APPARATUS AND METHOD FOR MULTI-STATE CODE SIGNING

US 20160127133A1
Filed: 10/30/2014
Published: 05/05/2016
Est. Priority Date: 10/30/2014
Status: Active Grant

First Claim

Patent Images

1. An electronic device, comprising:

a memory configured to store a lab certificate, a code authentication certificate and an executable code; and

a processor associated with a unique device identifier, wherein, for a first operational condition of a plurality of operational conditions, the processor is configured to;

retrieve the code authentication certificate associated with the executable code;

determine that a valid lab certificate is present in the memory;

authenticate the code authentication certificate by determining that the code authentication certificate is signed with a private developer key and that the signature is valid, andexecute the executable code on the electronic device responsive to determining that the lab certificate is valid and authenticating the code authentication certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic device includes a memory configured to store a lab certificate, a code authentication certificate and the executable code. The electronic device also includes a processor associated with a unique device identifier. For a first operational condition of the plurality of operational conditions, the processor is configured to: retrieve the code authentication certificate associated with the executable code; determine that a valid lab certificate is present in the memory; authenticate the code authentication certificate by determining that the code authentication certificate is signed with a private developer key and that the signature is valid; and execute the executable code on the electronic device responsive to determining that the lab certificate is valid and authenticating the code authentication certificate.

Citations

22 Claims

1. An electronic device, comprising:
- a memory configured to store a lab certificate, a code authentication certificate and an executable code; and
  
  a processor associated with a unique device identifier, wherein, for a first operational condition of a plurality of operational conditions, the processor is configured to;
  
  retrieve the code authentication certificate associated with the executable code;
  
  determine that a valid lab certificate is present in the memory;
  
  authenticate the code authentication certificate by determining that the code authentication certificate is signed with a private developer key and that the signature is valid, andexecute the executable code on the electronic device responsive to determining that the lab certificate is valid and authenticating the code authentication certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The electronic device of claim 1, wherein for a second operational condition of the plurality of operational conditions, the processor is configured to:
    - retrieve the code authentication certificate associated with the executable code;
      
      authenticate the code authentication certificate by determining that a device identifier in the code authentication certificate matches the unique device identifier and that the code authentication certificate is signed with the private developer key and that the signature is valid, andexecute the executable code on the electronic device responsive to authenticating the code authentication certificate.
  - 3. The electronic device of claim 1, wherein for a third operational condition of the plurality of operational conditions, the processor is configured to:
    - retrieve the code authentication certificate associated with the executable code;
      
      authenticate that the code authentication certificate is signed with a private release key and that the signature is valid;
      
      execute the executable code on the electronic device responsive to authenticating the code authentication certificate.
  - 4. The electronic device of claim 1, wherein the processor is configured to authenticate the code authentication certificate by further determining that the public developer key is rooted by a trust anchor of the electronic device.
  - 5. The electronic device of claim 1, wherein the lab certificate is valid when the processor authenticates the lab certificate using a public key rooted by a trust anchor of the electronic device to verify a digital signature of the lab certificate, and verifies that a device identifier in the lab certificate matches the unique device identifier.
  - 6. The electronic device of claim 1, wherein the processor is configured to at least one of:
    - install the lab certificate on the electronic device independent of other software operations on the electronic device; and
      
      remove the lab certificate from the electronic device independent of other software operations on the electronic device.
  - 7. The electronic device of claim 1, wherein the lab certificate is at least one of a development certificate and a debugging certificate used to enable at least one of a development activity and a debugging activity executed on the electronic device, wherein the at least one development certificate and debugging certificate includes a device identifier.
  - 8. The electronic device of claim 1, wherein the lab certificate comprises an expiration value and wherein determining that the valid lab certificate is present comprises determining based on the expiration value of the lab certificate that the lab certificate has not expired.
  - 9. The electronic device of claim 8, wherein the expiration value is one of a time stamp and a first counter value and wherein determining that the lab certificate has not expired comprises one of:
    - determining, by the processor, a time value and comparing the time stamp to the time value; and
      
      determining, by the processor, a second counter value and comparing the first counter value to the second counter value.
  - 10. The electronic device of claim 1, wherein the processor is configured to execute the instructions associated with the plurality of signing states from a secure memory area.
  - 11. The electronic device of claim 1, wherein the processor is configured to execute the lab certificate authentication and store authentication results for subsequent lab certificate verification.

12. A method for an electronic device to execute code, the method comprising:
- maintaining, by the electronic device, a unique device identifier;
  
  retrieving, by the electronic device, a code authentication certificate associated with an executable code to be executed on the electronic device;
  
  determining, by the electronic device, whether a lab certificate is present in the electronic device;
  
  in response to determining that a lab certificate is present, executing, by the electronic device, the executable code on the electronic device responsive to determining that the lab certificate is valid and that the code authentication certificate is signed with a private developer key and that the signature is valid.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the method further comprises:
    - executing the executable code on the electronic device responsive to authenticating the code authentication certificate and determining that a device identifier in the code authentication certificate matches the unique device identifier.
  - 14. The method of claim 12, wherein determining that the lab certificate is valid further comprises:
    - using a public lab certificate key associated with the lab certificate to verify a signature of the lab certificate, and verifying that a device identifier in the lab certificate matches the unique device identifier.
  - 15. The method of claim 12, wherein authenticating the lab certificate further comprises using a public lab certificate key associated with the lab certificate to verify a signature of the lab certificate, and verifying that a device identifier in the lab certificate matches the unique device identifier.
  - 16. The method of claim 12, further comprising at least one of:
    - installing the lab certificate on the electronic device independent of other software operations on the electronic device; and
      
      removing the lab certificate from the electronic device independent of other software operations on the electronic device.
  - 17. The method of claim 12, further comprising using the lab certificate as at least one of a development certificate and a debugging certificate to enable at least one of a development activity and a debugging activity executed on the electronic device, wherein the at least one development certificate and debugging certificate includes a device identifier.
  - 18. The method of claim 12, wherein authenticating the lab certificate comprises determining based on an expiration value of the lab certificate that the lab certificate has not expired.
  - 19. The method of claim 18, wherein the expiration value is one of a time stamp and a first counter value and wherein determining that the lab certificate has not expired comprises one of:
    - determining, by the processor, a time value and comparing the time stamp to the time value; and
      
      determining, by the processor, a second counter value and comparing the first counter value to the second counter value.

20. A method for an electronic device to execute code, the method comprising:
- maintaining, by the electronic device, a unique device identifier;
  
  identifying, by the electronic device, a key that can be utilized to verify a code authentication certificate associated with the code;
  
  determining, by the electronic device, that the code authentication certificate is valid by verifying a signature of the code authentication certificate using the key;
  
  determining whether the key is a public release key or a public developer key rooted by a trust anchor of the electronic device;
  
  in response to determining that the key is a release key and to determining that the code authentication certificate is valid, executing, by the electronic device, the code;
  
  in response to determining that the key is a public developer key, determining whether a valid lab certificate is present on the electronic device;
  
  in response to determining that the key is a public developer key, determining that the code authentication certificate is valid and that a valid lab certificate is present on the electronic device, executing, by the electronic device, the code.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20, further comprising:
    - in response to determining that the key is a public developer key and that a valid lab certificate is not present on the electronic device, determining whether the code authentication certificate comprises a device identifier and whether the device identifier matches the unique device identifier; and
      
      in response to determining that the key is a public developer key, determining that the code authentication certificate is valid, that the code authentication certificate comprises a device identifier, and that the device identifier matches the unique device identifier, executing, by the electronic device, the code.
  - 22. The method of claim 20, wherein determining that the lab certificate is valid further comprises using a public lab certificate key associated with the lab certificate to verify a signature of the lab certificate, and verifying that a device identifier in the lab certificate matches the unique device identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
PINDER, ELLIS A., MESSERGES, THOMAS S.

Granted Patent

US 9,843,451 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/1011   to devices

G06F 21/121   Restricting unauthorised ex...

G06F 21/51   at application loading time...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

APPARATUS AND METHOD FOR MULTI-STATE CODE SIGNING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR MULTI-STATE CODE SIGNING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links