Method and system to retrieve public keys in a memory constrained system
US-2024283644-A1 · Aug 22, 2024 · US
Securely recovering a computing device
US2019182043A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019182043-A1 |
| Application number | US-201816194072-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 16, 2018 |
| Priority date | Jan 7, 2007 |
| Publication date | Jun 13, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
First claim
Opening claim text (preview).
1 . A method comprising, at a client device including a file system: providing, to a computing device, a request to update an initial version of an application established at the file system with an updated version of the application; loading the updated version of the application that is received from the computing device into the file system; receiving a certificate associated with the updated version of the application, wherein the certificate is digitally signed with a signature; verifying that the updated version of the application is trusted by using a fingerprint to compare the certificate associated with the updated version of the application to a certificate associated with the initial version of the application; and in response to determining that the updated version of the application is trusted: establishing one or more files associated with the updated version of the application at the file system. 2 . The method of claim 1 , wherein, prior to providing the request to the computing device, the method further comprises: establishing the certificate associated with the initial version of the application by providing the application to the computing device. 3 . The method of claim 1 , wherein, in response to determining that the updated version of the application is trusted, the certificate associated with the updated version of the application is based on the fingerprint. 4 . The method of claim 3 , wherein the fingerprint is stored at a secure read only memory (ROM) of the client device. 5 . The method of claim 4 , wherein the fingerprint is associated with a unique device identifier specific to the client device. 6 . The method of claim 5 , wherein the unique device identifier is stored within the ROM, and the signature used to digitally sign the certificate is based on the unique device identifier. 7 . The method of claim 1 , wherein, in response to determining that the updated version of the application is not trusted, the method further comprises: preventing the one or more files from being executed at the file system. 8 . The method of claim 1 , wherein the fingerprint is based on a signature from a public key certificate. 9 . A client device including a file system, comprising: at least one processor; and at least one memory storing instructions that when executed by the at least one processor, cause the client device to: provide, to a computing device, a request to update an initial version of an application established at the file system with an updated version of the application; load the updated version of the application that is received from the computing device into the file system; receive a certificate associated with the updated version of the application, wherein the certificate is digitally signed with a signature; verify that the updated version of the application is trusted by using a fingerprint to compare the certificate associated with the updated version of the application to a certificate associated with the initial version of the application; and in response to determining that the updated version of the application is trusted: establish one or more files associated with the updated version of the application at the file system. 10 . The client device of claim 9 , wherein, in response to determining that the updated version of the application is trusted, the client device determines that the certificate associated with the updated version of the application is based on the fingerprint. 11 . The client device of claim 9 , wherein the fingerprint is stored at a secure read only memory (ROM) of the client device. 12 . The client device of claim 11 , wherein the fingerprint is associated with a unique device identifier specific to the client device. 13 . The client device of claim 9 , wherein, in response to determining that the updated version of the application is trusted, the at least one processor further causes the client device to: verify that an integrity of the one or more files is not compromised. 14 . The client device of claim 11 , wherein, in response to determining that the updated version of the application is not trusted, the at least one processor further causes the client device to: prevent the one or more files from being executed at the file system. 15 . At least one non-transitory computer readable storage medium configured to storage instructions that, when executed by at least one processor included in a client device having a file system, cause the client device to: provide, to a computing device, a request to update an initial version of an application established at the file system with an updated version of the application; load the updated version of the application that is received from the computing device into the file system; receive a certificate associated with the updated version of the application, wherein the certificate is digitally signed with a signature; verify that the updated version of the application is trusted by using a fingerprint to compare the certificate associated with the updated version of the application to a certificate associated with the initial version of the application; and in response to determining that the updated version of the application is trusted: establish one or more files associated with the updated version of the application at the file system. 16 . The at least one non-transitory computer readable storage medium of claim 15 , wherein the fingerprint is stored at a secure read only memory (ROM) of the client device. 17 . The at least one non-transitory computer readable storage medium of claim 16 , wherein, in response to determining that the updated version of the application is not trusted, the client device determines that the certificate associated with the updated version of the application is not based on the fingerprint. 18 . The at least one non-transitory computer readable storage medium of claim 17 , wherein the fingerprint is associated with a unique device identifier specific to the client device. 19 . The at least one non-transitory computer readable storage medium of claim 15 , wherein, in response to determining that the updated version of the application is trusted, the at least one processor further causes the client device to: verify that an integrity of the one or more files is not compromised. 20 . The at least one non-transitory computer readable storage medium of claim 15 , wherein, in response to determining that the updated version of the application is not trusted, the at least one processor further causes the client device to: prevent the one or more files from being executed at the file system.
Assignees
Inventors
Classifications
using a plurality of keys or algorithms · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Secure firmware programming, e.g. of basic input output system [BIOS] · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Boot up procedures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019182043A1 cover?
- A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device base…
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/302. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 13 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).