Protection for Unauthorized Firmware and Software Upgrades to Consumer Electronic Devices

US 20130047144A1
Filed: 08/19/2011
Published: 02/21/2013
Est. Priority Date: 08/19/2011
Status: Active Grant

First Claim

Patent Images

1. A method for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:

retrieving by a software update server an expected authorization checksum value corresponding to a specific class of consumer electronic devices;

determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image to force a checksum collision with the retrieved expected authorization checksum value;

modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications; and

propagating the modified firmware or software update, patch, or upgrade image to consumer electronic devices in the class of consumer electronic devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firmware or software update, patch, or upgrade image is authenticated by forcing its checksum to match a pre-determined value. The pre-determined value is known by a consumer electronic device in advance of propagating the image for installation. Upon propagation, the device determines a checksum value of the received imaged, and compares the checksum value to the pre-determined expected authenticity value. If they match, the image is installed. In an optional feature, the image is executed by the device and modifies the pre-determined checksum value to a next value, which is also shared or known by the image server. In this variation, no two images have the same expected value, and unauthorized images may be rejected for installation.

39 Citations

View as Search Results

20 Claims

1. A method for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- retrieving by a software update server an expected authorization checksum value corresponding to a specific class of consumer electronic devices;
  
  determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image to force a checksum collision with the retrieved expected authorization checksum value;
  
  modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications; and
  
  propagating the modified firmware or software update, patch, or upgrade image to consumer electronic devices in the class of consumer electronic devices.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as set forth in claim 1 wherein the modifying further comprises modifying the preliminary firmware or software update, patch, or upgrade image to include a next update authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace an expected authorization checksum value stored by the consumer electronic device.
  - 3. The method as set forth in claim 2 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the preliminary firmware or software update, patch, or upgrade image is modified to force a collision with the next upgrade authorization checksum value.
  - 4. The method as set forth in claim 1 further comprising applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 5. The method as set forth in claim 1 further comprising applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

6. A computer program product for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- one or more tangible, computer memory devices;
  
  first computer instructions for retrieving by a software update server an expected authorization checksum value corresponding to a specific class of consumer electronic devices;
  
  second computer instructions for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image to force a checksum collision with the retrieved expected authorization checksum value;
  
  third computer instructions for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications; and
  
  fourth computer instructions for propagating the modified firmware or software update, patch, or upgrade image to consumer electronic devices in the class of consumer electronic devices;
  
  wherein the first, second, third and fourth computer instructions are stored by the one or more tangible computer memory devices.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product as set forth in claim 6 wherein the modifying further comprises modifying the preliminary firmware or software update, patch, or upgrade image to include a next update authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace an expected authorization checksum value stored by the consumer electronic device.
  - 8. The computer program product as set forth in claim 7 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the preliminary firmware or software update, patch, or upgrade image is modified to force a collision with the next upgrade authorization checksum value.
  - 9. The computer program product as set forth in claim 6 further comprising fifth program instructions stored by the tangible computer memory devices for applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 10. The computer program product as set forth in claim 6 further comprising fifth program instructions stored by the tangible computer memory devices applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

11. A system for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- an update server having a logical processor;
  
  a retriever portion of the update server for retrieving an expected authorization checksum value corresponding to a specific class of consumer electronic devices;
  
  a determiner portion of the update server for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image to force a checksum collision with the retrieved expected authorization checksum value;
  
  a code modifier portion of the update server for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications; and
  
  a propagator portion of the update server for propagating the modified firmware or software update, patch, or upgrade image to consumer electronic devices in the class of consumer electronic devices.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system as set forth in claim 11 wherein the modifier further modifies the preliminary firmware or software update, patch, or upgrade image to include a next update authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace an expected authorization checksum value stored by the consumer electronic device.
  - 13. The system as set forth in claim 12 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the modifier modifies the preliminary firmware or software update, patch, or upgrade image to force a collision with the next upgrade authorization checksum value.
  - 14. The system as set forth in claim 11 further comprising a signer portion of the update server for applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 15. The system as set forth in claim 11 further comprising a signer portion of the update server for applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

16. A computer program product for indicating to a consumer electronic device that a firmware update image is authorized by a software update server, the computer program product prepared by a process comprising:
- disposing onto one or more tangible, computer memory devices;
  
  first computer instructions for retrieving by a software update server an expected authorization checksum value corresponding to a specific class of consumer electronic devices;
  
  second computer instructions for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image to force a checksum collision with the retrieved expected authorization checksum value;
  
  third computer instructions for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications; and
  
  fourth computer instructions for propagating the modified firmware or software update, patch, or upgrade image to consumer electronic devices in the class of consumer electronic devices.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product as set forth in claim 16 wherein the disposing of the third computer instructions further comprises disposing computer instructions for modifying the preliminary firmware or software update, patch, or upgrade image to include a next update authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace an expected authorization checksum value stored by the consumer electronic device.
  - 18. The computer program product as set forth in claim 17 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the preliminary firmware or software update, patch, or upgrade image is modified to force a collision with the next upgrade authorization checksum value.
  - 19. The computer program product as set forth in claim 16 further comprising disposing onto one or more tangible, computer memory devices fifth program instructions for applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 20. The computer program product as set forth in claim 16 further comprising disposing onto one or more tangible, computer memory devices fifth program instructions stored by the tangible computer memory devices applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Cheaz, Nixon, Stecher, David Michael, Chalmers, Diane Christine

Granted Patent

US 8,776,040 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/168
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 8/63   Image based installation; C...

G06F 8/654   using techniques specially ...

H04M 1/72406   by software upgrading or do...

Protection for Unauthorized Firmware and Software Upgrades to Consumer Electronic Devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Protection for Unauthorized Firmware and Software Upgrades to Consumer Electronic Devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others