Protection for unauthorized firmware and software upgrades to consumer electronic devices
First Claim
1. A method for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
- prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image, predetermining and storing an authorization checksum value in computer memory;
subsequently, retrieving by a software update server the predetermined authorization checksum value, and determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value;
modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and
propagating the modified image to one or more consumer electronic device.
1 Assignment
0 Petitions
Accused Products
Abstract
A firmware or software update, patch, or upgrade image is authenticated by forcing its checksum to match a pre-determined value. The pre-determined value is known by a consumer electronic device in advance of propagating the image for installation. Upon propagation, the device determines a checksum value of the received imaged, and compares the checksum value to the pre-determined expected authenticity value. If they match, the image is installed. In an optional feature, the image is executed by the device and modifies the pre-determined checksum value to a next value, which is also shared or known by the image server. In this variation, no two images have the same expected value, and unauthorized images may be rejected for installation.
-
Citations
15 Claims
-
1. A method for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
-
prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image, predetermining and storing an authorization checksum value in computer memory; subsequently, retrieving by a software update server the predetermined authorization checksum value, and determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value; modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and propagating the modified image to one or more consumer electronic device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
-
one or more tangible, computer memory devices; first computer instructions for, prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image, predetermining and storing an authorization checksum value in computer memory, and for subsequently retrieving by a software update server the predetermined authorization checksum value; second computer instructions for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value; third computer instructions for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and fourth computer instructions for propagating the modified image to one or more consumer electronic devices; wherein the first, second, third and fourth computer instructions are stored by the one or more tangible computer memory devices. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for indicating to a consumer electronic device that a firmware update image is authorized by a software update server comprising:
-
an update server having a computer processor; a predetermined authorization checksum value stored in computer memory prior to creation of an image of a preliminary firmware or software update, patch, or upgrade image; a retriever portion of the update server for retrieving the predetermined authorization checksum value; a determiner portion of the update server for determining one or more modifications to a preliminary firmware or software update, patch, or upgrade image which would, if made to the image, force a collision of the results of a checksum performed over the modified image with the predetermined authorization checksum value; a code modifier portion of the update server for modifying the preliminary firmware or software update, patch, or upgrade image according to the determined one or more modifications without inserting the predetermined authorization checksum value into the modified image; and a propagator portion of the update server for propagating the modified image to one or more consumer electronic devices. - View Dependent Claims (12, 13, 14, 15)
-
Specification