Using token-based signing to install unsigned binaries
First Claim
Patent Images
1. A method for using a smart card to authenticate a downloaded unsigned binary, comprising:
- signing an unsigned binary on a first computing device to generate a first signature;
downloading said first signature and said unsigned binary to a temporary buffer on a second computing device;
interfacing a smart card with said second computing device such that the smart card has access to said temporary buffer;
operating said smart card to read said first signature and said unsigned binary from said temporary buffer;
operating said smart card to sign said unsigned binary using a secret key present on said smart card to generate a second signature; and
operating said smart card to compare said first and second signatures,wherein a common signing methodology is used on both said first computing device and said smart card to respectively generate said first and second signatures, and wherein said secret key present on said smart card is not accessible by said second computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides for token based signing of an unsigned binary which may be a stream of bits (e.g., 0'"'"'s and 1'"'"'s). The unsigned binary is signed using a secret key which resides in a token (e.g., a smart card), which makes the secret key available to the token holder. The unsigned binary is downloaded and verified for authenticity by the token coupled to a computing device. In one embodiment, the downloaded unsigned binary is encrypted. If the unsigned binary is authentic, it may be used to replace the prior firmware on that computing device.
-
Citations
14 Claims
-
1. A method for using a smart card to authenticate a downloaded unsigned binary, comprising:
-
signing an unsigned binary on a first computing device to generate a first signature; downloading said first signature and said unsigned binary to a temporary buffer on a second computing device; interfacing a smart card with said second computing device such that the smart card has access to said temporary buffer; operating said smart card to read said first signature and said unsigned binary from said temporary buffer; operating said smart card to sign said unsigned binary using a secret key present on said smart card to generate a second signature; and operating said smart card to compare said first and second signatures, wherein a common signing methodology is used on both said first computing device and said smart card to respectively generate said first and second signatures, and wherein said secret key present on said smart card is not accessible by said second computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable medium having program instructions encoded therein for using a smart card to authenticate a downloaded unsigned binary, comprising:
-
program instructions for signing an unsigned binary on a first computing device to generate a first signature; program instructions for downloading said first signature and said unsigned binary to a temporary buffer on a second computing device; program instructions for interfacing a smart card with said second computing device such that said smart card has access to said temporary buffer; program instructions for operating said smart card to read said first signature and said unsigned binary from said temporary buffer; program instructions for operating said smart card to sign said unsigned binary using a secret key present on said smart card to generate a second signature; and program instructions for operating said smart card to compare said first and second signatures, wherein a common signing methodology is used on both said first computing device and said smart card to respectively generate said first and second signatures, and wherein said secret key present on said smart card is not accessible by said second computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification