Securely Recovering a Computing Device

US 20080168275A1
Filed: 01/07/2007
Published: 07/10/2008
Est. Priority Date: 01/07/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

loading a code image digitally sinned by a signature into a device, the code image being received from a host over a communication link;

determining if the code image is certified by verifying the signature using a fingerprint embedded within ROM (read only memory) of the device; and

executing the code image if the code image is certified to establish an operating environment of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Citations

20 Claims

1. A computer implemented method, comprising:
- loading a code image digitally sinned by a signature into a device, the code image being received from a host over a communication link;
  
  determining if the code image is certified by verifying the signature using a fingerprint embedded within ROM (read only memory) of the device; and
  
  executing the code image if the code image is certified to establish an operating environment of the device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the executing comprises:
    - determining if the code image matches the signature based on a public key compatible with X.509 standard; and
      
      determining if the fingerprint matches the public key, wherein the fingerprint is based on a hash value of the public key.
  - 3. The method of claim 2, further comprisingderiving a hash value based on the code image;
    - andencrypting the hash value into a header value based on a key stored in the ROM of the device.
  - 4. The method of claim 1, wherein the code image is received from the host over the communication link in response to a failure of verifying codes initially stored in the device in an attempt to establish the operating environment of the device, and wherein the host receives the code image from a server over a network.
  - 5. The method of claim 4, further comprising repairing the fail-to-verified codes initially stored in the device, such that subsequent operating environment can be established using the repaired codes without having to involve the host.
  - 6. The method of claim 1, wherein the device is a portable device.

7. A machine-readable medium having instructions stored therein, which when executed by a machine, cause the machine to perform a method, the method comprising:
- loading a code image digitally signed by a signature into a device, the code image being received from a host over a communication link;
  
  determining if the code image is certified by verifying the signature using a fingerprint embedded within ROM (read only memory) of the device; and
  
  executing the code image if the code image is certified to establish an operating environment of the device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The machine-readable medium of claim 7, wherein the executing comprises:
    - determining if the code image matches the signature based on a public key compatible with X.509 standard; and
      
      determining if the fingerprint matches the public key, wherein the fingerprint is based on a hash value of the public key.
  - 9. The machine-readable medium of claim 8, wherein the method further comprisesderiving a hash value based on the code image;
    - andencrypting the hash value into a header value based on a key stored in the ROM of the device.
  - 10. The machine-readable medium of claim 7, wherein the code image is received from the host over the communication link in response to a failure of verifying codes initially stored in the device in an attempt to establish the operating environment of the device, and wherein the host receives the code image from a server over a network.
  - 11. The machine-readable medium of claim 10, wherein the method further comprises repairing the fail-to-verified codes initially stored in the device, such that subsequent operating environment can be established using the repaired codes without having to involve the host.
  - 12. The machine-readable medium of claim 7, wherein the device is a portable device.

13. A digital processing system, comprising;
- a ROM (read only memory) to store a fingerprint embedded therein;
  
  a mass storage to store a code image digitally signed by a signature and received from a host over a communication link;
  
  a main memory; and
  
  a processor coupled to the ROM, the mass storage, and the main memory to verify the code image using the fingerprint and upon successfully verifying the code image, to execute the code image in the main memory to establish an operating environment of the digital processing system.

14. An apparatus, comprising:
- means for loading a code image digitally signed by a signature into a device the code image being received from a host over a communication link;
  
  means for determining if the code image is certified by verifying the signature using a fingerprint embedded within ROM (read only memory) of the device; and
  
  means for executing the code image if the code image is certified to establish an operating environment of the device.

15. A computer implemented method, comprising:
- in response to a failure of loading an executable image of a device, the device communicating with a host via a communication link to signal that the device is in a recovery mode to receive from the host a new executable image corresponding to the failed executable image;
  
  verifying the new executable image using a digital certificate embedded within the secure ROM of the portable device;
  
  upon successfully verifying the new executable image, executing the new executable image; and
  
  optionally storing the verified new executable image in the mass storage of the portable device, replacing the failed executable image.
- View Dependent Claims (16)
- - 16. The method of claim 15, further comprising:
    - the host authenticating the portable device over the communication link based in pan on the unique ID of the portable device;
      
      upon successfully authenticating the portable device, the host retrieving the new executable image from a server over a network; and
      
      delivering the retrieved new executable image to the portable device over the communication link.

17. A computer implemented method, comprising:
- in response to successfully authenticating a portable device over a communication link based in part on a unique identifier (ID) embedded within a secure ROM (read-only memory) of the portable device, determining whether the portable device is in a recovery mode as a result of a failure to initialize an operating environment of the portable device;
  
  retrieving an executable image from a server over a network, the executable image being digitally signed by a signature if it is determined that the portable device is in the recovery mode; and
  
  delivering the retrieved executable image to the portable device over the communication link, wherein the portable device verifies the signature of the executable image using a digital certificate embedded wit the secure ROM, and wherein the verified executable image is loaded in a main memory of the portable device to establish the operating environment for the portable device.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein the executable image comprises data representing at least a kernel of an operating system (OS) for the portable device, wherein the executable image, which when executed by the portable device, establishes a virtual bootable drive from which the at least the kernel of the OS is loaded in the main memory of the portable device.

19. A machine-readable medium having instructions stored therein, which when executed by a machine, cause the machine to perform a method, the method comprising:
- in response to successfully authenticating a portable device over a communication line based in part on a unique identifier (ID) embedded within a secure ROM (read-only memory) of the portable device, determining whether the portable device is in a recovery mode as a result of a failure to initialize an operating environment of the portable device;
  
  retrieving an executable image from a server over a network, the executable image being digitally signed by a signature if it is determined that the portable device is in the recovery mode; and
  
  delivering the retrieved executable image to the portable device over the communication link, wherein the portable device verifies the signature of the executable image using a digital certificate embedded with the secure ROM, and wherein the verified executable image is loaded in a main memory of the portable device to establish the operating environment for the portable device.
- View Dependent Claims (20)
- - 20. The machine-readable medium of claim 19, wherein the executable image comprises data representing at least a kernel of an operating system (OS) for the portable device, wherein the executable image, which when executed by the portable device, establishes a virtual bootable drive from which the at least the kernel of the OS is loaded in the main memory of the portable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Sen, Shantonu, Smith, Michael, de Cesare, Joshua, De Atley, Dallas Blake, Wright, John Andrew, Reda, Matthew

Granted Patent

US 8,239,688 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 21/51   at application loading time...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 9/14   using a plurality of keys o...

H04L 9/302   involving the integer facto...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3249   using RSA or related signat...

Securely Recovering a Computing Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securely Recovering a Computing Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links