing an electronic device, a Security System and an
`electronic device
`0002 The present invention relates to a method for
`Securing the trustworthiness of an electronic device, in
`which electronic device at least first and Second check-up
`data are Stored, in which method the Start-up of a boot
`program is performed. The invention also relates to a System
`for Securing the trustworthiness of an electronic device, in
`which electronic device at least first and Second check-up
`data are Stored, and the electronic device comprises means
`for Starting a boot program. The invention further relates to
`an electronic device comprising means for Securing the
`trustworthiness of an electronic device, in which electronic
`device at least first and Second check-up data are Stored, and
`the electronic device also comprises means for Starting a
`boot program. The invention also relates to a program for
`Securing the trustworthiness of an electronic device, in
`which electronic device at least first and Second check-up
`data are Stored, and which program includes program com
`mands for performing the Start-up of a boot program, as well
`as a storage means for Storing a program used for Securing
`the trustworthiness of an electronic device, in which elec
`tronic device at least first and Second check-up data are
`stored, and which program includes program commands for
`performing the Start-up of a boot program.
`
`BACKGROUND OF THE INVENTION
`0003) A variety of electronic devices apply program
`mable control means, Such as microprocessors, microcon
`trollers, programmable logics, and/or application-specific
`programmable integrated circuits. Such electronic devices
`contain Stored Software consisting of one or more programs
`containing e.g. program commands required for the opera
`tion of the electronic device. In the Storage of Such Software,
`a memory is used, of which at least a part is a non-volatile
`memory, i.e. the content of the memory is retained even if
`the operating Voltage of the memory is cut off. Such memo
`ries include for example a read-only memory (ROM), a
`programmable ROM (PROM) and an electrically erasable
`PROM (EEPROM). At least a part of the memory is
`normally integrated in the electronic device, but in addition,
`the memory can be increased in many applications by means
`of, for example, a memory expansion board. One Such
`memory expansion board is the So-called Flash memory
`card. The Flash memory is a kind of EEPROM type memory
`whose content can be changed by electrical programming.
`The contents of the Flash memory will be retained even after
`the cutting off of the operating Voltages. By means of Such
`an expansion memory, it is easy to provide the electronic
`device with new Software, memory capacity for Storing, for
`example, photographs in a digital camera, for Setting access
`rights e.g. in a mobile Station, etc. The installation of
`Software in an electronic device can also be performed, in a
`way known as Such, by using other Storage means, Such as
`a diskette, a CD-ROM, or a DVD.
`0004.
`It is relatively easy to copy software stored on
`Storage means, wherein Software providers have developed
`
`various methods to prevent the use of copied Software. One
`Such method is to use a product ID or the like. Thus, upon
`Starting the program, the user must enter this product ID in
`the electronic device before the program can be used.
`However, a problem with Such an arrangement is that in
`connection with copying of the program, the user may have
`obtained this product ID from the owner of the original
`Software, and also the copied program can then be used. On
`the other hand, even if the user of the copied software did not
`know the product ID, the user may try to find out the
`Structure of the program protection, for example by reverse
`engineering or debugging, wherein the object code of the
`program is converted to the Source code. Thus, the user may
`Succeed in decrypting the copy protection and in modifying
`the program, for example, in Such a way that the copy
`protection is off, or in Such a way that the user resolves the
`required product ID on the basis of the object code. To make
`Such a possibility more difficult, programs have been devel
`oped, in which it is checked at intervals, during the running
`of the program, that the program has not been tampered
`with. Thus, the mere decryption of the copy protection upon
`the booting does not necessarily make it possible to use the
`copied Software for a longer time, unless the user is capable
`of determining the Structure of Such copy protection.
`0005. It is known to connect a given program unequivo
`cally to a given device in Such a way that the program cannot
`be used in another device. This can be done, for example, by
`modifying the Software on the basis of the hardware-specific
`Serial number or by Supplying an installation program which
`is only functionable in one device on the basis of the
`hardware-specific Serial number. These Solutions have the
`drawback that this protection can be broken up by modifying
`either the Software or the hardware.
`0006 To aggravate debugging, an attempt can be made to
`complicate at least the copy protection part and/or the
`Storage of the product ID in connection with the program
`code, wherein it becomes more difficult to break up the copy
`protection. One Such Solution is presented e.g. in the inter
`national patent application WO 00/77597.
`0007. The U.S. Pat. No. 5,131,091 presents a method in
`which a program Stored on a memory card is protected by
`scrambling the content of the program code with XOR
`operations. In the Scrambling, an encryption bit String Stored
`in a non-volatile memory is used, and finding out the String
`has been made as difficult as possible. A different encryption
`bit String is used on memory cards Supplied to different
`USCS.
`0008. A user who has legally acquired the Software may
`also need to Secure the origin of the Software, because in
`Some cases, a third party may attempt to Supply versions
`modified from original programs and to market them as
`original programs. Such Software may contain, for example,
`an added virus, or the Software is provided with a So-called
`back door, through which the manufacturer of the modified
`Software may even have access to the local area network of
`a firm which has installed this modified Software. In some
`cases, the modified Software is provided with the property of
`transmitting, for example, user identifications and pass
`words entered by the user in the electronic device e.g. via a
`data network Such as the Internet to the manufacturer of the
`modified Software, without the user noticing this. To Secure
`the origin of the Software, the program can be provided with
`
`IPR2020-01218
`Sony EX1013 Page 8
`
`

`

`US 2003/0014663 A1
`
`Jan. 16, 2003
`
`a digital signature, on the basis of which the user can
`establish the authenticity of the original Software.
`0009. In addition to the copy protection of programs,
`there is also a need to protect other information Stored in
`connection with electronic devices, to prevent misuse. For
`example, the restriction of access rights to a Specific user or
`Specific users is, in connection with Some electronic devices,
`arranged So that the user has a personal Smart card, wherein,
`to use the electronic device, the user inserts the Smart card
`in a card connector provided in the electronic device. AS
`auxiliary authentication, it is also possible to use a user
`identification, wherein upon turning on of the electronic
`device, the user must enter this user identification before the
`electronic device can be used. Such an arrangement is
`applied e.g. in many mobile communication networks, Such
`as the GSM mobile communication network and the UMTS
`mobile communication network. In a mobile Station to be
`used in Such a mobile communication network, a Smart card
`is inserted, which is called a SIM (Subscriber Identity
`Module) in the GSM system and a USIM (Universal Sub
`scriber Identity Module) in the UMTS system. In such a
`Smart card, the Service provider of the mobile communica
`tion network has already Set certain Subscriber Specifica
`tions, Such as the International Mobile Subscriber Identifier
`(IMSI). The user identification is also stored in this smart
`card, wherein the Smart card checks the user identification
`when the mobile station is turned on.
`0.010 However, the above-presented solutions do not
`solve the problem that a third party modifies the Software in
`Such a way that it can use it itself either in another device or
`change the operation of the program in this device. Such a
`problem has come up e.g. in connection with mobile Sta
`tions, in which it has been possible to access the Services of
`a mobile communication network free of charge by making
`a copy of a mobile Station. The Software and the interna
`tional mobile equipment identity (IMEI) of the copied
`mobile Station are identical with those in the original mobile
`Station. A copy is also made of the Smart card which is
`installed in the copied mobile station. Thus, the mobile
`Switching centre does not distinguish between the original
`mobile Station and the copied one.
`0.011
`Yet another drawback in the prior art encryption
`Solutions of Software and other data is that if the same
`encryption key is used for encrypting large quantities of
`information, the decryption of the encryption key may be
`Successful by analyzing Such encrypted information.
`0012. With an increase in the data processing capabilities
`of portable devices, more information can be stored in them,
`which may also be confidential or otherwise Such informa
`tion that must not be revealed to an outsider. The carrying of
`portable devices will, however, increase the risk that the
`portable device is lost or Stolen, wherein an attempt must be
`made to protect the information Stored in it with an encryp
`tion method. For portable devices, it is normally possible to
`determine a password which the user must enter in the
`device at the Stage of turning on, until the device can be
`normally used. However, Such a protection is relatively easy
`to pass, because the passwords used are normally relatively
`Short, typically having a length of less than ten characters.
`On the other hand, even if no attempt were made to find out
`the password, the information contained in the device can be
`accessed, for example, by transferring the Storage means,
`
`Such as a fixed disk, into another device. If the information
`contained in the Storage means is not in encrypted format,
`the information Stored in the Storage means can be easily
`found out.
`0013. It is known that information needed by the user or
`the device can be encrypted with one key, the encrypted
`information can be stored in the memory of the device, and
`it can be decrypted with another key. The key used in
`asymmetric encryption is different from the key used in
`decryption. Correspondingly, the key used in Symmetric
`encryption is the same as the key used in decryption. In
`asymmetric encryption, these keys are normally called a
`public key and a personal key. The public key is intended for
`encryption and the personal key is intended for decryption.
`Although the public key may be commonly known, it can
`normally not be used to easily determine the personal key
`corresponding to the public key, wherein it is very difficult
`for an outsider to find out information encrypted with this
`public key. One example of a System based on the use of
`such a public key and a personal key is the PGP system
`(Pretty Good Privacy), in which the user encrypts the
`information to be transmitted with the public key of the
`receiver, and the receiver will then open the encrypted
`information with his/her personal key. However, there are
`considerable drawbacks in the systems of prior art. Effective
`Symmetric keys consist of about 100 bits, whereas asym
`metric keys consist of about 1000 to 2000 or even up to 4000
`bits. If the key String is too short, it is relatively easy to break
`up with modern data processing equipment which has been
`called the brute force attack. This problem is particularly
`Significant in portable data processing and communicating
`devices, in which also the limited processing capacity pre
`vents the use of long keys.
`SUMMARY OF THE INVENTION
`It is an aim of the present invention to provide an
`0014.
`improved method for Securing an electronic device in Such
`a way that a given program is Set to function in a given
`electronic device only. The invention is based on the idea
`that the boot-up is Set to consist of at least two steps in Such
`a way that in the first Step, first check-up data is verified, and
`if the first check-up data is correct, Second check-up data
`related to the Second booting Step is verified, wherein if also
`the Second check-up data is correct, it is possible to Start the
`Second booting Step.
`0015 More precisely, a method for securing the trust
`Worthiness of an electronic device, in which electronic
`device at least first and Second check-up data are Stored, in
`which method the Start-up of a boot program is performed,
`according to a first aspect of the present invention, is
`primarily characterized in that, in the boot program, at least
`first and Second check-up data are Stored, in which method
`the Start-up of a boot program is performed, wherein in the
`boot program, at least first and Second boot Steps are taken,
`that in the first bootstep, the trustworthiness of at least said
`first check-up data is examined, wherein if the check-up
`shows that Said at least first check-up data is trusted, at least
`Said Second check-up data related to the boot Step is exam
`ined to confirm the trustworthiness of the Second boot Step,
`wherein if the check-up shows that Said at least one Second
`check-up data related to the Second bootstep is reliable, Said
`Second Start-up step is taken after Said first boot Step.
`0016 A system for securing trustworthiness of an elec
`tronic device, in which device at least first and Second
`
`IPR2020-01218
`Sony EX1013 Page 9
`
`

`

`US 2003/0014663 A1
`
`Jan. 16, 2003
`
`check-up data are Stored, and the device comprises means
`for Starting a boot program, according to a Second aspect of
`the present invention, is primarily characterized in that the
`System further comprises means for Starting a boot program,
`wherein the System comprises means for running the boot
`program in at least first and Second boot Steps, means for
`examining the trustworthiness of at least Said first check-up
`data in Said first boot Step, and means for examining Said
`Second check-up data related to at least a Second Start-up
`Step to confirm the trustworthiness of the Second boot Step,
`wherein if Said at least first check-up data and Said at least
`one Second check-up data related to the Second bootstep are
`reliable on the basis of Said check-ups, Said Second bootstep
`is arranged to be performed after Said first boot Step.
`0.017. An electronic device comprising means for secur
`ing trustworthiness of an electronic device, in which device
`at least first and Second check-up data are Stored, and the
`device comprises means for Starting a boot program, accord
`ing to a third aspect of the present invention, is primarily
`characterized in that the electronic device comprises means
`for running the boot program in at least first and Second boot
`Steps, means for examining the trustworthiness of at least
`Said first check-up data in Said first bootstep, and means for
`examining Said Second check-up data related to at least a
`second boot step to confirm the trustworthiness of the
`Second boot Step, wherein if Said at least first check-up data
`and Said at least one Second check-up data related to the
`Second bootstep are reliable on the basis of Said check-ups,
`Said Second boot Step is arranged to be performed after said
`first boot step.
`0.018
`Further, the software for securing the trustworthi
`neSS of an electronic device, in which at least first and
`Second check-up data are Stored, and which Software
`includes program commands for performing the Start-up of
`a boot program, according to a fourth aspect of the present
`invention, is primarily characterized in that the Software also
`comprises program commands for performing at least first
`and Second boot Steps in the boot program, program com
`mands for examining the trustworthiness of at least Said first
`check-up data in the first boot Step, program commands for
`examining at least Said Second check-up data related to the
`Second Start-up Step to Secure the trustworthiness of the
`Second boot Step, program commands for performing Said
`Second bootstep after said first boot Step if Said at least first
`check-up data and Said at least one Second the check-up data
`related to the second boot step are reliable on the basis of
`Said check-ups.
`0.019
`Further, the storage means for storing a program
`used for Securing the trustworthiness of an electronic device,
`in which electronic device at least first and Second check-up
`data are Stored, and which program includes program com
`mands for performing the Start-up of a boot program,
`according to a fifth aspect of the present invention is
`primarily characterized in that the program Stored in the
`Storage means also comprises program commands for per
`forming at least first and Second boot Steps in the boot
`program, program commands for examining the trustwor
`thiness of at least Said first check-up data in the first boot
`Step, program commands for examining at least Said Second
`check-up data related to the Second boot Step to Secure the
`trustworthiness of the Second boot Step, program commands
`for performing Said Second Start-up Step after Said first boot
`Step if Said at least first check-up data and Said at least one
`
`Second check-up data related to the Second boot Step are
`reliable on the basis of Said check-ups.
`0020. The present invention shows remarkable advan
`tages compared to Solutions of prior art. In the electronic
`device according to the invention, the equipment identity is
`Stored in a memory which is made as difficult as possible to
`modify. Furthermore, in an advantageous embodiment, the
`equipment identity is verified with a digital Signature,
`wherein the public key or Some key identification informa
`tion used in the Verification is Stored in the electronic device.
`Thus, by checking the digital Signature, it is possible to
`Verify, with a high probability, whether the digital Signature
`corresponds to the equipment identity of the electronic
`device. One equipment identity is Set permanently in the
`device and another is Set in the signed data which is called
`a certificate. Now, by checking the Signature, it is possible
`to find out the authenticity and author of the certificate. It is
`thus verified that the permanent equipment identity of the
`device and the equipment identity contained in the certificate
`are identical. By the method according to the invention, it
`can be Secured that only a given program operates in a
`Specific electronic device. It is thus possible to significantly
`reduce the economic losses to program providers, caused by
`the copying of Software. It is also possible to improve the
`position of the users of electronic devices, because, by the
`Solution of the invention, the operation of pirate electronic
`devices and Software can be made significantly more diffi
`cult. Thus, the authorized user will not be charged any costs
`for the use of Such a copied electronic device which corre
`sponds to the user's electronic device. By the method of the
`invention, the origin of the Software can be verified, wherein
`the user of the Software can be relatively Sure that the origin
`of the Software corresponds to that indicated, and that the
`Software does not contain any viruses, back doors, or the
`like. The invention also makes it possible that the software
`of the electronic device cannot be modified in an unautho
`rized manner So that it would function after the modifica
`tions.
