Encryption/decryption mechanism of network deployed executable image for secure boot of a device embedded in an un-trusted host

US 20060184791A1
Filed: 02/14/2005
Published: 08/17/2006
Est. Priority Date: 02/14/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for secure storage and boot of an executable image for a network access device on a remote user device operably connected to a network comprising the steps of:

conveying said executable image to said network access device;

localized encryption of said executable image;

transferring said encrypted image from said network access device to said user device;

storing of said encrypted image within non-volatile memory of said user device;

retrieval of said encrypted image from said user device by said network access device during remote system boot;

localized decryption of said retrieved encrypted executable image; and

loading said decrypted executable image on said network access device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure remote storage of system-boot executable image for a network access device embedded in an untrusted remote user device operably connected to a service provider'"'"'s network. In an exemplary embodiment, a copy of service provider'"'"'s executable image is distributed to provider'"'"'s network access device by the central network administration system. The executable image is encrypted locally by the provider'"'"'s network access device using a unique encryption key which is generated by and stored in a non-volatile memory on said access device. The encrypted image is then passed to and stored in the non-volatile memory of the host user device. During system boot, the encrypted image is fetched from the host device to the network access device where it is decrypted and stored in active memory of the network device during normal system operations. This results in cost savings to provider by limiting remote access device'"'"'s non-volatile storage requirements.

13 Citations

View as Search Results

20 Claims

1. A method for secure storage and boot of an executable image for a network access device on a remote user device operably connected to a network comprising the steps of:
- conveying said executable image to said network access device;
  
  localized encryption of said executable image;
  
  transferring said encrypted image from said network access device to said user device;
  
  storing of said encrypted image within non-volatile memory of said user device;
  
  retrieval of said encrypted image from said user device by said network access device during remote system boot;
  
  localized decryption of said retrieved encrypted executable image; and
  
  loading said decrypted executable image on said network access device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18)
- - 2. The method of claim 1, wherein said executable image comprises a network-provided, remote device boot and operating program for the operation of said network access device on the network.
  - 3. The method of claim 2, wherein said network-provided, remote device boot and operating program may comprise initial or updated versions thereof.
  - 4. The method of claim 1, wherein said remote user device comprises:
    - an operational unit designed to interface with said network, having;
      
      a user device processor and non-volatile memory unit contained within said operational unit; and
      
      additional functional units as required for the operation of said device in conjunction with said access device, said network and said executable image.
  - 5. The method of claim 1, wherein said network access device comprises:
    - an operational unit designed to interface with said remote user device, having;
      
      an access device processor and volatile memory contained within said operational unit;
      
      additional functional units as required for the operation of said device in conjunction with said remote user device, said network and said executable image.
  - 6. The method of claim 1, wherein said localized encryption comprises the steps of:
    - generation of a local encryption key by said network access device;
      
      storage of said encryption key in said non-volatile memory of said network access device; and
      
      encrypting by said access device of said executable image into an encrypted image utilizing said locally generated encryption key.
  - 7. The method of claim 6, wherein said encryption key may be generated randomly, sequentially or in any other manner suited to the level of protection desired for said network.
  - 8. The method of claim 6, wherein said localized decryption comprises decryption of said encrypted image by said access device utilizing said locally generated encryption key.
  - 17. The method of claim 4 wherein said user device processor may be one of any variety of CPU.
  - 18. The method of claim 4 wherein said access device processor may be one of any variety of CPU.

9. A system for secure storage and boot of an executable image for a network access device on a remote user device operably connected to a network comprising:
- a network access device embedded in said remote user device connected to a network server for communication of said executable image to said network access device and having a local encryption algorithm for encryption of said executable image and connected to said remote user device for bi-directional transfer of said encrypted executable image from said network access device to said remote user device;
  
  non-volatile storage within said user device; and
  
  a local decryption algorithm for execution by said network access device for retrieval of said encrypted executable image during remote system boot.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 19, 20)
- - 10. The system of claim 9, wherein said executable image comprises a network-provided, remote device boot and operating program for the operation of said network access device on the network.
  - 11. The system of claim 10, wherein said network-provided, remote device boot and operating program may comprise initial or updated versions thereof.
  - 12. The system of claim 9, wherein said remote user device comprises:
    - an operational unit designed to interface with said network, having a user device processor and non-volatile memory unit.
  - 13. The system of claim 9, wherein said network access device comprises:
    - an operational unit designed to interface with said remote user device, having an access device processor and volatile and non-volatile memory units.
  - 14. The system of claim 9, wherein said localized encryption algorithm comprises:
    - generation of an encryption key by said network access device;
      
      storage of said encryption key in said non-volatile memory of said network access device;
      
      encrypting of said executable image into an encrypted image utilizing said locally generated encryption key.
  - 15. The system of claim 14, wherein said encryption key may be generated randomly, sequentially or in any other manner suited to the level of protection desired for said network.
  - 16. The system of claim 14 wherein said localized decryption algorithm comprises decryption of said encrypted image by said access device back into said executable image utilizing said locally generated encryption key.
  - 19. The system of claim 12 wherein said user device processor may be one of any variety of CPU.
  - 20. The system of claim 13 wherein said access device processor may be one of any variety of CPU.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Shaubi, Zvika, Hermesh, Barak, Schain, Mariano R.

Application Number

US11/057,778
Publication Number

US 20060184791A1
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

Encryption/decryption mechanism of network deployed executable image for secure boot of a device embedded in an un-trusted host

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption/decryption mechanism of network deployed executable image for secure boot of a device embedded in an un-trusted host

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links