Mobile platform software update with secure authentication

US 9,369,867 B2
Filed: 06/29/2012
Issued: 06/14/2016
Est. Priority Date: 06/29/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A communication device having a memory and a processor coupled to said memory, said communication device comprising:

an image update system to receive a software update image from an update server, said image update system executing at an operating system (OS) level; and

a trusted execution environment (TEE) operating on said device to restrict control access and data access, by an OS and applications executing on said OS level, to systems operating within said TEE, said TEE including;

a critical component database including data identifying critical software components associated with secure operation of said device, wherein said identifying data is included in said critical component database prior to said software update image being received from said update server; and

a secure update application system to verify, using the identifying data, the inclusion of said critical software components in said software update image prior to installation of said software update image on said device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

26 Citations

View as Search Results

29 Claims

1. A communication device having a memory and a processor coupled to said memory, said communication device comprising:
- an image update system to receive a software update image from an update server, said image update system executing at an operating system (OS) level; and
  
  a trusted execution environment (TEE) operating on said device to restrict control access and data access, by an OS and applications executing on said OS level, to systems operating within said TEE, said TEE including;
  
  a critical component database including data identifying critical software components associated with secure operation of said device, wherein said identifying data is included in said critical component database prior to said software update image being received from said update server; and
  
  a secure update application system to verify, using the identifying data, the inclusion of said critical software components in said software update image prior to installation of said software update image on said device.
- View Dependent Claims (2, 3, 4, 5, 6, 26)
- - 2. The device of claim 1, further comprising a trusted user authentication system to authenticate a user of said device based on authentication information maintained in said TEE.
  - 3. The device of claim 2, wherein said authentication is to be performed prior to said installation of said software update image.
  - 4. The device of claim 1, wherein said image update system is further configured to report a failure of said inclusion verification to said update server.
  - 5. The device of claim 1, wherein said secure update application system is further configured to verify a digital signature associated with said software update image.
  - 6. The device of claim 1, wherein said image update system is further configured to report the identity of components included in said software update image in response to receiving a query.
  - 26. The device of claim 1, wherein at least one of the critical software components comprises a header, which includes an application ID that identifies the component and a presence flag that indicates the presence of that component.

7. A method for securely updating a software image for a communication device, said method comprising:
- receiving said software image from an update server, wherein said software image comprises one or more downloaded software components;
  
  matching said downloaded software components to identifying data identifying critical software components associated with secure operations of said device included in a critical component database, wherein said critical component database is maintained in a trusted execution environment (TEE) operating on said device and said identifying data is included in said critical component database prior to said software image being received from said update server, wherein said TEE is to enforce control access and data access restrictions against software running at an operating system level on said device, said matching performed in said TEE to verify, using said identifying data, the inclusion of said critical software components in said software image prior to installation of said software image on said device; and
  
  installing said software image on said device based on the results of said matching.
- View Dependent Claims (8, 9, 10, 11, 12, 27)
- - 8. The method of claim 7, further comprising rejecting said software image in response to determining that said device is in a locked state.
  - 9. The method of claim 7, further comprising rejecting said software image in response to a failure to verify a digital signature associated with said software image.
  - 10. The method of claim 7, further comprising rejecting said software image in response to a failure to authenticate a user of said device based on authentication information maintained in said TEE.
  - 11. The method of claim 7, further comprising reporting to said update server a failure of said matching.
  - 12. The method of claim 7, further comprising reporting the identity of said downloaded software components included in said software image in response to receiving a query.
  - 27. The method of claim 7, wherein at least one of the critical software components comprises a header, which includes an application ID that identifies the component and a presence flag that indicates the presence of that component.

13. One or more computer-readable storage memories having instructions stored thereon which when executed by a processor result in the following operations for securely updating a software image for a communication device, said operations comprising:
- causing said software image to be received from an update server, wherein said software image comprises one or more downloaded software components;
  
  matching said downloaded software components to identifying data identifying critical software components associated with secure operations of said device included in a critical component database, wherein said critical component database is maintained in a trusted execution environment (TEE) operating on said device and said identifying data is included in said critical component database prior to said software image being received from said update server, wherein said TEE is to enforce control access and data access restrictions against software running at an operating system level on said device, said matching performed in said TEE to verify, using said identifying data, the inclusion of said critical software components in said software image prior to installation of said software image on said device; and
  
  causing said software image to be installed on said device based on the results of said matching.
- View Dependent Claims (14, 15, 16, 17, 18, 28)
- - 14. The one or more computer-readable storage memories of claim 13, wherein said operations further comprise rejecting said software image in response to determining that said device is in a locked state.
  - 15. The one or more computer-readable storage memories of claim 13, wherein said operations further comprise rejecting said software image in response to a failure to verify a digital signature associated with said software image.
  - 16. The one or more computer-readable storage memories of claim 13, wherein said operations further comprise rejecting said software image in response to a failure to authenticate a user of said device based on authentication information maintained in said TEE.
  - 17. The one or more computer-readable storage memories of claim 13, wherein said operations further comprise reporting to said update server a failure of said matching.
  - 18. The one or more computer-readable storage memories of claim 13, wherein said operations further comprise reporting the identity of said downloaded software components included in said software image in response to receiving a query.
  - 28. The computer-readable storage medium of claim 13, wherein at least one of the critical software components comprises a header, which includes an application ID that identifies the component and a presence flag that indicates the presence of that component.

19. A mobile communication platform comprising:
- a processor;
  
  a memory coupled to said processor;
  
  an input/output (I/O) system coupled to said processor;
  
  a user interface coupled to said I/O system;
  
  an image update system to receive a software update image from an update server, said image update system executing at an operating system (OS) level; and
  
  a trusted execution environment (TEE) operating on said platform to restrict control access and data access, by an OS and applications executing on said OS level, to systems operating within said TEE, said TEE including;
  
  a critical component database including data identifying critical software components associated with secure operation of said device, wherein said identifying data is included in said critical component database prior to said software update image being received from said update server; and
  
  a secure update application system to verify, using the identifying data, the inclusion of said critical software components in said software update image prior to installation of said software update image on said device.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 29)
- - 20. The mobile communication platform of claim 19, further comprising a trusted user authentication system to authenticate a user of said platform based on authentication information maintained in said TEE.
  - 21. The mobile communication platform of claim 20, wherein said trusted user authentication system is further configured to perform authentication prior to said installation of said software update image.
  - 22. The mobile communication platform of claim 19, wherein said image update system is further configured to report a failure of said inclusion verification to said update server.
  - 23. The mobile communication platform of claim 19, wherein said secure update application system is further configured to verify a digital signature associated with said software update image.
  - 24. The mobile communication platform of claim 19, wherein said image update system is further configured to report the identity of components included in said software update image in response to receiving a query.
  - 25. The mobile communication platform of claim 19, wherein said platform is selected from the group consisting of a smartphone, a laptop computing device and a tablet.
  - 29. The mobile communication platform of claim 19, wherein at least one of the critical software components comprises a header, which includes an application ID that identifies the component and a presence flag that indicates the presence of that component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Prakash, Gyan, Satapathy, Jiphun C.
Primary Examiner(s)
Chen, Xi D
Assistant Examiner(s)
BERMAN, STEPHEN DAVID

Application Number

US13/539,088
Publication Number

US 20140004825A1
Time in Patent Office

1,446 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/74   operating in dual or compar...

G06F 8/65   Updates security arrangemen...

H04L 67/34   involving the movement of s...

H04W 12/068   using credential vaults, e....

H04W 12/086   using security domains

Mobile platform software update with secure authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile platform software update with secure authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links