Claims:

1. A method (200) for location based secure boot, the method comprising:
receiving (210), by a boot controller (1), coordinates of a geographic location of a computing platform/device (6) from a navigation receiver module (2);
reading (220), by the boot controller (1), a territory map from a storage device (3) for validating the geographic location of the computing device (6);
determining (230), by the boot controller (1), whether the coordinates of the geographic location of the computing device (6) are within the territory map for validating the geographic location of the computing device (6); and
enabling (240), by the boot controller (1), power to the computing device (6) through a power management module (4) and enabling a boot code storage device (5) to provide a boot code to the computing device (6) for booting the computing device (6), if the geographic location of the computing device (6) is within the territory map.

2. The method as claimed in claim 1, further comprising disabling, by the boot controller (1), the power and boot code to the computing device (6), if the geographic location of the computing device (6) is not within the territory map.

3. The method as claimed in claim 1, wherein the storage device (3) stores the territory map for validating the geographic location of the computing device and stores boot code (BIOS) for the computing device.

4. The method as claimed in claim 1, further comprising booting of the boot controller (1) using auxiliary power.

5. The method as claimed in claim 1, further comprising updating, by the boot controller (1), the territory map stored in the storage device (3).

6. The method as claimed in claim 1, further comprising re-validating, by the boot controller (1), the coordinates of the geographic location of the computing device (6) at different stages of power sequence during booting of the computing device, and after booting of the computing device.

7. A system for location based secure boot, the system comprising:
a boot controller (1) configured to receive coordinates of a geographic location of a computing platform/device (6) from a navigation receiver module (2) coupled to the boot controller (1) through a first interface(I/F1);
a storage device (3) configured to store a territory map and provide the stored territory map to the boot controller (1) to validate the geographic location of the computing platform/device (6), where the storage device (3) is coupled to the boot controller (1) through a fourth interface(I/F4);
the boot controller (1) further configured to determine whether the coordinates of the geographic location of the computing device (6) are within the territory map to validate the geographic location of the computing device (6), and
if the geographic location of the computing device (6) is within the territory map, the boot controller (1) enables power to the computing device (6) through a power management module (4) coupled to the boot controller (1) through a third interface(I/F3) and enables a boot code storage device (5) to provide a boot code to the computing device (6) for booting the computing device (6), where the boot code storage device (5)is coupled to the boot controller (1) through a second interface (I/F2).

8. The system as claimed in claim 7, wherein a fifth interface (I/F5) is coupled to the boot controller (1) to upload the territory map whenever an update is required and further the boot controller (1) updates the territory map stored in the storage device (3).

9. The system as claimed in claim 7, wherein the boot controller (1) disables the power and boot code to the computing device (6), if the geographic location of the computing device (6) is not within the territory map.

10. The system as claimed in claim 7, wherein the storage device (3) stores a boot code (BIOS) for the computing device.

11. The system as claimed in claim 7, wherein the boot controller (1) boots up using auxiliary power.
, Description:FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003
COMPLETE SPECIFICATION
(See section 10, rule 13)

“A METHOD AND SYSTEM FOR LOCATION BASED SECURE BOOTING FOR COMPUTING PLATFORMS”
By
BHARAT ELECTRONICS LIMITED
WITH ADDRESS: OUTER RING ROAD, NAGAVARA, BANGALORE 560045, KARNATAKA, INDIA

The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD OF THE INVENTION

[0001] The present disclosure/invention relates generally to booting of computing devices and more particularly, to a method and system for location based secure booting for computing platforms.
BACKGROUND OF THE INVENTION

[0002] Generally, a secure booting of computing devices is always a prime importance in defense and other critical scenarios. As the technology is increased, the thread of hardware/ software hack is also increased. In case of portable computing devices, the unauthorized access to a system and theft or use of system at unauthorized places is a risk for data protection and for system hardware. Protecting the booting code with CRC, having multiple copies of boot code or operating system to detect tampering, using multilevel boot stages are used in multiple implementations for secure boot.
[0003] One of the prior art discloses a computing system configured to boot securely with two operating systems stored in different memory devices. The first memory device contains first operating system, second memory device contains second operating system. A first security module provides authentication for first operating system, second security module provides authentication for second operating system. If first security module is connected to one or more processor, any one of the operating system can be connected based on selection line. When first security module is not connected, second OS is selected for booting.
[0004] Another prior art discloses a baseband secure boot with remote storage. A secure boot system wherein there are two non-volatile memories. First Non-volatile memory (smaller one) is connected to processor and a second non-volatile memory is remotely connected to processor with the help of antenna and electronic device. It contains operating system, associated data and configuration of the integrated circuit. The first non-volatile memory verifies the embedded operating system in second non-volatile memory. The anti-replay information is used to verify that the embedded operating system is not tampered.
[0005] Another prior art discloses a secure boot for vehicular systems. A vehicular system where in ECUs communicate with each other for diagnostics and proper functioning of vehicular systems. To avoid cyberattacks in case of vehicular systems this prior art provides a scheme wherein a secure boot system consisting of primary ECU and secondary ECU. The primary ECU performs self-verification by verification script stored in the ROM of primary ECU. The second level of security is done by throwing a question to secondary ECU and validating its response thus establishing a chain of trust.
[0006] Further prior art discloses a secure boot and runtime tamper detection in systems. There are two redundant operating systems (OS), verity hashes determine that one of the two redundant operating system images is secure and initiate verification of such operating system image to determine if such operating system image has indications of tampering. Hashing is at operating system level. The BIOS checks for variables indicating secure or unsecure operating system and boots with secure operating system. The Integrated kernel image with initial file root system loads root file system (in third partition) and initiate verification using verity hashes. If verity hashes found error the variables used by BIOS to detect secure copy of OS are updated by kernel code. Once booted the OS also checks for runtime tampering and accordingly updates variables.
[0007] Further prior art discloses a secure boot download computations based on host transport conditions. A secure patches P1 and P2 (A patch contains no of packet) is transmitted from host to a target over a physical transport media (like UART, USB, I2C etc.). If the packet differs (i.e., invalid CRC or checksum) from earlier received packet, then verification fails and stops further performance. If packet received matches, then it proceeds for secondary level of verification with other received packets. It uses RSA and SHA algorithms on received packets for verifications at primary and secondary level. This prior art indicates that the target can be GNSS, a transceiver, a network interface module or Wi-Fi, Bluetooth, NFC modules.
[0008] Further prior art discloses secure boot for multi-core processor. This prior art discloses a secure boot based on chain of trust for multi-core processor systems wherein first stage of trust is hardware trust or a public key. Subsequent stages are based on trust or verification from previous stages. If any stage compromised secure boot stops and further stages are not booted.
[0009] Furthermore, prior art discloses an electronic apparatus and secure boot method thereof. This includes at least two connecting devices and a storage device. The current configuration is read from connecting device and it is compared against the multiple preset configurations stored in storage device. If there is mismatch found processor goes to shut down. The preset configurations are normally last boot configuration stored in storage device. This implementation mainly talks about USB as connective devices and its configurations.
[0010] Therefore, there is a need in the art with a method and system for location based secure booting for computing platforms to solve the above-mentioned limitations.
SUMMARY OF THE INVENTION
[0011] An aspect of the present invention is to address at least the above-mentioned problems and/or disadvantages and to provide at least the advantages described below.
[0012] Accordingly, in one aspect of the present invention relates to a method (200) for location based secure boot, the method comprising: receiving (210), by a boot controller (1), coordinates of a geographic location of a computing platform/device (6) from a navigation receiver module (2), reading (220), by the boot controller (1), a territory map from a storage device (3) for validating the geographic location of the computing device (6), determining (230), by the boot controller (1), whether the coordinates of the geographic location of the computing device (6) are within the territory map for validating the geographic location of the computing device (6) and enabling (240), by the boot controller (1), power to the computing device (6) through a power management module (4) and enabling a boot code storage device (5) to provide a boot code to the computing device (6) for booting the computing device (6), if the geographic location of the computing device (6) is within the territory map.
[0013] Another aspect of the present invention relates to a system for location based secure boot, the system comprising: a boot controller (1) configured to receive coordinates of a geographic location of a computing platform/device (6) from a navigation receiver module (2) coupled to the boot controller (1) through a first interface (I/F1), a storage device (3) configured to store a territory map and provide the stored territory map to the boot controller (1) to validate the geographic location of the computing platform/device (6), where the storage device (3) is coupled to the boot controller (1) through a fourth interface (I/F4), the boot controller (1) further configured to determine whether the coordinates of the geographic location of the computing device (6) are within the territory map to validate the geographic location of the computing device (6), and if the geographic location of the computing device (6) is within the territory map, the boot controller (1) enables power to the computing device (6) through a power management module (4) coupled to the boot controller (1) through a third interface (I/F3) and enables a boot code storage device (5) to provide a boot code to the computing device (6) for booting the computing device (6), where the boot code storage device (5) is coupled to the boot controller (1) through a second interface (I/F2).
[0014] Other aspects, advantages, and salient features of the invention will become apparent to those skilled in the art from the following detailed description, which, taken in conjunction with the annexed drawings, discloses exemplary embodiments of the invention.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0015] The detailed description is described with reference to the accompanying figures.
[0016] Figure 1 shows a block diagram of a system required for location based secure booting of the computing platform according to an exemplary implementation of the present disclosure/ invention.
[0017] Figure 2 shows a flowchart and method for location based secure booting for computing platforms according to an exemplary implementation of the present disclosure/invention.
[0018] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative methods embodying the principles of the present disclosure. Similarly, it will be appreciated that any flow charts, flow diagrams, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.

DETAILED DESCRIPTION OF THE INVENTION

[0019] The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of exemplary embodiments of the invention as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. In addition, descriptions of well-known functions and constructions are omitted for clarity and conciseness.
[0020] The terms and words used in the following description and claims are not limited to the bibliographical meanings, but, are merely used by the inventor to enable a clear and consistent understanding of the invention. Accordingly, it should be apparent to those skilled in the art that the following description of exemplary embodiments of the present invention are provided for illustration purpose only and not for the purpose of limiting the invention as defined by the appended claims and their equivalents.
[0021] It is to be understood that the singular forms “a,” “an,” and “the” include plural referents unless the context clearly dictates otherwise. Thus, for example, reference to “a component surface” includes reference to one or more of such surfaces.
[0022] By the term “substantially” it is meant that the recited characteristic, parameter, or value need not be achieved exactly, but that deviations or variations, including for example, tolerances, measurement error, measurement accuracy limitations and other factors known to those of skill in the art, may occur in amounts that do not preclude the effect the characteristic was intended to provide.
[0023] Figures discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way that would limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged communications system. The terms used to describe various embodiments are exemplary. It should be understood that these are provided to merely aid the understanding of the description, and that their use and definitions in no way limit the scope of the invention. Terms first, second, and the like are used to differentiate between objects having the same terminology and are in no way intended to represent a chronological order, unless where explicitly stated otherwise. A set is defined as a non-empty set including at least one element.
[0024] In the following description, for purpose of explanation, specific details are set forth in order to provide an understanding of the present disclosure. It will be apparent, however, to one skilled in the art that the present disclosure may be practiced without these details. One skilled in the art will recognize that embodiments of the present disclosure, some of which are described below, may be incorporated into a number of systems.
[0025] However, the systems and methods are not limited to the specific embodiments described herein. Further, structures and devices shown in the figures are illustrative of exemplary embodiments of the presently disclosure and are meant to avoid obscuring of the presently disclosure.
[0026] It should be noted that the description merely illustrates the principles of the present invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described herein, embody the principles of the present invention. Furthermore, all examples recited herein are principally intended expressly to be only for explanatory purposes to help the reader in understanding the principles of the invention and the concepts contributed by the inventor to furthering the art and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass equivalents thereof.
[0027] The various embodiments of the present invention describe about a secure booting of computing platforms. The present invention discusses about a novel way of secure booting, which is location based secure boot. In portable computing systems used in critical scenarios, a location based secure boot can be used in combination of other secure boot methods. The location based secure boot control of computing devices allows system to boot only in set or assigned territory to allow data and hardware security and unauthorized activities. The location based secure boot gives additional level of protection to the computing platforms in field.
[0028] In one embodiment, the present invention provides a method and system for location based secure boot comprising of a boot controller, navigation receiver module, storage device for storing territory map, boot code storage device and power management module for computing platform.
[0029] In one embodiment, the boot controller can be Microcontroller/FPGA/CPLD.
[0030] In one embodiment, the navigation receiver module provides live coordinates to boot controller.
[0031] In one embodiment, the storage device stores the territory map for validating the location of the computing device.
[0032] In one embodiment, the boot storage device and location database storage device can be NAND Flash/NOR Flash with parallel or serial interfaces.
[0033] In one embodiment, the territory maps stored in storage device can be updated by boot controller and further, the territory map for the system can be updated frequently.
[0034] In one embodiment, the computing module booting can be controlled by boot controller based on received location coordinates.
[0035] In one embodiment, the booting of a computing device can be controlled by power enabling or by controlling boot storage device.
[0036] In one embodiment, the coordinates can be re-verified at different stages of power sequence during secure boot of computing device.
[0037] In one embodiment, the coordinates can be re-verified during normal operation of computing device.
[0038] Figure 1 shows a block diagram of a system required for location based secure booting of the computing platform according to an exemplary implementation of the present disclosure/ invention.
[0039] The figure shows a block diagram of a system required for location based secure booting of the computing platform. In one embodiment, the system comprising: a boot controller (1) configured to receive coordinates of a geographic location of a computing platform/device (6) from a navigation receiver module/location coordinates receiver (2) coupled to the boot controller (1) through a first interface (I/F1), a storage device (3) configured to store a territory map and provide the stored territory map to the boot controller (1) to validate the geographic location of the computing platform/device (6), where the storage device (3) is coupled to the boot controller (1) through a fourth interface (I/F4), the boot controller (1) further configured to determine whether the coordinates of the geographic location of the computing device (6) are within the territory map to validate the geographic location of the computing device (6), and if the geographic location of the computing device (6) is within the territory map, the boot controller (1) enables power to the computing device (6) through a power management module (4) coupled to the boot controller (1) through a third interface (I/F3) and enables a boot code storage device (5) to provide a boot code to the computing device (6) for booting the computing device (6), where the boot code storage device (5) is coupled to the boot controller (1) through a second interface (I/F2). The boot controller (1) boots up using auxiliary power.
