Methods and apparatus to provide for efficient and secure software updates
US-10033534-B2 · Jul 24, 2018 · US
Technologies for secure software update using bundles and merkle signatures
US10552138B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10552138-B2 |
| Application number | US-201615267355-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 16, 2016 |
| Priority date | Jun 12, 2016 |
| Publication date | Feb 4, 2020 |
| Grant date | Feb 4, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies for secure software update include an update server and one or more client computing devices. The update server generates a software release including release components, such as packages and/or bundles, and a version number. The update server generates an integrity hash tree over the software release and a Lamport one-time signature key pair for each node of the integrity hash tree. The update server generates a Merkle signature scheme authentication tree based on the key pairs and signs each node of the integrity hash tree. The update server signs the root of the authentication tree with an anchor private key. A client computing device downloads one or more release components and verifies the release components with the integrity hash tree, the signatures, and the authentication tree. The client computing device verifies the root of the authentication tree with an anchor public key. Other embodiments are described and claimed.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computing device for secure software update, the computing device comprising: a software update module to generate a software release, wherein the software release comprises a plurality of release components and a release version number; a release integrity module to generate an integrity hash tree over the plurality of release components and the release version number, wherein the integrity hash tree comprises a plurality of hash nodes; a release authentication module to (i) generate a plurality of Lamport one-time signature public-private key pairs, wherein each key pair of the plurality of key pairs corresponds to a hash node of the integrity hash tree, (ii) generate a Merkle signature scheme authentication tree based on the plurality of key pairs, and (iii) generate a plurality of one-time signatures, wherein each one-time signature is generated as a function of a respective hash node of the integrity hash tree and a key pair of the plurality of key pairs corresponding to the respective hash node; and a root authentication module to sign a root public key of the authentication tree with an anchor private key to generate a signature of the root public key, wherein the anchor private key is paired with an anchor public key. 2. The computing device of claim 1 , wherein to generate the software release comprises to generate a hierarchical organization of the plurality of release components. 3. The computing device of claim 1 , wherein the plurality of release components comprises a file, a package, or a bundle. 4. The computing device of claim 1 , wherein to generate the integrity hash tree over the plurality of release components and the release version number comprises to: generate a plurality of leaf hash nodes of the integrity hash tree, wherein each leaf hash node is calculated as a function of a release component or the release version number; and recursively generate a parent hash node as a function of a first hash node and a second hash node. 5. The computing device of claim 1 , wherein to generate the Lamport one-time signature public-private key pairs comprises to generate the Lamport one-time signature public-private key pairs with a pseudo-random number generator based on a random number seed. 6. The computing device of claim 5 , wherein the release authentication module is further to generate the random number seed with a hardware-assisted random number generator of the computing device. 7. The computing device of claim 5 , wherein the release authentication module is further to index an entropy multiplexing tree with the release version number to retrieve the random number seed. 8. One or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to: generate a software release, wherein the software release comprises a plurality of release components and a release version number; generate an integrity hash tree over the plurality of release components and the release version number, wherein the integrity hash tree comprises a plurality of hash nodes; generate a plurality of Lamport one-time signature public-private key pairs, wherein each key pair of the plurality of key pairs corresponds to a hash node of the integrity hash tree; generate a Merkle signature scheme authentication tree based on the plurality of key pairs; generate a plurality of one-time signatures, wherein each one-time signature is generated as a function of a respective hash node of the integrity hash tree and a key pair of the plurality of key pairs corresponding to the respective hash node; and sign a root public key of the authentication tree with an anchor private key to generate a signature of the root public key, wherein the anchor private key is paired with an anchor public key. 9. The one or more non-transitory, computer-readable storage media of claim 8 , wherein to generate the software release comprises to generate a hierarchical organization of the plurality of release components. 10. The one or more non-transitory, computer-readable storage media of claim 8 , wherein to generate the Lamport one-time signature public-private key pairs comprises to generate the Lamport one-time signature public-private key pairs with a pseudo-random number generator based on a random number seed. 11. The one or more non-transitory, computer-readable storage media of claim 10 , further comprising a plurality of instructions that in response to being executed cause the computing device to generate the random number seed using a hardware-assisted random number generator of the computing device. 12. The one or more non-transitory, computer-readable storage media of claim 10 , further comprising a plurality of instructions that in response to being executed cause the computing device to index an entropy multiplexing tree with the release version number to retrieve the random number seed. 13. A computing device for secure software update, the computing device comprising: a root authentication module to (i) receive, from an update server, a root public key of a Merkle signature scheme authentication tree associated with a software release and a signature of the root public key, (ii) verify the root public key with the signature of the root public key and an anchor public key that is provisioned to the computing device, and (iii) verify the authentication tree with the root public key in response to verification of the root public key; a software update module to receive, from the update server, a release component of the software release, a hash node of an integrity hash tree that corresponds to the release component, and a Lamport one-time signature corresponding to the hash node of the integrity hash tree; a release integrity module to verify the release component with the hash node of the integrity hash tree; a release authentication module to (i) verify the hash node of the integrity hash tree with the one-time signature, and (ii) verify the one-time signature with the authentication tree in response to verification of the authentication tree; wherein the software update module is further to install the release component in response to verification of the release component, the hash node, and the one-time signature. 14. The computing device of claim 13 , wherein: the root authentication module is further to receive the authentication tree from the update server; and to verify the authentication tree comprises to verify the authentication tree in response to receipt of the authentication tree. 15. The computing device of claim 13 , wherein: the root authentication module is further to (i) receive a random number seed from the update server, (ii) generate a plurality of Lamport one-time signature public-private key pairs with a pseudo-random number generator based on the random number seed, and (iii) generate the authentication tree based on the plurality of key pairs; and to verify the authentication tree comprises to verify the authentication tree in response to generation of the authentication tree. 16. The computing device of claim 13 , wherein: the root authentication module is further to (i) generate an entropy multiplexing tree as a function of a root seed provisioned to the computing device, (ii) index the entropy multiplexing tree with a release version number of the software release to retrieve a random number seed, (iii) generate a plurality of Lamport one-time signature public-private key pairs with a pseudo-random number generator based on the random number seed, and (iv) g
Assignees
Inventors
Classifications
involving digital signatures · CPC title
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
- G06F8/65Primary
Updates (security arrangements therefor G06F21/57) · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
with particular pseudorandom sequence generator · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10552138B2 cover?
- Technologies for secure software update include an update server and one or more client computing devices. The update server generates a software release including release components, such as packages and/or bundles, and a version number. The update server generates an integrity hash tree over the software release and a Lamport one-time signature key pair for each node of the integrity hash tre…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F8/65. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 04 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).