MOBILE PLATFORM SOFTWARE UPDATE WITH SECURE AUTHENTICATION
First Claim
1. A communication device comprising:
- an image update module configured to receive a software update image from an update server, said image update module executing at an operating system (OS) level;
a critical component database configured to identify critical software components associated with secure operation of said device;
a secure update application module configured to verify the inclusion of said critical software components in said software update image prior to installation of said software update image on said device; and
a trusted execution environment (TEE) operating on said device configured to restrict control access and data access to said secure update application module and said critical component database, said restriction enforced against said OS and against modules executing at said OS level.
3 Assignments
0 Petitions
Accused Products
Abstract
Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.
-
Citations
29 Claims
-
1. A communication device comprising:
-
an image update module configured to receive a software update image from an update server, said image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with secure operation of said device; a secure update application module configured to verify the inclusion of said critical software components in said software update image prior to installation of said software update image on said device; and a trusted execution environment (TEE) operating on said device configured to restrict control access and data access to said secure update application module and said critical component database, said restriction enforced against said OS and against modules executing at said OS level. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for securely updating a software image for a communication device, said method comprising:
-
receiving said software image from an update server, wherein said software image comprises one or more downloaded software components; providing a critical component database configured to identify critical software components associated with the secure operation of said device, said database maintained in a trusted execution environment (TEE), wherein said TEE is configured to enforce access restrictions against software running at an operating system level on said device; matching said downloaded software components to said critical software components, said matching performed in said TEE; and installing said software image on said device based on the results of said matching. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for securely updating a software image for a communication device, said operations comprising:
-
receiving said software image from an update server, wherein said software image comprises one or more downloaded software components; providing a critical component database configured to identify critical software components associated with the secure operation of said device, said database maintained in a trusted execution environment (TEE), wherein said TEE is configured to enforce access restrictions against software running at an operating system level on said device; matching said downloaded software components to said critical software components, said matching performed in said TEE; and installing said software image on said device based on the results of said matching. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A mobile communication platform comprising:
-
a processor; a memory coupled to said processor; an input/output (I/O) system coupled to said processor; a user interface coupled to said I/O system; an image update module configured to receive a software update image from an update server, said image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with secure operation of said platform; a secure update application module configured to verify the inclusion of said critical software components in said software update image prior to installation of said software update image on said platform; and a trusted execution environment (TEE) operating on said platform configured to restrict control access and data access to said secure update application module and said critical component database, said restriction enforced against said OS and against modules executing at said OS level. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification