Securely upgrading or downgrading platform components
First Claim
Patent Images
1. A method for securely altering a platform component, comprising:
- generating, by an upgrade manager associated with a device, encryption and digital signature key pairs for the device, wherein the device comprises the platform component;
obtaining public encryption and signature verification keys for a provisioning server from a certification authority;
mutually authenticating the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device, wherein the provisioning server generates a registration identification associated with the device;
assigning, by the certification authority, certificates for public encryption and signature verification keys for the device;
assigning, by the certification authority, certificates for public encryption and signature verification keys for an upgrade server, wherein the upgrade server comprises an alteration for the platform component;
sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority, wherein the alteration request comprises the registration identification associated with the device;
mutually authenticating the device and the upgrade server based on the assigned certificates and the registration identification associated with the device;
causing the device and the upgrade server to exchange a session key during the mutual authenticating; and
providing the alteration from the upgrade server to the device using the session key exchanged during the mutual authenticating.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.
-
Citations
24 Claims
-
1. A method for securely altering a platform component, comprising:
-
generating, by an upgrade manager associated with a device, encryption and digital signature key pairs for the device, wherein the device comprises the platform component; obtaining public encryption and signature verification keys for a provisioning server from a certification authority; mutually authenticating the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device, wherein the provisioning server generates a registration identification associated with the device; assigning, by the certification authority, certificates for public encryption and signature verification keys for the device; assigning, by the certification authority, certificates for public encryption and signature verification keys for an upgrade server, wherein the upgrade server comprises an alteration for the platform component; sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority, wherein the alteration request comprises the registration identification associated with the device; mutually authenticating the device and the upgrade server based on the assigned certificates and the registration identification associated with the device; causing the device and the upgrade server to exchange a session key during the mutual authenticating; and providing the alteration from the upgrade server to the device using the session key exchanged during the mutual authenticating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for securely altering a platform component, comprising:
-
generating, by an upgrade manager associated with a device, encryption and digital signature key pairs for the device, wherein the device includes the platform component; obtaining public encryption and signature verification keys for a provisioning server from a certification authority; mutually authenticating the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device, wherein the provisioning server generates a registration identification associated with the device; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server, wherein the upgrade server comprises a secure alteration for the platform component; sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority, wherein the alteration request comprises the registration identification associated with the device; mutually authenticating the device and the upgrade server based on the assigned certificates and the registration identification associated with the device; causing the device and the upgrade server to exchange a session key during the mutual authenticating; and providing the secure alteration from the upgrade server to the device via the upgrade manager using the session key. - View Dependent Claims (10, 11)
-
-
12. A system comprising:
-
a device comprising a platform component; an upgrade manager; a certification authority; a provisioning server; and an upgrade server comprising an alteration for the platform component; wherein the upgrade manager is configured to; generate encryption and digital signature key pairs for the device; obtain public encryption and signature verification keys for the provisioning server from the certification authority; perform one side of mutual authentication between the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device; contact the certification authority for assigned certificates for public encryption and signature verification keys for the device; contact the certification authority for assigned certificates for public encryption and signature verification keys for the upgrade server; send an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority, wherein the alteration request comprises a registration identification associated with the device; perform one side of mutual authentication between the device and the upgrade server based on the assigned certificates and the registration identification associated with the device; send a session key to the upgrade server; and receive the alteration from the upgrade server to the device using the session key; wherein the certification authority is configured to; provide the encryption and signature verification keys for the provisioning server to the upgrade manager; assign certificates for public encryption and signature verification keys for the device; and assign certificates for public encryption and signature verification keys for the upgrade server; wherein the provisioning server is configured to; perform the other side of mutual authentication between the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device; and verify device information for the device; and wherein the upgrade server is configured to; obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority; perform the other side of mutual authentication between the device and the upgrade server using the public encryption and signature verification keys for the upgrade server and the device; exchange the session key with the upgrade manager; and send the alteration to the upgrade manager using the session key. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for securely altering a platform component, comprising:
an upgrade manager configured for; generating encryption and digital signature key pairs for a device associated with the upgrade manager, wherein the device includes the platform component; obtaining public encryption and signature verification keys for a provisioning server from a certification authority; mutually authenticating the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device; contacting the certification authority for assigned certificates for public encryption and signature verification keys for the device; contacting the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server, wherein the upgrade server comprises a secure alteration for the platform component; sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority, wherein the alteration request comprises a registration identification associated with the device; mutually authenticating the device and the upgrade server based on the assigned certificates and the registration identification associated with the device; causing the device and the upgrade server to exchange a session key during the mutual authenticating; and providing the secure alteration from the upgrade server to the device using the session key. - View Dependent Claims (19)
-
20. A program storage device readable by a machine tangibly embodying a program of instructions executable by the machine to perform a method for securely altering a platform component, the method comprising:
-
generating, by an upgrade manager associated with a device, encryption and digital signature key pairs for the device, wherein the device includes the platform component; obtaining public encryption and signature verification keys for a provisioning server from a certification authority; mutually authenticating the device and the provisioning server using the public encryption and signature verification keys for the provisioning server and the device; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for the device; contacting, by the upgrade manager, the certification authority for assigned certificates for public encryption and signature verification keys for an upgrade server, wherein the upgrade server comprises a secure alteration for the platform component; sending an alteration request from the upgrade manager to the upgrade server, causing the upgrade server to obtain assigned certificates for public encryption and signature verification keys for the upgrade manager from the certification authority, wherein the alteration request comprises a registration identification associated with the device; mutually authenticating the device and the upgrade server based on the assigned certificates and the registration identification associated with the device; causing the device and the upgrade server to exchange a session key during the mutual authenticating; and providing the secure alteration from the upgrade server to the device via the upgrade manager using the session key. - View Dependent Claims (21, 22, 23, 24)
-
Specification