System and Method for Secure Software Update
First Claim
1. A system for implementing a software update on a target device, comprising:
- a processor coupled to a storage memory and being operable to retrieve and execute instructions stored in the storage memory to implement;
an update utility being operative to access update components in the storage memory to perform a software update verification;
a first encryption key from a first pair of asymmetrical cryptographic keys; and
a checksum algorithm;
the update utility being operative to receive update data that includes an encrypted checksum and an update process file, the encrypted checksum being generated using the update process file and a second encryption key from the first pair of asymmetrical cryptographic keys;
the update utility being further operative to process the update data using the first encryption key to obtain a first checksum; and
the update utility being further operative to process the update process file using the checksum algorithm to generate a second checksum and to grant execution to the update process file if the first checksum matches the second checksum.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure software update provides an update utility with an update definition, a private encryption key and a public signature key to a target device. A software update package is prepared on portable media that includes an executable update program, a checksum for the program that is encrypted with a symmetrical key, an encrypted symmetrical key that is encrypted with a public encryption key and a digital signature prepared with a private signature key. The update process authenticates the digital signature, decrypts the symmetrical key using the private encryption key, and decrypts the checksum using the symmetrical key. A new checksum is generated for the executable update program and compared to the decrypted checksum. If inconsistencies are detected during the update process, the process is terminated. Otherwise, the software update can be installed with a relatively high degree of assurance against corruption, viruses and third party interference.
-
Citations
28 Claims
-
1. A system for implementing a software update on a target device, comprising:
-
a processor coupled to a storage memory and being operable to retrieve and execute instructions stored in the storage memory to implement; an update utility being operative to access update components in the storage memory to perform a software update verification; a first encryption key from a first pair of asymmetrical cryptographic keys; and a checksum algorithm; the update utility being operative to receive update data that includes an encrypted checksum and an update process file, the encrypted checksum being generated using the update process file and a second encryption key from the first pair of asymmetrical cryptographic keys; the update utility being further operative to process the update data using the first encryption key to obtain a first checksum; and the update utility being further operative to process the update process file using the checksum algorithm to generate a second checksum and to grant execution to the update process file if the first checksum matches the second checksum. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A storage device for storing non-transitory update data for implementing a software update, the non-transitory update data comprising:
-
an update file that is executable to install the software update on a target system; an encrypted checksum that is encrypted using a session key that is a symmetrical cryptographic key, the checksum being calculated from the update file; and an encrypted session key generated by encrypting the session key with a first encryption key from a pair of asymmetrical cryptographic keys. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for implementing a software update on a target device that includes a numerical processor, comprising:
-
receiving update data that includes an encrypted checksum that is generated using a first encryption key from a first asymmetrical cryptographic key pair and an update process file for establishing the software update; processing the update data using a second encryption key from the first asymmetrical cryptographic key pair to obtain a first checksum; calculating a second checksum from the update process file using a checksum algorithm; and granting execution to the update process file if the first checksum matches the second checksum. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A method for preparing a software update package to implement a software update and being stored in non-transitory form on a storage device, comprising:
-
preparing an update file that is executable to install the software update on a target system; calculating a checksum for the update file; encrypting the checksum using a session key that is a symmetrical cryptographic key; encrypting the session key with a first encryption key from a first pair of asymmetrical cryptographic keys; and storing the update file, the encrypted checksum and the encrypted session key on the storage device. - View Dependent Claims (24, 25, 26, 27, 28)
-
Specification