Method and system for securely updating firmware in a computing device

US 9,792,439 B2
Filed: 09/19/2012
Issued: 10/17/2017
Est. Priority Date: 09/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method for updating firmware in a computing device, the computing device including a host processor and a non-volatile memory, the method comprising:

receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key;

receiving the second crypto-key from an external key source;

decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image;

storing the encrypted firmware image in the non-volatile memory of the computing device;

reading the encrypted firmware image from the non-volatile memory of the computing device;

decrypting the encrypted firmware image using the first crypto-key to produce the firmware; and

executing the firmware on the computing device;

wherein the second crypto-key is received and stored at a secure element located between the host processor and the non-volatile memory; and

wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.

23 Citations

View as Search Results

17 Claims

1. A method for updating firmware in a computing device, the computing device including a host processor and a non-volatile memory, the method comprising:
- receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key;
  
  receiving the second crypto-key from an external key source;
  
  decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image;
  
  storing the encrypted firmware image in the non-volatile memory of the computing device;
  
  reading the encrypted firmware image from the non-volatile memory of the computing device;
  
  decrypting the encrypted firmware image using the first crypto-key to produce the firmware; and
  
  executing the firmware on the computing device;
  
  wherein the second crypto-key is received and stored at a secure element located between the host processor and the non-volatile memory; and
  
  wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the double-encrypted firmware image is decrypted by the secure element using the second crypto-key.
  - 3. The method of claim 2 wherein the secure element includes a host-side interface connected to a host-side data bus and a memory-side interface connected to a memory-side data bus, and wherein the secure element includes a crypto-engine configured to decrypt the double-encrypted firmware.
  - 4. The method of claim 1 wherein the double-encrypted firmware image is decrypted using the second crypto-key upon receipt of the double-encrypted firmware image from the external firmware source without first being stored in the non-volatile memory.
  - 5. The method of claim 1 wherein the double-encrypted firmware image is first stored in the non-volatile memory and then read from the non-volatile memory and decrypted using the second crypto-key.
  - 6. The method of claim 1 wherein the first crypto-key is a group key (GK1), which is the same for a group of computing devices, and wherein the second crypto-key is a group key (GK2), which is the same for a particular version of the firmware.
  - 7. The method of claim 1 wherein the second crypto-key is received from the external key source via a secure channel.
  - 8. The method of claim 1 further comprising decrypting an encrypted random number at the secure element to confirm the presence of the secure element.

9. A computing device comprising:
- a data interface configured to receive a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key, and to receive the second crypto-key from an external key source;
  
  a host processor configured to execute program code of the firmware;
  
  a non-volatile memory configured to store an encrypted image of the firmware; and
  
  a secure element located in a data path between the host processor and the non-volatile memory and having a crypto-engine, the crypto-engine being configured to decrypt the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image and the secure element being configured to provide the encrypted firmware image to the non-volatile memory of the computing device for storage;
  
  the host processor being configured to read the encrypted firmware image from the non-volatile memory, to decrypt the encrypted firmware image using the first crypto-key to produce the firmware, and to execute program code of the firmware on the computing device;
  
  wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory.
- View Dependent Claims (10, 11, 12)
- - 10. The computing system of claim 9 wherein the double-encrypted firmware image is decrypted at the secure element using the second crypto-key upon receipt of the double-encrypted firmware image from the external firmware source without first being stored in the non-volatile memory.
  - 11. The computing system of claim 9 wherein the double-encrypted firmware image is first passed through the secure element and stored in the non-volatile memory without being decrypted and then read from the non-volatile memory upon boot up and decrypted at the secure element using the second crypto-key.
  - 12. The computing system of claim 9 wherein the first crypto-key is a device group key (GK1), which is the same for a group of computing devices, and wherein the second crypto-key is a group key (GK2), which is the same for a particular version of the firmware.

13. A method for confirming the presence of a secure element in a computing device, the computing device including a host processor and a non-volatile memory, the method comprising:
- receiving an encrypted random number at the secure element, wherein the random number is encrypted using a crypto-key;
  
  receiving the crypto-key from an external key source;
  
  decrypting the encrypted random number at the secure element using the crypto-key to produce a decrypted random number;
  
  storing the decrypted random number in the non-volatile memory of the computing device;
  
  reading the decrypted random number from the non-volatile memory of the computing device;
  
  comparing the decrypted random number to a stored version of the random number; and
  
  confirming the presence of the element if the decrypted random number matches the stored random number.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13 wherein the crypto-key is received and stored at a secure element, and wherein the secure element is located between the host processor and the non-volatile memory.
  - 15. The method of claim 14 wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory.
  - 16. The method of claim 13 wherein the crypto-key is a group key (GK), which is the same for a group of computing devices.
  - 17. The method of claim 13 wherein the crypto-key is a session key (SK), which is specific to a communications session of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
NXP B.V. (NXP Semiconductors NV)
Inventors
Colnot, Vincent Cedric
Primary Examiner(s)
Desrosiers, Evans

Application Number

US13/622,534
Publication Number

US 20140082373A1
Time in Patent Office

1,854 Days
Field of Search

713193, 713168-174, 713182-186, 713202, 709206, 709225, 709229, 709249, 709389, 726 2- 8
US Class Current
CPC Class Codes

G06F 21/572 Secure firmware programming...

G06F 21/575 Secure boot

Method and system for securely updating firmware in a computing device

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securely updating firmware in a computing device

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links