Method for securing software updates

US 20040107349A1
Filed: 11/26/2003
Published: 06/03/2004
Est. Priority Date: 12/03/2002
Status: Active Grant

First Claim

Patent Images

1. Method for securing updating data from a plurality of apparatuses, each apparatus receiving the updates from a managing center, these updates including data called patch accompanied by a control block encrypted by a private asymmetrical key taken from a list of keys included in the managing center, characterized by following steps:

selection by means of the apparatus of a current key from a list of public keys, reception and storage in the memory of the updating patch, reception of the encrypted control block, decryption of said block by the current public key, verification that the decrypted control block corresponds to said patch, installation of the patch received, deactivation of the current key and selection of the next key in the list.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention proposes a method for securing updating software in a plurality of decoders based on the generation of a signature by means of a private asymmetrical key. The updating of a decoder is carried out by downloading, from a managing center, a data block including a patch and its signature, said block is stored in a RAM. The signature is decrypted with a current public key from a list contained in a first non-volatile memory of the decoder, then verified and in the case of correspondence, a command leads the installation of the patch in a second non-volatile Flash memory and the deactivation of the current key. The aim of this invention is to considerably reduce the impact of the discovery of a private key by mean of a systematic analysis of the working of the decoder software, or to notably increase the time and the means necessary for the process used to determine said private key.

Citations

14 Claims

1. Method for securing updating data from a plurality of apparatuses, each apparatus receiving the updates from a managing center, these updates including data called patch accompanied by a control block encrypted by a private asymmetrical key taken from a list of keys included in the managing center, characterized by following steps:
- selection by means of the apparatus of a current key from a list of public keys, reception and storage in the memory of the updating patch, reception of the encrypted control block, decryption of said block by the current public key, verification that the decrypted control block corresponds to said patch, installation of the patch received, deactivation of the current key and selection of the next key in the list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. Method according to claim 1 wherein the control block includes a signature on the patch data, this signature being the result of a hash function.
  - 3. Method according to claims 1 and 2 wherein the verification of the block includes the step of establishing the signature on the received patch and the comparison with the decrypted signature in the control block.
  - 4. Method according to claim 1 wherein the control block includes a symmetrical session key determined by the managing center, this key being used to encrypt the patch data.
  - 5. Method according to claim 1 wherein, for each update, a new public key taken from the list is used by the apparatus.
  - 6. Method according to claim 1, wherein the public key is deleted from the list after being used, said key being useless for the next updates.
  - 7. Method according to claim 1, wherein the public keys of the list are used sequentially in a predetermined order during each update.
  - 8. Method according to claim 1 wherein the list of public keys is stored in a non-volatile memory, a key used for an update is definitively deleted from the memory that authorizes the access to the next key for the subsequent update.
  - 9. Method according to claim 1 wherein, for the updating of the software of an apparatus of a certain version to a new version, with a difference between the new version and the previous one greater than one, at least one message encrypted with a private key is added allowing the changing of the current key to the next key in the list, the successful decryption of said message inducing the deactivation of the current key and the selection of the next key.
  - 10. Method according to claim 9, wherein the number of messages corresponds to the number of updates separating the initial version of the apparatus and the final version of the update.
  - 11. Method according to claim 1, wherein an updating installation is followed by an increment on a counter or by moving a pointer indicating the position of the key to be selected from the list during the subsequent update, while the list of keys remains unchanged.
  - 12. Method according to claim 1, wherein the control block is successively encrypted by the keys of the previous updates, each key from the list being used one after the other to decrypt the signature.
  - 13. Method according to claim 1, wherein the apparatuses consist of Pay-TV decoders, an update of a decoder being carried out by downloading, from a managing center, of a patch accompanied by a control block, said block is stored in a Random Access Memory, and is decrypted with a current public key contained in a first non-volatile memory of the decoder, then verified and in the case of correspondence, a command leads the installation of the patch in a second non-volatile memory and the deactivation of the current key.
  - 14. Method according to claim 13, wherein a new list of public keys is transmitted to the decoder, said list replaces the list contained in the first memory containing keys deactivated by previous successful updates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Sasselli, Marco, Pican, Nicolas

Granted Patent

US 7,440,571 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0891   Revocation or update of sec...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04N 21/2351   involving encryption of add...

H04N 21/26291   for providing content or ad...

H04N 21/63345   by transmitting keys key di...

H04N 21/8166   involving executable data, ...

H04N 7/16   Analogue secrecy systems; A...

Method for securing software updates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securing software updates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links