Associating software with hardware using cryptography

US 8,041,957 B2
Filed: 03/31/2004
Issued: 10/18/2011
Est. Priority Date: 04/08/2003
Status: Active Grant

First Claim

Patent Images

1. A method of validating an association of software code with hardware, comprising:

obtaining a certificate from a code image, wherein;

the code image further including software code, a code signature, and a first identifier associated with a release of the software code,all instances of the software code associated with the software release have the same first identifier such that at least two instances of the software code have the same first identifier,the code signature is generated, using cryptography and a code private key, based on the first identifier, a second identifier for the hardware, and a message code digest obtained by hashing the software code,the code signature is used to validate an association of the software code with the hardware,the certificate includes a code public key corresponding to the code private key, and an authority signature generated over the code public key using cryptography and an authority private key;

authenticating the certificate with an authority public key securely stored in the hardware;

obtaining the first identifier from the code image;

obtaining the second identifier for the hardware, wherein all instances of a particular configuration of the hardware have the same second identifier such that at least two instances of the hardware have the same second identifier;

obtaining the software code from the code image and generating an image code digest by hashing the software code from the code image;

generating a regenerated signature digest by hashing the image code digest, the first identifier, and the second identifier; and

obtaining the code signature from the code image and generating a received signature digest by decrypting the code signature from the code image using the code public key; and

comparing the regenerated signature digest with the received signature digest, wherein the association of the software code with the hardware is validated if the regenerated signature digest matches the received signature digest.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for associating software with hardware using cryptography are described. The software is identified by a software identifier (ID), and the hardware is identified by a hardware ID. The software is hashed to obtain a code digest. A code signature is generated for the code digest, software ID, and hardware ID. A code image is formed with the software, software ID, code signature, and a certificate. The certificate contains cryptographic information used to authenticate the certificate and validate the code signature. The code image is loaded onto a device. The device validates the software to hardware association prior to executing the software. For the validation, the device authenticates the certificate with a certificate authority public key embedded within the device. The device also validates the code signature using the cryptographic information contained in the certificate, information in the code image, and the hardware ID embedded within the device.

Citations

20 Claims

1. A method of validating an association of software code with hardware, comprising:
- obtaining a certificate from a code image, wherein;
  
  the code image further including software code, a code signature, and a first identifier associated with a release of the software code,all instances of the software code associated with the software release have the same first identifier such that at least two instances of the software code have the same first identifier,the code signature is generated, using cryptography and a code private key, based on the first identifier, a second identifier for the hardware, and a message code digest obtained by hashing the software code,the code signature is used to validate an association of the software code with the hardware,the certificate includes a code public key corresponding to the code private key, and an authority signature generated over the code public key using cryptography and an authority private key;
  
  authenticating the certificate with an authority public key securely stored in the hardware;
  
  obtaining the first identifier from the code image;
  
  obtaining the second identifier for the hardware, wherein all instances of a particular configuration of the hardware have the same second identifier such that at least two instances of the hardware have the same second identifier;
  
  obtaining the software code from the code image and generating an image code digest by hashing the software code from the code image;
  
  generating a regenerated signature digest by hashing the image code digest, the first identifier, and the second identifier; and
  
  obtaining the code signature from the code image and generating a received signature digest by decrypting the code signature from the code image using the code public key; and
  
  comparing the regenerated signature digest with the received signature digest, wherein the association of the software code with the hardware is validated if the regenerated signature digest matches the received signature digest.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the software code is executed by the hardware only if the association is validated.
  - 3. The method of claim 1, wherein the regenerated signature digest is generated using a cryptography scheme that includes Hash-based Message Authentication Code (HMAC).
  - 4. The method of claim 1, wherein the first identifier is a software release version number.
  - 5. The method of claim 1, wherein the hardware is an integrated circuit of a specific design.
  - 6. The method of claim 1, wherein the second identifier is a hardware part number.
  - 7. The method of claim 1, wherein the authority public key is embedded in the hardware in a tamper-proof manner.

8. An apparatus having validation of an association of software with the apparatus hardware, comprising:
- a first storage unit configured to securely store an authority public key; and
  
  a processor operative toobtain a certificate from a code image, wherein;
  
  the code image further including software code, a code signature, and a first identifier associated with a release of the software code,all instances of the software code associated with the software release have the same first identifier such that at least two instances of the software code have the same first identifier,the code signature is generated, using cryptography and a code private key, based on the first identifier, a second identifier for the hardware, and a message code digest obtained by hashing the software code,the code signature is used to validate an association of the software code with the hardware,the certificate includes a code public key corresponding to the code private key, and an authority signature generated over the code public key using cryptography and an authority private key;
  
  authenticate the certificate with the authority public key;
  
  obtain the first identifier from the code image;
  
  obtain the second identifier for the hardware, wherein all instances of a particular configuration of the hardware have the same second identifier such that at least two instances of the hardware have the same second identifier;
  
  obtain the software code from the code image and generate an image code digest by hashing the software code from the code image;
  
  generate a regenerated signature digest by hashing the image code digest, the first identifier, and the second identifier; and
  
  obtain the code signature from the code image and generate a received signature digest by decrypting the code signature from the code image using the code public key; and
  
  compare the regenerated signature digest with the received signature digest, wherein the association of the software code with the hardware is validated if the regenerated signature digest matches the received signature digest.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8, wherein the authority public key is embedded in the hardware in a tamper-proof manner.
  - 10. The apparatus of claim 8 and implemented within a wireless communication device.
  - 11. The apparatus of claim 8, further comprising:
    - a second storage unit configured to store boot code executed by the processor to authenticate the certificate and to compare the regenerated signature digest with the received signature digest.
  - 12. The apparatus of claim 11, wherein the first and second storage units and the processor are implemented within an integrated circuit.

13. An apparatus having validation of an association of software code with hardware, comprising:
- means for obtaining a certificate from a code image, wherein;
  
  the code image further including software code, a code signature, and a first identifier associated with a release of the software code,all instances of the software code associated with the software release have the same first identifier such that at least two instances of the software code have the same first identifier,the code signature is generated, using cryptography and a code private key, based on the first identifier, a second identifier for the hardware, and a message code digest obtained by hashing the software code,the code signature is used to validate an association of the software code with the hardware,the certificate includes a code public key corresponding to the code private key, and an authority signature generated over the code public key using cryptography and an authority private key;
  
  means for authenticating the certificate with an authority public key securely stored in the hardware;
  
  means for obtaining the first identifier from the code image;
  
  means for obtaining the second identifier for the hardware, wherein all instances of a particular configuration of the hardware have the same second identifier such that at least two instances of the hardware have the same second identifier;
  
  means for obtaining the software code from the code image and generating an image code digest by hashing the software code from the code image;
  
  means for generating a regenerated signature digest by hashing the image code digest, the first identifier, and the second identifier;
  
  means for obtaining the code signature from the code image and generating a received signature digest by decrypting the code signature from the code image using the code public key; and
  
  means for comparing the regenerated signature digest with the received signature digest, wherein the association of the software code with the hardware is validated if the regenerated signature digest matches the received signature digest.
- View Dependent Claims (14)
- - 14. The apparatus of claim 13, wherein the authority public key is embedded in the hardware in a tamper-proof manner.

15. An apparatus operable to validate software for hardware, comprising:
- a storage device configured to store a code image including the software, a code signature, and a certificate;
  
  a secure storage device configured to store a hardware identifier and a certificate authority public key;
  
  a processor configured to access the storage device and operative to;
  
  authenticate the certificate with the certificate authority public key,obtain a regenerated signature digest based on the software, a first identifier for the software, and the hardware identifier,decrypt the certificate using the certificate authority public key to recover a code public key,decrypt the code signature using the code public key to recover a received signature digest, andcompare the regenerated signature digest with the received signature digest to validate the association of the software with the hardware.
- View Dependent Claims (16)
- - 16. The apparatus of claim 15, wherein the hardware identifier and the certificate authority public key are embedded in the apparatus in a tamper-proof manner.

17. A processor associated product, comprising:
- computer readable medium, storing;
  
  software code for causing a processor to obtain a certificate from a code image, wherein;
  
  the code image further including software code, a code signature, and a first identifier associated with a release of the software code,all instances of the software code associated with the software release have the same first identifier such that at least two instances of the software code have the same first identifier,the code signature is generated, using cryptography and a code private key, based on the first identifier, a second identifier for the hardware, and a message code digest obtained by hashing the software code,the code signature is used to validate an association of the software code with the hardware,the certificate includes a code public key corresponding to the code private key, and an authority signature generated over the code public key using cryptography and an authority private key;
  
  software code for causing a processor to authenticate the certificate with an authority public key securely stored in the hardware;
  
  software code for causing a processor to obtain the first identifier from the code image;
  
  software code for causing a processor to obtain the second identifier for the hardware, wherein all instances of a particular configuration of the hardware have the same second identifier such that at least two instances of the hardware have the same second identifier;
  
  software cede for causing a processor to obtain the software code from the code image and generate an image code digest by hashing the software code from the code image;
  
  software code for causing a processor to generate a regenerated signature digest by hashing the image code digest, the first identifier, and the second identifier; and
  
  software code for causing a processor to obtain the code signature from the code image and generate a received signature digest by decrypting the code signature from the code image using the code public key; and
  
  software code for causing a processor to compare the regenerated signature digest with the received signature digest, wherein the association of the software code with the hardware is validated if the regenerated signature digest matches the received signature digest.
- View Dependent Claims (18)
- - 18. The processor associated product of claim 17, wherein the authority public key is embedded in the hardware in a tamper-proof manner.

19. A method of validating software for hardware, comprising:
- storing a code image including the software, a code signature, and a certificate;
  
  storing a hardware identifier and a certificate authority public key;
  
  authenticating the certificate with the certificate authority public key,obtaining a regenerated signature digest based on the software, a first identifier for the software, and the hardware identifier,decrypting the certificate using the certificate authority public key to recover a code public key,decrypting the code signature using the code public key to recover a received signature digest, andcomparing the regenerated signature digest with the received signature digest to validate the association of the software with the hardware.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the hardware identifier and the certificate authority public key are embedded in the hardware in a tamper-proof manner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Michaelis, Oliver, Mauro, Anthony P.
Primary Examiner(s)
Lipman; Jacob

Application Number

US10/815,256
Publication Number

US 20050005098A1
Time in Patent Office

2,757 Days
Field of Search

713/200, 713/201, 713187-189, 705/51
US Class Current

713/187
CPC Class Codes

G06F 21/121 Restricting unauthorised ex...

G06F 21/51 at application loading time...

Associating software with hardware using cryptography

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Associating software with hardware using cryptography

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links