System and method for securely upgrading firmware
First Claim
1. A method for constructing an encrypted file comprising the steps of:
- obtaining a first key and a second key having a same size;
obtaining a third key that is constructed by rearranging and combining the first and second keys, wherein the third key is larger in size than the first and second keys;
obtaining a fourth key that is constructed by selecting a subset of the third key, wherein the fourth key is smaller in size than the first, second and third keys;
encrypting (210) a source file (256) by encrypting a plurality of segments of the source file (256) using the fourth key to generate a first encrypted file (260), the size of each segment being equal in size to the fourth key; and
encrypting (216) the first encrypted file (260) by encrypting a plurality of blocks of the first encrypted file (260) using the third key to generate a second encrypted file (268), the size of each block being equal in size to the third key.
3 Assignments
0 Petitions
Accused Products
Abstract
Upgraded firmware for a microcontroller is created and encrypted to construct a file (116) that can be distributed and installed by technicians in the field. The encryption includes character encryption (210) of the data as well as a second level of block encryption (216). Within the encrypted file (116), information about the firmware and the target microcontroller (104) is included. The distributed firmware file (116) is stored on a portable device, such as a PDA, that can communicate with the target microcontroller (104) to effect a firmware transfer from the PDA (112) to the microcontroller (104). The microcontroller (104) includes a programming routine that receives the encrypted data stream from the PDA and decrypts the data before storing the new firmware image. The programming routine also identifies when updating the firmware has left the firmware in an unusable condition and prevents operation of the microcontroller until the firmware is restored. Accordingly, the security of the firmware is maintained throughout the distribution and upgrade process and the integrity of the upgrade process is maintained as well.
-
Citations
27 Claims
-
1. A method for constructing an encrypted file comprising the steps of:
-
obtaining a first key and a second key having a same size;
obtaining a third key that is constructed by rearranging and combining the first and second keys, wherein the third key is larger in size than the first and second keys;
obtaining a fourth key that is constructed by selecting a subset of the third key, wherein the fourth key is smaller in size than the first, second and third keys;
encrypting (210) a source file (256) by encrypting a plurality of segments of the source file (256) using the fourth key to generate a first encrypted file (260), the size of each segment being equal in size to the fourth key; and
encrypting (216) the first encrypted file (260) by encrypting a plurality of blocks of the first encrypted file (260) using the third key to generate a second encrypted file (268), the size of each block being equal in size to the third key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for constructing a firmware file for a target microcontroller, comprising the steps of:
-
obtaining a firmware image file (256) for the target microcontroller (104);
encrypting (210) each byte of the firmware image file (256) using a first key to generate a first encrypted file (260), wherein the value of the first key depends on a device (102) using the target microcontroller (104); and
encrypting (216) each block of the first encrypted file (260) using a second key to generate a second encrypted file (268), wherein the first key is a subset of the second key. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for updating firmware in a microcontroller, the method comprising the steps of:
-
receiving a request (414) to update a current firmware;
in response to the request, initiating (304) a boot-up sequence of instructions;
determining (306) the current firmware'"'"'s integrity;
if the integrity is verified, then waiting (308) a predetermined period of time for an initiation signal to begin a firmware upgrade process and executing (314) the current firmware if the initiation signal is not received during the predetermined period of time;
if the integrity is not verified, then waiting (310) for the initiation signal; and
in response to the initiation signal, executing (312) a firmware programming routine that receives new firmware and overwrites the current firmware with the new firmware. - View Dependent Claims (12, 13)
-
-
14. A method for upgrading firmware in a microcontroller-controlled device, the method comprising the steps of:
-
receiving (506) an encrypted first portion of a new firmware;
verifying (510) that the new firmware is appropriate for a microcontroller, based on the first portion;
receiving the new firmware (516) in encrypted form and a previously calculated first integrity indicator for the new firmware;
generating (518) a decrypted data stream by decrypting the received new firmware based on a first decryption algorithm;
