Securely recovering a computing device

US 10,142,104 B2
Filed: 06/09/2017
Issued: 11/27/2018
Est. Priority Date: 01/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method for updating an application established at a file system of a client device, the method comprising, at the client device:

providing a request to a computing device to update the application, wherein the request includes a version identifier associated with the application;

loading a code image that is received from the computing device into a storage device of the client device, wherein the code image is (i) digitally signed by a signature, (ii) associated with an application package, and (iii) based on the version identifier;

verifying that the code image is trusted by certifying a fingerprint stored in a secure memory of the client device, wherein the fingerprint is associated with a unique device identifier of the client device; and

in response to determining that the code image is trusted;

verifying that an integrity of one or more files of the application package is not compromised, andestablishing the one or more files at the file system by executing the code image; and

in response to determining that the code image is not trusted;

disabling access to the unique device identifier such as to prevent access to user data associated with the client device, andremoving the code image from the storage device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Citations

20 Claims

1. A method for updating an application established at a file system of a client device, the method comprising, at the client device:
- providing a request to a computing device to update the application, wherein the request includes a version identifier associated with the application;
  
  loading a code image that is received from the computing device into a storage device of the client device, wherein the code image is (i) digitally signed by a signature, (ii) associated with an application package, and (iii) based on the version identifier;
  
  verifying that the code image is trusted by certifying a fingerprint stored in a secure memory of the client device, wherein the fingerprint is associated with a unique device identifier of the client device; and
  
  in response to determining that the code image is trusted;
  
  verifying that an integrity of one or more files of the application package is not compromised, andestablishing the one or more files at the file system by executing the code image; and
  
  in response to determining that the code image is not trusted;
  
  disabling access to the unique device identifier such as to prevent access to user data associated with the client device, andremoving the code image from the storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein, subsequent to establishing the one or more files at the file system, the method further comprises:
    - rebooting an operating system of the client device.
  - 3. The method of claim 1, wherein, in response to determining that the integrity of the one or more files is compromised, the method further comprises:
    - preventing the one or more files from being established at the file system.
  - 4. The method of claim 1, wherein determining that the code image is trusted further comprises:
    - verifying the signature of the code image by using the fingerprint.
  - 5. The method of claim 1, wherein, in response to determining that the code image is not trusted, the method further comprises:
    - entering a Device Firmware Upgrade (DFU) mode to perform system management tasks.
  - 6. The method of claim 1, wherein the client device derives a hash value from the code image that is based on the unique device identifier.
  - 7. The method of claim 1, wherein the fingerprint is based on a public key.
  - 8. The method of claim 1, wherein, subsequent to determining that the code image is not trusted, the method further comprises:
    - determining whether the unique device identifier is active; and
      
      in response to determining that the unique device identifier is inactive;
      
      preventing access to device hardware associated with the client device.

9. A system for updating an application, the system comprising:
- at least one processor; and
  
  at least one memory storing instructions, that when executed by the at least one processor, cause the system to;
  
  provide a request to a computing device to update the application, wherein the request includes a version identifier associated with the application;
  
  load a code image that is received from the computing device into a storage device of the system, wherein the code image is (i) digitally signed by a signature, (ii) associated with an application package, and (iii) based on the version identifier;
  
  verify that the code image is trusted by certifying a fingerprint stored in a secure memory of the system, wherein the fingerprint is associated with a unique device identifier of the system; and
  
  in response to determining that the code image is trusted;
  
  verify that an integrity of one or more files of the application package is not compromised, andestablish the one or more files at a file system of the system by executing the code image; and
  
  in response to determining that the code image is not trusted;
  
  disable access to the unique device identifier such as to prevent access to user data associated with the system, andremove the code image from the storage device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein, subsequent to establishing the one or more files at the file system, the at least one processor further causes the system to:
    - reboot an operating system of the system.
  - 11. The system of claim 9, wherein, in response to determining that the integrity of the one or more files is compromised, the at least one processor further causes the system to:
    - prevent the one or more files from being established at the file system.
  - 12. The system of claim 9, wherein determining that the code image is trusted further comprises:
    - verifying the signature of the code image by using the fingerprint.
  - 13. The system of claim 9, wherein, in response to determining that the code image is not trusted, the at least one processor further causes the system to:
    - enter a Device Firmware Upgrade (DFU) mode to perform system management tasks.
  - 14. The system of claim 9, wherein the system derives a hash value from the code image that is based on the unique device identifier.
  - 15. The system of claim 9, wherein, subsequent to determining that the code image is not trusted, the at least one processor further causes the system to:
    - determine whether the unique device identifier is active; and
      
      in response to determining that the unique device identifier is inactive;
      
      prevent access to device hardware associated with the system.

16. At least one non-transitory computer readable storage medium configured to store instructions that, when executed by at least one processor included in a computing device, cause the computing device to:
- provide a request to a host computing device to update an application established at a file system of the computing device, wherein the request includes a version identifier associated with the application;
  
  load a code image that is received from the host computing device into a storage device of the computing device, wherein the code image is (i) digitally signed by a signature, (ii) associated with an application package, and (iii) based on the version identifier;
  
  verify that the code image is trusted by certifying a fingerprint stored in a secure memory of the computing device, wherein the fingerprint is associated with a unique device identifier of the computing device; and
  
  in response to determining that the code image is trusted;
  
  verify that an integrity of one or more files of the application package is not compromised, andestablish the one or more files at the file system by executing the code image; and
  
  in response to determining that the code image is not trusted;
  
  disable access to the unique device identifier such as to prevent access to user data associated with the file system, andremove the code image from the storage device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The at least one non-transitory computer readable storage medium of claim 16, wherein, subsequent to establishing the one or more files at the file system, the at least one processor further causes the computing device to:
    - reboot an operating system of the computing device.
  - 18. The at least one non-transitory computer readable storage medium of claim 16, wherein, in response to determining that the integrity of the one or more files is compromised, the at least one processor further causes the computing device to:
    - prevent the one or more files from being established at the file system.
  - 19. The at least one non-transitory computer readable storage medium of claim 16, wherein determining that the code image is trusted further comprises:
    - verifying the signature of the code image by using the fingerprint.
  - 20. The at least one non-transitory computer readable storage medium of claim 16, wherein the fingerprint is based on a public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
De Atley, Dallas Blake, De Cesare, Joshua, Smith, Michael, Reda, Matthew, Sen, Shantonu, Wright, John Andrew
Primary Examiner(s)
Brown, Anthony D
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/619,276
Publication Number

US 20170346631A1
Time in Patent Office

536 Days
Field of Search

713187
US Class Current
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 21/51   at application loading time...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 9/14   using a plurality of keys o...

H04L 9/302   involving the integer facto...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3249   using RSA or related signat...

Securely recovering a computing device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securely recovering a computing device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links