SYSTEM AND METHODS FOR REMOTE MAINTENANCE IN AN ELECTRONIC NETWORK WITH MULTIPLE CLIENTS
A system for performing remote maintenance in an electronic network configured to serve a plurality of clients may comprise a client, a database, and a virtual machine. The client may include a plurality of processing resources. Each one of the plurality of processing resources may have a respective set of processing instructions stored on an respective associated computer readable memory. The database may include information correlating a list of processing resources with a respective set of processing instructions. The virtual machine may be operable to access the database and perform calculations simulating proposed combinations of processing resources and their respective set of processing instructions before approving a software update requested for the client.
This application is a Continuation of U.S. patent application Ser. No. 12/879,226 filed Sep. 10, 2010, which claims the benefit of U.S. Provisional Application No. 61/316,498 filed on Mar. 23, 2010, which are incorporated herein their entirety.
TECHNICAL FIELD OF THE INVENTIONThe present invention relates generally to information exchange and, more particularly, to a method and system for remote maintenance of an information handling system with improved safety and security.
BACKGROUNDDistributed communication networks include a wide range of systems, from private intranets to the unsecured Internet. In any communication network, electronic content flows from one point in the network to another. Electronic content, in this context, may include electronic documents, executable files, data files, etc. In some communication networks, access to the electronic content may be restricted and/or limited to particular users and/or clients. Several methods exist to verify the identity of a user attempting to gain access to electronic content, such as username and password combinations, public/private key combinations, and/or biometrics. In some networks, a central server may employ such methods before distributing electronic content to a requesting user and/or client.
Software exchange between service providers and clients may be improved by certifying the content and security of the data exchanged. Some systems for certification are difficult to implement for a variety of reasons. For example, it may be difficult to protecting scanning and reporting agents within an operating system. As another example, the size of a client system may require too much time to complete a scan and/or transmit a report due to size. As another example, some systems may not be able to provide a secure connection between a biometric sensor and the reporting agent. Improved certification methods and systems may improve security, speed, and/or efficiency of software exchange between service providers and clients.
SUMMARY OF THE DISCLOSUREThe present disclosure provides a method and system for distributing electronic content that substantially eliminates or reduces at least some of the disadvantages and problems associated with previous methods and systems.
According to one embodiment, a system for performing remote maintenance in an electronic network configured to serve a plurality of clients may comprise a client, a database, and a virtual machine. The client may include a plurality of processing resources. Each one of the plurality of processing resources may have a respective set of processing instructions stored on an respective associated computer readable memory. The database may include information correlating a list of processing resources with a respective set of processing instructions. The virtual machine may be operable to access the database and perform calculations simulating proposed combinations of processing resources and their respective set of processing instructions before approving a software update requested for the client.
According to another embodiment, a method for performing remote maintenance in a client system served by an electronic network may comprise maintaining a database, receiving a request for a software update, accessing the database, and performing calculations. The database may include information correlating a list of client system nodes with a respective set of processing instructions. The request may include an identifier corresponding to a specific client system and a specific set of processing instructions. Accessing the database may include retrieving the information related to the nodes associated with the client systems and the respective set of processing instructions correlated to the associated processors. The calculations may simulate a combination of nodes and respective processing instructions that would result from the installation of the requested software update.
The methods and systems disclosed herein may include techniques using virtual machines (VM) discussed below. Technical advantages of certain embodiments of the present disclosure include increased security and/or reliability in remote maintenance including wireless transfer of electronic content from an external data center serving a plurality of client systems. Other technical advantages will be readily apparent to one skilled in the art from the following figures, descriptions, and claims. Moreover, while specific advantages have been enumerated above, various embodiments may include all, some or none of the enumerated advantages.
For a more complete understanding of the present invention and its advantages, reference is now made to the following description, taken in conjunction with the accompanying drawings, in which:
Preferred embodiments and their advantages are best understood by reference to
Data center 10 may be configured to provide maintenance to various clients and/or client systems 20. Such maintenance may include managing software and/or firmware updates and/or status. In complicated electronic networks with many client systems 20, managing the delivery of electronic content to various client systems 20 may be even more difficult if reports must be certified and/or verified.
