Secured firmware updates

US 9,148,413 B1
Filed: 06/29/2012
Issued: 09/29/2015
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for securing information of hardware devices, the method comprising:

under the control of one or more computer systems configured with executable instructions,storing a public key on at least one hardware peripheral device of a host machine, the hardware peripheral device associated with firmware that is secured from being modified by a user provisioned on the host machine;

receiving a request to update the firmware, the request received from a device that is external with respect to the host machine, the request containing at least some modified firmware that has been encrypted using a private key;

attempting to decrypt the modified firmware by using the public key stored on the at least one hardware peripheral device of the host machine;

applying the modified firmware to the at least one hardware peripheral device of the host machine if the modified firmware is successfully decrypted using the public key stored on the at least one hardware peripheral device; and

rejecting the request to update the firmware if the modified firmware is not successfully decrypted using the public key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.

91 Citations

View as Search Results

17 Claims

1. A computer implemented method for securing information of hardware devices, the method comprising:
- under the control of one or more computer systems configured with executable instructions,storing a public key on at least one hardware peripheral device of a host machine, the hardware peripheral device associated with firmware that is secured from being modified by a user provisioned on the host machine;
  
  receiving a request to update the firmware, the request received from a device that is external with respect to the host machine, the request containing at least some modified firmware that has been encrypted using a private key;
  
  attempting to decrypt the modified firmware by using the public key stored on the at least one hardware peripheral device of the host machine;
  
  applying the modified firmware to the at least one hardware peripheral device of the host machine if the modified firmware is successfully decrypted using the public key stored on the at least one hardware peripheral device; and
  
  rejecting the request to update the firmware if the modified firmware is not successfully decrypted using the public key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer implemented method of claim 1, wherein the private key is stored in a secured location that is remote with respect to the host machine.
  - 3. The computer implemented method of claim 1, wherein the public key is embedded into the hardware peripheral device of the host machine and secured from modification by the user provisioned on the host machine.
  - 4. The computer implemented method of claim 1, wherein the modified firmware is received over a network communications port that is secured from access by the user provisioned on the host machine.
  - 5. The computer implemented method of claim 1, wherein the host machine is allowed to apply the modified firmware only during a specified period of mutability that initiated after startup of the host machine.
  - 6. The computer implemented method of claim 1, wherein the modified firmware is encrypted on a server remotely located with respect to the host machine and transmitted over a network connection from the server to the host machine.

7. A computing device, comprising:
- at least one processor; and
  
  memory including instructions that, when executed by the processor, cause the computing device to;
  
  obtain a private key and store the private key in a secured location, the private key capable of encrypting information, the private key being associated with one or more public keys capable of decrypting the information encrypted using the private key;
  
  encrypt firmware for at least one hardware peripheral device of a host machine, the encrypting performed at the secured location using the private key; and
  
  transmit the encrypted firmware from the secured location to the host machine, the host machine being remotely located with respect to the secured location, the hardware peripheral device of the host machine configured to attempt to use the one or more public keys to decrypt the encrypted firmware,wherein the hardware peripheral device of the host machine is configured to reject an attempt to update the firmware if the attempt to use the one or more public keys to decrypt the firmware is unsuccessful, and the hardware peripheral device of the host machine is configured to apply the firmware if the attempt to use the one or more public keys to decrypt the firmware is successful.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computing device of claim 7, wherein at least one user is provisioned on the host machine and wherein the firmware of the hardware peripheral device is secured from being modified by the user provisioned on the host machine.
  - 9. The computing device of claim 8, wherein the encrypted firmware is received on the host machine over a network communications port that is secured from access by the user provisioned on the host machine.
  - 10. The computing device of claim 7, wherein the host machine is allowed to apply the firmware only during a specified period of mutability that initiated after startup of the host machine.
  - 11. The computing device of claim 7, wherein the firmware is encrypted on a server remotely located with respect to the host machine and transmitted over a network connection from the server to the host machine.

12. A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of operations comprising:
- obtaining a private key and storing the private key in a secured location, the private key capable of encrypting information, the private key being associated with one or more public keys capable of decrypting the information encrypted using the private key;
  
  encrypting firmware for at least one hardware peripheral device of a host machine, the encrypting performed at the secured location using the private key; and
  
  transmitting the encrypted firmware from the secured location to the host machine, the host machine being remotely located with respect to the secured location, the hardware peripheral device of the host machine configured to attempt to use the one or more public keys to decrypt the encrypted firmware,wherein the hardware peripheral device of the host machine is configured to reject an attempt to update the firmware if the attempt to use the one or more public keys to decrypt the firmware is unsuccessful, and the hardware peripheral device of the host machine is configured to apply the firmware if the attempt to use the one or more public keys to decrypt the firmware is successful.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer readable storage medium of claim 12, wherein at least one user is provisioned on the host machine and wherein the firmware of the hardware peripheral device is secured from being modified by the user provisioned on the host machine.
  - 14. The non-transitory computer readable storage medium of claim 13, wherein the encrypted firmware is received on the host machine over a network communications port that is secured from access by the user provisioned on the host machine.
  - 15. The non-transitory computer readable storage medium of claim 12, wherein the host machine is allowed to apply the firmware only during a specified period of mutability that initiated after startup of the host machine.
  - 16. The non-transitory computer readable storage medium of claim 12, wherein the firmware is encrypted on a server remotely located with respect to the host machine and transmitted over a network connection from the server to the host machine.
  - 17. The non-transitory computer readable storage medium of claim 12, further comprising instructions for performing the operation of:
    - providing the one or more public keys from the secured location to the host machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Marr, Michael David, Corddry, Matthew T., Hamilton, James R.
Primary Examiner(s)
Lewis, Lisa

Application Number

US13/539,069
Time in Patent Office

1,187 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/629   to features or functions of...

G06F 8/65   Updates security arrangemen...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

Secured firmware updates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

91 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secured firmware updates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links