Method and system to retrieve public keys in a memory constrained system
US-2024283644-A1 · Aug 22, 2024 · US
Securely recovering a computing device
US2017346631A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017346631-A1 |
| Application number | US-201715619276-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 9, 2017 |
| Priority date | Jan 7, 2007 |
| Publication date | Nov 30, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
First claim
Opening claim text (preview).
1 . A method for updating an application established at a file system of a client device, the method comprising, at the client device: providing a request to a computing device to update the application; receiving, from the computing device, a code image that is (i) digitally signed by a signature, and (ii) associated with an application package; determining whether the code image is certified by verifying the signature; and in response to determining that the code image is certified: verifying whether an integrity of one or more files of the application package is compromised: when the integrity of the one or more files is not compromised: establishing the one or more files at the file system by executing the code image. 2 . The method of claim 1 , wherein, subsequent to establishing the one or more files at the file system, the method further comprises: rebooting an operating system of the client device. 3 . The method of claim 1 , wherein, when the integrity of the one or more files is compromised, the method further comprises: preventing the one or more files from being established at the file system. 4 . The method of claim 1 , wherein the signature is verified using a fingerprint embedded within a ROM (read-only memory) of the client device. 5 . The method of claim 4 , wherein a unique identifier associated with the client device is stored within the ROM, and the code image is digitally signed according to the unique identifier. 6 . The method of claim 5 , wherein the client device derives a hash value from the code image that is based on the unique identifier. 7 . The method of claim 6 , wherein the integrity of the one or more files is verified by comparing the signature to the hash value. 8 . The method of claim 5 , wherein, in response to determining that the code image is non-certified, the method further comprises: executing the code image, and disabling access to the unique identifier. 9 . A system for updating an application, the system comprising: at least one processor; and at least one memory storing instructions, that when executed by the at least one processor, cause the system to: provide a request to a computing device to update the application; receive, from the computing device, a code image that is (i) digitally signed by a signature, and (ii) associated with an application package; determine whether the code image is certified by verifying the signature; and in response to determining that the code image is certified: verify whether an integrity of one or more files of the application package is compromised: when the integrity of the one or more files is not compromised: establish the one or more files at a file system of the system by executing the code image. 10 . The system of claim 9 , wherein, subsequent to establishing the one or more files at the file system, the at least one processor further causes the system to: reboot an operating system of the system. 11 . The system of claim 9 , wherein, when the integrity of the one or more files is compromised, the at least one processor further causes the system to: prevent the one or more files from being established at the file system. 12 . The system of claim 9 , wherein the signature is verified using a fingerprint embedded within a ROM (read-only memory) of the system. 13 . The system of claim 12 , wherein a unique identifier associated with the system is stored within the ROM, and the code image is digitally signed according to the unique identifier. 14 . The system of claim 13 , wherein the system derives a hash value from the code image that is based on the unique identifier. 15 . The system of claim 13 , wherein, in response to determining that the code image is non-certified, the at least one processor further causes the system to: execute the code image, and disable access to the unique identifier. 16 . At least one non-transitory computer readable storage medium configured to store instructions that, when executed by at least one processor included in a computing device, cause the computing device to: provide a request to a host computing device to update an application established at a file system of the computing device; receive, from the host computing device, a code image that is (i) digitally signed by a signature, and (ii) associated with an application package; determine whether the code image is certified by verifying the signature; and in response to determining that the code image is certified: verify whether an integrity of one or more files of the application package is compromised: when the integrity of the one or more files is not compromised: establish the one or more files at the file system by executing the code image. 17 . The at least one non-transitory computer readable storage medium of claim 16 , wherein, subsequent to establishing the one or more files at the file system, the at least one processor further causes the computing device to: reboot an operating system of the computing device. 18 . The at least one non-transitory computer readable storage medium of claim 16 , wherein, when the integrity of the one or more files is compromised, the at least one processor further causes the computing device to: prevent the one or more files from being established at the file system. 19 . The at least one non-transitory computer readable storage medium of claim 16 , wherein the signature is verified using a fingerprint embedded within a ROM (read-only memory) of the computing device. 20 . The at least one non-transitory computer readable storage medium of claim 19 , wherein a unique identifier associated with the computing device is stored within the ROM, and the code image is digitally signed according to the unique identifier.
Assignees
Inventors
Classifications
Secure boot · CPC title
using a plurality of keys or algorithms · CPC title
- H04L9/302Primary
involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes · CPC title
involving digital signatures · CPC title
using RSA or related signature schemes, e.g. Rabin scheme · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017346631A1 cover?
- A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device base…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/302. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Nov 30 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).