WO2004075505A1 - Method and system for controlling the distribution of a programming code to a network access device - Google Patents

Method and system for controlling the distribution of a programming code to a network access device Download PDF

Info

Publication number
WO2004075505A1
WO2004075505A1 PCT/EP2003/001791 EP0301791W WO2004075505A1 WO 2004075505 A1 WO2004075505 A1 WO 2004075505A1 EP 0301791 W EP0301791 W EP 0301791W WO 2004075505 A1 WO2004075505 A1 WO 2004075505A1
Authority
WO
WIPO (PCT)
Prior art keywords
programming code
access device
network access
signature
network
Prior art date
Application number
PCT/EP2003/001791
Other languages
French (fr)
Other versions
WO2004075505A8 (en
Inventor
Ilario Gregori
Marco Polano
Nicola Portinaro
Original Assignee
Telecom Italia S.P.A.
Pirelli & C. S.P.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telecom Italia S.P.A., Pirelli & C. S.P.A. filed Critical Telecom Italia S.P.A.
Priority to AU2003210334A priority Critical patent/AU2003210334A1/en
Priority to PCT/EP2003/001791 priority patent/WO2004075505A1/en
Publication of WO2004075505A1 publication Critical patent/WO2004075505A1/en
Publication of WO2004075505A8 publication Critical patent/WO2004075505A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention refers to a method and a system for controlling the distribution and the execution of a programming code on a network access device.
  • the invention relates to the field of controlling the downloading of a firmware code to a network access device, such as a router having a wide area network interface of the ADSL type, Ethernet, El, SHDSL, etc.
  • a network access device such as a router having a wide area network interface of the ADSL type, Ethernet, El, SHDSL, etc.
  • Such apparatuses are generally known as access gateways, and are capable of providing a broadband network access, for example an Internet access, to a personal computing device or to a local area network, through a service provider.
  • the access gateway is generally managed by the service provider, especially when the apparatus is hired out to the user but is still property of the provider.
  • a simple technique for personalising an access gateway consists in customising the firmware of a "standard" apparatus.
  • a main need of the service provider is therefore to avoid unauthorized modification of the firmware/software resident on the access gateway, as such modification can lead to fraud in services.
  • An unauthorized attempt to modify the firmware of an apparatus may damage the same apparatus or cause it to fail, causing the need for a technician to visit the location of the user.
  • a software code is associated to a digital signature, and such digital signature is used for verifying the authenticity and consistency of the code when it is downloaded into the computing device.
  • the digital signature is derived from the content of the software code by means of a symmetrical key, the same key must be stored into the computing device in order to allow the same device to authenticate the downloaded code.
  • the key which can be encrypted or hidden into the hardware or firmware of the device, is however potentially available to hackers. Moreover, it can be very difficult, or even impossible, for a provider to change the key stored into the device, as it would be necessary to modify the hardware itself.
  • Document WO 02/080515 illustrates a system and method for configuring a network access device by utilising a data storage card.
  • the system includes a card writer for writing configuration data from the application service provider to the card, and a card reader, coupled to the network access device, for downloading configuration settings from the card.
  • the system uses a public key cryptography system, the service provider generates a unique cryptographic key for each new subscriber and stores the key in a personalised data storage card.
  • a corresponding public key is stored into, or temporally transferred to, the network access device, in order to allow the device to authenticate the card inserted into the reader and to validate upgraded configurations, drivers or software code present in the card itself.
  • the Applicant has tackled the problem of allowing a network service provider to remotely manage, through a secure and personalised procedure, the downloading process of a firmware code on a network access device of a user, maintaining the process independent from the hardware of the device.
  • the Applicant observes that storing a cryptographic key into the hardware, or firmware, of the network access device, besides not being a secure solution, binds the service provider to the hardware manufacturer, and does not allow the service provider to flexibly manage the network access devices distributed to users.
  • the Applicant is of the opinion that, if the cryptographic information are maintained apart from the hardware of the device, a service provider can easily manage its own cryptographic keys and remotely download to the network access devices personalised programming code, such as firmware, in a total secure way. Moreover a single model of a network access device can be used by different service providers having different needs and client topologies, as the devices can be easily customised through a secure downloading process of a specific firmware code which has been tested and certified by the specific service provider.
