Protection for unauthorized firmware and software upgrades to consumer electronic devices

US 8,776,040 B2
Filed: 08/19/2011
Issued: 07/08/2014
Est. Priority Date: 08/19/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:

prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image, predetermining and storing an authorization checksum value in computer memory;

subsequently, retrieving by a software update server the predetermined authorization checksum value, and determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value;

modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and

propagating the modified image to one or more consumer electronic device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firmware or software update, patch, or upgrade image is authenticated by forcing its checksum to match a pre-determined value. The pre-determined value is known by a consumer electronic device in advance of propagating the image for installation. Upon propagation, the device determines a checksum value of the received imaged, and compares the checksum value to the pre-determined expected authenticity value. If they match, the image is installed. In an optional feature, the image is executed by the device and modifies the pre-determined checksum value to a next value, which is also shared or known by the image server. In this variation, no two images have the same expected value, and unauthorized images may be rejected for installation.

33 Citations

View as Search Results

15 Claims

1. A method for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image, predetermining and storing an authorization checksum value in computer memory;
  
  subsequently, retrieving by a software update server the predetermined authorization checksum value, and determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value;
  
  modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and
  
  propagating the modified image to one or more consumer electronic device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as set forth in claim 1 wherein the modifying further comprises modifying the preliminary firmware or software update, patch, or upgrade image to include a next predetermined authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace a predetermined authorization checksum value stored by the consumer electronic device.
  - 3. The method as set forth in claim 2 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the preliminary firmware or software update, patch, or upgrade image is modified to force a collision with the next predetermined authorization checksum value.
  - 4. The method as set forth in claim 1 further comprising applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 5. The method as set forth in claim 1 further comprising applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

6. A computer program product for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- one or more tangible, computer memory devices;
  
  first computer instructions for, prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image, predetermining and storing an authorization checksum value in computer memory, and for subsequently retrieving by a software update server the predetermined authorization checksum value;
  
  second computer instructions for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value;
  
  third computer instructions for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and
  
  fourth computer instructions for propagating the modified image to one or more consumer electronic devices;
  
  wherein the first, second, third and fourth computer instructions are stored by the one or more tangible computer memory devices.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product as set forth in claim 6 wherein the modifying further comprises modifying the preliminary firmware or software update, patch, or upgrade image to include a next predetermined authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace an predetermined authorization checksum value stored by the consumer electronic device.
  - 8. The computer program product as set forth in claim 7 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the preliminary firmware or software update, patch, or upgrade image is modified to force a collision with the next predetermined authorization checksum value.
  - 9. The computer program product as set forth in claim 6 further comprising fifth program instructions stored by the tangible computer memory devices for applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 10. The computer program product as set forth in claim 6 further comprising fifth program instructions stored by the tangible computer memory devices applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

11. A system for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- an update server having a computer processor;
  
  a predetermined authorization checksum value stored in computer memory prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image;
  
  a retriever portion of the update server for retrieving the predetermined authorization checksum value;
  
  a determiner portion of the update server for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value;
  
  a code modifier portion of the update server for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and
  
  a propagator portion of the update server for propagating the modified image to one or more consumer electronic devices.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system as set forth in claim 11 wherein the modifier further modifies the preliminary firmware or software update, patch, or upgrade image to include a next predetermined authorization checksum value which, when executed by the specific consumer electronic device, is configured to replace a predetermined authorization checksum value stored by the consumer electronic device.
  - 13. The system as set forth in claim 12 wherein, upon subsequent repeat execution of the retrieving, determining, modifying, and propagating, the modifier modifies the preliminary firmware or software update, patch, or upgrade image to force a collision with the next predetermined authorization checksum value.
  - 14. The system as set forth in claim 11 further comprising a signer portion of the update server for applying a digital signature to the modified firmware or software update, patch, or upgrade.
  - 15. The system as set forth in claim 11 further comprising a signer portion of the update server for applying a digital signature to the preliminary firmware or software update, patch, or upgrade.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chalmers, Diane Christine, Cheaz, Nixon, Stecher, David Michael
Primary Examiner(s)
CHAVIS, JOHN Q

Application Number

US13/213,355
Publication Number

US 20130047144A1
Time in Patent Office

1,054 Days
Field of Search

717/168
US Class Current

717/168
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 8/63   Image based installation; C...

G06F 8/654   using techniques specially ...

H04M 1/72406   by software upgrading or do...

Protection for unauthorized firmware and software upgrades to consumer electronic devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Protection for unauthorized firmware and software upgrades to consumer electronic devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links