SECURELY UPGRADING OR DOWNGRADING PLATFORM COMPONENTS
First Claim
Patent Images
1. A method for securely altering a platform component, comprising:
- assigning certificates for public encryption and signature verification keys for the device;
assigning certificates for public encryption and signature verification keys for an upgrade server;
mutually authenticating a device containing the platform component and the upgrade server;
causing the device and the upgrade server to exchange a session key during the mutual authenticating; and
providing an alteration to be made to the platform component from the upgrade server to the device using the session key exchanged during the mutual authenticating.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.
27 Citations
24 Claims
-
1. A method for securely altering a platform component, comprising:
-
assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key during the mutual authenticating; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key exchanged during the mutual authenticating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for securely altering a platform component, comprising:
-
generating encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered; obtaining public encryption and signature verification keys of a provisioning server from a certification authority; mutually authenticating the device and the provisioning server using the public encryption and signature verification keys; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server; sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority; mutually authenticating the device and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an secure alteration to be made to the platform component from the upgrade server to the device via the upgrade manager using the session key. - View Dependent Claims (10, 11)
-
-
12. A system comprising:
-
a device containing a platform component; an upgrade manager; a certification authority; a provisioning server; and an upgrade server; wherein the upgrade manager is designed to; generate encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered; obtain public encryption and signature verification keys of a provisioning server from a certification authority; perform one side of mutual authentication between the device and the provisioning server using the public encryption and signature verification keys of the provisioning server; contact the certification authority for assigned certificates for public encryption and signature verification keys for the device; contact the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server; send an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority; perform one side of mutual authentication between the device and the upgrade server; send a session key to the upgrade server; and receive an alteration to be made to the platform component from the upgrade server to the device using the session key; wherein the certification authority is designed to; provide the encryption and signature verification keys of the provisioning server to the upgrade manager; assign certificates for the device'"'"'s public encryption and signature verification keys; and assign certificates for the upgrade server'"'"'s public encryption and signature verification keys; wherein the provisioning server is designed to; perform the other side of mutual authentication between the device and the provisioning server using the public encryption and signature verification keys of the provisioning server; and verify the device'"'"'s information; and wherein the upgrade server is designed to; obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority; perform the other side of mutual authentication between the device and the upgrade server using the upgrade server'"'"'s pubic encryption and signature verification keys; exchange the session key with the upgrade manager; and send the alteration to be made to the platform component to the upgrade manager using the session key. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for securely altering a platform component, comprising:
-
means for generating encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered; means for obtaining public encryption and signature verification keys of a provisioning server from a certification authority; means for mutually authenticating the device and the provisioning server using the public encryption and signature verification keys; means for contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device; means for contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server; means for sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority; means for mutually authenticating the device and the upgrade server; means for causing the device and the upgrade server to exchange a session key; and means for providing an secure alteration to be made to the platform component from the upgrade server to the device via the upgrade manager using the session key. - View Dependent Claims (19)
-
-
20. A program storage device readable by a machine tangibly embodying a program of instructions executable by the machine to perform a method for securely altering a platform component, the method comprising:
-
generating encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered; obtaining public encryption and signature verification keys of a provisioning server from a certification authority; mutually authenticating the device and the provisioning server using the public encryption and signature verification keys; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server; sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority; mutually authenticating the device and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an secure alteration to be made to the platform component from the upgrade server to the device via the upgrade manager using the session key. - View Dependent Claims (21, 22, 23, 24)
-
Specification