For purposes of this disclosure, “electronic content,” “content,” “software,” and/or “software updates” may include any file, files, object code, executable code, data records, or any other electronically recorded data structure that a client of a electronic network may wish to access. Illustrative examples may include text files, spreadsheets, email, medical records, images, and other electronic data, as well as web pages, private networks, word processing programs, file management systems, and other programs. Additionally, a “client” may refer to a person acting as an end user or to the device or devices used by such a person to access the communication network, such as a personal computer, kiosk, or mobile computing device.
Trusted Computing and TrustCube may provide certifiable reporting related to client systems 20 to a service provider (e.g., data center 10). Certifiable reporting may create difficulty in protecting scanning and/or reporting agents associated with the client systems 20. In addition, the time required to complete a scan and send a large associated report may be too large. As another example, it may be difficult to implement a biometric sensor to the client system 20 and its reporting agent.
In some embodiments of the present invention, the combination of virtual machine (VM) technology and trusted computing techniques may provide advantages over other methods. For example, using a first VM with a minimal operating system (OS) for the limited purpose of generating reports may provide protection for the rest of the client system 20 against external access. As another example, because the first VM uses a smaller number of files and the files are smaller, the size of the reports sent to the data center 10 may be reduced. The advantages can be increased by using virtual hard disk images and virtual memory images instead of individual files in hard disk partitions. As another example, a limited purpose OS may repeatedly use the same files and/or memory images and changes to those files and images may be discarded and/or deleted.
In some embodiments, VM technology may be combined with file storage techniques (e.g., mbox). For example, files may be stored in plain text format in a single file. Such techniques may allow text processing tools to be readily used on the contents.
A virtual machine manager (VMM) may create, run, monitor, and/or terminate various VMs. The VMM may function to intercept interrupts and/or faults between VMs and/or to control the access that an application has to a hardware device and/or installed software. A VMM may also manage multi-tasking for a processor by sharing time between various threads in which applications and/or VMs run. Use of a VMM may expand the functionality of the VMs described above.
As another example, biometric sensors may be incorporated using separate VM and connected to the first VM through a VMM. The data center 10 may use certifiable reporting techniques in combination with biometric data to evaluate the trustworthiness of the state of the client system 20 and/or the biometric data.
Data center 10 may include processor 12, storage resources 14, and a communication bus 16. Processor 12 may comprise any system, device, or apparatus operable to interpret and/or execute program instructions and/or process data, and may include, without limitation, a microprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit (ASIC), or any other digital or analog circuitry configured to interpret and/or execute program instructions and/or process data. In some embodiments, processor 104 may interpret and/or execute program instructions and/or process data stored in storage resources 14, and/or another component of data center 10.
Data center 10 may represent a trusted, dedicated server that manages security policies and authenticates attributes. Data center 10 may contain a database containing a number of policies defining a set of attribute values that must be met before a client system 20 is granted permission to access electronic content and/or software. Data center 10 may receive an attribute report from client system 20 identifying one or more attributes associated with client system 20. After authenticating the attributes, data center 10 may determine whether to provide the requested service to client system 20. Application of such attribute report and authentication may also be referred to as “policy-based management.” The context data may include data representative of client system 20 such as physical location (e.g., IP address), certain software installed on the requesting machine (e.g., rigorous antivirus software), biometric identifiers, or any other appropriate context attributes of client system 20.
Storage resources 14 may be communicatively coupled to processor 12 and may comprise any system, device, or apparatus operable to retain program instructions or data for a period of time (e.g., computer-readable media). Storage resources 14 may comprise random access memory (RAM), electrically erasable programmable read-only memory (EEPROM), a PCMCIA card, flash memory, magnetic storage, opto-magnetic storage, or any suitable selection and/or array of volatile or non-volatile memory that retains data after power to storage resources 12 is turned off.
Storage resources 14 may include any combination of hardware and software, including controlling logic. For example, storage resources 14 may include a centralized repository of documents, such as medical records. As another example, storage resources 14 may represent an application service provider which provides access to particular applications, software or other media over a network. Such applications, software, or media may include, among other things, document readers, web browsers, or document editing software. As another example, storage resources 14 may be associated with an online networking website or an Email provider.
For clarity of description,
Communication bus 16 may be any suitable system, apparatus, or device operable to serve as an interface between data center 10 and network 18. Communication bus 16 may enable data center 10 to communicate over network 18 using any suitable transmission protocol and/or standard, including without limitation all transmission protocols and/or standards enumerated below with respect to the discussion of network 18. In some embodiments, network 18 may be a closed network (e.g., network 18 is only accessible by authorized clients).
As illustrated, network 18 may include any network capable of transmitting audio and/or video telecommunication signals, data, and/or messages. Some examples may include all, or a portion of, a radio access network, a public switched telephone network (PSTN), a public or private data network, a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a local, regional, or global communication or computer network such as the Internet, a wireline or wireless network, an enterprise intranet, or any combination of the preceding.
In operation, network 18 may provide connectivity between components coupled to network 18 using any appropriate communication protocol. To facilitate the described communication capabilities, network 18 may include routers, hubs, switches, gateways, call controllers, and/or any other suitable components in any suitable form or arrangement. Additionally, network 18 may include any hardware and/or software configured to communicate information in the form of packets, cells, frames, segments or other portions of data. Although network 18 is illustrated as a single network, communication network 18 may comprise any number or configuration of networks. Moreover, certain embodiments of communication network 1 may include any number or configuration of network 18.
In some embodiments, network 18 may include a virtual private network (VPN). A VPN provides increased security over an open and/or public network. In general, a VPN segregates and/or encapsulates data transfers so that the data may be kept private and/or secure from other devices sharing a intervening network (e.g., a LAN or a WAN). In operation a VPN may allow a plurality of clients 20 to interact with data center 10 as if connected directly and/or privately.
Client 20 may include any system and/or component of electronic network 1 maintained, at least in part, by data center 10. Client 20 may include multiple processors, related software and/or firmware, sensors, etc. For example, client 20 may include an automobile and its internal network. As another example, client 20 may include a portable phone with processors and software identity modules (SIM) cards. In the context of this disclosure, client 20 may be described with respect to specific embodiments, by the teachings are not so limited. In some embodiments, the various processors and storage resources associated with client 20 may be provided by multiple vendors and/or service providers. In those embodiments, maintenance of the various processors and their associated software and/or firmware may be complicated by the need to coordinate data across the multiple vendors and/or service providers. Rather than allow unfettered access to the entire client system 20, the teachings of this disclosure may allow for virtual partitions segregating the various resources from one another.
Client 20 may include a computer and/or a computing device including functionality for wireless communication with data center 10. For example, client 20 may include a desktop computer, a laptop computer, a personal digital assistant (PDA), a smart phone, a cellular or mobile phone, an in- or out-of-car navigation system, and/or a mobile gaming device. Client 20 may operate one or more client applications (e.g., a web browser, a text editor, etc.).
Client system 20 may be significantly more complex than the simplified client network system 30 shown in
VM 22 may include a virtual machine corresponding to client network system 30 and/or to a single process associated with client network system 30. Multiple VMs 22 may run multiple operating systems (OS). In such an arrangement, each VM 22 may use a single-purpose OS and time-share any needed processing resources of client system 20 and/or processing module 21 through VMM 24.
Trusted platform module 26 may include resources configured to generate cryptographic keys (e.g., a hardware pseudo-random number generator). In some embodiments, TPM 26 may include remote attestation and/or sealed storage. In some embodiments, TPM 26 includes at least one dedicated processor with a unique and secret RSA key assigned to and burned into the processor chip during manufacturing. Use of a unique RSA key in TPM 26 may allow data center 10 to verify that client system 20 is actually a client.
For example, TPM 26 may employ a hash key including a summary of the hardware and software configuration of client system 20. A hash key may allow client system 20 to test any incoming software packages and/or updates to verify they have not been changed. One example verification method includes binding, encryption based on a TPM endorsement key unique to a processor during its manufacture and/or another trusted key related to that endorsement key. Another example verification method includes sealing, which may impose an additional state requirement on the condition of the TPM 26.
Resource list 28 may include a list and/or register of entities. In some embodiments, resource list 28 may include a whitelist of entities approved for access and/or recognition. A whitelist may include any data center 10 entities that TPM 26 may approve for access to client system 20. In some embodiments, resource list 28 may include a blacklist of entities for which access will be denied.
Client network 30 may include a network system within a particular client, including multiple processors and/or storage resources. For example, client network 30 may include a FlexRay network system associated with an automobile. FlexRay is a particular embodiment of a network communications protocol developed for managing the numerous processors in an automobile system. As another example, a controller-area network (CAN or CAN-bus) is a particular embodiments of a communications protocol standard designed to allow microcontrollers and devices to communicate with each other without a host computer. Additional examples include time triggered protocol (TTP) and avionics full-duplex switched ethernet (AFDX).
Node 32 in client system 20 may include any particular resources of client system 20. For example, node 32 may include processors and/or their associated software, firmware, and/or processing instructions related to the processors. For example, an automobile may have a very complex network system comprising multiple CPUs. Each CPU may have software and/or firmware for its operation supplied by the vendor. Client network 30 may be responsible for the operation and/or maintenance of each node 32, including managing the version and/or update status of the software and/or firmware associated with each node 32 in client system 20.
Global positioning system interface 40 may include any interface with the Global Positioning System (GPS). GPS includes a space-based global navigation satellite system providing reliable location and time information. GPS is accessible by anyone and/or any system with a GPS receiver. The use of particular and accurate location and/or timing information may allow client processing module 21 to manage information requests, downloads, and/or other content.
Communication network 2 may include internet 42, external data centers 10, and client mobile navigation system 20. Client system 20 may communicate with internet 42 through a private infrastructure 44 (e.g., a home-based internet connection in a user's home). Data centers 10a and 10b may communicate with client system 20 through network 18. Network 18 may provide secure communications as described in this disclosure.
Data center 10a may include a database of electronic content useful in client system 20. For example, if client system 20 includes a mobile navigation system, data center 10a may include maps, updated interfaces for the user, and other content related to a mobile navigation system. Data center 10a may also communicate with internet 42 via an ISP.
Data center 10b may include a database housing firmware, maintenance, and software related to the operation of mobile navigation system 20. For example, data center 10b may provide a list of the most current versions of firmware for each processor in mobile navigation system 20.
Client system 20 may operate several VMs 22 in module 21 to interface with each separate data source. For example, VM 22a may include a universal browser and/or a web OS for interaction with internet 42. As another example, VM 22b and 22c may include a private application and a virtual OS for interaction with data centers 10a and 10b, respectively. As another example, VM 22d may include a private application and a virtual OS for interaction with various systems in the user's automobile 32.
Each VM 22 may only communicate to another VM 22 through VMM 24. VMM 24 may manage these communications in concert with TPM to increase the security of each VM 22. For example, content received from the internet 42 may not be installed to node 32 unless approved by VMM 24 by any of the various methods described herein.
VMM 24 may provide storage resources 48 to various VMs 22 as appropriate. VMM 24 may operate one or more programs 50 in association with each VM 22. VMM 24 may also cooperate with TPM 26 and/or resource list 28 to provide encryption, validation keys, white lists, and/or black lists.
Step 64 may include operating a data center 10 having a database of software associated with various processors and resources in a client system. For example, step 64 may include maintaining a list of processors associated with client system 20, as well as any current software and/or firmware provided for the use of the processors of client system 20.
Step 66 may include communicating with a first virtual machine 22b hosted by processing module 21 of client system 20. First virtual machine 22b may handle a first data set associated with the data center 10. First virtual machine 22b may be managed by VMM 24 as discussed above. First virtual machine 22b may be configured to monitor the list of processors and their associated software and/or firmware maintained by data center 10.
Step 68 may include receiving a request from first virtual machine 22b identifying a software update for delivery to client system 20. For example, data center 10 may receive such a request from first virtual machine 22b through network 18.
