What technology area does this patent fall under?

Primary CPC classification H04L9/302. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 13 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Securely recovering a computing device

US9680648B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9680648-B2
Application number	US-201615077794-A
Country	US
Kind code	B2
Filing date	Mar 22, 2016
Priority date	Jan 7, 2007
Publication date	Jun 13, 2017
Grant date	Jun 13, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a read only memory (ROM) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

First claim

Opening claim text (preview).

What is claimed is: 1. A method carried out at a computing device, the method comprising: loading, into a storage of the computing device, a code image that is digitally signed by a signature; determining whether the code image is certified by verifying the signature using a fingerprint embedded within a read only memory (ROM) of the computing device; when the code image is certified: executing the code image to establish an operating environment of the computing device; and when the code image is not certified: removing the code image from the storage of the computing device, and entering a Device Firmware Upgrade (DFU) mode to perform system management tasks for the computing device. 2. The method of claim 1 , wherein the fingerprint is associated with a unique identifier (UID) specific to the computing device. 3. The method of claim 1 , wherein executing the code image comprises: determining whether the code image matches the signature based on a public key compatible with X.509 standard; and determining whether the fingerprint matches the public key, wherein the fingerprint is based on a first hash value of the public key. 4. The method of claim 3 , further comprising: deriving a second hash value based on the code image; and encrypting the second hash value into a header value based on a key stored in the ROM of the computing device. 5. The method of claim 1 , further comprising, when the code image is certified: verifying that an operating system component is trusted before executing the operating system component in the storage. 6. The method of claim 1 , wherein the code image is received from an entity that is communication with the computing device. 7. The method of claim 1 , further comprising: resetting the computing device. 8. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to carry out steps that include: loading, into a storage of the computing device, a code image that is digitally signed by a signature; determining whether the code image is certified by verifying the signature using a fingerprint embedded within a read only memory (ROM) of the computing device; when the code image is certified: executing the code image to establish an operating environment of the computing device; and when the code image is not certified: removing the code image from the storage of the computing device, and entering a Device Firmware Upgrade (DFU) mode to perform system management tasks for the computing device. 9. The non-transitory computer readable storage medium of claim 8 , wherein the fingerprint is associated with a unique identifier (UID) specific to the computing device. 10. The non-transitory computer readable storage medium of claim 8 , wherein executing the code image comprises: determining whether the code image matches the signature based on a public key compatible with X.509 standard; and determining whether the fingerprint matches the public key, wherein the fingerprint is based on a first hash value of the public key. 11. The non-transitory computer readable storage medium of claim 10 , wherein the steps further include: deriving a second hash value based on the code image; and encrypting the second hash value into a header value based on a key stored in the ROM of the computing device. 12. The non-transitory computer readable storage medium of claim 8 , wherein the steps further include, when the code image is certified: verifying that an operating system component is trusted before executing the operating system component in the storage. 13. The non-transitory computer readable storage medium of claim 8 , wherein the code image is received from an entity that is communication with the computing device. 14. The non-transitory computer readable storage medium of claim 8 , wherein the steps further include: resetting the computing device. 15. A computing device comprising a processor configured to cause the computing device to carry out steps that include: loading, into a storage of the computing device, a code image that is digitally signed by a signature; determining whether the code image is certified by verifying the signature using a fingerprint embedded within a read only memory (ROM) of the computing device; when the code image is certified: executing the code image to establish an operating environment of the computing device; and when the code image is not certified: removing the code image from the storage of the computing device, and entering a Device Firmware Upgrade (DFU) mode to perform system management tasks for the computing device. 16. The computing device of claim 15 , wherein the fingerprint is associated with a unique identifier (UID) specific to the computing device. 17. The computing device of claim 15 , wherein executing the code image comprises: determining whether the code image matches the signature based on a public key compatible with X.509 standard; and determining whether the fingerprint matches the public key, wherein the fingerprint is based on a first hash value of the public key. 18. The computing device of claim 17 , wherein the steps further include: deriving a second hash value based on the code image; and encrypting the second hash value into a header value based on a key stored in the ROM of the computing device. 19. The computing device of claim 15 , wherein the steps further include, when the code image is certified: verifying that an operating system component is trusted before executing the operating system component in the storage. 20. The computing device of claim 15 , wherein the code image is received from an entity that is communication with the computing device.

Assignees

Apple Inc

Inventors

Classifications

G06F21/64
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
H04L9/302Primary
involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes · CPC title
H04L9/14
using a plurality of keys or algorithms · CPC title
H04L9/3249
using RSA or related signature schemes, e.g. Rabin scheme · CPC title
H04L63/06
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title

Patent family

Related publications grouped by family.

View patent family 39513252

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9680648B2 cover?: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a read only memory (ROM) of the portable device base…
Who is the assignee on this patent?: Apple Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/302. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 13 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).