Secure factory data generation and restoration

US 10,372,932 B2
Filed: 01/06/2017
Issued: 08/06/2019
Est. Priority Date: 03/12/2014
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

one or more sensor modules, each sensor module associated with an identifier unique to each sensor module;

a secure storage device to store a factory data service trust object; and

a processor to send a request with the factory data service trust object to a server coupled to storage containing updated factory data associated with the unique identifier for one or more sensor modules and to store updated factory data from the server in the secure storage device if the factory data service trust object is validated based on the request and a signature of a sealing manifest related to the updated factory data is verified using the factory data service trust object.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.

Citations

31 Claims

1. An electronic device comprising:
- one or more sensor modules, each sensor module associated with an identifier unique to each sensor module;
  
  a secure storage device to store a factory data service trust object; and
  
  a processor to send a request with the factory data service trust object to a server coupled to storage containing updated factory data associated with the unique identifier for one or more sensor modules and to store updated factory data from the server in the secure storage device if the factory data service trust object is validated based on the request and a signature of a sealing manifest related to the updated factory data is verified using the factory data service trust object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The electronic device of claim 1, wherein the updated factory data includes a production version of updated factory data.
  - 3. The electronic device of claim 1, wherein the production version of updated factory data includes calibration data associated with an identifier unique to one of the sensor modules.
  - 4. The electronic device of claim 1, wherein the updated factory data includes provisioning data for one or more sensor modules.
  - 5. The electronic device of claim 1, wherein the secure storage device is to store a boot key and the server validates the factory data service trust object with the secure boot key stored in the secure storage device.
  - 6. The electronic device of claim 1, wherein the electronic device is determined by the server to be made from an authorized manufacturer using the factory data service trust object and secure boot key.
  - 7. The electronic device of claim 1, wherein an authorized maintenance device provides the updated factory data to the electronic device.

8. A method for an electronic device comprising:
- sending a request to a server coupled to storage containing updated factory data associated with a the unique identifier to one or more sensor modules of the electronic device, wherein the request includes a factory data service trust object; and
  
  storing the updated factory data from the server related to one or more sensor modules if the server validates the factory data service trust object based on the request and a signature of a sealing manifest related to the updated factory data is verified using the factory data service trust object.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising storing the updated factory data related to one or more sensor modules of the electronic device in a secured storage device.
  - 10. The method of claim 8, wherein storing the updated factory data includes storing production version of updated factory data related to one or more sensor modules of the electronic device.
  - 11. The method of claim 8, wherein storing the production version of updated factory data includes storing calibration data associated with an identifier unique to one of the sensor modules.
  - 12. The method of claim 8, wherein storing the production version of updated factory data includes storing provisioning data related to one or more sensor modules.
  - 13. The method of claim 8, wherein updating the factory data includes validating the factory data service trust object with a secure boot key stored in the electronic device.
  - 14. The method of claim 13, further comprising determining the electronic device is made from an authorized manufacturer using the factory data service trust object and secure boot key.
  - 15. The method of claim 8, further comprising providing the updated factory data to the electronic device by an authorized maintenance device.

16. A computing device comprising:
- means for sending a request to a server coupled to storage containing updated factory data associated with a unique identifier to one or more sensor modules of the electronic device, wherein the request includes a factory data service trust object; and
  
  means for storing the updated factory data related to one or more sensor modules if the server validates the fact data service trust object based on the request and a signature of a sealing manifest related to the updated factory data is verified using the factory data service trust object.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The computing device of claim 16, further comprising means for storing the updated factory data related to one or more sensor modules of the electronic device in a secured storage environment.
  - 18. The computing device of claim 17, further comprising means for storing production version of updated factory data related to one or more sensor modules of the electronic device.
  - 19. The computing device of claim 18, further comprising means for storing calibration data associated with an identifier unique to one of the sensor modules.
  - 20. The computing device of claim 18, further comprising means for storing provisioning data related to one or more sensor modules.
  - 21. The computing device of claim 16, further comprising means for validating the factory data service trust object with a secure boot key stored in the electronic device.
  - 22. The computing device of claim 21, further comprising means for determining the computing device is made from an authorized manufacturer using the factory data service trust object and secure boot key.
  - 23. The computing device of claim 16, further comprising means for receiving updated factory data from an authorized maintenance device.

24. A non-transitory machine readable medium, including instructions, which if executed by a computing device, causes the computing device to perform a method comprising:
- sending a request to a server coupled to storage contained updated factory data associated with a unique identifier to one or more sensor modules of the computing, wherein the request includes a factory data service trust object; and
  
  storing the updated factory data from the server related to one or more sensor modules if the server validates the fact data service trust object based on the request and a signature of a sealing manifest related to the updated factory data is verified using the factory data service trust object.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The non-transitory machine readable medium of claim 24, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising storing the updated factory data related to one or more sensor modules of the electronic device in a secured memory device.
  - 26. The non-transitory machine readable medium of claim 25, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising storing production version of the updated factory data related to one or more sensor modules of the electronic device.
  - 27. The non-transitory machine readable medium of claim 25, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising storing calibration data included in the updated factory data, the calibration data associated with an identifier unique to one of the sensor modules of the computing device.
  - 28. The non-transitory machine readable medium of claim 25, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising storing provisioning data included in the updated factory data, the provisioning data related to one or more sensor modules of the computing device.
  - 29. The non-transitory machine readable medium of claim 25, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising updating the factory data with updated factory data related to one or more sensor modules if the server validates the factory data service trust object with a secure boot key stored in the computing device.
  - 30. The non-transitory machine readable medium of claim 29, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising determining if the computing device is made from an authorized manufacturer using the factory data service trust object and the secure boot key.
  - 31. The non-transitory machine readable medium of claim 24, including instructions, which if executed by the computing device, causes the computing device to perform a method comprising receiving the updated factory data from an authorized maintenance device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Mensch, Thomas P., Gosnell, Jason D., Hauck, Jerrold V., Vempaty, Muralidhar S., De Atley, Dallas B.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Gundry, Stephen T

Application Number

US15/400,765
Publication Number

US 20170185794A1
Time in Patent Office

942 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 9/3247   involving digital signatures

Secure factory data generation and restoration

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Secure factory data generation and restoration

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links