Code authentication upon bootup for cable modems

US 20060156007A1
Filed: 01/07/2005
Published: 07/13/2006
Est. Priority Date: 01/07/2005
Status: Active Grant

First Claim

Patent Images

1. A method (10) for operating a cable modem comprising:

inserting (13) a RSA-SHA-1 based signature and related authenticated attributes at an end of the code file; and

validating (16) the code file during each reboot operation of the cable modem to confirm that the signature in a header equals the authenticated attributes signed by a private key that created the RSA-SHA-1 based signature.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary embodiment of a method (10) for authenticating software in a cable modem makes use of a secure key and certificate stored in flash memory. In this exemplary embodiment, the code employs a key to validate (16) a signature that is generated for each new build of the code. During build of the code, the code is digitally signed (12) using e.g., a Motorola RSA private key. The message digest and the signature are then stored at the end of code file itself (13). Each time the modem (52) reboots, the code can validate (16) that the image in flash has not been modified. This validation function (16) can be accomplished e.g., by calling an RSA Signature Verification function to confirm that the signature in the header equals the message digest signed by the manufacturer'"'"'s private key or the manufacturer'"'"'s CVC.

29 Citations

View as Search Results

20 Claims

1. A method (10) for operating a cable modem comprising:
- inserting (13) a RSA-SHA-1 based signature and related authenticated attributes at an end of the code file; and
  
  validating (16) the code file during each reboot operation of the cable modem to confirm that the signature in a header equals the authenticated attributes signed by a private key that created the RSA-SHA-1 based signature.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method (10) according to claim 1, further comprising:
    - signing (12) the code file using a private key to create an RSA-SHA-1 based signature.
  - 3. The method (10) according to claim 1, further comprising:
    - modifying (14) an image code length in a code header to account for any extra bytes at the end of the code file.
  - 4. The method (10) according to claim 3, further comprising:
    - recalculating (15) a message digest in the code header to account for the extra bytes stored at the end of the code file.
  - 5. The method (10) according to claim 1, wherein said validating (16) is accomplished by calling an RSA Signature Verification function to confirm that the signature in the header equals the authenticated attributes signed by the private key.

6. A method (40) for authenticating software in a cable modem comprising:
- storing (42) an RSA SHA-1 based signature, one or more authenticated attributes, and a Subject Public Key from the manufacturer'"'"'s CVC in flash memory during download of new code to the cable modem; and
  
  during a reboot process, validating (43) that the image in flash has not been modified.

7. A method (10) for authenticating code in an electronic device comprising:
- generating (11) the code;
  
  signing (12) the code using a signing key;
  
  validating (16) the code during a reboot process of the electronic device by verifying that a signature in a header equals signed authenticated attributes.
- View Dependent Claims (8, 9)
- - 8. The method (10) according to claim 7, further comprising:
    - inserting (13) the signature and authenticated attributes at an end of the signed code along with a current copy of said header.
  - 9. The method (10) according to claim 8, further comprising:
    - modifying (14) a code length in a new header to account for extra bytes stored at the end of the code; and
      
      recalculating (15) a message digest to account for the modified code length.

10. An apparatus (52) including self-authenticating code comprising:
- a memory (51) storing the code; and
  
  a processor (55a) coupled to the memory (51) and inserting an RSA-SHA-1 based signature and related authenticated attributes at an end of the code file, and validating the code file during each reboot operation of the cable modem to confirm that the signature in a header equals the authenticated attributes signed by a private key that created the RSA-SHA-1 based signature.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus (52) according to claim 10, wherein said code is digitally signed using a private key to create an RSA-SHA-1 based signature.
  - 12. The apparatus (52) according to claim 10, wherein said processor (55a) modifies an image code length in a code header to account for any extra bytes at the end of the code file.
  - 13. The apparatus (52) according to claim 12, wherein said processor (55a) recalculates a message digest in the code header to account for the extra bytes stored at the end of the code file.
  - 14. The apparatus (52) according to claim 10, wherein said processor validates the code by calling an RSA Signature Verification function to confirm that the signature in the header equals the authenticated attributes signed by the private key.

15. An apparatus (50) for communicating new code to a plurality of electronic devices (52a-n) via a network (53) comprising:
- a server (54) stored a current version of code to be downloaded to the plurality of electronic devices (52a-n);
  
  a memory (51a-n) disposed in each of the plurality of electronic devices (52a-n) to store code having an RSA-SHA-1 based signature and related authenticated attributes stored at an end of the code file; and
  
  a processor (55a-n) disposed in each of the plurality of electronic devices (52a-n) communicating with the server (54), said processor (55a-n) being coupled to the memory (51a-n) and validating the code file during each reboot operation to confirm that the signature in a header equals the authenticated attributes signed by a private key that created the RSA-SHA-1 based signature.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The apparatus (50) according to claim 15, wherein said code is digitally signed using a private key to create an RSA-SHA-1 based signature.
  - 17. The apparatus (50) according to claim 15, wherein said processor (55a) modifies an image code length in a code header to account for any extra bytes at the end of the code file.
  - 18. The apparatus (50) according to claim 17, wherein said processor (55a) recalculates a message digest in the code header to account for the extra bytes stored at the end of the code file.
  - 19. The apparatus (50) according to claim 15, wherein said processor (55a) validates the code by calling an RSA Signature Verification function to confirm that the signature in the header equals the authenticated attributes signed by the private key.

20. A method (20) for authenticating code in a device comprising:
- calculating (21) an on-the-fly SHA-1 message digest over a stored Code Header and the Code Image;
  
  comparing (22) a new message digest with a message digest that was stored;
  
  if the new message digest is not the same as the stored message digest, declaring (24) the image to be invalid and sending (25) a syslog message to a system operator informing the system operator of a tampered image and shutting down the device; and
  
  if the new message digest is the same as the stored message digest, then;
  
  calling (27) an RSA Signature Verification function to confirm that a signature equals signed Authenticated Attributes;
  
  if the signature is valid, executing (29) the code normally; and
  
  if the signature is not valid, sending (25) sends a syslog message to the system operator informing the system operator of a tampered image and shutting the device down.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Stephens-Doll, Robert M.

Granted Patent

US 7,454,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 9/3239 involving non-keyed hash fu...

H04L 9/3249 using RSA or related signat...

Code authentication upon bootup for cable modems

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Code authentication upon bootup for cable modems

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links