  • the user therefore is prevented from installing unofficial versions of the firmware on the device, on the other hand the same user is sure that a firmware code installed has been certified and tested by the specific service provider.
  • Fig. 1 a block diagram of a first portion of a system for controlling the distribution of a programming code under control of a service provider, realised according to the present invention
  • Fig. 2 is a block diagram of a second portion of a system for controlling the distribution of a programming code on a network access device, realised according to the present invention
  • Fig. 3 is a flow diagram of a process for generating a ciphered signature associated to a programming code
  • Fig. 4 is a flow diagram of a process for authenticating a programming code, realised according to the present invention.
  • Fig. 5 is a flow diagram of an example of a programming code distribution process, realised according to the present invention.
  • a service provider SP wishing to distribute a programming code FS, for example a new release of a software or firmware code, to one or more network access devices, generates a ciphered signature FK by means of a ciphering unit, schematically represented by block CU in figure.
  • the ciphering unit CU receives in input the programming code FS and a private key Kpr, and generates, by means of a well known algorithm for digital signature generation, such as a RSA algorithm or a DSA algorithm, the ciphered signature FK.
  • a well known algorithm for digital signature generation such as a RSA algorithm or a DSA algorithm
  • the signature FK associated to the programming code FS, can be used for certifying that such programming code has been released by the service provider SP, as explained in detail herein below.
  • the service provider SP distributes to each subscriber a smart card SC, in which are stored for example personal configuration data and network connection parameters for enabling a user network access device to connect to a wide area network.
  • Each smart card contains as well a public key Kpub, corresponding the private key Kpr distinctive of the service provider SP.
  • the private key Kpr and the public key Kpub constitute an asymmetric key pair which is exclusively associated to the service provider SP; moreover the private key Kpr is known only to the service provider SP.
  • the public key Kpub can be stored in a secure area of the smart card, protected for example by a pin code, which can be accessed only by the proprietor of the card. In any case the security of the system is ensured by the private key Kpr, which is not distributed to users or network access devices but is kept safe by the service provider itself.
  • a network access device AG is provided with a smart card reader SCR for receiving a subscriber smart card SC, which has been personalised by the service provider SP with the public key Kpub.
  • the network access device AG is for example an access gateway for interfacing a local area network with a wide area network.
  • the programming code FS to which is associated the ciphered signature FK, is downloaded into the access gateway AG through a data link DL, under control of the service provider SP, by means of a remote management session, or by the same user/subscriber.
  • the data link DL can be a connection to a wide area network (WAN) , such as in the embodiment shown in figure 2, or a connection to a local area network (LAN) .
  • the wide area network can be for example a broadband connection (e.g. ADSL or SHDSL line)
  • the local area network can be implemented as a wired network (Ethernet) or a wireless network (e.g. W- Lan, Wi-Fi) .
  • the programming code FS and the signature FK can be downloaded jointly through the same data link or even separately, through different data links.
  • a removable medium such as a CR-ROM or a Flash Memory Card can be used for downloading the programming code FS and/or the signature FK on the access gateway AG, through a CD-ROM drive or a card reader provided on a Personal Computer connected to the access gateway, or even built-in the same access gateway AG.
  • the programming code FS and the ciphered signature FK are temporarily stored in memory areas of the access gateway, in particular the programming code FS could be stored into a flash memory FM.
  • a deciphering unit DU on the access gateway AG, decrypts the received ciphered signature FK by means of the public key Kpub read from the smart card SC and verifies its validity.
  • An integrity verification unit IV comprising an extracting unit EU, an hashing unit HU and an authentication unit AU, subsequently verifies the integrity of the programming code FS .
  • the extracting unit EU is used for extracting a hash value HS from the signature FK and for determining the hashing algorithm to be used in the hashing unit HU.
  • the hashing unit HU uses the said hashing algorithm, calculates a hash value HC from the programming code FS .
  • the two hash values HS and HC are then compared into an authentication unit AU, whose task is to accept the programming code FS as a valid code for said network access device if the hash value HC calculated from the received code FS coincides with the hash value HS extracted from the received signature FK.
  • the authentication unit AU generates an acknowledging signal OK indicating that the programming code currently present in the flash memory area FM is a valid code that can be executed on the access gateway AG, or, in case such code is a firmware code, that the access gateway can be rebooted with the new firmware. If, on the contrary, the programming code FS is not accepted as a valid code by the authentication unit AU, the programming code currently in execution on the network access device is not replaced.
  • the system according to the invention provides for a technique which allows the extracting unit EU of the access gateway AG to determine the hashing algorithm used for generating the signature FK. Such technique is not however necessary in case the hash algorithm used is determined a priori by the service provider.
  • the ciphering unit CU generates a data structure DG, indicative of the hash algorithm used, for storing the hash value HS extracted from the programming code FS, and applies the ciphering algorithm (RSA or DSA) to the data structure DG, for generating the signature FK.
  • a data structure DG indicative of the hash algorithm used, for storing the hash value HS extracted from the programming code FS, and applies the ciphering algorithm (RSA or DSA) to the data structure DG, for generating the signature FK.
  • the deciphering unit DU extracts, by means of the public key Kpub, the data structure DG from the signature FK.
  • the data structure DG is then processed by the extracting unit EU that extracts the hash value HS by the received signature FK and communicates to the hashing unit HU the hash algorithm that has been used for generating the hash value HS in the ciphering unit CU.
  • the hashing unit HU uses such algorithm, calculates the hash value HC from the received code FS .
  • FIG 3 it is schematically shown a procedure, used by the service provider SP, for the generation of a ciphered signature FK, starting from the programming code FS and the private key Kpr.
  • a hash algorithm e.g. the MD2 , MD5 or the SHA-1, SHA-256, SHA-384, SHA-512 algorithm
  • the programming code FS obtaining a hash value HS
  • the hash value HS is inserted into a data structure DG, the data structure DG being indicative of the hash algorithm used in the preceding step .
  • step 14 the data structure DG is used for generating the ciphered signature FK, using a signature generation algorithm such as a RSA or DSA algorithm, by means of the private key Kpr.
  • the ciphered signature FK obtained can thus be associated to the file of the programming code FS, for example by generating an independent signature file FK.
  • the access gateway AG receives the ciphered signature FK, and stores it locally on a temporary memory.
  • the access gateway reads from the user smart card the public key Kpub and decrypts the ciphered signature FK.
  • a data structure DG is thus extracted from the ciphered signature FK and its validity is checked in step 22. If the validity of the signature FK is not confirmed, the programming code FS is rejected (step 32) and the forthcoming step of downloading the programming code FS can be avoided, as the network access device will maintain as valid the programming code, or firmware, currently in execution.
  • the hash value HS step 24, calculated when the ciphered signature was generated, and information about the hash algorithm that was used. Such information are used, see arrow 25 in figure 4, for calculating a hash value HC from the programming code FS .
  • the programming code FS is then downloaded in the access gateway, if this has not been done before, and a hash value HC is calculated from the same, step 26 in figure 4.
  • the hash value HC calculated from the programming code FS is the compared, in step 28, with the hash value HS extracted from the signature FK; if the two values coincide, the programming code FS is accepted by the access gateway as an authenticated code, step 30, otherwise the code is rejected, step 32.
  • the programming code FS is downloaded in the access gateway AG contemporaneously with the ciphered signature FK or in a separate session, however if the signature is downloaded earlier the method can be optimised under some aspects : if the validity of the signature FK is not confirmed, the programming code FS will not be downloaded at all, and all the remaining steps of the method are skipped; it is possible to know a priori which hash algorithm has been used, so that the hash value HC can be calculated in real time as the code FS is received, without the necessity to read the content of the file FS twice.
  • a first entity 40 for example the hardware manufacturer of the access gateway devices 54, 56, 58, 60, releases a new version of a firmware code FS, and distributes such code to the service providers A..Z.
  • Each service provider tests and possibly personalises the firmware code, step 46, 48, creating different versions of the code FS-A to FS-Z, and associates the code to a ciphered signature FK- A to FK-Z generated by means of its own private key, step 50, 52.
  • firmware code FS-A of the service provider A is downloaded into an access gateway 54 in which is inserted a smart card SC-A of the same provider, the validity of the signature and the integrity of the code are confirmed, step 60, and the firmwa_re is accepted by the hardware as an authenticated firmware, step 62.
  • a firmware FS-A associated to a signature FK-A of the service provider A, is downloaded into an access gateway 58 in which is inserted a smart card SC-Z of another service provider Z, the signature is not recognized as valid, step 64, and the firmware code is rejected, step 66.
  • the method and system according to the present invention can be implemented as a computer program comprising computer program code means adapted to run on a computer.
  • Such computer program can be embodied on a computer readable medium.

Abstract

A method for allowing a network service provider (SP) to control the distribution and execution of a programming code (FS) on a network access device, by means of a ciphered signature associated to the programming code (FS), wherein: - the ciphered signature (FK) is generated by means of a private key (Kpr) retained by the service provider; and - a public key (Kpub), corresponding to the private key (Kpr) of the service provider, is stored on smart cards (SC) distributed to users and is read by the network access device for verifying the validity of the ciphered signature (FK) and the integrity of the associated programming code (FS).

Description

Method and system for controlling the distribution of a programming code to a network access device
DESCRIPTION
Field of the invention
The present invention refers to a method and a system for controlling the distribution and the execution of a programming code on a network access device. In particular the invention relates to the field of controlling the downloading of a firmware code to a network access device, such as a router having a wide area network interface of the ADSL type, Ethernet, El, SHDSL, etc. Such apparatuses are generally known as access gateways, and are capable of providing a broadband network access, for example an Internet access, to a personal computing device or to a local area network, through a service provider.
Background art
The access gateway is generally managed by the service provider, especially when the apparatus is hired out to the user but is still property of the provider.
Very often the service provider proposes different typologies of services to the public and differentiates the offers by distributing access gateways having different functionalities. A simple technique for personalising an access gateway consists in customising the firmware of a "standard" apparatus.
A main need of the service provider is therefore to avoid unauthorized modification of the firmware/software resident on the access gateway, as such modification can lead to fraud in services. An unauthorized attempt to modify the firmware of an apparatus may damage the same apparatus or cause it to fail, causing the need for a technician to visit the location of the user.
In document WO 01/61437 a method and an apparatus for providing secure control of software downloading on a computing device is disclosed. A software code is associated to a digital signature, and such digital signature is used for verifying the authenticity and consistency of the code when it is downloaded into the computing device. The digital signature is derived from the content of the software code by means of a symmetrical key, the same key must be stored into the computing device in order to allow the same device to authenticate the downloaded code. The key, which can be encrypted or hidden into the hardware or firmware of the device, is however potentially available to hackers. Moreover, it can be very difficult, or even impossible, for a provider to change the key stored into the device, as it would be necessary to modify the hardware itself.
Document WO 02/080515 illustrates a system and method for configuring a network access device by utilising a data storage card. The system includes a card writer for writing configuration data from the application service provider to the card, and a card reader, coupled to the network access device, for downloading configuration settings from the card. The system uses a public key cryptography system, the service provider generates a unique cryptographic key for each new subscriber and stores the key in a personalised data storage card. A corresponding public key is stored into, or temporally transferred to, the network access device, in order to allow the device to authenticate the card inserted into the reader and to validate upgraded configurations, drivers or software code present in the card itself.
The Applicant has tackled the problem of allowing a network service provider to remotely manage, through a secure and personalised procedure, the downloading process of a firmware code on a network access device of a user, maintaining the process independent from the hardware of the device.
The Applicant observes that storing a cryptographic key into the hardware, or firmware, of the network access device, besides not being a secure solution, binds the service provider to the hardware manufacturer, and does not allow the service provider to flexibly manage the network access devices distributed to users.
The Applicant is of the opinion that, if the cryptographic information are maintained apart from the hardware of the device, a service provider can easily manage its own cryptographic keys and remotely download to the network access devices personalised programming code, such as firmware, in a total secure way. Moreover a single model of a network access device can be used by different service providers having different needs and client topologies, as the devices can be easily customised through a secure downloading process of a specific firmware code which has been tested and certified by the specific service provider.
In view of the above, it is an object of the invention to provide a method and a system for allowing a network service provider to control the distribution and execution of a programming code on a network access device, securely and independently from the hardware of the device .
Summary of the invention
According to the invention that object is achieved by means of a method and a system for allowing a network service provider to control the distribution and execution of a programming code on a network access device, wherein the cryptographic keys used for the certification and authentication of the programming code are maintained separated from the hardware/firmware of the network access device on which they are used. A private key is known only to the service provider, and it is therefore easily kept safe, while a corresponding public key is stored into smart cards, distributed by the same service provider to subscribers . When a smart card is inserted into a network access device, the same device is capable of verifying the authenticity of a programming code, downloaded from a local or remote location and associated to a digital signature, by means of the public key stored in the smart card. The authentication elements are therefore totally under control of the service provider, that is able to securely control firmware updates, avoiding unauthorised changes or upgrades by third parties.
The user therefore is prevented from installing unofficial versions of the firmware on the device, on the other hand the same user is sure that a firmware code installed has been certified and tested by the specific service provider.
Brief description of the drawings The invention will now be described, by way of example only, with reference to the annexed figures of drawing, wherein:
Fig. 1 a block diagram of a first portion of a system for controlling the distribution of a programming code under control of a service provider, realised according to the present invention;
Fig. 2 is a block diagram of a second portion of a system for controlling the distribution of a programming code on a network access device, realised according to the present invention;
Fig. 3 is a flow diagram of a process for generating a ciphered signature associated to a programming code;
Fig. 4 is a flow diagram of a process for authenticating a programming code, realised according to the present invention; and
Fig. 5 is a flow diagram of an example of a programming code distribution process, realised according to the present invention.
Detailed description of a preferred embodiment of the invention
With reference to figure 1, a service provider SP wishing to distribute a programming code FS, for example a new release of a software or firmware code, to one or more network access devices, generates a ciphered signature FK by means of a ciphering unit, schematically represented by block CU in figure.
The ciphering unit CU, receives in input the programming code FS and a private key Kpr, and generates, by means of a well known algorithm for digital signature generation, such as a RSA algorithm or a DSA algorithm, the ciphered signature FK. As the private key Kpr is a secret key owned only by the service provider SP, the signature FK, associated to the programming code FS, can be used for certifying that such programming code has been released by the service provider SP, as explained in detail herein below.
The service provider SP distributes to each subscriber a smart card SC, in which are stored for example personal configuration data and network connection parameters for enabling a user network access device to connect to a wide area network. Each smart card contains as well a public key Kpub, corresponding the private key Kpr distinctive of the service provider SP. The private key Kpr and the public key Kpub constitute an asymmetric key pair which is exclusively associated to the service provider SP; moreover the private key Kpr is known only to the service provider SP. The public key Kpub can be stored in a secure area of the smart card, protected for example by a pin code, which can be accessed only by the proprietor of the card. In any case the security of the system is ensured by the private key Kpr, which is not distributed to users or network access devices but is kept safe by the service provider itself.
As is shown in figure 2, a network access device AG, or access gateway, is provided with a smart card reader SCR for receiving a subscriber smart card SC, which has been personalised by the service provider SP with the public key Kpub. The network access device AG is for example an access gateway for interfacing a local area network with a wide area network.
The programming code FS, to which is associated the ciphered signature FK, is downloaded into the access gateway AG through a data link DL, under control of the service provider SP, by means of a remote management session, or by the same user/subscriber. The data link DL can be a connection to a wide area network (WAN) , such as in the embodiment shown in figure 2, or a connection to a local area network (LAN) . The wide area network can be for example a broadband connection (e.g. ADSL or SHDSL line) , while the local area network can be implemented as a wired network (Ethernet) or a wireless network (e.g. W- Lan, Wi-Fi) . The programming code FS and the signature FK can be downloaded jointly through the same data link or even separately, through different data links. Alternatively a removable medium, such as a CR-ROM or a Flash Memory Card can be used for downloading the programming code FS and/or the signature FK on the access gateway AG, through a CD-ROM drive or a card reader provided on a Personal Computer connected to the access gateway, or even built-in the same access gateway AG.
The programming code FS and the ciphered signature FK are temporarily stored in memory areas of the access gateway, in particular the programming code FS could be stored into a flash memory FM.
A deciphering unit DU, on the access gateway AG, decrypts the received ciphered signature FK by means of the public key Kpub read from the smart card SC and verifies its validity.
An integrity verification unit IV, comprising an extracting unit EU, an hashing unit HU and an authentication unit AU, subsequently verifies the integrity of the programming code FS . The extracting unit EU is used for extracting a hash value HS from the signature FK and for determining the hashing algorithm to be used in the hashing unit HU.
The hashing unit HU, using the said hashing algorithm, calculates a hash value HC from the programming code FS .
The two hash values HS and HC, are then compared into an authentication unit AU, whose task is to accept the programming code FS as a valid code for said network access device if the hash value HC calculated from the received code FS coincides with the hash value HS extracted from the received signature FK. The authentication unit AU generates an acknowledging signal OK indicating that the programming code currently present in the flash memory area FM is a valid code that can be executed on the access gateway AG, or, in case such code is a firmware code, that the access gateway can be rebooted with the new firmware. If, on the contrary, the programming code FS is not accepted as a valid code by the authentication unit AU, the programming code currently in execution on the network access device is not replaced.
In order to correctly compare the hash value HS extracted from the received signature FK, which has been previously calculated by the service provider during the ciphering phase of the signature, with the hash value HC re-calculated from the programming code FS, it is necessary to use the same hashing algorithm in both phases .
The system according to the invention provides for a technique which allows the extracting unit EU of the access gateway AG to determine the hashing algorithm used for generating the signature FK. Such technique is not however necessary in case the hash algorithm used is determined a priori by the service provider.
The ciphering unit CU generates a data structure DG, indicative of the hash algorithm used, for storing the hash value HS extracted from the programming code FS, and applies the ciphering algorithm (RSA or DSA) to the data structure DG, for generating the signature FK.
When the signature FK is received by the access gateway AG, the deciphering unit DU extracts, by means of the public key Kpub, the data structure DG from the signature FK. The data structure DG is then processed by the extracting unit EU that extracts the hash value HS by the received signature FK and communicates to the hashing unit HU the hash algorithm that has been used for generating the hash value HS in the ciphering unit CU. The hashing unit HU, using such algorithm, calculates the hash value HC from the received code FS .
The operation of the system previously illustrated will appear clear by the following detailed description of the method according to the invention.
In figure 3 it is schematically shown a procedure, used by the service provider SP, for the generation of a ciphered signature FK, starting from the programming code FS and the private key Kpr.
The procedure is set out in three steps, in a first step 10 a hash algorithm (e.g. the MD2 , MD5 or the SHA-1, SHA-256, SHA-384, SHA-512 algorithm) is applied to the programming code FS, obtaining a hash value HS . In a following step 12 the hash value HS is inserted into a data structure DG, the data structure DG being indicative of the hash algorithm used in the preceding step .
In step 14 the data structure DG is used for generating the ciphered signature FK, using a signature generation algorithm such as a RSA or DSA algorithm, by means of the private key Kpr. The ciphered signature FK obtained can thus be associated to the file of the programming code FS, for example by generating an independent signature file FK.
With reference now to figure 4, the access gateway AG receives the ciphered signature FK, and stores it locally on a temporary memory.
In the step 20 the access gateway reads from the user smart card the public key Kpub and decrypts the ciphered signature FK.
A data structure DG is thus extracted from the ciphered signature FK and its validity is checked in step 22. If the validity of the signature FK is not confirmed, the programming code FS is rejected (step 32) and the forthcoming step of downloading the programming code FS can be avoided, as the network access device will maintain as valid the programming code, or firmware, currently in execution.
If the data structure DG, extracted by the ciphered signature FK, is valid, from that data structure DG are obtained the hash value HS, step 24, calculated when the ciphered signature was generated, and information about the hash algorithm that was used. Such information are used, see arrow 25 in figure 4, for calculating a hash value HC from the programming code FS .
The use of the data structure DG, which allows to determine which hashing algorithm has been used for generating the signature FK, is not however necessary in case the hash algorithm to be used is determined a priori by the service provider.
The programming code FS is then downloaded in the access gateway, if this has not been done before, and a hash value HC is calculated from the same, step 26 in figure 4.
The hash value HC calculated from the programming code FS is the compared, in step 28, with the hash value HS extracted from the signature FK; if the two values coincide, the programming code FS is accepted by the access gateway as an authenticated code, step 30, otherwise the code is rejected, step 32.
As a matter of principle, it is irrelevant if the programming code FS is downloaded in the access gateway AG contemporaneously with the ciphered signature FK or in a separate session, however if the signature is downloaded earlier the method can be optimised under some aspects : if the validity of the signature FK is not confirmed, the programming code FS will not be downloaded at all, and all the remaining steps of the method are skipped; it is possible to know a priori which hash algorithm has been used, so that the hash value HC can be calculated in real time as the code FS is received, without the necessity to read the content of the file FS twice.
With reference to figure 5, an example of a code distribution process, under control of a plurality of service providers A to Z, is schematically shown. A first entity 40, for example the hardware manufacturer of the access gateway devices 54, 56, 58, 60, releases a new version of a firmware code FS, and distributes such code to the service providers A..Z. Each service provider tests and possibly personalises the firmware code, step 46, 48, creating different versions of the code FS-A to FS-Z, and associates the code to a ciphered signature FK- A to FK-Z generated by means of its own private key, step 50, 52.
If the firmware code FS-A of the service provider A is downloaded into an access gateway 54 in which is inserted a smart card SC-A of the same provider, the validity of the signature and the integrity of the code are confirmed, step 60, and the firmwa_re is accepted by the hardware as an authenticated firmware, step 62.
The same happens if the firmware FS-Z is downloaded into an access gateway 60 in which is inserted a smart card SC-Z of the service provider Z. The signature is confirmed as valid and the firmware is confirmed as unaltered, step 68, and the firmware is accepted by the hardware, step 70.
If, on the contrary, a firmware FS-A, associated to a signature FK-A of the service provider A, is downloaded into an access gateway 58 in which is inserted a smart card SC-Z of another service provider Z, the signature is not recognized as valid, step 64, and the firmware code is rejected, step 66.
The method and system according to the present invention can be implemented as a computer program comprising computer program code means adapted to run on a computer. Such computer program can be embodied on a computer readable medium.

Claims

1. A method for allowing a network service provider (SP) to control the distribution and execution of a programming code (FS) on a network access device, by means of a ciphered signature (FK) associated to said programming code (FS) , said network access device being provided with a reader for reading information stored on a smart card (SC) , characterised in that:
- said ciphered signature (FK) is generated by means of a private key (Kpr) retained by said service provider; and
- a public key (Kpub) , corresponding to said private key (Kpr) , is stored on smart cards (SC) distributed by said service provider to users and is read by said network access device for verifying the validity of said ciphered signature (FK) and the integrity of the associated programming code (FS) .
2. A method according to claim 1, comprising the steps of:
- downloading onto said network access device a ciphered signature (FK) , associated to said programming code (FS) , obtained by means of a private key (Kpr) of said network service provider (SP) ;
- reading a public key (Kpub) , corresponding to said private key (Kpr) , from a smart card (SC) inserted into the smart card reader of said network access device;
- verifying the validity of said ciphered signature (FK) by means of said public key (Kpub) , and, if said validity is confirmed, extracting a hash value (HS) from said signature (FK) ;
- downloading said programming code (FS) onto said network access device; - calculating a hash value (HC) from said programming code (FS) ;
- accepting said programming code (FS) as an authenticated code for said network access device if the hash value (HS) extracted from said signature (FK) coincide with the hash value (HC) calculated from said programming code (FS) .
3. A method according to claim 2 , wherein said ciphered signature (FK) is obtained by:
- calculating a hash value (HS) from said programming code (FS) ;
- inserting said hash value (HS) into a data structure (DG) , said data structure being indicative of the hash algorithm used;
- applying a ciphering algorithm to said data structure (DG) , said ciphering algorithm making use of said private key (Kpr) .
4. A method according to claim 3, wherein said ciphering algorithm is a RSA algorithm.
5. A method according to claim 3 , wherein said ciphering algorithm is a DSA algorithm.
6. A method according to claim 3, wherein said step of verifying the authenticity of said ciphered signature
(FK) comprises:
- extracting, by means of said public key (Kpub) , a data structure (DG) associated to said ciphered signature (FK) ;
- determining, from said data structure (DG) , the hash algorithm to be used for calculating a hash value (HC) from said programming code (FS) .
7. A method according to claim 2, wherein, if the validity of said ciphered signature (FK) is not confirmed, the step of downloading said programming code (FS) is not performed and said network access device maintains a programming code currently in execution.
8. A method according to claim 2, wherein said step of downloading said ciphered signature (FK) and said programming code (FS) onto said network access device is performed through a wide area network (WAN) connection.
9. A method according to claim 2, wherein said step of downloading said ciphered signature (FK) and said programming code (FS) onto said network access device is performed through a local area network (LAN) connection.
10. A method according to claim 1, wherein said programming code (FS) is a firmware code for said network access device.
11. A method according to claim 1, wherein said network access device is an access gateway for interfacing a local area network (LAN) with a wide area network (WAN) .
12. A method according to claim 11, wherein said wide area network (WAN) connection is a broad-band Internet connection.
13. A method according to claim 11, wherein said local area network (LAN) is a wired or wireless network.
14. A system for allowing a network service provider to control the distribution and the execution of a programming code (FS) on a network access device (AG) characterised in that said system comprises:
- a private key (Kpr) , owned by said network service provider;
- a public key (Kpub) , corresponding to said private key (Kpr) , stored into smart cards (SC) distributed to users of said network service provider; - a ciphering unit (CU) for generating, by means of a private key (Kpr) , a ciphered signature (FK) associated to said programming code (FS) ;
- at least data link (DL) for downloading said ciphered signature (FK) and said programming code (FS) into said network access device (AG) ;
- a smart card reader (SCR) , coupled to said network access device (AG) , for reading said public key (Kpr) from a user smart card (SC) ;
- a deciphering unit (DU) , on said network access device (AG) , for verifying the validity of said ciphered signature (FK) by means of said public key (Kpr) ;
- an integrity verification unit (IV) , on said network access device (AG) , for verifying the integrity of said programming code (FS) .
15. A system according to claim 14, wherein said integrity verification unit (IV) comprises:
- an extracting unit (EU) , on said network access device, for extracting a first hash value (HS) from said signature (FK) ;
- a hashing unit (HU) , on said network access device, for calculating a second hash value (HC) from said programming code (FS) ;
- an authentication unit (AU) , on said network access device, for comparing said first (HS) and said second hash (HC) values and for accepting said programming code
(FS) as an authenticated code for said network access device (AG) if said first hash value (HS) coincides with said second hash value (HC) .
16. A system according to claim 14, wherein said ciphering unit (CU) generates a data structure (DG) , indicative of the hash algorithm used, and stores into said data structure (DG) a hash value (HS) extracted from said programming code (FS) , and applies said ciphering algorithm to said data structure (DG) for generating said ciphered signature (FK) .
17. A system according to claim 16, wherein said ciphering algorithm is a RSA algorithm.
18. A system according to claim 16, wherein said ciphering algorithm is a DSA algorithm.
19. A system according to claim 16, wherein said deciphering unit (DU) extracts, by means of said public key (Kpub) , a data structure (DG) associated to said ciphered signature (FK) and for verifying if said ciphered signature (FK) is valid.
20. A system according to claim 15, wherein said extracting unit (EU) determines, from said data structure
(DG) , the hash algorithm used for generating the ciphered signature (FK) .
21. A system according to claim 14, wherein said smart card (SC) is released by said service provider (SP) to users subscribing network services .
22. A system according to claim 14, wherein said data link is a wide area network (WAN) connection.
23. A system according to claim 14, wherein said data link is a local area network (LAN) connection.
24. A system according to claim 14, wherein said programming code (FS) is a firmware code for said network access device.
25. A system according to claim 14, wherein said network access device is an access gateway for interfacing a local area network (LAN) with a wide area network (WAN) .
26. A system according to claim 25, wherein said wide area network (WAN) connection is a broad-band Internet connection.
27. A system according to claim 25, wherein said local area network (LAN) is a wired or wireless network.
28. A system according to claim 15, wherein said authentication unit (AU) , if said programming code (FS) has not been accepted as an authenticated code, maintains a programming code currently in execution on said network access device.
29. A computer program comprising computer program code means adapted to perform all the steps of any of claims 1 to 13 when said program is run on a computer.
30. A computer program as claimed in claim 29 embodied on a computer readable medium.
PCT/EP2003/001791 2003-02-21 2003-02-21 Method and system for controlling the distribution of a programming code to a network access device WO2004075505A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2003210334A AU2003210334A1 (en) 2003-02-21 2003-02-21 Method and system for controlling the distribution of a programming code to a network access device
PCT/EP2003/001791 WO2004075505A1 (en) 2003-02-21 2003-02-21 Method and system for controlling the distribution of a programming code to a network access device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2003/001791 WO2004075505A1 (en) 2003-02-21 2003-02-21 Method and system for controlling the distribution of a programming code to a network access device

Publications (2)

Publication Number Publication Date
WO2004075505A1 true WO2004075505A1 (en) 2004-09-02
WO2004075505A8 WO2004075505A8 (en) 2004-10-14

Family

ID=32892836

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2003/001791 WO2004075505A1 (en) 2003-02-21 2003-02-21 Method and system for controlling the distribution of a programming code to a network access device

