Method and apparatus for validating integrity of a mobile communication

US 8,498,619 B2
Filed: 10/10/2012
Issued: 07/30/2013
Est. Priority Date: 10/01/2010
Status: Active Grant

First Claim

Patent Images

1. A method for validating integrity of a mobile communication device, the method comprising:

provisioning the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;

installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;

running the integrity verification application to validate the data based on the expected signatures;

establishing a first pass indicator and a second pass indicator, wherein establishing the first pass indicator and the second pass indicator comprises;

receiving a first instance of the first pass indicator;

performing a first integrity check calculation on non-volatile memory of the mobile communication device using the first instance of the first pass indicator as a seed value to provide a first integrity check value;

receiving the second pass indicator;

splitting a parameter of the second pass indicator against the first integrity check value to provide a split of the second pass indicator; and

storing the split of the second pass indicator in the non-volatile memory of the mobile communication device;

thereafter, receiving a second instance of the first pass indicator as a challenge for verification, and in response to receiving the second instance of the first pass indicator;

performing a second integrity check calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass indicator as a seed value to provide a second integrity check value, the second integrity check calculation being different from the first integrity check calculation;

determining the second pass indicator based on the split of the second pass indicator and the second integrity check value; and

displaying the second pass indicator as an indication of the integrity.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for validating integrity of a mobile communication device includes provisioning the mobile communication device by deleting existing software and installing an integrity verification application. The method also includes establishing a first pass indicator and a second pass indicator including receiving a first instance of the first pass indicator. The method also includes receiving a second instance of the first pass indicator as a challenge for verification. In response to receiving the second instance of the first pass indicator, the second pass indicator may be displayed as an indication of the integrity.

29 Citations

View as Search Results

20 Claims

1. A method for validating integrity of a mobile communication device, the method comprising:
- provisioning the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
  
  installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;
  
  running the integrity verification application to validate the data based on the expected signatures;
  
  establishing a first pass indicator and a second pass indicator, wherein establishing the first pass indicator and the second pass indicator comprises;
  
  receiving a first instance of the first pass indicator;
  
  performing a first integrity check calculation on non-volatile memory of the mobile communication device using the first instance of the first pass indicator as a seed value to provide a first integrity check value;
  
  receiving the second pass indicator;
  
  splitting a parameter of the second pass indicator against the first integrity check value to provide a split of the second pass indicator; and
  
  storing the split of the second pass indicator in the non-volatile memory of the mobile communication device;
  
  thereafter, receiving a second instance of the first pass indicator as a challenge for verification, and in response to receiving the second instance of the first pass indicator;
  
  performing a second integrity check calculation on the non-volatile memory of the mobile communication device using the second instance of the first pass indicator as a seed value to provide a second integrity check value, the second integrity check calculation being different from the first integrity check calculation;
  
  determining the second pass indicator based on the split of the second pass indicator and the second integrity check value; and
  
  displaying the second pass indicator as an indication of the integrity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the second pass indicator is displayed in response to receiving the second instance of the first pass indicator during operation or at power up of the mobile communication device.
  - 3. The method of claim 1, wherein the provisioning comprises deleting all existing software from the mobile communication device.
  - 4. The method of claim 3, wherein the provisioning is performed in a location that is shielded from WiFi or other remote or local access other than the provisioning.
  - 5. The method of claim 1, wherein the list of expected signatures comprises binary executables.
  - 6. The method of claim 1, wherein establishing the first pass indicator and the second pass indicator further comprises:
    - receiving a private certificate and a public certificate;
      
      encrypting the public certificate to provide an encrypted public certificate;
      
      storing the encrypted public certificate in the non-volatile memory of the mobile communication device; and
      
      encrypting the split of the second pass indicator using the private certificate before storing the split of the second pass indicator in the non-volatile memory of the mobile communication device;
      
      and wherein determining the second pass indicator based on the split of the second pass indicator and the second integrity check value comprises;
      
      decrypting the encrypted public certificate; and
      
      decrypting the split of the second pass indicator using the public certificate.
  - 7. The method of claim 1, wherein the first integrity check value and the second integrity check value include at least one of a hash or a digital signature.
  - 8. The method of claim 1, wherein at least one of the first pass indicator or the second pass indicator include a text-based key phrase.

9. A mobile communication device comprising:
- a provisioning module configured to provision the mobile communication device, wherein the provisioning comprises deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
  
  a first integrity verification application comprising a list of expected signatures for data on the mobile communication device;
  
  an initialization module configured to establish a first pass indicator and a second pass indicator, the initialization module comprising;
  
  an input module configured to receive the first pass indicator and the second pass indicator;
  
  a first integrity check calculation module configured to calculate a first integrity check on non-volatile memory of the mobile communication device using the first pass indicator as a seed value to provide a first integrity check value;
  
  a splitting module configured to split a parameter of the second pass indicator against the first integrity check value to provide a split of the second pass indicator; and
  
  a storing module configured to store the split of the second pass indicator in the non-volatile memory of the mobile communication device;
  
  a second integrity verification module configured to receive the first pass indicator as a challenge for verification, the second integrity verification module comprising;
  
  a second integrity check calculation module configured to calculate a second integrity check on the non-volatile memory of the mobile communication device using the first pass indicator as a seed value to provide a second integrity check value;
  
  a determining module configured to determine the second pass indicator based on the split of the second pass indicator and the second integrity check value; and
  
  a display module configured to display the second pass indicator as an indication of integrity during operation.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The mobile communication device of claim 9, wherein the provisioning module is further configured to delete all existing software from the mobile communication device.
  - 11. The mobile communication device of claim 10, wherein the provisioning module operates in a location that is shielded from WiFi or other remote or local access other than provisioning.
  - 12. The mobile communication device of claim 9, wherein the list of expected signatures comprises binary executables.
  - 13. The mobile communication device of claim 9, further comprising:
    - a second input module configured to receive a private certificate and a public certificate;
      
      a first encrypting module configured to encrypt the public certificate to provide an encrypted public certificate;
      
      a second storing module configured to store the encrypted public certificate in the non-volatile memory of the mobile communication device;
      
      a second encrypting module configured to encrypt the split of the second pass indicator using the private certificate before storing the split of the second pass indicator in the non-volatile memory of the mobile communication device;
      
      a first decrypting module configured to decrypt the encrypted public certificate; and
      
      a second decrypting module configured to decrypt the split of the second pass indicator using the public certificate.
  - 14. The mobile communication device of claim 9, wherein the first integrity check value and the second integrity check value include at least one of a hash or a digital signature.
  - 15. The mobile communication device of claim 9, wherein at least one of the first pass indicator or the second pass indicator include a text-based key phrase.

16. A method for validating a mobile communication device, the method comprising:
- deleting existing software from the mobile communication device and installing trusted software on the mobile communication device;
  
  installing an integrity verification application on the mobile communication device, wherein the integrity verification application comprises a list of expected signatures for data on the mobile communication device;
  
  establishing a first pass indicator and a second pass indicator, wherein establishing the first pass indicator and the second pass indicator comprises;
  
  receiving the first pass indicator;
  
  performing a first integrity check calculation on non-volatile memory of the mobile communication device using the first pass indicator as a seed value to provide a first integrity check value;
  
  receiving the second pass indicator;
  
  splitting a parameter of the second pass indicator against the first integrity check value to provide a split of the second pass indicator; and
  
  storing the split of the second pass indicator in the non-volatile memory of the mobile communication devicereceiving a second instance of the first pass indicator as a challenge for verification, in response to receiving the second instance of the first pass indicator;
  
  performing a second integrity check calculation on the non-volatile memory of the mobile communication device to provide a second integrity check value, the second integrity check calculation being different from the first integrity check calculation;
  
  determining the second pass indicator based on the split of the second pass indicator and the second integrity check value; and
  
  displaying the second pass indicator as an indication of integrity during operation.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein establishing the first pass indicator and the second pass indicator further comprises:
    - generating a private certificate and a public certificate;
      
      encrypting the public certificate to provide an encrypted public certificate;
      
      storing the encrypted public certificate in the non-volatile memory of the mobile communication device; and
      
      encrypting the split of the second pass indicator using the private certificate before storing the split of the second pass indicator in the non-volatile memory of the mobile communication device.
  - 18. The method of claim 16, wherein the first integrity check value and the second integrity check value include at least one of a hash or a digital signature.
  - 19. The method of claim 16, wherein at least one of the first pass indicator or the second pass indicator include a text-based key phrase.
  - 20. The method of claim 16, wherein all existing software is deleted from the mobile communication device before installing the trusted software on the mobile communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
ViaSat Incorporated
Inventors
Lindteigen, Ty, Van Voorhees, Franklin David
Primary Examiner(s)
PATEL, MAHENDRA R

Application Number

US13/649,027
Publication Number

US 20130040607A1
Time in Patent Office

293 Days
Field of Search

455/194.1, 455/221, 455/212, 455/411, 455/418, 455/423, 455/518, 455/410, 324/228, 713/168, 713/193, 713/155, 713/162, 713/176, 713/182, 719/328, 719/315, 719/321, 726/22, 726/9, 726/4, 726/3, 380/274, 380/255, 380/270
US Class Current

455/411
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

H04M 1/67   by electronic means

Method and apparatus for validating integrity of a mobile communication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for validating integrity of a mobile communication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others