Secured distribution of software updates

US 20140033193A1
Filed: 12/18/2006
Published: 01/30/2014
Est. Priority Date: 12/18/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

downloading manifest data for an update into a client device, the manifest data comprising a plurality of attributes for the update including a location where the update is stored;

determining whether the manifest data is valid by validating a signature of the manifest data stored in the manifest data;

based on the manifest data being valid, downloading, separately from the downloading of the manifest data, the update to software from the location determined from the validated manifest data and based on a determination using the manifest data that the update is applicable;

validating a signature of the update to the software stored in the manifest data after the downloading of the update;

storing the update into a machine-readable medium;

revalidating the signature of the update to the software after the storing and prior to installation of the update to the software; and

installing, using one or more processors, the update to the software on the client device, in response to a determination that the signature of the update is validated after receipt and revalidated prior to installation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, a system includes a signature server comprising a signature unit to receive an update to a software application. The signature server also includes a first machine-readable medium to store a mapping between an identification of the software application and an address of a location of a private key. The system includes a cryptographic device coupled to an external port of the signature server. The cryptographic device includes a second machine-readable medium to store the private key. The cryptographic device also includes a cryptographic unit to generate a signature of the update based on the private key.

242 Citations

24 Claims

1. A method comprising:
- downloading manifest data for an update into a client device, the manifest data comprising a plurality of attributes for the update including a location where the update is stored;
  
  determining whether the manifest data is valid by validating a signature of the manifest data stored in the manifest data;
  
  based on the manifest data being valid, downloading, separately from the downloading of the manifest data, the update to software from the location determined from the validated manifest data and based on a determination using the manifest data that the update is applicable;
  
  validating a signature of the update to the software stored in the manifest data after the downloading of the update;
  
  storing the update into a machine-readable medium;
  
  revalidating the signature of the update to the software after the storing and prior to installation of the update to the software; and
  
  installing, using one or more processors, the update to the software on the client device, in response to a determination that the signature of the update is validated after receipt and revalidated prior to installation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15)
- - 2. The method of claim 1, further comprising validating a signature of the manifest data.
  - 3. The method of claim 2, wherein validating of the signature of the manifest data comprises determining whether a key certificate, which is used in validating of the signature of the manifest data, has been revoked.
  - 4. The method of claim 3, further comprising using a second key certificate for validating the signature of the manifest data based on the key certificate being revoked.
  - 5. The method of claim 1, wherein validating a signature of the update to the software comprises:
    - generating a hash across the update based on a public key stored on the client device;
      
      comparing the hash to the signature of the update.
  - 6. The method of claim 5, further comprising revoking a certificate of the public key in response to a determination that the hash is not equal to the signature of the update.
  - 7. The method of claim 1, wherein the downloading, validating and revalidating are performed by an update manager on the client device, wherein the method further comprises the following, prior to downloading the update to the software:
    - checking for an update for the update manager;
      
      performing the following operations, in response to a determination that an update is available for the update manager;
      
      downloading the update to the update manager and manifest data for the update into the client device; and
      
      validating a signature of the update to the update manager, wherein the signature of the update is stored in the manifest data.
  - 8. The method of claim 1, wherein the manifest data comprises conditional logic that defines a usage attribute for the update, wherein the usage attribute is selected from a group consisting of an applicable operating system, an applicable language, an applicable machine architecture and a setting in a system registry of the client device.
  - 15. The non-transitory machine-readable medium of claim 3, wherein key certificate is part of a multi-certificate architecture used for validating the signature of the manifest data.

9. A non-transitory machine-readable medium including instructions, which when executed by at least one processor of a machine, causes the machine to perform operations comprising:
- downloading manifest data for an update to a software application, the manifest data comprising a plurality of attributes for the update including a location where the update is stored;
  
  validating a signature of the manifest data stored in the manifest data;
  
  performing the following operations, in response to a determination that the signature of the manifest data is valid,downloading, separately from the downloading of the manifest data, the update from the location determined from the validated manifest data into a machine-readable medium of the machine;
  
  validating a signature of the update after receipt of the update, the signature of the update being stored in the manifest data;
  
  performing the following operations, in response to a determination that the signature of the update is valid,storing the update into a protected machine-readable medium of the machine;
  
  revalidating the signature of the update after storing the update and prior to installation of the update; and
  
  installing the update on the machine.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The non-transitory machine-readable medium of claim 9, wherein validating of the signature comprises:
    - generating a hash over at least a part of the manifest data using a first public key stored on the machine; and
      
      comparing the hash to the signature of the manifest data.
  - 11. The non-transitory machine-readable medium of claim 10, further comprising, prior to validating the signature of the manifest data:
    - determining whether a certificate of the first public key has been revoked; and
      
      generating the hash over the at least the part of the manifest data using a second public key stored on the machine, in response to a determination that the first public key has been revoked.
  - 12. The non-transitory machine-readable medium of claim 11, further comprising downloading a new public key to replace the first public key within manifest data that is validated using the second public key.
  - 13. The non-transitory machine-readable medium of claim 9, wherein the manifest data comprises conditional logic that defines a usage attribute for the update, wherein the usage attribute is selected from a group consisting of an applicable operating system, an applicable language, an applicable machine architecture and a setting in a system registry of the client device.
  - 14. The non-transitory machine-readable medium of claim 9, wherein validating of the signature of the manifest data comprises determining whether a key certificate, which is used in validating of the signature of the manifest data, has been revoked.

16. A method comprising:
- receiving a binary of an update to an application into a signature server;
  
  receiving an identification of the application into the signature server;
  
  mapping, using at least one processor, the identification of the application to an address within a cryptographic device that is coupled to an external port of the signature server;
  
  generating, within a cryptographic device, a hash across the binary, using a private key that is stored in the cryptographic device and associated with the application; and
  
  outputting manifest data for the binary for subsequent downloading of the binary and manifest data into one or more client devices, the manifest data comprising the hash and a location where the update is stored, the downloading of the binary being performed separately from the downloading of the manifest data from the location determined from the manifest data after the manifest data is validated using a signature of the manifest data stored in the manifest data.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the manifest data comprises a size of the binary.
  - 18. The method of claim 16, further comprising:
    - generating a version for the update that comprises a timestamp of execution of an operation that is selected from the group consisting of the receiving of the identification, the mapping of the identification, the performing of the hash and outputting the manifest data; and
      
      storing the version for the update as part of the manifest data.

19. A system comprising:
- a signature server comprising,a signature unit to receive an update to a software application;
  
  a first machine-readable medium to store a mapping between an identification of the software application and an address of a location of a private key;
  
  a cryptographic device coupled to an external port of the signature server, the cryptographic device comprising,a second machine-readable medium to store the private key; and
  
  a cryptographic unit to generate a signature of the update based on the private key, the signature of the update being stored within manifest data and being used to validate the update after downloading of the update and used to revalidate the update after the update is stored and prior to installation of the update.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, wherein the signature unit is to assign a timestamp as a version for the update, wherein the timestamp is for a time selected from the group comprising a time when the update is received by the signature unit, a time when the signature is generated and a time when the timestamp is assigned.
  - 21. The system of claim 20, wherein the signature unit is to receive the update from an update device that is coupled to the signature server over a network, wherein the signature unit is to determine a size of update and wherein the signature unit is return the signature, the timestamp and the size of the update back to the update device over the network.

22. An apparatus comprising:
- a non-transitory machine-readable medium to store an update to a software application; and
  
  an update unit to transmit the update over a network to a signature server, the update unit to receive a signature of the update, a size of the update and a version of the update that is derived from a timestamp of an operation performed by the signature server on the update, the update unit to generate manifest data for the update, the manifest data comprising a signature for the manifest data, the signature of the update, a location where the update is stored, the size of the update, the version of the update, and an identification of the software application, the update unit to upload the update and manifest data to an update server, the upload of the update being performed separately from the upload of the manifest data using the location of the manifest data after the manifest data is validated using a signature of the manifest data stored in the manifest data.
- View Dependent Claims (23, 24)
- - 23. The apparatus of claim 22, wherein the update unit is to generate a hash across at least one of the signature of the update, the size of the update, the version of the update, and the identification of the software application, the update unit to include the hash as part of the manifest data.
  - 24. The apparatus of claim 23, wherein the update unit is to generate conditional logic that defines a usage attribute for the update, wherein the usage attribute is selected from a group consisting of an applicable operating system, an applicable language, an applicable machine architecture and a setting in a system registry of the client device, wherein the update unit is to include the conditional logic as part of the manifest data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Palaniappan, Murugappan

Granted Patent

US 9,280,337 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/173
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2151   Time stamp

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

H04L 9/3247   involving digital signatures

Secured distribution of software updates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

242 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secured distribution of software updates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

242 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links