[0040] In the present invention, when the system power switch pressed, the boot controller (1) boots up with the connected memory (3). The boot controller is configured to handle the booting process. The boot code storage device is configured to hold the boot code of the computing device and the navigation satellite receiver module is configured to receive coordinates of the computing platform. The location database storage device (3) is a programmable permanent memory configured to hold location database like territory map.
[0041] The computing device is an actual computing device who’s booting to be enabled or disabled. The computing device may include an electronic device controlled by a CPU, including desktop and laptop computers, smartphones, tablets and etc. The computing device power management module is configured to enable the power for computing device
[0042] In one embodiment, the boot controller can be any programming device like microcontroller/CPLD or FPGA, handles the booting process of the actual computing device.
[0043] The boot controller is connected to a receiver module through first interface (I/F1) to receiver the location coordinates. The boot controller is connected to a location database storage device (3) on fourth interface (I/F4), which hold the territory map within which the computing platform supposed to be used. The fifth interface (I/F5) is coupled to the boot controller (1) to upload the territory map whenever an update is required and further the boot controller (1) updates the territory map stored in the storage device (3). The boot controller run a process to check if its location coordinates fall within the stored territory map. Upon successful evaluation, the boot controller either controls the booting by enabling the boot code storage device connected on interface (I/F2) or it enables the power to the computing platform through third interface (I/F3).
[0044] The boot controller (1) further disables the power and boot code to the computing device (6), if the geographic location of the computing device (6) is not within the territory map. The storage device (3) stores a boot code (BIOS) for the computing device. The navigation receiver module (2) provides live coordinates of the geographic location of the computing device (6) to the boot controller (1).
[0045] Figure 2 shows a flowchart and method for location based secure booting for computing platforms according to an exemplary implementation of the present disclosure/invention.
[0046] The figure shows a flowchart and method for location based secure booting for computing platforms. In one embodiment, the method (200) for location based secure boot, the method comprising: receiving (210), by a boot controller (1), coordinates of a geographic location of a computing platform/device (6) from a navigation receiver module (2), reading (220), by the boot controller (1), a territory map from a location database storage device (3) for validating the geographic location of the computing device (6), determining (230), by the boot controller (1), whether the coordinates of the geographic location of the computing device (6) are within the territory map for validating the geographic location of the computing device (6) and enabling (240), by the boot controller (1), power to the computing device (6) through a power management module (4) and enabling a boot code storage device (5) to provide a boot code to the computing device (6) for booting the computing device (6), if the geographic location of the computing device (6) is within the territory map.
[0047] The method further comprising disabling, by the boot controller (1), the power and boot code to the computing device (6), if the geographic location of the computing device (6) is not within the territory map. The storage device (3) stores the territory map for validating the geographic location of the computing device and stores boot code (BIOS) for the computing device.
[0048] The method further comprises booting of the boot controller (1) using auxiliary power.
[0049] The method further comprises updating, by the boot controller (1), the territory map stored in the storage device (3).
[0050] The method further comprises re-validating, by the boot controller (1), the coordinates of the geographic location of the computing device (6) at different stages of power sequence during booting of the computing device and after booting of the computing device.
[0051] In secure boot method normally a computing device check the CRC code of the boot code. In this method, it is proposed to use the boot controller which is basically required to control the boot sequence of the computing module. The boot controller also being used for on-board health monitoring of the device. The same boot controller can receive the coordinates of the system when connected to a navigation receiver module. The boot controller stores and access the territory map location data from the storage device. This territory data defines the boundary of the computing platform within which it has to be used. The boot controller and other connected devices may power ON using auxiliary power of the system.
[0052] Figures are merely representational and are not drawn to scale. Certain portions thereof may be exaggerated, while others may be minimized. Figures illustrate various embodiments of the invention that can be understood and appropriately carried out by those of ordinary skill in the art.
[0053] In the foregoing detailed description of embodiments of the invention, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description of embodiments of the invention, with each claim standing on its own as a separate embodiment.
[0054] It is understood that the above description is intended to be illustrative, and not restrictive. It is intended to cover all alternatives, modifications and equivalents as may be included within the spirit and scope of the invention as defined in the appended claims. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively.