Secure delivery of assets to a trusted device
US-11144297-B2 · Oct 12, 2021 · US
Secure delivery of assets to a trusted device
US12493458B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12493458-B2 |
| Application number | US-202318515689-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 21, 2023 |
| Priority date | Jan 22, 2018 |
| Publication date | Dec 9, 2025 |
| Grant date | Dec 9, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments described herein provide a system and method for secure delivery of assets to a trusted device. Multiple levels of verification are implemented to enable components of a software update and asset delivery system to verify other components within the system. Furthermore, updates are provided only to client devices that are authorized to receive such updates. In one embodiment, the specific assets provided to a client device during a software update can be tailored to the client device, such that individual client devices can receive updated versions of software asset at a faster or slower rate than mass market devices. For example, developer or beta tester devices can receive pre-release assets, while enterprise devices can receive updates at a slower rate relative to mass market devices.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method performed by an asset server for managing a software update, the method comprising: receiving an asset request from a client device, the asset request including a cryptographic identifier of the client device, wherein the cryptographic identifier includes one or more hardware keys derived from or stored within a secure memory of the client device, the one or more hardware keys indicating whether the client device is a trusted client device; in response to receipt of the asset request, verifying the client device based, at least in part, on the cryptographic identifier; and upon verification of the client device, providing a response signed by the asset server to the client device, wherein the signed response includes information associated with an asset. 2 . The method according to claim 1 , wherein the signed response further comprises a signed asset receipt, wherein the signed asset receipt is a receipt registered for the asset at the asset server. 3 . The method according to claim 1 , wherein the verifying the client device based, at least in part, on the cryptographic identifier, comprises: sending, by the asset server, an attestation request to an attestation server; and receiving, by the asset server, a response from the attestation server that the client device is authentic. 4 . The method according to claim 1 , wherein the client device comprises a consumer electronic device. 5 . The method according to claim 1 , wherein the client device is authentic if the client device is manufactured by and registered with a device vendor of the client device. 6 . The method according to claim 1 , wherein the signed response includes a storage location for the asset. 7 . The method according to claim 1 , further comprising determining whether the client device is associated with a special asset list, a registry or a database. 8 . The method according to claim 7 , wherein the special asset list, the registry or the database comprise assets associated with client device in an enterprise managed update system. 9 . The method according to claim 7 , further comprising determining whether the client device is a special client device based on the special asset list, the registry or the database, wherein the special client device is a client device for which software updates are delayed. 10 . The method according to claim 7 , further comprising determining whether the client device is a special client device based on the special asset list, the registry or the database, wherein the special client device is a client device for which software updates are accelerated. 11 . A system for managing a software update for an electronic device, the system comprising one or more processors configured to: receiving, by an asset server, an asset request from a client device, the asset request including a cryptographic identifier of the client device, wherein the cryptographic identifier includes one or more hardware keys derived from or stored within secure memory of the client device, the one or more hardware keys indicating whether the client device is a trusted client device; in response to receipt of the asset request, verifying the client device based, at least in part, on the cryptographic identifier; and upon verification of the client device, providing a response signed by the asset server to the client device, wherein the signed response includes information associated with an asset. 12 . The system according to claim 11 , wherein the signed response further comprises a signed asset receipt, wherein the signed asset receipt is a receipt registered for the asset at the asset server. 13 . The system according to claim 11 , wherein the verifying the client device based, at least in part, on the cryptographic identifier, comprises: sending, by the asset server, an attestation request to an attestation server; and receiving, by the asset server, a response from the attestation server that the client device is authentic. 14 . The system according to claim 11 , further comprising determining whether the client device is associated with a special asset list, a registry or a database. 15 . The system according to claim 14 , wherein the special asset list, the registry or the database comprise assets associated with client device in an enterprise managed update system. 16 . A non-transitory computer-readable medium storing instructions executable by one or more processors for managing a software update for an electronic device, the instructions comprising: receiving, by an asset server, an asset request from a client device, the asset request including a cryptographic identifier of the client device, wherein the cryptographic identifier includes one or more hardware keys derived from or stored within secure memory of the client device, the one or more hardware keys indicating whether the client device is a trusted client device; in response to receipt of the asset request, verifying the client device based, at least in part, on the cryptographic identifier; and upon verification of the client device, providing a response signed by the asset server to the client device, wherein the signed response includes information associated with an asset. 17 . The non-transitory computer-readable medium according to claim 16 , wherein the signed response further comprises a signed asset receipt, wherein the signed asset receipt is a receipt registered for the asset at the asset server. 18 . The non-transitory computer-readable medium according to claim 16 , wherein the verifying the client device based, at least in part, on the cryptographic identifier, comprises: sending, by the asset server, an attestation request to an attestation server; and receiving, by the asset server, a response from the attestation server that the client device is authentic. 19 . The non-transitory computer-readable medium according to claim 16 , further comprising determining whether the client device is associated with a special asset list, a registry or a database. 20 . The non-transitory computer-readable medium according to claim 19 , wherein the special asset list, the registry or the database comprise assets associated with client device in an enterprise managed update system.
Assignees
Inventors
Classifications
Providing cryptographic facilities or services · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Secure boot · CPC title
- G06F8/65Primary
Updates (security arrangements therefor G06F21/57) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12493458B2 cover?
- Embodiments described herein provide a system and method for secure delivery of assets to a trusted device. Multiple levels of verification are implemented to enable components of a software update and asset delivery system to verify other components within the system. Furthermore, updates are provided only to client devices that are authorized to receive such updates. In one embodiment, the sp…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 09 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).