Securely recovering a computing device
US-2017346631-A1 · Nov 30, 2017 · US
Securely recovering a computing device
US10931451B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10931451-B2 |
| Application number | US-201816194072-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 16, 2018 |
| Priority date | Jan 7, 2007 |
| Publication date | Feb 23, 2021 |
| Grant date | Feb 23, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for managing applications on a client device that includes a file system, the method comprising: providing, to a computing device, a request to update an initial version of an application established at the file system with an updated version of the application; loading the updated version of the application that is received from the computing device into the file system; receiving a certificate that is associated with (i) a unique device identifier associated with the client device, and (ii) the updated version of the application, wherein the certificate is digitally signed with a signature; verifying that the updated version of the application is trusted by using (i) the unique device identifier, and (ii) a fingerprint based on the signature such as to compare the certificate associated with the unique device identifier and the updated version of the application to a certificate associated with the initial version of the application; in response to determining that the updated version of the application is trusted: establishing one or more files associated with the updated version of the application at the file system; and in response to determining that the updated version of the application is not trusted: removing the updated version of the application from the file system, and entering a firmware upgrade mode to execute system tasks for the client device. 2. The method of claim 1 , wherein, prior to providing the request to the computing device, the method further comprises: establishing the certificate associated with the initial version of the application by providing the application to the computing device. 3. The method of claim 1 , wherein the certificate associated with the unique device identifier and the updated version of the application is based on the fingerprint upon determining that the updated version of the application is trusted. 4. The method of claim 3 , wherein the fingerprint is stored at a secure read only memory (ROM) of the client device. 5. The method of claim 4 , wherein the fingerprint is associated with the unique device identifier. 6. The method of claim 5 , wherein the unique device identifier is stored within the secure ROM, and the signature used to digitally sign the certificate is based on the unique device identifier. 7. The method of claim 1 , wherein, in response to determining that the updated version of the application is not trusted, the method further comprises: preventing the one or more files from being executed at the file system. 8. The method of claim 1 , wherein the signature is derived from a public key certificate. 9. A client device that includes a file system and is configured to manage applications, the client device comprising: at least one processor; and at least one memory storing instructions that when executed by the at least one processor, cause the client device to: provide, to a computing device, a request to update an initial version of an application established at the file system with an updated version of the application; load the updated version of the application that is received from the computing device into the file system; receive a certificate that is associated with (i) a unique device identifier associated with the client device, and (ii) the updated version of the application, wherein the certificate is digitally signed with a signature; verify that the updated version of the application is trusted by using (i) the unique device identifier, and (ii) a fingerprint based on the signature such as to compare the certificate associated with the unique device identifier and the updated version of the application to a certificate associated with the initial version of the application; in response to determining that the updated version of the application is trusted: establish one or more files associated with the updated version of the application at the file system; and in response to determining that the updated version of the application is not trusted: remove the updated version of the application from the file system, and enter a firmware upgrade mode to execute systems tasks for the client device. 10. The client device of claim 9 , wherein the certificate associated with the unique device identifier and the updated version of the application is based on the fingerprint upon determining that the updated version of the application is trusted. 11. The client device of claim 9 , wherein the fingerprint is stored at a secure read only memory (ROM) of the client device. 12. The client device of claim 11 , wherein the fingerprint is associated with the unique device identifier. 13. The client device of claim 9 , wherein, in response to determining that the updated version of the application is trusted, the at least one processor further causes the client device to: verify that an integrity of the one or more files is uncompromised. 14. The client device of claim 11 , wherein, in response to determining that the updated version of the application is not trusted, the at least one processor further causes the client device to: prevent the one or more files from being executed at the file system. 15. At least one non-transitory computer readable storage medium configured to storage instructions that, when executed by at least one processor included in a client device associated with a unique device identifier and having a file system, cause the client device to: provide, to a computing device, a request to update an initial version of an application established at the file system with an updated version of the application; load the updated version of the application that is received from the computing device into the file system; receive a certificate that is associated with (i) the unique device identifier, and (ii) the updated version of the application, wherein the certificate is digitally signed with a signature; verify that the updated version of the application is trusted by using (i) the unique device identifier, and (ii) a fingerprint based on the signature such as to compare the certificate associated with the unique device identifier and the updated version of the application to a certificate associated with the initial version of the application; in response to determining that the updated version of the application is trusted: establish one or more files associated with the updated version of the application at the file system; and in response to determining that the updated version of the application is not trusted: remove the updated version of the application from the file system, and enter a firmware upgrade mode to execute system tasks for the client device. 16. The at least one non-transitory computer readable storage medium of claim 15 , wherein the fingerprint is stored at a secure read only memory (ROM) of the client device. 17. The at least one non-transitory computer readable storage medium of claim 16 , wherein the client device determines that the certificate associated with the updated version of the application is not based on the fingerprint upon determining that the updated version of the application is not trusted. 18. The at least one non-transitory computer readable storage medium of claim 17 , wherein the fingerprint is associated with the unique device identifier. 19. The at least one non-transitory computer readable storage medium of claim 15 , wherein, in response to determining that the updated version of the application is trusted, the at least one process
Assignees
Inventors
Classifications
- G06F21/51Primary
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
involving digital signatures · CPC title
using a plurality of keys or algorithms · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10931451B2 cover?
- A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device base…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/51. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 23 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).