×

Targeted secure software deployment

  • US 10,218,696 B2
  • Filed: 06/30/2016
  • Issued: 02/26/2019
  • Est. Priority Date: 06/30/2016
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • one or more processors; and

    memory storing modules that, when executed by the one or more processors, cause the system to perform operations comprising;

    determining that a remote device is to receive a software update;

    identifying a public storage root key (SRK) associated with the remote device;

    determining a first set of platform configuration registers (PCRs) associated with a trusted operation of firmware operating on the remote device;

    determining a second set of PCRs associated with an expected operation of at least a portion of the software update on the remote device;

    determining a random symmetric key (RSK);

    encrypting, as an encrypted software package, the software update using the RSK;

    encrypting, as encrypted configuration settings, the first set of PCRs and the second set of PCRs using the RSK;

    encrypting, as an encrypted RSK, the RSK with the public SRK of the remote device; and

    transferring the encrypted software package, the encrypted configuration settings, and the encrypted RSK to the remote device, wherein at least a portion of the encrypted software package is imported by the remote device based at least in part on a private SRK of the remote device and after a determination that the first set of PCRs of the encrypted configurations settings correspond to firmware PCRs of the remote device and the second set of PCRs of the encrypted configurations settings correspond to boot manager PCRs of the remote device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×