`0021. In the electronic device according to the invention,
`the size of the internal read-only memory of the circuit can
`be kept relatively Small, because the integrity of the pro
`grams on the external memory (flash or Some other type if
`memory) can be verified inside the chip. This also makes it
`possible that a majority of the programs of the electronic
`device can also be replaced after the manufacture of the
`electronic device, and also the planning of the programs is
`CSC.
`0022. In an advantageous embodiment of the invention,
`the equipment identity used in the control of the access
`rights of the programs is independent of the possible IMEI
`code of the electronic device. Thus, the manufacturer of the
`device may change the IMEI code, if necessary. Further
`more, the length of the equipment identity can be shorter
`than the IMEI, wherein upon Storing the equipment identity,
`a Smaller quantity of expensive memory capacity will be
`required than when applying Solutions of prior art.
`
`DESCRIPTION OF THE DRAWINGS
`0023. In the following, the invention will be described in
`more detail with reference to the appended drawings, in
`which
`
`IPR2020-01218
`Sony EX1013 Page 10
`
`

`

`US 2003/0014663 A1
`
`Jan. 16, 2003
`
`0024 FIG. 1 shows an electronic device according to a
`preferred embodiment of the invention in a simplified block
`diagram,
`0.025
`FIG. 2 shows the structure of a boot program in an
`electronic device applying the method according to an
`advantageous embodiment of the invention,
`0.026
`FIG. 3 illustrates the manufacturing and delivery
`of Software to an electronic device by a Security System
`according to an advantageous embodiment of the invention,
`0.027
`FIG. 4 illustrates the manufacturing and delivery
`of Software to an electronic device by a Security System
`according to another advantageous embodiment of the
`invention,
`0028 FIG. 5 shows the operation of a boot program
`according to a preferred embodiment of the invention in a
`flow chart, and
`0029 FIG. 6 shows a known principle on forming a
`digital signature.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`0030 The following is a description on the operation of
`an electronic device 1 according to an advantageous
`embodiment of the invention in connection with the method
`of the invention. The electronic device 1 used can be any
`electronic device which contains means for running pro
`grams. Advantageously, the electronic device 1 preferably
`comprises operating System Software or the like, by which
`the essential functions of the electronic device are controlled
`and by which the running of other programs (applications)
`can be controlled in the electronic device 1. Non-restrictive
`examples of Such electronic devices 1 to be mentioned in
`this context are a mobile Station and a computer.
`0031. The electronic device 1 according to an advanta
`geous embodiment of the invention, shown in FIG. 1,
`comprises a control block 2 containing means 2a for running
`programs. These means comprise, for example, a central
`processing unit CPU. A digital Signal processing unit DSP
`2b may also be included. In addition, the control block 2
`preferably comprises an application Specific integrated cir
`cuit ASIC 2c, in which it is possible to implement, for
`example, at least part of the logic functions of the electronic
`device. Furthermore, the control block 2 of the electronic
`device 1 shown in FIG. 1 is preferably provided with a
`read-only memory 2d, of which at least a part is a one time
`programmable ROM (OTPROM) 2e, and a random access
`memory 2f. However, it is obvious that these memories 2d,
`2e, 2f can also be implemented as memories Separate from
`the control block 2. The electronic device also comprises
`memory means 3 outside the control block, preferably
`comprising at least a read-only memory 3a, a programmable
`read-only memory 3b and a random access memory 3c. At
`least a part of the read-only memory 3a is implemented in
`Such a way that its content cannot be changed by the user.
