Multiple system images for over-the-air updates
First Claim
Patent Images
1. A method comprising:
- by one or more computing systems, executing software from a first partition of system memory;
by the one or more computing systems, requesting an over-the-air (OTA) software update from an endpoint;
by the one or more computing systems, receiving a manifest for the OTA update;
by the one or more computing systems, downloading a payload pursuant to the manifest;
by the one or more computing systems, installing the payload into a second partition of system memory; and
by the one or more computing systems, rebooting, pursuant to the manifest, to the second partition of system memory.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.
-
Citations
18 Claims
-
1. A method comprising:
-
by one or more computing systems, executing software from a first partition of system memory; by the one or more computing systems, requesting an over-the-air (OTA) software update from an endpoint; by the one or more computing systems, receiving a manifest for the OTA update; by the one or more computing systems, downloading a payload pursuant to the manifest; by the one or more computing systems, installing the payload into a second partition of system memory; and by the one or more computing systems, rebooting, pursuant to the manifest, to the second partition of system memory.
-
-
2. The method of claim 1 wherein the request comprises the serial number of the one or more computing systems.
-
3. The method of claim 1, wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to download the payload.
-
4. The method of claim 1, wherein the manifest comprises a predetermined time period during which the one or more computing systems may download the payload.
-
5. The method of claim 1, wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to reboot to the second partition of system memory.
-
6. The method of claim 1, wherein the manifest comprises a predetermined time period during which the one or more computing systems may reboot to the second partition of system memory.
-
7. The method of claim 1, wherein the manifest comprises a manifest signature and device unique signature, and rebooting to the second partition of system memory comprises:
-
authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to boot to the second partition of system memory if either authentication fails.
-
-
8. The method of claim 1 wherein the manifest comprises a first hash value for the payload, and rebooting to the second partition of system memory further comprises:
-
calculating a second hash value for the downloaded payload based on a predetermined cryptographic hash algorithm; comparing the first hash value to the second hash value; and failing to boot to the second partition of system memory if the first and second hash values are not identical.
-
-
9. The method of claim 1, wherein the manifest comprises an encrypted serial number, and rebooting to the second partition of system memory comprises:
-
decrypting the serial number with a serial number public key; comparing the decrypted serial number to a serial number of the one or more computing devices; and failing to boot to the second partition of system memory if the serial number and the decrypted serial number are not identical.
-
-
10. A method, comprising, by one or more computing systems:
-
receiving, from a client device, a request for an over-the-air (OTA) software update comprising a unique identifier for the client device and a digital signature; authenticating the digital signature with a serial number private key; in response to a positive authentication, generating an OTA manifest for the client device comprising one or more download instructions; and transmitting the manifest to the client device.
-
-
11. A non-transitory, computer-readable media comprising instructions operable, when executed by one or more computing systems, to:
-
execute software from a first partition of system memory; request an over-the-air (OTA) software update from an endpoint; receive a manifest for the OTA update; download a payload pursuant to the manifest; install the payload into a second partition of system memory; and reboot the one or more computing systems, pursuant to the manifest, to the second partition of system memory.
-
-
12. The media of claim 11 wherein the request comprises the serial number of the one or more computing systems.
-
13. The media of claim 11, wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to download the payload.
-
14. The media of claim 11, wherein the manifest comprises a predetermined time period during which the one or more computing systems may download the payload.
-
15. The media of claim 11, wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to reboot to the second partition of system memory.
-
16. The media of claim 11, wherein the manifest comprises a predetermined time period during which the one or more computing systems may reboot to the second partition of system memory.
-
17. The media of claim 11, wherein the manifest comprises a manifest signature and device unique signature, and rebooting to the second partition of system memory comprises:
-
authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to boot to the second partition of system memory if either authentication faits.
-
-
18. The media of claim 11, wherein the manifest comprises a first hash value for the payload, and rebooting to the second partition of system memory further comprises:
-
calculating a second hash value for the downloaded payload based on a predetermined cryptographic hash algorithm; comparing the first hash value to the second hash value; and failing to boot to the second partition of system memory if the first and second hash values are not identical.
-
Specification