SYSTEM, DEVICE AND METHOD FOR ANTI-ROLLBACK PROTECTION OF OVER-THE-AIR UPDATED DEVICE IMAGES

US 20170308705A1
Filed: 04/22/2016
Published: 10/26/2017
Est. Priority Date: 04/22/2016
Status: Abandoned Application

First Claim

Patent Images

1. A device comprising:

a first memory for storing a first device image;

a second memory for storing at least one boot loader;

a communication interface for receiving a second device image; and

a processing circuit coupled to the first memory, the second memory, and the communication interface, wherein the processing circuit is configured toinitiate a first boot for the device,instruct the at least one hoot loader to perform security processing on the second device image and set and execute the second device image as a trial image after security processing on the second device image is successful,monitor the executed second device image to determine if predetermined operational parameters in the device are met, andset the second device image as a current image and deactivate the first device image if the predetermined operational parameters in the device are met.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for updating a processing device, where a first device image is stored in a first (non-volatile) memory. When a new second device image is received via a communication interface, a first boot of the device is performed and a boot loader performs security processing on the second device image. Once security processing has passed, the second device image is set as a trial image and executed. The executed image is monitored to determine if predetermined operational parameters in the device are met. If the parameters are met, the second device image is set as a current image and the first device image is deactivated. A second boot is performed to make the new image operational for the device and the anti-rollback version one-time programmable fuses are blown. If the parameters are not met, the device revers to the first device image.

Citations

20 Claims

1. A device comprising:
- a first memory for storing a first device image;
  
  a second memory for storing at least one boot loader;
  
  a communication interface for receiving a second device image; and
  
  a processing circuit coupled to the first memory, the second memory, and the communication interface, wherein the processing circuit is configured toinitiate a first boot for the device,instruct the at least one hoot loader to perform security processing on the second device image and set and execute the second device image as a trial image after security processing on the second device image is successful,monitor the executed second device image to determine if predetermined operational parameters in the device are met, andset the second device image as a current image and deactivate the first device image if the predetermined operational parameters in the device are met.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, wherein the at least one boot loader is configured to activate a second boot for the device after setting the second device image as a current image.
  - 3. The device of claim 1, wherein the at least one hoot loader is configured to modify a one-time programmable memory to indicate the setting of the second device image as the current image after setting the second device image as the current image.
  - 4. The device of claim 3, wherein the one-time programmable memory includes a one-time programmable fuse.
  - 5. The device of claim 1, wherein the at least one boot loader is configured to perform security processing via at least one of integrity check and/or authentication for the second device image.
  - 6. The device of claim 1, wherein the at least one hoot loader is configured to deactivate the second device image and boot the device to load the first device image if the monitored executed second device image is determined to not meet the predetermined operational parameters.
  - 7. The device of claim 1, wherein receiving the second device image includes an over-the-air (OTA) second device image.

8. A method for updating a device, comprising:
- storing a first device image and at least one boot loader in a first memory;
  
  receiving a second device image via a communication interface;
  
  initiating a first boot of the device;
  
  instructing the at least one boot loader to perform security processing on the second device image and setting and executing the second device image as a trial image after security processing on the second device image is successful;
  
  monitoring the executed second device image to determine if predetermined operational parameters in the device are met; and
  
  setting the second device image as a current image and deactivate the first device image if the predetermined operational parameters in the device are met.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - activating a second boot for the device after setting the second device image as a current image.
  - 10. The method of claim 8, further comprising:
    - modifying a one-time programmable memory to indicate the setting of the second device image as the current image after setting the second device image as the current image.
  - 11. The method of claim 10, wherein modifying the one-time programmable memory includes blowing a one-time programmable fuse.
  - 12. The method of claim 8, wherein performing security processing includes performing at least one of integrity check and/or authentication for the second device image via at least one of a primary boot loader and/or a secondary boot loader.
  - 13. The method of claim 8, further comprising:
    - deactivating the second device image and booting the device to load the first device image if monitoring the executed second device image determined the predetermined operational parameters are not met.
  - 14. The method of claim 8, wherein receiving the second device image includes receiving an over-the-air (PTA) second device image.

15. A machine-readable storage medium having instructions stored thereon which when executed by a processing circuit causes the processing circuit to:
- store a first device image in a first memory;
  
  receive a second device image via a communication interface;
  
  initiate a first boot of the processing circuit;
  
  instruct at least one boot loader to perform security processing on the second device image and set and execute the second device image as a trial image after security processing on the second device image is successful;
  
  monitor the executed second device image to determine if predetermined operational parameters in a device are met; and
  
  set the second device image as a current image and deactivate the first device image if the predetermined operational parameters in the device are met.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The machine-readable storage medium of claim 15, further having instructions stored thereon which when executed by the processing circuit causes the processing circuit to:
    - activate a second boot for the device after setting the second device image as a current image.
  - 17. The machine-readable storage medium of claim 15, further having instructions stored thereon which, when executed by the processing circuit, causes the processing circuit to:
    - modify a one-time programmable memory to indicate the setting of the second device image as the current image after setting the second device image as the current image.
  - 18. The machine-readable storage medium of claim 17, wherein the instructions to modify the one-time programmable memory includes instructions to blow a one-time programmable fuse.
  - 19. The machine-readable storage medium of claim 15, wherein the instructions to perform security processing includes instructions to perform at least one of integrity check and/or authentication for the second device image via at least one of a primary boot loader and/or a secondary boot loader.
  - 20. The machine-readable storage medium of claim 15, further having instructions stored thereon which, when executed by the processing circuit, causes the processing circuit to:
    - deactivate the second device image and booting the processing circuit to load the first device image if monitoring the executed second device image determined the predetermined operational parameters are not met.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Karaginides, Chad, Guo, Xu, Pirvu, Eugen, Patel, Dhaval, Keidar, Ron, Shukla, Amit, Jaikumar, Selvaraj, Chu, Yau

Application Number

US15/136,752
Publication Number

US 20170308705A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1433   during software upgrading

G06F 21/575   Secure boot

G06F 2221/033   Test or assess software

G06F 8/654   using techniques specially ...

G06F 9/4401   Bootstrapping security arra...

G06F 9/4406   Loading of operating system

H04L 63/0428   wherein the data content is...

H04L 63/0876   based on the identity of th...

H04L 63/12   Applying verification of th...

H04W 12/033   of the user plane, e.g. use...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

SYSTEM, DEVICE AND METHOD FOR ANTI-ROLLBACK PROTECTION OF OVER-THE-AIR UPDATED DEVICE IMAGES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, DEVICE AND METHOD FOR ANTI-ROLLBACK PROTECTION OF OVER-THE-AIR UPDATED DEVICE IMAGES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links