Secure factory data generation and restoration
First Claim
1. A networked system for managing factory-generated data for an electronic device, the system comprising:
- a first factory server device coupled to one or more non-volatile storage systems via a network, to persistently store a production version of calibration data generated for one or more sensor modules of the electronic device, each of the one or more sensor modules associated with a hardware component of the electronic device, the calibration data associated with the one or more sensor modules via a module identifier that is unique to each individual sensor module, wherein the first factory server device is further to transmit the calibration data to the one or more non-volatile storage systems via the network;
a second factory server device coupled to the one or more non-volatile storage systems, to retrieve the production version of the calibration data associated with the one or more sensor modules from the one or more storage systems and to assemble a set of factory data for the electronic device, the factory data including the calibration data, the factory data associated with the electronic device via a device identifier that is unique to the electronic device; and
a sealing server device coupled to the one or more non-volatile storage systems, the sealing server to, in response to a request from the electronic device, authenticate the set of factory data for the electronic device via the module identifier of each sensor module and to create a cryptographic association between the set of factory data and the electronic device after the authentication, wherein a manifest of the cryptographic association is stored on the electronic device.
1 Assignment
0 Petitions
Accused Products
Abstract
In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory-generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.
37 Citations
24 Claims
-
1. A networked system for managing factory-generated data for an electronic device, the system comprising:
-
a first factory server device coupled to one or more non-volatile storage systems via a network, to persistently store a production version of calibration data generated for one or more sensor modules of the electronic device, each of the one or more sensor modules associated with a hardware component of the electronic device, the calibration data associated with the one or more sensor modules via a module identifier that is unique to each individual sensor module, wherein the first factory server device is further to transmit the calibration data to the one or more non-volatile storage systems via the network; a second factory server device coupled to the one or more non-volatile storage systems, to retrieve the production version of the calibration data associated with the one or more sensor modules from the one or more storage systems and to assemble a set of factory data for the electronic device, the factory data including the calibration data, the factory data associated with the electronic device via a device identifier that is unique to the electronic device; and a sealing server device coupled to the one or more non-volatile storage systems, the sealing server to, in response to a request from the electronic device, authenticate the set of factory data for the electronic device via the module identifier of each sensor module and to create a cryptographic association between the set of factory data and the electronic device after the authentication, wherein a manifest of the cryptographic association is stored on the electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more non-transitory machine readable media storing instructions which, when executed by one or more processors, cause the one or more processors to perform operations for managing factory-generated data for an electronic device, the operations comprising:
-
persistently storing a production version of calibration data generated for one or more sensor modules of the electronic device via a first networked server device, each of the one or more sensor modules associated with a hardware component of the electronic device, the calibration data associated with the one or more sensor modules via a module identifier that is unique to each individual sensor module; transmitting the calibration data to one or more non-volatile storage systems via a network connection of the first networked server device; retrieving, via a network connection of a second networked server device, the production version of the calibration data associated with the one or more sensor modules from the one or more non-volatile storage systems; assembling a set of factory data for the electronic device, the factory data including the calibration data and associated with the electronic device via a device identifier that is unique to the electronic device; authenticating, at a sealing server device in response to a request from the electronic device, the set of factory data for the electronic device, the authenticating performed via the module identifier of each sensor module; creating a cryptographic association between the set of factory data and the electronic device after the authentication; and storing a manifest of the cryptographic association on the electronic device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method of managing factory-generated data for an electronic device, the method comprising:
-
persistently storing a production version of calibration data generated for one or more sensor modules of the electronic device via a first networked server device, each of the one or more sensor modules associated with a hardware component of the electronic device, the calibration data associated with the one or more sensor modules via a module identifier that is unique to each individual sensor module; transmitting the calibration data to one or more non-volatile storage systems via a network connection of the first networked server device; retrieving, via a network connection of a second networked server device, the production version of the calibration data associated with the one or more sensor modules from the one or more non-volatile storage systems; assembling a set of factory data for the electronic device, the factory data including the calibration data and associated with the electronic device via a device identifier that is unique to the electronic device; authenticating, at a sealing server device in response to a request from the electronic device, the set of factory data for the electronic device, the authenticating performed via the module identifier of each sensor module; creating a cryptographic association between the set of factory data and the electronic device after the authentication; and storing a manifest of the cryptographic association on the electronic device. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification