Search

CN-122029537-A - Device-specific firmware distribution

CN122029537ACN 122029537 ACN122029537 ACN 122029537ACN-122029537-A

Abstract

According to some aspects of the present disclosure, a method for authenticating a device associated with an immutable unique device identity to install firmware on the device is disclosed. The method includes retrieving, using processing circuitry at the device, a unique device identification, receiving, at the device, a packet including signed data based on at least one target unique device identification and based on the firmware, authenticating, using the processing circuitry, the device based on the signed data, and causing, in response to authenticating the device, the firmware to be installed on the device using the processing circuitry.

Inventors

  • W.YANG
  • A. Sylvira
  • M. Antoniyevsky

Assignees

  • 爱思开海力士存储器产品解决方案公司(以”Solidigm”名称运营)

Dates

Publication Date
20260512
Application Date
20240530
Priority Date
20230823

Claims (20)

  1. 1. A method for authenticating a device associated with an immutable unique device identity to install firmware on the device, the method comprising: Retrieving the unique device identification using processing circuitry at the device; Receiving, at the device, a packet comprising signed data, the signed data being based on at least one target unique device identification and on the firmware; Authenticating the device based on the signed data using the processing circuit, and The processing circuitry is used to cause the firmware to be installed on the device in response to authenticating the device.
  2. 2. The method of claim 1, wherein the package further comprises the firmware.
  3. 3. The method of claim 1, further comprising: Decrypting the signed data, and Hashing the combination of the firmware and the unique device identification, Wherein: The at least one target unique device identification comprises a single target unique device identification, The decrypted signed data includes a hash of a combination of the firmware and the single target unique device identification, and Authenticating the device based on the signed data includes comparing a hash of a combination of the firmware and the target unique device identification with a hash of a combination of the firmware and the unique device identification.
  4. 4. A method according to claim 3, wherein the signed data is encrypted and decrypted using a digital signature scheme.
  5. 5. The method of claim 1, further comprising: Decrypting the signed data, and Identifying the at least one target unique device identification from the decrypted signed data, wherein authenticating the device based on the signed data comprises comparing the at least one target unique device identification to the unique device identification.
  6. 6. The method of claim 5, wherein the signed data is encrypted and decrypted using a digital signature scheme.
  7. 7. The method of claim 1, wherein the package further comprises data indicating at least one of a type of the firmware or a configuration of the device.
  8. 8. An apparatus, comprising a processing circuit, the processing circuit is configured to: retrieving an immutable unique device identifier; Receiving a packet comprising signed data, said signed data being based on at least one target unique device identification and on said firmware; Authenticating the device based on the signed data, and Processing circuitry is used to cause the firmware to be installed on the device in response to being authenticated.
  9. 9. The device of claim 8, wherein the packet further comprises the firmware, wherein the processing circuit is further configured to receive a packet comprising firmware.
  10. 10. The apparatus of claim 8, wherein: The at least one target unique device identifier comprising a single target unique device identifier, and The signed data includes a hash of a combination of the firmware and the single target unique device identification, Wherein the processing circuit is further configured to: Decrypting the signed data; hashing a combination of said firmware and said unique device identification, and Authenticating the device based on comparing a hash of the combination of the firmware and the target unique device identification with a hash of the combination of the firmware and the unique device identification.
  11. 11. The device of claim 10, wherein the signed data is encrypted using a digital signature scheme, wherein the processing circuit is further configured to decrypt the signed data using a digital signature scheme.
  12. 12. The device of claim 8, wherein the processing circuit is further configured to: Decrypting the signed data; identifying the at least one target unique device identification from the decrypted signed data, and Authenticating the device based on comparing the at least one target unique device identification with the unique device identification.
  13. 13. The device of claim 12, wherein the signed data is encrypted using a digital signature scheme, wherein the processing circuit is further configured to decrypt the signed data using a digital signature scheme.
  14. 14. The device of claim 8, wherein the packet further comprises data indicating at least one of a type of the firmware or a configuration of the device, wherein the processing circuit is further configured to receive a packet comprising data indicating at least one of a type of the firmware or a configuration of the device.
  15. 15. A method for distributing firmware to at least one target device, the method comprising: determining a respective target unique device identification for each of the at least one target device; Generating at least one package for said at least one target device, each of said at least one package comprising corresponding signed data based on said at least one target unique device identification and said firmware, and Communicating the at least one packet and the firmware to at least the at least one target device.
  16. 16. The method of claim 15, wherein each of the at least one packet further comprises the firmware.
  17. 17. The method according to claim 15, wherein: determining each respective target unique device identification includes retrieving each respective target unique device identification from each respective target unique device, and Generating each of the at least one package includes hashing a combination of the firmware and a respective one of the at least one target unique device identification.
  18. 18. The method of claim 15, further comprising encrypting each of the at least one packet.
  19. 19. The method of claim 18, wherein encrypting each of the at least one packet comprises encrypting each of the at least one packet using a digital signature scheme.
  20. 20. The method of claim 15, wherein each of the at least one packet further comprises data indicating at least one of a type of the firmware or a configuration of the device.

Description

Device-specific firmware distribution Technical Field The present disclosure relates to methods and systems for authenticating a device associated with a unique device identification to install firmware. Disclosure of Invention In accordance with the present disclosure, methods and systems are provided for authenticating a device associated with a unique device Identification (ID) to install firmware on the device. The methods and systems disclosed herein may provide secure and device-specific firmware distribution from a firmware provider to a particular receiving device based on a unique device ID. According to some aspects of the present disclosure, a method for authenticating a device associated with an immutable unique device identity to install firmware on the device is disclosed. The method includes retrieving, using processing circuitry at the device, a unique device identification, receiving, at the device, a package (package) including signed data, the signed data based on at least one target unique device identification and on the firmware, authenticating, using the processing circuitry, the device based on the signed data, and causing, in response to authenticating the device, the firmware to be installed on the device using the processing circuitry. In some embodiments, the package further comprises firmware. In some embodiments, the method further comprises decrypting the signed data and hashing (hashing) the combination of the firmware and the unique device identifier, wherein the at least one target unique device identifier comprises a single target unique device identifier, the decrypted signed data comprises a hash of the combination of the firmware and the single target unique device identifier, and authenticating the device based on the signed data comprises comparing the hash of the combination of the firmware and the target unique device identifier with the hash of the combination of the firmware and the unique device identifier. In some embodiments, the signed data is encrypted and decrypted using a digital signature scheme. In some embodiments, the method further comprises decrypting the signed data and identifying the at least one target unique device identification from the decrypted signed data, wherein authenticating the device based on the signed data comprises comparing the at least one target unique device identification to the unique device identification. In some embodiments, the package further includes data indicating at least one of a type of the firmware or a configuration of the device. According to some aspects of the disclosure, a device includes processing circuitry configured to retrieve an immutable unique device identification, receive a packet including signed data based on at least one target unique device identification and based on firmware, authenticate the device based on the signed data, and cause the firmware to be installed on the device using processing circuitry in response to being authenticated. In some embodiments, the packet further comprises firmware, wherein the processing circuit is further configured to receive the packet comprising firmware. In some embodiments, the at least one target unique device identifier comprises a single target unique device identifier and the signed data comprises a hash of a combination of the firmware and the single target unique device identifier, wherein the processing circuitry is further configured to decrypt the signed data, hash the combination of the firmware and the unique device identifier, and authenticate the device based on comparing the hash of the combination of the firmware and the target unique device identifier with the hash of the combination of the firmware and the unique device identifier. In some embodiments, the signed data is encrypted using a digital signature scheme, wherein the processing circuit is further configured to decrypt the signed data using the digital signature scheme. In some embodiments, the processing circuit is further configured to decrypt the signed data, identify the at least one target unique device identification from the decrypted signed data, and authenticate the device based on comparing the at least one target unique device identification to the unique device identification. In some embodiments, the package further comprises data indicating at least one of a type of the firmware or a configuration of the device, wherein the processing circuit is further configured to receive the package comprising data indicating at least one of a type of the firmware or a configuration of the device. According to some aspects of the present disclosure, a method for distributing firmware to at least one target device is disclosed. The method includes determining a respective target unique device identification for each of the at least one target device, generating at least one package for the at least one target device, each of the at least one package including respective signed data