Encryption/decryption mechanism of network deployed executable image for secure boot of a device embedded in an un-trusted host
First Claim
1. A method for secure storage and boot of an executable image for a network access device on a remote user device operably connected to a network comprising the steps of:
- conveying said executable image to said network access device;
localized encryption of said executable image;
transferring said encrypted image from said network access device to said user device;
storing of said encrypted image within non-volatile memory of said user device;
retrieval of said encrypted image from said user device by said network access device during remote system boot;
localized decryption of said retrieved encrypted executable image; and
loading said decrypted executable image on said network access device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for secure remote storage of system-boot executable image for a network access device embedded in an untrusted remote user device operably connected to a service provider'"'"'s network. In an exemplary embodiment, a copy of service provider'"'"'s executable image is distributed to provider'"'"'s network access device by the central network administration system. The executable image is encrypted locally by the provider'"'"'s network access device using a unique encryption key which is generated by and stored in a non-volatile memory on said access device. The encrypted image is then passed to and stored in the non-volatile memory of the host user device. During system boot, the encrypted image is fetched from the host device to the network access device where it is decrypted and stored in active memory of the network device during normal system operations. This results in cost savings to provider by limiting remote access device'"'"'s non-volatile storage requirements.
13 Citations
20 Claims
-
1. A method for secure storage and boot of an executable image for a network access device on a remote user device operably connected to a network comprising the steps of:
-
conveying said executable image to said network access device;
localized encryption of said executable image;
transferring said encrypted image from said network access device to said user device;
storing of said encrypted image within non-volatile memory of said user device;
retrieval of said encrypted image from said user device by said network access device during remote system boot;
localized decryption of said retrieved encrypted executable image; and
loading said decrypted executable image on said network access device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18)
-
-
9. A system for secure storage and boot of an executable image for a network access device on a remote user device operably connected to a network comprising:
-
a network access device embedded in said remote user device connected to a network server for communication of said executable image to said network access device and having a local encryption algorithm for encryption of said executable image and connected to said remote user device for bi-directional transfer of said encrypted executable image from said network access device to said remote user device;
non-volatile storage within said user device; and
a local decryption algorithm for execution by said network access device for retrieval of said encrypted executable image during remote system boot. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 19, 20)
-
Specification