Secure Upgrade of Firmware Update in Constrained Memory
First Claim
Patent Images
1. A method of securely downloading an update to a constrained memory, the update including one header block and one or more body blocks, the method comprising:
- a) receiving a header block of the update;
b) parsing the header block;
c) receiving a body block of the update;
d) confirming a digital signature of the body block;
e) storing the body block when the act of confirming is successful;
f) repeating steps c-e until each body block has been received;
g) committing the update when each body block has been received.
2 Assignments
0 Petitions
Accused Products
Abstract
A hardware-based security module may contain executable code used to manage the electronic device in which the security module resides. Because the security module may have limited memory, a memory update process is used that allows individual blocks to be separately downloaded and verified. Verification data is sent in a header block prior to sending the individual data blocks.
82 Citations
20 Claims
-
1. A method of securely downloading an update to a constrained memory, the update including one header block and one or more body blocks, the method comprising:
-
a) receiving a header block of the update; b) parsing the header block; c) receiving a body block of the update; d) confirming a digital signature of the body block; e) storing the body block when the act of confirming is successful; f) repeating steps c-e until each body block has been received; g) committing the update when each body block has been received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium having computer-executable instructions for implementing a method of securely downloading a memory update to a target device comprising:
-
dividing the memory update into blocks; creating a respective hash corresponding to each of the blocks; creating a header including each respective hash; adding a target device identifying information to the header; creating a digital signature of the header and attaching the digital signature to the header; and sending the header to the target device. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer with a security module adapted to receive and verify a memory update, the security module comprising:
-
a processor; a port for receiving the memory update; a bus connecting the processor to the port; the security module coupled to the bus and having a second processor, a cryptographic module, and a secure memory storing computer-executable instructions for executing a program, the program comprising; a download module for receiving update blocks from the port via the bus; a header verification module for authenticating a header portion of the memory update; a storage module for storing hash values embedded in the header portion; a body block module for receiving one or more body block portions of the memory update and for comparing a hash of the body block portions with the hash values embedded in the header portion for corresponding body block portions; and an activation module for operating from the memory update when all the update blocks have been received and verified by the body block module. - View Dependent Claims (17, 18, 19, 20)
-
Specification