System and method for securely updating a registered device using a development system and a release management system operated by an update provider and an update publisher
First Claim
Patent Images
1. A method of updating a registered device using a development system and a release management system operated by an update provider, an update service operated by an update publisher, an update client on the device, and a local secure element on the device, the method comprising:
- building, on the development system, an update package including at least one of a firmware update, a software update, a configuration update, and an update script;
signing, by the release management system, the update package using a provider signing key, wherein a first digital signature is included in the update package;
encrypting, by the release management system, the signed update package using a publisher public key from a publisher certificate for the update publisher for initial encryption of the update package;
sending, by the release management system, the signed and encrypted update package to the update service;
requesting, by the update client on the device, an update package, wherein the request includes a device manifest and at least the vendor identifier, the model number, and a device certificate for the device;
preparing, by the update service, based on the device manifest, a set of signed update packages for the device configured based on orchestration rules for the device;
reencrypting and resigning, by the update service, the signed update package by decrypting the initial encryption using a publisher private key of the update publisher, signing the update package using a signing key of the update publisher, and finally encrypting the update package using a device public key from the device certificate, for final encryption of the update package;
sending, by the update service, the encrypted and doubly signed update package to the update client on the device;
decrypting, by the update client, the encrypted update package using a device private key for the device,verifying, by the update client, the first and second digital signatures using the respective public keys from the update provider and publisher certificates issued by a certificate authority; and
wherein the update script is executed on the device to apply the update package to the device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of updating a registered device using a development system and a release management system. The method includes: building an update package; signing the update package using a provider signing key, wherein a first digital signature is included in the update package; encrypting the signed update package using a publisher public key; requesting, by an update client on the device, an update package; preparing, by the update service, a set of signed update packages for the device; reencrypting and resigning, by the update service, the signed update package by decrypting the initial encryption using a publisher private key of the update publisher, signing the update package using a signing key of the update publisher, and finally encrypting the update package using a device public key from the device certificate, for final encryption of the update package; and decrypting the encrypted update package using a device private key.
31 Citations
4 Claims
-
1. A method of updating a registered device using a development system and a release management system operated by an update provider, an update service operated by an update publisher, an update client on the device, and a local secure element on the device, the method comprising:
-
building, on the development system, an update package including at least one of a firmware update, a software update, a configuration update, and an update script; signing, by the release management system, the update package using a provider signing key, wherein a first digital signature is included in the update package; encrypting, by the release management system, the signed update package using a publisher public key from a publisher certificate for the update publisher for initial encryption of the update package; sending, by the release management system, the signed and encrypted update package to the update service; requesting, by the update client on the device, an update package, wherein the request includes a device manifest and at least the vendor identifier, the model number, and a device certificate for the device; preparing, by the update service, based on the device manifest, a set of signed update packages for the device configured based on orchestration rules for the device; reencrypting and resigning, by the update service, the signed update package by decrypting the initial encryption using a publisher private key of the update publisher, signing the update package using a signing key of the update publisher, and finally encrypting the update package using a device public key from the device certificate, for final encryption of the update package; sending, by the update service, the encrypted and doubly signed update package to the update client on the device; decrypting, by the update client, the encrypted update package using a device private key for the device, verifying, by the update client, the first and second digital signatures using the respective public keys from the update provider and publisher certificates issued by a certificate authority; and wherein the update script is executed on the device to apply the update package to the device. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeDigiCert Incorporated
-
Original AssigneeMocana Corporation (DigiCert Incorporated)
-
InventorsKumar, Srinivas, Gupta, Atul, Ulanov, Ruslan, Uchil, Shreya
-
Primary Examiner(s)Pan, Hang
-
Application NumberUS15/898,950Time in Patent Office309 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/57 Certifying or maintaining t...G06F 21/575 Secure bootG06F 8/65 Updates security arrangemen...G06F 8/71 Version control security ar...G06F 9/4401 Bootstrapping security arra...H04L 63/0428 wherein the data content is...H04L 63/0823 using certificates cryptogr...H04L 63/12 Applying verification of th...H04L 63/20 for managing network securi...H04L 67/104 Peer-to-peer [P2P] networksH04L 9/0637 Modes of operation, e.g. ci...H04L 9/0825 using asymmetric-key encryp...H04L 9/0891 Revocation or update of sec...H04L 9/30 Public key, i.e. encryption...H04L 9/321 involving a third party or ...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...H04L 9/3268 using certificate validatio...H04W 12/06 AuthenticationH04W 8/005 Discovery of network device...
