System and Method for Secure Software Update

US 20130318357A1
Filed: 02/13/2012
Published: 11/28/2013
Est. Priority Date: 02/11/2011
Status: Active Grant

First Claim

Patent Images

1. A system for implementing a software update on a target device, comprising:

a processor coupled to a storage memory and being operable to retrieve and execute instructions stored in the storage memory to implement;

an update utility being operative to access update components in the storage memory to perform a software update verification;

a first encryption key from a first pair of asymmetrical cryptographic keys; and

a checksum algorithm;

the update utility being operative to receive update data that includes an encrypted checksum and an update process file, the encrypted checksum being generated using the update process file and a second encryption key from the first pair of asymmetrical cryptographic keys;

the update utility being further operative to process the update data using the first encryption key to obtain a first checksum; and

the update utility being further operative to process the update process file using the checksum algorithm to generate a second checksum and to grant execution to the update process file if the first checksum matches the second checksum.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure software update provides an update utility with an update definition, a private encryption key and a public signature key to a target device. A software update package is prepared on portable media that includes an executable update program, a checksum for the program that is encrypted with a symmetrical key, an encrypted symmetrical key that is encrypted with a public encryption key and a digital signature prepared with a private signature key. The update process authenticates the digital signature, decrypts the symmetrical key using the private encryption key, and decrypts the checksum using the symmetrical key. A new checksum is generated for the executable update program and compared to the decrypted checksum. If inconsistencies are detected during the update process, the process is terminated. Otherwise, the software update can be installed with a relatively high degree of assurance against corruption, viruses and third party interference.

Citations

28 Claims

1. A system for implementing a software update on a target device, comprising:
- a processor coupled to a storage memory and being operable to retrieve and execute instructions stored in the storage memory to implement;
  
  an update utility being operative to access update components in the storage memory to perform a software update verification;
  
  a first encryption key from a first pair of asymmetrical cryptographic keys; and
  
  a checksum algorithm;
  
  the update utility being operative to receive update data that includes an encrypted checksum and an update process file, the encrypted checksum being generated using the update process file and a second encryption key from the first pair of asymmetrical cryptographic keys;
  
  the update utility being further operative to process the update data using the first encryption key to obtain a first checksum; and
  
  the update utility being further operative to process the update process file using the checksum algorithm to generate a second checksum and to grant execution to the update process file if the first checksum matches the second checksum.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system according to claim 1, further comprising:
    - a first signature key from a second pair of asymmetrical cryptographic keys, wherein the update utility is responsive to receipt of a digital signature generated with a second signature key from the second pair of asymmetrical cryptographic keys to authenticate the digital signature using the first signature key.
  - 3. The system according to claim 1, wherein the first encryption key is a private key from a public/private key pair.
  - 4. The system according to claim 2, wherein the first signature key is a public key from a public/private key pair.
  - 5. The system according to claim 1, further comprising an update definition that describes the update data, wherein the update utility is operative to terminate the software update if the update data is noncompliant with the update definition.
  - 6. The system according to claim 1, further comprising a removable external storage device selectively coupled to the processor and operative to store the update data and the update process file for the software update.
  - 7. The system according to claim 6, wherein the update data further comprises:
    - an encrypted session key, the session key being a symmetrical cryptographic key, and being encrypted using the second encryption key; and
      
      the encrypted checksum being encrypted with the session key.
  - 8. The system according to claim 7, wherein the update utility is further operative to decrypt the encrypted session key using the first encryption key to obtain the session key and to decrypt the encrypted checksum with the session key to obtain the first checksum.
  - 9. The system according to claim 7, wherein the update data further comprises a digital signature generated using the encrypted session key and a private signature key from a second pair of asymmetrical cryptographic keys.

10. A storage device for storing non-transitory update data for implementing a software update, the non-transitory update data comprising:
- an update file that is executable to install the software update on a target system;
  
  an encrypted checksum that is encrypted using a session key that is a symmetrical cryptographic key, the checksum being calculated from the update file; and
  
  an encrypted session key generated by encrypting the session key with a first encryption key from a pair of asymmetrical cryptographic keys.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The device according to claim 10, wherein the first encryption key is a public key from a public/private key pair.
  - 12. The device according to claim 10, further comprising a digital signature generated using the encrypted session key and a private key from a pair of asymmetrical cryptographic keys.
  - 13. The device according to claim 12, further comprising an update document that includes the encrypted checksum, the encrypted session key and the digital signature.
  - 14. The device according to claim 13, wherein the update document and update file are provided with predetermined names and locations in the storage device.
  - 15. The device according to claim 14, wherein the update document is an XML formatted file.

16. A method for implementing a software update on a target device that includes a numerical processor, comprising:
- receiving update data that includes an encrypted checksum that is generated using a first encryption key from a first asymmetrical cryptographic key pair and an update process file for establishing the software update;
  
  processing the update data using a second encryption key from the first asymmetrical cryptographic key pair to obtain a first checksum;
  
  calculating a second checksum from the update process file using a checksum algorithm; and
  
  granting execution to the update process file if the first checksum matches the second checksum.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method according to claim 16, further comprising:
    - receiving a digital signature that is formed using the encrypted checksum and a first signature key from a second asymmetrical cryptographic key pair; and
      
      authenticating the digital signature using a second signature key from the second asymmetrical cryptographic key pair.
  - 18. The method according to claim 16, wherein the second encryption key is a private key of a public/private key pair.
  - 19. The method according to claim 17, wherein the second signature key is a public key of a public/private key pair.
  - 20. The method according to claim 16, further comprising:
    - comparing characteristics of the update data with an update definition that describes the update data; and
      
      terminating the software update if the characteristics are noncompliant with the update definition.
  - 21. The method according to claim 16, further comprising:
    - receiving an encrypted session key that is a symmetrical cryptographic key, the encrypted session key being encrypted using the first encryption key;
      
      decrypting the encrypted session key using the second encryption key to obtain the session key; and
      
      decrypting the encrypted checksum with the session key to obtain the first checksum.
  - 22. The system according to claim 21, further comprising:
    - receiving a digital signature generated using the encrypted session key and a private signature key from a second pair of asymmetrical cryptographic keys; and
      
      authenticating the digital signature using a public signature key from the second pair of asymmetrical cryptographic keys.

23. A method for preparing a software update package to implement a software update and being stored in non-transitory form on a storage device, comprising:
- preparing an update file that is executable to install the software update on a target system;
  
  calculating a checksum for the update file;
  
  encrypting the checksum using a session key that is a symmetrical cryptographic key;
  
  encrypting the session key with a first encryption key from a first pair of asymmetrical cryptographic keys; and
  
  storing the update file, the encrypted checksum and the encrypted session key on the storage device.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The method according to claim 23, wherein the first encryption key is a public key from a public/private key pair.
  - 25. The method according to claim 23, further comprising generating a digital signature using the encrypted session key and a private key from a second pair of asymmetrical cryptographic keys.
  - 26. The method according to claim 25, further comprising storing the encrypted checksum, the encrypted session key and the digital signature in an update document on the storage device.
  - 27. The method according to claim 26, further comprising providing the update document and update file with predetermined names and locations on the storage device.
  - 28. The method according to claim 27, wherein the update document is an XML formatted file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens Healthcare Diagnostics Incorporated (Siemens AG)
Original Assignee
Siemens Healthcare Diagnostics Incorporated (Siemens AG)
Inventors
Miller, Kerry, Abraham, Bestin

Granted Patent

US 9,276,752 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/565   by checking file integrity

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

System and Method for Secure Software Update

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Secure Software Update

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links