MOBILE PLATFORM SOFTWARE UPDATE WITH SECURE AUTHENTICATION

US 20140004825A1
Filed: 06/29/2012
Published: 01/02/2014
Est. Priority Date: 06/29/2012
Status: Active Grant

First Claim

Patent Images

1. A communication device comprising:

an image update module configured to receive a software update image from an update server, said image update module executing at an operating system (OS) level;

a critical component database configured to identify critical software components associated with secure operation of said device;

a secure update application module configured to verify the inclusion of said critical software components in said software update image prior to installation of said software update image on said device; and

a trusted execution environment (TEE) operating on said device configured to restrict control access and data access to said secure update application module and said critical component database, said restriction enforced against said OS and against modules executing at said OS level.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Citations

29 Claims

1. A communication device comprising:
- an image update module configured to receive a software update image from an update server, said image update module executing at an operating system (OS) level;
  
  a critical component database configured to identify critical software components associated with secure operation of said device;
  
  a secure update application module configured to verify the inclusion of said critical software components in said software update image prior to installation of said software update image on said device; and
  
  a trusted execution environment (TEE) operating on said device configured to restrict control access and data access to said secure update application module and said critical component database, said restriction enforced against said OS and against modules executing at said OS level.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, further comprising a trusted user authentication module (TUAM) configured to authenticate a user of said device based on authentication information maintained in said TEE.
  - 3. The device of claim 2, wherein said authentication information is a password.
  - 4. The device of claim 2, wherein said authentication is to be performed prior to said installation of said software update image.
  - 5. The device of claim 1, wherein said image update module is further configured to report a failure of said inclusion verification to said update server.
  - 6. The device of claim 1, wherein said secure update application module is further configured to verify a digital signature associated with said software update image.
  - 7. The device of claim 1, wherein said image update module is further configured to report the identity of components included in said software update image in response to receiving a query.

8. A method for securely updating a software image for a communication device, said method comprising:
- receiving said software image from an update server, wherein said software image comprises one or more downloaded software components;
  
  providing a critical component database configured to identify critical software components associated with the secure operation of said device, said database maintained in a trusted execution environment (TEE), wherein said TEE is configured to enforce access restrictions against software running at an operating system level on said device;
  
  matching said downloaded software components to said critical software components, said matching performed in said TEE; and
  
  installing said software image on said device based on the results of said matching.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising rejecting said software image update in response to determining that said device is in a locked state.
  - 10. The method of claim 8, further comprising rejecting said software image update in response to a failure to verify a digital signature associated with said software image.
  - 11. The method of claim 8, further comprising rejecting said software image update in response to a failure to authenticate a user of said device based on authentication information maintained in said TEE.
  - 12. The method of claim 8, further comprising reporting to said update server a failure of said matching.
  - 13. The method of claim 8, further comprising reporting the identity of said downloaded software components included in said software image in response to receiving a query.

14. A computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for securely updating a software image for a communication device, said operations comprising:
- receiving said software image from an update server, wherein said software image comprises one or more downloaded software components;
  
  providing a critical component database configured to identify critical software components associated with the secure operation of said device, said database maintained in a trusted execution environment (TEE), wherein said TEE is configured to enforce access restrictions against software running at an operating system level on said device;
  
  matching said downloaded software components to said critical software components, said matching performed in said TEE; and
  
  installing said software image on said device based on the results of said matching.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer-readable storage medium of claim 14, wherein said operations further comprise rejecting said software image update in response to determining that said device is in a locked state.
  - 16. The computer-readable storage medium of claim 14, wherein said operations further comprise rejecting said software image update in response to a failure to verify a digital signature associated with said software image.
  - 17. The computer-readable storage medium of claim 14, wherein said operations further comprise rejecting said software image update in response to a failure to authenticate a user of said device based on authentication information maintained in said TEE.
  - 18. The computer-readable storage medium of claim 14, wherein said operations further comprise reporting to said update server a failure of said matching.
  - 19. The computer-readable storage medium of claim 14, wherein said operations further comprise reporting the identity of said downloaded software components included in said software image in response to receiving a query.

20. A mobile communication platform comprising:
- a processor;
  
  a memory coupled to said processor;
  
  an input/output (I/O) system coupled to said processor;
  
  a user interface coupled to said I/O system;
  
  an image update module configured to receive a software update image from an update server, said image update module executing at an operating system (OS) level;
  
  a critical component database configured to identify critical software components associated with secure operation of said platform;
  
  a secure update application module configured to verify the inclusion of said critical software components in said software update image prior to installation of said software update image on said platform; and
  
  a trusted execution environment (TEE) operating on said platform configured to restrict control access and data access to said secure update application module and said critical component database, said restriction enforced against said OS and against modules executing at said OS level.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The mobile communication platform of claim 20, further comprising a trusted user authentication module (TUAM) configured to authenticate a user of said platform based on authentication information maintained in said TEE.
  - 22. The mobile communication platform of claim 21, wherein said authentication information is a password.
  - 23. The mobile communication platform of claim 21, wherein said trusted user authentication module is further configured to perform authentication prior to said installation of said software update image.
  - 24. The mobile communication platform of claim 20, wherein said image update module is further configured to report a failure of said inclusion verification to said update server.
  - 25. The mobile communication platform of claim 20, wherein said secure update application module is further configured to verify a digital signature associated with said software update image.
  - 26. The mobile communication platform of claim 20, wherein said image update module is further configured to report the identity of components included in said software update image in response to receiving a query.
  - 27. The mobile communication platform of claim 20, wherein said platform is selected from the group consisting of a smartphone, a laptop computing device and a tablet.
  - 28. The mobile communication platform of claim 20, further comprising a plurality of said platforms, each configured to communicate over a wireless network.
  - 29. The mobile communication platform of claim 20, wherein said user interface is a touchscreen.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Prakash, Gyan, Satapathy, Jiphun C.

Granted Patent

US 9,369,867 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/74   operating in dual or compar...

G06F 8/65   Updates security arrangemen...

H04L 67/34   involving the movement of s...

H04W 12/068   using credential vaults, e....

H04W 12/086   using security domains

MOBILE PLATFORM SOFTWARE UPDATE WITH SECURE AUTHENTICATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE PLATFORM SOFTWARE UPDATE WITH SECURE AUTHENTICATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links