calculating (518) a second integrity indicator of the decrypted data stream and discarding the decrypted data stream;
validating (522) the new firmware'"'"'s integrity based on the first and second integrity indicators;
if the new firmware'"'"'s integrity is successfully validated, receiving (530) the new firmware in encrypted form;
decrypting (532) the received new firmware based on the first decryption algorithm to generate a plurality of bytes;
decrypting (532) each of the plurality of bytes based on a second decryption algorithm to generate a firmware image file; and
overwriting (534) a current firmware with the generated firmware image file. - View Dependent Claims (15)
-
-
16. A computer readable media bearing instructions for constructing an encrypted file, said instructions being arranged to cause one or more processors upon execution thereof to perform the steps of:
-
obtaining a first key and a second key having a same size;
obtaining a third key that is constructed by rearranging and combining the first and second keys, wherein the third key is larger in size than the first and second keys;
obtaining a fourth key that is constructed by selecting a subset of the third key, wherein the fourth key is smaller in size than the first, second and third keys;
encrypting the source file by encrypting a plurality of segments of a source file using the fourth key to generate a first encrypted file, the size of each segment being equal in size to the fourth key; and
encrypting the first encrypted file by encrypting a plurality of blocks of the first encrypted file using the third key to generate a second encrypted file, the size of each block being equal in size to the third key.
-
-
17. A computer readable media bearing instructions for updating firmware in a microcontroller, said instructions being arranged to cause one or more processors upon execution thereof to perform the steps of:
-
receiving a request to update a current firmware;
in response to the request, initiating a boot-up sequence of instructions;
determining the current firmware'"'"'s integrity;
if the integrity is verified, then waiting a predetermined period of time for an initiation signal to begin a firmware upgrade process and executing the current firmware if the initiation signal is not received during the predetermined period of time;
if the integrity is not verified, then waiting for the initiation signal; and
in response to the initiation signal, executing a firmware programming routine that receives new firmware and overwrites the current firmware with the new firmware.
-
-
18. A computer readable media bearing instructions for upgrading firmware in a microcontroller-controlled device, said instructions being arranged to cause one or more processors upon execution thereof to perform the steps of:
-
receiving an encrypted first portion of a new firmware;
verifying that the new firmware is appropriate for a microcontroller, based on the first portion;
receiving the new firmware in encrypted form and a previously calculated first integrity indicator for the new firmware;
generating a decrypted data stream by decrypting the received new firmware based on a first decryption algorithm;
calculating a second integrity indicator of the decrypted data stream and discarding the decrypted data stream;
validating the new firmware'"'"'s integrity based on the first and second integrity indicators;
if the new firmware'"'"'s integrity is successfully validated, receiving the new firmware in encrypted form;
decrypting the received new firmware based on the first decryption algorithm to generate a plurality of bytes;
decrypting each of the plurality of bytes based on a second decryption algorithm to generate a firmware image file; and
overwriting a current firmware with the generated firmware image file.
-
-
19. A computer readable encrypted firmware distribution file (116) embodied in a carrier wave, comprising:
-
a first file (260) encrypted according to a first algorithm, said first file comprising a firmware image (256) for a target microcontroller (104);
a header (262) comprising information about one or both of the target microcontroller (104) and the firmware image (256);
a second file (268) encrypted according to a second algorithm;
said second file (268) comprising the first file (260), the header (262) and a first integrity indicator (266) calculated from the first file (260) and the header (262); and
a second integrity indicator (270) calculated from the second file (268). - View Dependent Claims (20)
-
-
21. A method for securely updating microcontroller firmware, the method comprising the steps of:
-
receiving (308) a request from a remote device (112) to upgrade firmware of a microcontroller (104);
receiving (530) an encrypted file from the remote device (112), the encrypted file comprising an executable application for operating an appliance (102) controlled by the microcontroller (104);
decrypting (532) the received file to construct an unencrypted firmware image based on the executable application; and
storing (534) the unencrypted firmware image in a programmable memory (120) accessible by the microcontroller (104). - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification