Software security

US 8,539,610 B2
Filed: 10/29/2010
Issued: 09/17/2013
Est. Priority Date: 10/29/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity, wherein the plurality of pre-installed public keys have associated public key index numbers, and wherein the secure memory area comprises a current public key index number indicating currently used public key;

at least one processor; and

at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to;

receive an indication that a software package signed with a private key according to public key infrastructure has been received;

receive a private key index number associated with the received software package;

compare the received private key index number and the stored current public key index number;

if the received private key index number is equal to the current public key index number, proceed to verify authenticity of the received software package using the public key associated with the private key;

if the received private key index number is different from the current public key index number, to check, whether a public key associated with the received private key index number, is disabled; and

if the public key associated with the received private key index number is disabled, prevent execution of the received software package, and otherwise, proceed to verify authenticity of the received software package using the public key associated with the private key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus with at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity. The apparatus is caused to receive an indication that a software package signed with a private key according to public key infrastructure has been received; check from the secure memory area, whether a public key associated with the private key with which the software package has been signed, is disabled; and if the public key associated with the private key is disabled, prevent execution of the received software package, and otherwise, proceed to verify authenticity of the received software package using the public key associated with the private key.

7 Citations

13 Claims

1. An apparatus comprising:
- at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity, wherein the plurality of pre-installed public keys have associated public key index numbers, and wherein the secure memory area comprises a current public key index number indicating currently used public key;
  
  at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to;
  
  receive an indication that a software package signed with a private key according to public key infrastructure has been received;
  
  receive a private key index number associated with the received software package;
  
  compare the received private key index number and the stored current public key index number;
  
  if the received private key index number is equal to the current public key index number, proceed to verify authenticity of the received software package using the public key associated with the private key;
  
  if the received private key index number is different from the current public key index number, to check, whether a public key associated with the received private key index number, is disabled; and
  
  if the public key associated with the received private key index number is disabled, prevent execution of the received software package, and otherwise, proceed to verify authenticity of the received software package using the public key associated with the private key.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein the apparatus is an electronic communication device.
  - 3. The apparatus of claim 1, wherein the apparatus is an application specific integrated circuit.

4. A method comprising:
- maintaining a secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity, wherein the plurality of pre-installed public keys have associated public key index numbers, and wherein the secure memory area comprises a current public key index number indicating currently used public key;
  
  receiving an indication that a software package signed with a private key according to public key infrastructure has been received;
  
  receiving a private key index number associated with the received software package;
  
  comparing the received private key index number and the stored current public key index number;
  
  if the received private key index number is equal to the current public key index number, proceeding to verify authenticity of the received software package using the public key associated with the private key;
  
  if the received private key index number is different from the current public key index number, checking, whether a public key associated with the received private key index number, is disabled; and
  
  if the public key associated with the received private key index number is disabled, preventing execution of the received software package, and otherwise, proceeding to verify authenticity of the received software package using the public key associated with the private key.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein said secure memory area is an electronic communication device secure memory area.
  - 6. The method of claim 4, wherein said secure memory area is an application specific integrated circuit secure memory area.

7. An apparatus method comprising:
- at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity, wherein the plurality of pre-installed public keys have associated public key index numbers, and wherein the secure memory area comprises a current public key index number indicating currently used public key;
  
  at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to;
  
  receive an indication that a software package signed with a private key according to public key infrastructure has been received;
  
  receive a private key index number associated with the received software package;
  
  compare the received private key index number and the stored current public key index number;
  
  if the received private key index number is equal to the current public key index number, proceed to verify authenticity of the received software package using the public key associated with the private key;
  
  if the received private key index number is smaller than the current public key index number, prevent execution of the received software package, andif the received private key index number is greater than the current public key index number, proceed to verify authenticity of the received software package using the public key associated with the private key.
- View Dependent Claims (8, 9, 10)
- - 8. The apparatus of claim 7, wherein the apparatus is an electronic communication device.
  - 9. The apparatus of claim 7, wherein the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to further perform:
    - store the received private key index number as the current public key index number, if the received private key index number is greater than the current public key index number.
  - 10. The apparatus of claim 7, wherein the apparatus is an application specific integrated circuit.

11. A computer program embodied on a computer readable medium comprising computer executable program code which, when executed by at least one processor of an apparatus, which comprises at least one secure memory area comprising a plurality of pre-installed public keys for verifying software authenticity wherein the plurality of pre-installed public keys have associated public key index numbers and wherein the secure memory area comprises a current public key index number indicating currently used public key, causes the apparatus to:
- receive an indication that a software package signed with a private key according to public key infrastructure has been received;
  
  receive a private key index number associated with the received software package;
  
  compare the received private key index number and the stored current public key index number;
  
  if the received private key index number is equal to the current public key index number, proceed to verify authenticity of the received software package using the public key associated with the private key;
  
  if the received private key index number is different from the current public key index number, to check, whether a public key associated with the received private key index number, is disabled; and
  
  if the public key associated with the received private key index number is disabled, prevent execution of the received software package, and otherwise, proceed to verify authenticity of the received software package using the public key associated with the private key.
- View Dependent Claims (12, 13)
- - 12. The computer program embodied on the computer readable medium of claim 11, wherein the apparatus is an electronic communication device.
  - 13. The computer program embodied on the computer readable medium of claim 11, wherein the apparatus is an application specific integrated circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Lukkarila, Jari Juhani, Tamminen, Rauno Juhani
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US12/915,551
Publication Number

US 20120110333A1
Time in Patent Office

1,054 Days
Field of Search

713/176, 713/193, 713/171, 380/30, 380277-278, 726/30
US Class Current

726/30
CPC Class Codes

G06F 21/51   at application loading time...

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

Software security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Software security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others