Secure software updates

US 9,489,496 B2
Filed: 07/26/2005
Issued: 11/08/2016
Est. Priority Date: 11/12/2004
Status: Active Grant

First Claim

Patent Images

1. A method for upgrading software on an electronic device associated with a client device, the method comprising:

sending, from the client device, device information, to a host device via a first data link, wherein the device information includes a software version indicator, and the software version indicator corresponds to a first version of a software module on the electronic device;

receiving, from the host device, a second version of the software module that is more current than the first version of the software module; and

sending, from the client device and through a second data link that is different than the first data link, the second version of the software module to the electronic device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved techniques to update software in electronic devices that are already in use are disclosed. In one embodiment, software can be updated in a secure and controlled manner using cryptography. The authenticity of the updated software as well as its appropriateness for the particular electronic device can be confirmed prior to update. The software can also be updated on a per module basis. In one embodiment, a server hosts software updates for various electronic devices, and supplies the appropriate software update to the electronic devices via a data network.

54 Citations

View as Search Results

31 Claims

1. A method for upgrading software on an electronic device associated with a client device, the method comprising:
- sending, from the client device, device information, to a host device via a first data link, wherein the device information includes a software version indicator, and the software version indicator corresponds to a first version of a software module on the electronic device;
  
  receiving, from the host device, a second version of the software module that is more current than the first version of the software module; and
  
  sending, from the client device and through a second data link that is different than the first data link, the second version of the software module to the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, further comprising:
    - transmitting, from the client device via the first data link, a software version request to the host device to check for a presence of an updated software module on the host device.
  - 3. The method as recited in claim 1, further comprising:
    - receiving, at the client device and through the first data link, an available software version indicator from the host device; and
      
      determining, based on the available software version indicator, that an updated software module is present on the host device.
  - 4. The method as recited in claim 3, wherein the available software module indicator identifies the updated software module present on the host device.
  - 5. The method as recited in claim 1, wherein the device information includes a cryptographic key, and the second version of the software module is encrypted with the cryptographic key.
  - 6. The method as recited in claim 1, wherein the first data link corresponds to a wide area network.
  - 7. The method as recited in claim 1, wherein the second data link corresponds to a local area network, a Wi-Fi connection, or a Bluetooth connection.

8. A computing device, comprising:
- a processor; and
  
  a memory configured to store instructions that when executed by the processor cause the computing device to perform steps that include;
  
  sending device information to a host device via a first data link, the device information including a current software version indicator, wherein the current software version indicator corresponds to a first version of a software module stored on an electronic device associated with the computing device;
  
  receiving, from the host device via the first data link, a second version of the software module; and
  
  sending, through a second data link that is different than the first data link, the second version of the software module to the electronic device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing device as recited in claim 8, wherein the first data link corresponds to a wide area network.
  - 10. The computing device as recited in claim 8, wherein the second data link corresponds to a local area network, a Wi-Fi connection, or a Bluetooth connection.
  - 11. The computing device as recited in claim 9, wherein the steps further include:
    - receiving, through the first data link, an available software version indicator from the host device; and
      
      determining, based on the available software version indicator, that an updated software module is present on the host device.
  - 12. The computing device as recited in claim 11, wherein the available software module indicator identifies the second version of the software module as a most current version of the software module.
  - 13. The computing device as recited in claim 8, wherein the steps further include:
    - querying the host device for a table that identifies most current versions of the software module available to the electronic device.
  - 14. The computing device as recited in claim 8, wherein the device information includes a cryptographic key, and the second version of the software module is encrypted with the cryptographic key.

15. A non-transitory computer readable medium configured to store instructions that, when executed by a processor of a computing device, cause the computing device to perform steps that include:
- sending, from the computing device, device information, to a host device via a first data link, wherein the device information includes a current software version indicator and the current software version indicator corresponds to a first version of a software module on an electronic device associated with the computing device; and
  
  sending, through a second data link that is different than the first data link, a second version of the software module to the electronic device.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer readable medium as recited in claim 15, wherein the first data link corresponds to a wide area network.
  - 17. The non-transitory computer readable medium as recited in claim 15, wherein the second data link corresponds to a local area network, a Wi-Fi connection, or a Bluetooth connection.

18. A method for upgrading a software module on a portable electronic device, the method comprising:
- by a server device;
  
  storing a first version of the software module and a second version of the software module, wherein the second version of the software module corresponds to a most current version of the software module;
  
  receiving, from a client device associated with the portable electronic device, device information that includes a public cryptographic key and a current software version indicator that identifies a version of the software module associated with the portable electronic device; and
  
  when the version of the software module associated with the portable electronic device corresponds to the first version of the software module;
  
  encrypting the second version of the software module using the public cryptographic key provided by the client device, andtransmitting the encrypted second version of the software module to the client device.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method as recited in claim 18, further comprising:
    - storing multiple software modules for multiple electronic devices associated with the client device.
  - 20. The method as recited in claim 19, further comprising:
    - storing a table of values that identify the multiple software modules.
  - 21. The method as recited in claim 19, wherein the server device is in communication with the client device over a wide area network, and the client device is in communication with the portable electronic device over a local area network.
  - 22. The method as recited in claim 18, further comprising:
    - encrypting the second version of the software module using a random key, andencrypting the random key using the public cryptographic key, wherein said transmitting includes sending the encrypted second version of the software module and the encrypted random key.
  - 23. The method as recited in claim 20, further comprising:
    - transmitting the table of values, from the server device, to the client device in response to receiving a software version request from the client device.
  - 24. The method as recited in claim 23, wherein the server device receives, from the client device, periodically scheduled requests for the table of values of the most current version of the software module.

25. A non-transitory computer readable medium configured to store instructions that, when executed by a processor of a computing device, cause the computing device to perform steps that include:
- storing a first version of a software module and a second version of the software module, wherein the second version of the software module corresponds to a most current version of the software module;
  
  receiving, from a client device, device information that includes a cryptographic key and a current software version indicator that identifies a version of the software module associated with the client device; and
  
  when the version of the software module associated with the client device corresponds to the first version of the software module;
  
  encrypting the second version of the software module using the cryptographic key provided by the client device, andtransmitting the encrypted second version of the software module to the client device.
- View Dependent Claims (31)
- - 31. The non-transitory computer readable medium as recited in claim 25, wherein the steps further include:
    - storing multiple different versions of the software module for multiple electronic devices associated with the client device.

26. A computing device comprising:
- a processor; and
  
  a memory configured to store instructions that when executed by the processor cause the computing device to perform steps that include;
  
  storing a first version of a software module and a second version of the software module, wherein the second version of the software module corresponds to a most current version of the software module;
  
  receiving, from a client device, device information that includes a cryptographic key and a current software version indicator that identifies a version of the software module associated with the client device; and
  
  when the version of the software module associated with the client device corresponds to the first version of the software module;
  
  encrypting the second version of the software module using the cryptographic key, andtransmitting the encrypted second version of the software module to the client device.
- View Dependent Claims (27)
- - 27. The computing device as recited in claim 26, wherein the steps further include:
    - storing multiple software modules for multiple electronic devices associated with the client device.

28. A network-based software update system, the system comprising:
- a server device configured to perform steps that include;
  
  storing a first version of a software module and a second version of the software module, wherein the second version of the software module corresponds to a most current version of the software module, andreceiving, via a first data link, device information that includes a cryptographic key and a current software version indicator that identifies a version of the software module; and
  
  a client device configured to perform steps that include;
  
  receiving, from the server device via the first data link, the second version of the software module encrypted with the cryptographic key, andsending, to an electronic device and through a second data link that is different than the first data link, the second version of the software module.
- View Dependent Claims (29, 30)
- - 29. The network-based software update system as recited in claim 28, wherein the client device is further configured to perform the steps that include:
    - receiving, from the electronic device via the second data link, a version identifier that identifies a current version of the software module on the electronic device.
  - 30. The network-based software update system as recited in claim 28, wherein the second data link corresponds to a local area network, a Wi-Fi connection, or a Bluetooth connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Wysocki, Christopher R., Ward, Alan
Primary Examiner(s)
Mehedi, Morshed

Application Number

US11/190,735
Publication Number

US 20070028120A1
Time in Patent Office

4,123 Days
Field of Search

713/191, 713/192
US Class Current

1/1
CPC Class Codes

G06F 21/101   by binding digital rights t...

G06F 2221/2107   File encryption

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/34   involving the movement of s...

Secure software updates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Secure software updates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links