Country Status (2)

Country Link
AU (1) AU2003210334A1 (en)
WO (1) WO2004075505A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005098630A1 (en) * 2004-04-09 2005-10-20 Lockstep Consulting Pty Ltd Means and method of using cryptographic devices to combat online institution identity theft
EP2340483A1 (en) * 2008-09-02 2011-07-06 Vasco Data Security International GmbH Method for provisioning trusted software to an electronic device
EP2402879A1 (en) * 2010-07-01 2012-01-04 Rockwell Automation Technologies, Inc. Methods for firmware signature

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956408A (en) * 1994-09-15 1999-09-21 International Business Machines Corporation Apparatus and method for secure distribution of data
US6078909A (en) * 1997-11-19 2000-06-20 International Business Machines Corporation Method and apparatus for licensing computer programs using a DSA signature
EP1076279A1 (en) * 1999-08-13 2001-02-14 Hewlett-Packard Company Computer platforms and their methods of operation
WO2002080515A1 (en) * 2001-03-30 2002-10-10 Nokia Corporation System and method for configuring network access devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956408A (en) * 1994-09-15 1999-09-21 International Business Machines Corporation Apparatus and method for secure distribution of data
US6078909A (en) * 1997-11-19 2000-06-20 International Business Machines Corporation Method and apparatus for licensing computer programs using a DSA signature
EP1076279A1 (en) * 1999-08-13 2001-02-14 Hewlett-Packard Company Computer platforms and their methods of operation
WO2002080515A1 (en) * 2001-03-30 2002-10-10 Nokia Corporation System and method for configuring network access devices

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ROZENBLIT M: "Secure Software Distribution", IEEE, vol. 2, 14 February 1994 (1994-02-14), pages 486 - 496, XP010261000 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005098630A1 (en) * 2004-04-09 2005-10-20 Lockstep Consulting Pty Ltd Means and method of using cryptographic devices to combat online institution identity theft
EP2340483A1 (en) * 2008-09-02 2011-07-06 Vasco Data Security International GmbH Method for provisioning trusted software to an electronic device
EP2340483A4 (en) * 2008-09-02 2014-02-05 Vasco Data Security Int Gmbh Method for provisioning trusted software to an electronic device
EP2402879A1 (en) * 2010-07-01 2012-01-04 Rockwell Automation Technologies, Inc. Methods for firmware signature
US8484474B2 (en) 2010-07-01 2013-07-09 Rockwell Automation Technologies, Inc. Methods for firmware signature
US8738894B2 (en) 2010-07-01 2014-05-27 Rockwell Automation Technologies, Inc. Methods for firmware signature
US9122876B2 (en) 2010-07-01 2015-09-01 Rockwell Automation Technologies, Inc. Methods for firmware signature
US9881160B2 (en) 2010-07-01 2018-01-30 Rockwell Automation Technologies, Inc. Methods for firmware signature

Also Published As

Publication number Publication date
AU2003210334A8 (en) 2004-09-09
WO2004075505A8 (en) 2004-10-14
AU2003210334A1 (en) 2004-09-09

Similar Documents

Publication Publication Date Title
US9281949B2 (en) Device using secure processing zone to establish trust for digital rights management
US8522361B2 (en) Tokenized resource access
AU2007276673B2 (en) System and method for authenticating a gaming device
US8261087B2 (en) Digipass for web-functional description
JP4628354B2 (en) Communication device and authentication device
US8588415B2 (en) Method for securing a telecommunications terminal which is connected to a terminal user identification module
US20070192601A1 (en) System and method for user identification and authentication
US10397008B2 (en) Management of secret data items used for server authentication
US20040088541A1 (en) Digital-rights management system
US20170118029A1 (en) Method and a system for verifying the authenticity of a certificate in a web browser using the ssl/tls protocol in an encrypted internet connection to an https website
US20090077373A1 (en) System and method for providing verified information regarding a networked site
US8312518B1 (en) Island of trust in a service-oriented environment
JPH10282884A (en) Data processing method and its system
EP2027668A2 (en) Authentication methods and systems
CN112417385A (en) Safety control method and system
US20090119505A1 (en) Transaction method and verification method
CN109040079A (en) The establishment of live streaming chained address and verification method and related device
US20060150246A1 (en) Program execution control device, OS, client terminal, server, program execution control system, program execution control method and computer program execution control program
SE525847C2 (en) Ways to configure a locking system and locking system
JP2013512495A (en) PIN management method for user trusted device and user trusted device
CN107548542B (en) User authentication method with enhanced integrity and security
WO2004075505A1 (en) Method and system for controlling the distribution of a programming code to a network access device
JP2008042819A (en) User line authentication system, method, and program
JP5175541B2 (en) Method and related apparatus for securing operation over a network
CN109660355B (en) Method, device, storage medium and terminal for preventing POS terminal from being illegally tampered

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WR Later publication of a revised version of an international search report
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP