Secure software updates

US 20070028120A1
Filed: 07/26/2005
Published: 02/01/2007
Est. Priority Date: 11/12/2004
Status: Active Grant

First Claim

Patent Images

1. A method for upgrading software on an electronic device that operates at least partially in accordance with software, said method comprising the acts of:

(a) sending device information to a host device;

(b) receiving an encrypted software module at the electronic device, the encrypted software module being previously encrypted at the host device particularly for use by the electronic device;

(c) decrypting the encrypted software module at the electronic device; and

(d) thereafter installing the software module on the electronic device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved techniques to update software in electronic devices that are already in use are disclosed. In one embodiment, software can be updated in a secure and controlled manner using cryptography. The authenticity of the updated software as well as its appropriateness for the particular electronic device can be confirmed prior to update. The software can also be updated on a per module basis. In one embodiment, a server hosts software updates for various electronic devices, and supplies the appropriate software update to the electronic devices via a data network.

110 Citations

View as Search Results

31 Claims

1. A method for upgrading software on an electronic device that operates at least partially in accordance with software, said method comprising the acts of:
- (a) sending device information to a host device;
  
  (b) receiving an encrypted software module at the electronic device, the encrypted software module being previously encrypted at the host device particularly for use by the electronic device;
  
  (c) decrypting the encrypted software module at the electronic device; and
  
  (d) thereafter installing the software module on the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, wherein the device information includes a cryptographic key, and wherein the encrypted software module being received has been encrypted using the cryptographic key.
  - 3. A method as recited in claim 2, wherein the cryptographic key is a public key associated with the electronic device, and wherein the encrypted software module being received has been encrypted directly or indirectly using the public key.
  - 4. A method as recited in claim 3, wherein said decrypting (c) is performed directly or indirectly using a private cryptographic key stored in the electronic device.
  - 5. A method as recited in claim 1, wherein the cryptographic key is a public key associated with the electronic device, and wherein the encrypted software module being received has been encrypted using a randomly generated key, and the randomly generated key is encrypted using the public key.
  - 6. A method as recited in claim 5, wherein said decrypting (c) initially decrypts the encrypted randomly generated key using a private cryptographic key stored in the electronic device, and then decrypts the encrypted software module using the randomly generated key.
  - 7. A method as recited in claim 1, wherein the device information includes a version indicator and one or more of manufacturer information, model information or hardware platform information.
  - 8. A method as recited in claim 1, wherein the host device is a server computer or a client computer, and wherein the electronic device is a mobile telephone, a personal digital assistant or a media player.
  - 9. A method as recited in claim 1, wherein said method is performed automatically without user interaction requesting software upgrading.

10. A method for upgrading software on a portable electronic device, said method comprising the acts of:
- sending device information to a host device, the device information including device descriptive information, a public cryptographic key and a current version indicator;
  
  receiving an encrypted software module at the portable electronic device, the encrypted software module resulting from a software module available to the host device being selected based on the device descriptive information and the current version indicator and then encrypted using the public cryptographic key provided by the portable electronic device;
  
  decrypting the encrypted software module at the portable electronic device using a private cryptographic key known by the portable electronic device;
  
  authenticating the decrypted software module; and
  
  installing the software module on the portable electronic device after said decrypting and said authenticating have successfully completed.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A method as recited in claim 10, wherein said sending and said receiving are performed while the portable electronic device is operatively connected to the host device.
  - 12. A method as recited in claim 11, wherein said decrypting, said authenticating and said installing are performed after the portable electronic device has been disconnected from the host device.
  - 13. A method as recited in claim 10, wherein said method further comprises:
    - recognizing that the portable electronic device has been disconnected from the host device; and
      
      performing said decrypting only after said recognizing recognizes that the portable electronic device has been disconnected from the host device.
  - 14. A method as recited in claim 10, wherein said method further comprises:
    - updating the current version indicator after said installing.
  - 15. A method as recited in claim 10, wherein the private cryptographic key is unique to the portable electronic device.
  - 16. A method as recited in claim 10, wherein said authenticating of the decrypted software module utilizes a digital signature.

17. A computer readable medium including at least computer program code for upgrading software on a computing device, said computer readable medium comprising:
- computer program code for sending device information to a host device, the device information including device descriptive information, a first cryptographic key and a current version indicator;
  
  computer program code for receiving an encrypted software module at the computing device, the encrypted software module resulting from a software module available to the host device being selected based on the device descriptive information and the current version indicator and then encrypted using the first cryptographic key provided by the computing device;
  
  computer program code for decrypting the encrypted software module at the computing device using a second cryptographic key known by the computing device;
  
  computer program code for authenticating the decrypted software module; and
  
  computer program code for installing the software module on the computing device after said decrypting and said authenticating have successfully completed.
- View Dependent Claims (18, 19)
- - 18. A computer readable medium as recited in claim 17, wherein the computing device is a portable computing device.
  - 19. A computer readable medium as recited in claim 18, wherein the portable computing device is a mobile telephone, a personal digital assistant or a media player.

20. A method for upgrading a software module on a portable electronic device, said method comprising the acts of:
- receiving device information at a network-based server device, the device information pertaining to the portable electronic device and including device descriptive information, a public cryptographic key and a current version indicator for the software module on the portable electronic device;
  
  determining whether an updated version of the software module is available from the server device, said determining being based on the device descriptive information pertaining to the portable electronic device;
  
  encrypting the updated version of the software module when said determining determines such to be available from the server device, said encrypting using the public cryptographic key provided by the portable electronic device; and
  
  transmitting the encrypted software module to the portable electronic device.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. A method as recited in claim 20, wherein said method further comprises:
    - receiving the encrypted software module at the portable electronic device;
      
      accessing a private cryptographic key resident on the portable client device; and
      
      decrypting the encrypted software module at the portable electronic device using the private cryptographic key.
  - 22. A method as recited in claim 21, wherein said method further comprises:
    - installing the software module on the electronic device after said decrypting has successfully completed.
  - 23. A method as recited in claim 21, wherein said method further comprises:
    - authenticating the decrypted software module; and
      
      installing the software module on the electronic device after said decrypting and said authenticating have successfully completed.
  - 24. A method as recited in claim 20, wherein said encrypting comprises:
    - (i) encrypting the updated version of the software module using a random key, and (ii) encrypting the random key using the public cryptographic key, wherein said transmitting operates to transmit the encrypted software module and the encrypted random key.
  - 25. A method as recited in claim 24, wherein said method further comprises:
    - receiving the encrypted software module and the encrypted random key at the portable electronic device;
      
      accessing a private cryptographic key resident on the portable client device;
      
      decrypting the encrypted random key using the private cryptographic key to provide an acquired random key; and
      
      decrypting the encrypted software module at the portable electronic device using the acquired random key.
  - 26. A method as recited in claim 25, wherein said method further comprises:
    - installing the software module on the electronic device after said decrypting has successfully completed.

27. A computer readable medium including at least computer program code for upgrading a software module on a computing device, said computer readable medium comprising:
- computer program code for receiving device information at a network-based server device, the device information pertaining to the computing device and including device descriptive information, a cryptographic key and a current version indicator for the software module on the computing device;
  
  computer program code for determining whether an updated version of the software module is available from the server device, said determining being based on the device descriptive information pertaining to the computing device;
  
  computer program code for encrypting the updated version of the software module when said determining determines such to be available from the server device, said encrypting using the cryptographic key provided by the computing device; and
  
  computer program code for transmitting the encrypted software module to the computing device.

28. A computer readable medium including at least computer program code for upgrading software on an electronic device, said computer readable medium comprising:
- computer program code for identifying, at a host device, an updated software module for the electronic device;
  
  computer program code for encrypting the updated software module for use on the electronic device;
  
  computer program code for transmitting the encrypted software module to the electronic device;
  
  computer program code for decrypting the encrypted software module at the electronic device; and
  
  computer program code for installing the software module on the electronic device.
- View Dependent Claims (29)
- - 29. A computer readable medium as recited in claim 28, wherein said computer readable medium further comprises:
    - computer program code for receiving device information pertaining to the electronic device, and wherein the identification of the software module for the electronic device by said computer program code for identifying is dependent on the device information.

30. A network-based software update system, comprising:
- a plurality of mobile client devices, each of the mobile client devices operating in accordance with at least one software module resident on the corresponding mobile client device;
  
  a server device having access to a plurality of software modules, each of the software modules being for use on specific one or more of the mobile client devices; and
  
  at least one client device operatively connectable to the server device and the mobile client devices, the client device operating a media management application for digital media assets, wherein the digital media assets are protected by a digital rights management library having at least one of the software modules, and wherein the client device interacts with the server device over a first data link to retrieve an updated software module for the mobile client device to be updated, the updated software module pertaining to the digital rights management library, and wherein the client device thereafter interacts with the mobile client device over a second data link to provide the updated software module to the mobile client device to be updated.
- View Dependent Claims (31)
- - 31. A network-based software update system as recited in claim 30, wherein subsequently the mobile client device replaces an existing software with the updated software module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Computer Incorporated (Apple Inc.)
Inventors
Ward, Alan, Wysocki, Christopher

Granted Patent

US 9,489,496 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/192
CPC Class Codes

G06F 21/101   by binding digital rights t...

G06F 2221/2107   File encryption

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/34   involving the movement of s...

Secure software updates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Secure software updates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links