`It is also possible to connect a memory expansion to the
`electronic device 1 of FIG. 1, by placing a memory expan
`Sion block 4 in memory connection means 5. The memory
`expansion block 4 is, for example, a Flash memory card, but
`also other memory expansion means can be applied in
`connection with the invention. Preferably, the electronic
`device 1 is also provided with a user interface UI which
`
`comprises a display 6, a keyboard 7, and audio means 8,
`Such as an earpiece/a Speaker and a microphone. The elec
`tronic device 1 according to an advantageous embodiment of
`the invention, shown in FIG. 1, also comprises means 9 for
`performing mobile Station functions, for example a GSM
`mobile station and/or a UMTS mobile station. Furthermore,
`the electronic device 1 preferably comprises means 10 for
`connecting an identity card 11, Such as a SIM card and/or a
`USIM card, to the electronic device 1.
`0032 FIG. 2 shows the structure of the boot program of
`the electronic device 1, in which the method according to an
`advantageous embodiment of the invention is applied. The
`boot program is divided into at least two boot blocks P1, P2,
`of which the first boot block P1 performs the initial booting
`operations of the first step. The second boot block P2
`performs further check-ups in a situation in which no errors
`to prevent the start-up were detected in the first boot block.
`0033. The security method according to the present
`invention, consisting of at least two Steps, functions in the
`following way. The operation is illustrated in the flow chart
`of FIG. 5. In the start-up of the electronic device 1, the
`control block 2 starts to run the boot program (block 501 in
`FIG. 5). This is performed in a way known as such by
`Setting the address register of the control block 2 to a given
`initial address containing that program command of the boot
`program which is to be performed first. This program
`command is located in a first boot block P1. After this, the
`running of the program is preferably continued by taking the
`required Steps for initializing the device, which are prior art
`known by anyone skilled in the art and do not need to be
`discussed in this context. The first boot block P1 comprises
`a first check-up step to check first check-up data (first
`Security data). In the first check-up step e.g. the device ID or
`the like stored in the one time programmable ROM 2d will
`be checked (block 502). This device ID is indicated by the
`reference DID in FIG. 2. Furthermore, it is possible to check
`that the program code of the first boot block P1 has not been
`modified. The checking is preferably performed in the
`control block 2 by computing a digital Signature by using at
`least said device identity DID and possibly also at least part
`of the boot program Stored in the read-only memory 2d, 2e.
`In the computing of the digital Signature, the Same algorithm
`and the same data are used, by which the digital Signature
`was computed in connection with the manufacture of the
`electronic device 1 by a Secret key of the device manufac
`turer, as will be presented below in this description. This
`digital Signature is preferably Stored in the programmable
`read-only memory 3b (indicated with reference S1 in FIG.
`2), but it is obvious that it can also be stored, for example,
`in the same read-only memory 2d, 2e in which the device
`identity DID has been stored. The digital signature can be
`verified by using the public key PK1 which corresponds to
`the Secret key used in the Signature and is Stored in the
`read-only memory 2d, 2e. After the computing of the digital
`Signature, a comparison is made between the digital Signa
`ture computed in the control block 2 and the digital Signature
`S1 Stored in the one time programmable read-only memory
`2d, 2e (block 503). If the comparison shows that the digital
`Signatures match, it is possible to continue the booting. In
`other cases, it is obvious that an attempt has been made to
`modify the electronic device 1 and/or the identity data DID
`contained in it and/or the boot program, wherein as a result,
`the normal operation of the device is prevented, for example
`by Switching off the electronic device (block 504). This part
`
`IPR2020-01218
`Sony EX1013 Page 11
`
`

`

`US 2003/0014663 A1
`
`Jan. 16, 2003
`
`of the boot program which makes the checking is Stored in
`the memory of the electronic device 1 in Such a way that it
`cannot be changed withoutbreaking the electronic device 1.
`One useful Solution is to use the internal, one time program
`mable read-only memory 2e of the control block 2 for the
`Storage. When the booting is continued, the next Step is to
`take the Second check-up Step of the boot program before
`starting any other programs PG1, PG2, PG3. The program
`code corresponding to the Second check-up step is in the first
`boot block P1. In the second check-up step, the authenticity
`of the