SECURELY UPGRADING OR DOWNGRADING PLATFORM COMPONENTS

US 20130212380A1
Filed: 02/10/2012
Published: 08/15/2013
Est. Priority Date: 02/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for securely altering a platform component, comprising:

assigning certificates for public encryption and signature verification keys for the device;

assigning certificates for public encryption and signature verification keys for an upgrade server;

mutually authenticating a device containing the platform component and the upgrade server;

causing the device and the upgrade server to exchange a session key during the mutual authenticating; and

providing an alteration to be made to the platform component from the upgrade server to the device using the session key exchanged during the mutual authenticating.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.

27 Citations

View as Search Results

24 Claims

1. A method for securely altering a platform component, comprising:
- assigning certificates for public encryption and signature verification keys for the device;
  
  assigning certificates for public encryption and signature verification keys for an upgrade server;
  
  mutually authenticating a device containing the platform component and the upgrade server;
  
  causing the device and the upgrade server to exchange a session key during the mutual authenticating; and
  
  providing an alteration to be made to the platform component from the upgrade server to the device using the session key exchanged during the mutual authenticating.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the alteration is an upgrade.
  - 3. The method of claim 1, wherein the alteration is a downgrade.
  - 4. The method of claim 1, wherein the platform component is a processor.
  - 5. The method of claim 1, wherein the platform component is one core in a multi-core processor.
  - 6. The method of claim 1, wherein the platform component is a discrete or integrated hardware component on the device.
  - 7. The method of claim 1, wherein the platform component is a firmware or software component on the device.
  - 8. The method of claim 1, wherein the method is performed in response to a change in a subscription level, wherein the subscription level defines a component upgrade level and periodic price to be paid for performance matching the component upgrade level.

9. A method for securely altering a platform component, comprising:
- generating encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered;
  
  obtaining public encryption and signature verification keys of a provisioning server from a certification authority;
  
  mutually authenticating the device and the provisioning server using the public encryption and signature verification keys;
  
  contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device;
  
  contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server;
  
  sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority;
  
  mutually authenticating the device and the upgrade server;
  
  causing the device and the upgrade server to exchange a session key; and
  
  providing an secure alteration to be made to the platform component from the upgrade server to the device via the upgrade manager using the session key.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein the platform component is located in the field.
  - 11. The method of claim 9, wherein the method is performed in response to a change in a subscription level, wherein the subscription level defines a component upgrade level and periodic price to be paid for performance matching the component upgrade level.

12. A system comprising:
- a device containing a platform component;
  
  an upgrade manager;
  
  a certification authority;
  
  a provisioning server; and
  
  an upgrade server;
  
  wherein the upgrade manager is designed to;
  
  generate encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered;
  
  obtain public encryption and signature verification keys of a provisioning server from a certification authority;
  
  perform one side of mutual authentication between the device and the provisioning server using the public encryption and signature verification keys of the provisioning server;
  
  contact the certification authority for assigned certificates for public encryption and signature verification keys for the device;
  
  contact the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server;
  
  send an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority;
  
  perform one side of mutual authentication between the device and the upgrade server;
  
  send a session key to the upgrade server; and
  
  receive an alteration to be made to the platform component from the upgrade server to the device using the session key;
  
  wherein the certification authority is designed to;
  
  provide the encryption and signature verification keys of the provisioning server to the upgrade manager;
  
  assign certificates for the device'"'"'s public encryption and signature verification keys; and
  
  assign certificates for the upgrade server'"'"'s public encryption and signature verification keys;
  
  wherein the provisioning server is designed to;
  
  perform the other side of mutual authentication between the device and the provisioning server using the public encryption and signature verification keys of the provisioning server; and
  
  verify the device'"'"'s information; and
  
  wherein the upgrade server is designed to;
  
  obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority;
  
  perform the other side of mutual authentication between the device and the upgrade server using the upgrade server'"'"'s pubic encryption and signature verification keys;
  
  exchange the session key with the upgrade manager; and
  
  send the alteration to be made to the platform component to the upgrade manager using the session key.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the upgrade manager is located on the device.
  - 14. The system of claim 12, wherein the device contains:
    - a secure partition including a secure key store, a secure data store, and native cryptographic functions.
  - 15. The system of claim 13, wherein the cryptographic functions include:
    - a random number generator;
      
      a hash generator;
      
      a cryptographic key generator; and
      
      a digital signature and encryption/decryption engine.
  - 16. The system of claim 14, wherein the secure partition is only accessible in a privileged mode.
  - 17. The system of claim 16, wherein the device further contains a secure monitor designed to determine if the device is in a privileged mode.

18. A system for securely altering a platform component, comprising:
- means for generating encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered;
  
  means for obtaining public encryption and signature verification keys of a provisioning server from a certification authority;
  
  means for mutually authenticating the device and the provisioning server using the public encryption and signature verification keys;
  
  means for contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device;
  
  means for contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server;
  
  means for sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority;
  
  means for mutually authenticating the device and the upgrade server;
  
  means for causing the device and the upgrade server to exchange a session key; and
  
  means for providing an secure alteration to be made to the platform component from the upgrade server to the device via the upgrade manager using the session key.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the platform component is a computer processor.

20. A program storage device readable by a machine tangibly embodying a program of instructions executable by the machine to perform a method for securely altering a platform component, the method comprising:
- generating encryption and digital signature key pairs by an upgrade manager on behalf of a device containing the platform component being altered;
  
  obtaining public encryption and signature verification keys of a provisioning server from a certification authority;
  
  mutually authenticating the device and the provisioning server using the public encryption and signature verification keys;
  
  contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device;
  
  contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server;
  
  sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain the upgrade manager'"'"'s certificates for public encryption and signature verification keys from the certification authority;
  
  mutually authenticating the device and the upgrade server;
  
  causing the device and the upgrade server to exchange a session key; and
  
  providing an secure alteration to be made to the platform component from the upgrade server to the device via the upgrade manager using the session key.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The program storage device of claim 20, wherein the platform component is a feature of a hardware component.
  - 22. The program storage device of claim 21, wherein the feature is hyperthreading.
  - 23. The program storage device of claim 21, wherein the feature is virtualization technology.
  - 24. The program storage device of claim 21, wherein the feature is remote management.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
ACIICMEZ, Onur, BRUTCH, Tasneem

Granted Patent

US 8,667,270 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 8/65   Updates security arrangemen...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

SECURELY UPGRADING OR DOWNGRADING PLATFORM COMPONENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SECURELY UPGRADING OR DOWNGRADING PLATFORM COMPONENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links