Associating software with hardware using cryptography

US 20050005098A1
Filed: 03/31/2004
Published: 01/06/2005
Est. Priority Date: 04/08/2003
Status: Active Grant

First Claim

Patent Images

1. A method of validating software for hardware, comprising:

authenticating a certificate with a first public key;

obtaining a signature generated for the software, a first identifier for the software, and a second identifier for the hardware, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware; and

validating the signature with a second public key from the certificate, wherein the association of the software with the hardware is validated if the signature is validated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for associating software with hardware using cryptography are described. The software is identified by a software identifier (ID), and the hardware is identified by a hardware ID. The software is hashed to obtain a code digest. A code signature is generated for the code digest, software ID, and hardware ID. A code image is formed with the software, software ID, code signature, and a certificate. The certificate contains cryptographic information used to authenticate the certificate and validate the code signature. The code image is loaded onto a device. The device validates the software to hardware association prior to executing the software. For the validation, the device authenticates the certificate with a certificate authority public key embedded within the device. The device also validates the code signature using the cryptographic information contained in the certificate, information in the code image, and the hardware ID embedded within the device.

143 Citations

35 Claims

1. A method of validating software for hardware, comprising:
- authenticating a certificate with a first public key;
  
  obtaining a signature generated for the software, a first identifier for the software, and a second identifier for the hardware, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware; and
  
  validating the signature with a second public key from the certificate, wherein the association of the software with the hardware is validated if the signature is validated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the software is executed by the hardware only if the association is validated.
  - 3. The method of claim 1, wherein the validating the signature includes hashing information for the software, the first identifier, and the second identifier to obtain a first digest, decrypting the signature with the second public key to obtain a second digest, and comparing the first digest against the second digest, and wherein the signature is validated if the first digest matches the second digest.
  - 4. The method of claim 3, wherein the validating the signature further includes hashing the software to obtain a third digest used as the information for the software.
  - 5. The method of claim 1, wherein the signature is generated using a cryptography scheme that includes Hash-based Message Authentication Code (HMAC).
  - 6. The method of claim 1, wherein the first identifier is a software release version number.
  - 7. The method of claim 1, wherein the hardware is an integrated circuit of a specific design.
  - 8. The method of claim 1, wherein the second identifier is a hardware serial number or a part number.

9. An apparatus operable to validate software for hardware, comprising:
- a first storage unit configured to store a first public key; and
  
  a processor operative to authenticate a certificate with the first public key, obtain a signature generated for the software, a first identifier for the software, and a second identifier for the hardware, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware, and validate the signature with a second public key from the certificate, wherein the association of the software with the hardware is validated if the signature is validated.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The apparatus of claim 9, wherein the first storage unit is further configured to store the second identifier for the hardware, and wherein the processor is further operative to hash information for the software, the first identifier, and the second identifier from the first storage unit to obtain a first digest, decrypt the signature with the second public key to obtain a second digest, and compare the first digest against the second digest, and wherein the signature is validated if the first digest matches the second digest.
  - 11. The apparatus of claim 9, further comprising:
    - a second storage unit configured to store boot code executed by the processor to authenticate the certificate and validate the signature.
  - 12. The apparatus of claim 11, wherein the first and second storage units and the processor are implemented within an integrated circuit.
  - 13. The apparatus of claim 9 and implemented within a wireless communication device.

14. An apparatus operable to validate software for hardware, comprising:
- means for authenticating a certificate with a first public key;
  
  means for obtaining a signature generated for the software, a first identifier for the software, and a second identifier for the hardware, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware; and
  
  means for validating the signature with a second public key from the certificate, wherein the association of the software with the hardware is validated if the signature is validated.
- View Dependent Claims (15)
- - 15. The apparatus of claim 14, wherein the means for validating the signature includes means for hashing information for the software, the first identifier, and the second identifier to obtain a first digest, means for decrypting the signature with the second public key to obtain a second digest, and means for comparing the first digest against the second digest, and wherein the signature is validated if the first digest matches the second digest.

16. A method of associating software with hardware, comprising:
- obtaining a first identifier for the software;
  
  obtaining a second identifier for the hardware; and
  
  generating a first signature for the software, the first identifier, and the second identifier using cryptography, wherein the first signature is used to validate an association of the software with the hardware.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, further comprising:
    - receiving a digest obtained by hashing the software, and wherein the first signature is generated over the digest, the first identifier, and the second identifier.
  - 18. The method of claim 16, wherein the first signature is generated using a cryptography scheme that includes Hash-based Message Authentication Code (HMAC).
  - 19. The method of claim 16, further comprising:
    - providing a certificate containing a first public key and a second signature, the first public key corresponding to a first private key used to generate the first signature, and the second signature being generated over the first public key with a second private key for an entity generating the second signature.
  - 20. The method of claim 16, further comprising:
    - receiving from an entity a request for the first signature; and
      
      authenticating the entity prior to generating the first signature.
  - 21. The method of claim 16, further comprising:
    - determining whether or not association of the software with the hardware is permitted, and wherein the first signature is generated only if the association is permitted.
  - 22. The method of claim 21, wherein the determining is based on a configuration table of permitted associations between at least one version of software and at least one platform of hardware.

23. An apparatus operable to associate software with hardware, comprising:
- a communication unit operative to obtain, from a code generator entity, information for a software code, a first identifier for the software, and a second identifier for the hardware; and
  
  a controller operative to generate a signature for the software, the first identifier, and the second identifier using cryptography, wherein the signature is used to validate an association of the software with the hardware.
- View Dependent Claims (24, 25, 26)
- - 24. The apparatus of claim 23, wherein the controller is further operative to determine whether or not association of the software with the hardware is permitted, and to generate the signature only if the association is permitted.
  - 25. The apparatus of claim 23, wherein the controller is further operative to authenticate the code generator entity prior to generating the signature.
  - 26. The apparatus of claim 23, further comprising:
    - a memory unit operative to store a configuration table of permitted associations between at least one version of software and at least one platform of hardware, and wherein the controller is further operative to determine whether or not the association of the software with the hardware is permitted based on the configuration table.

27. An apparatus operable to associate software with hardware, comprising:
- means for obtaining a first identifier for the software;
  
  means for obtaining a second identifier for the hardware; and
  
  means for generating a first signature for the software, the first identifier, and the second identifier using cryptography, wherein the first signature is used to validate an association of the software with the hardware.
- View Dependent Claims (28)
- - 28. The apparatus of claim 27, further comprising:
    - means for receiving from an entity a request for the first signature; and
      
      means for authenticating the entity prior to generating the first signature.

29. A method of associating software with hardware, comprising:
- providing information for the software;
  
  providing a first identifier for the software;
  
  providing a second identifier for the hardware;
  
  receiving a signature generated for the software, the first identifier, and the second identifier, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware;
  
  receiving a certificate containing cryptographic information used to validate the signature; and
  
  forming an image comprised of the software, the signature, and the certificate.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29, further comprising:
    - hashing the software to obtain a first digest, and wherein the first digest is provided as the information for the software.
  - 31. The method of claim 30, wherein the signature is generated using a cryptography scheme that includes Hash-based Message Authentication Code (HMAC), and wherein the HMAC receives the first digest, the first identifier, and the second identifier as inputs and provides a second digest used to generate the signature.

32. An apparatus operable to associate software with hardware, comprising:
- a communication unit operative to provide information for the software, a first identifier for the software, and a second identifier for the hardware, receive a signature generated for the software, the first identifier, and the second identifier, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware, and receive a certificate containing cryptographic information used to validate the signature; and
  
  a controller operative to form an image comprised of the software, the signature, and the certificate.
- View Dependent Claims (33)
- - 33. The apparatus of claim 32, wherein the controller is further operative to hash the software to obtain a digest that is provided as the information for the software.

34. An apparatus operable to associate software with hardware, comprising:
- means for providing information for the software;
  
  means for providing a first identifier for the software;
  
  means for providing a second identifier for the hardware;
  
  means for receiving a signature generated for the software, the first identifier, and the second identifier, wherein the signature is generated using cryptography and is used to validate an association of the software with the hardware;
  
  means for receiving a certificate containing cryptographic information used to validate the signature; and
  
  means for forming an image comprised of the software, the signature, and the certificate.
- View Dependent Claims (35)
- - 35. The apparatus of claim 34, further comprising:
    - means for hashing the software to obtain a first digest, and wherein the first digest is provided as the information for the software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Michaelis, Olivier, Mauro, Anthony P.

Granted Patent

US 8,041,957 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/121 Restricting unauthorised ex...

G06F 21/51 at application loading time...

Associating software with hardware using cryptography

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

143 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Associating software with hardware using cryptography

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links