Step 70 may include performing an attestation process verifying the identity of client system 20. An attestation process may include any of the verification processes discussed above. In some embodiments, an attestation process may include receiving, testing, and/or verifying one or more biometric indicators. In some embodiments, data center 10 may perform the attestation process to verity the identity of client system 20.
Step 72 may include sending the identified software update to first virtual machine 22b using a network 18. Network 18 may be a closed network as discussed above. In some embodiments, data center 10 may perform step 72. In some embodiments, the identified software update may be sent wirelessly.
Step 74 may include authorizing first virtual machine 22b to install the identified software update on client system 20 using second virtual machine 22c associated with the client system. In some embodiments, data center 10 may perform step 74. In other embodiments, VMM 26 may perform step 74. Method 60 may end at 76.
Method 60 may be useful on client systems 20 where first virtual machine 22b and second virtual machine 22c communicate through VMM 24. Use of VMM 24 may protect client system 20 from direct access by data center 10 and/or otherwise increase security of the components of client system 20. In some embodiments of method 60 first virtual machine 22b may interrogate second virtual machine 22c to verify client system 20 has successfully installed the software update.
In client systems 20 with a large number of nodes 32, traditional methods of maintenance would require client system 20 to be serviced at a secure maintenance location. Remote maintenance by radio transmission and/or another over-the-air system may decrease security under those traditional methods.
In contrast, electronic networks 1 employing method 60 may allow the use of remote maintenance without decreasing security. Particular embodiments of electronic network 1 may increase the security of any particular VM 22 by managing the VMs 22 with VMM 24, where data exchange between the various VMs 22 may be operated and/or controlled by VMM 24.
Step 84 may include hosting two VMs 22 associated with client system 20. First VM 22b may handle a first data set associated with the client system 20. Second VM 22c may handle a second data set associated with an external data center 10.
Step 86 may include operating a VMM 24 configured to manage communication between the two virtual machines 22. Use of VMM 24 may protect client system 20 from direct access by data center 10 and/or otherwise increase security of the components of client system 20.
Step 88 may include recognizing the first data set is out of date in comparison with the second data set. Step 88 may be performed by a VM 22. For example, second VM 22b may interrogate first VM 22c to check the status, version, and/or configuration of any processors and/or their respective software and/or firmware. For example, second VM 22b may compare the status, version, and/or configuration of a particular processor and/or its respective software and/or firmware against the updated data in data center 10.
Step 90 may include identifying a software update for delivery to client system 20. Step 90 may be performed by a VM 22, data center 10, and/or other components of electronic network 1. In some embodiments, VM 22 may transmit data related to client system 20 to data center 10 via a secure mechanism (e.g., via TPM/TNC).
Step 92 may include performing an attestation process verifying the identity of the data center 10. An attestation process may include any of the verification processes discussed above. In some embodiments, an attestation process may include receiving, testing, and/or verifying one or more biometric indicators. In some embodiments, client system 20 may perform the attestation process to verify the identity of data center 10 using second VM 22b, TPM 24, and/or resource list 28.
Step 94 may include requesting the identified software update from the external data center 10. In some embodiments, second VM 22b may perform step 94. The identified software update may include various software and/or firmware related to one or more nodes 32 of client system 20 (e.g., a CPU).
Step 96 may include receiving the identified software update from the external data center 10 to the client system 20. In some embodiments, second VM 22b will perform step 96. The identified software update may be transmitted over network 18. In some embodiments, VMM 24 may check the received software update for integrity before performing step 98.
Step 98 may include installing the sent software update on client system 20 through first virtual machine 22b. In some embodiments of method 80 second virtual machine 22b may interrogate first virtual machine 22c to verify client system 20 has successfully installed the software update. In some embodiments, client system 20 may create and/or maintain a log for the receipt and/or installation of the software updates. In some embodiments, data center 10 may create and/or maintain a log for the sending and/or installation of the software update. The log may include a time stamp.
Method 80 may end at 99.
In client systems 20 with a large number of nodes 32, traditional methods of maintenance would require client system 20 to be serviced at a secure maintenance location. Remote maintenance by radio transmission and/or another over-the-air system may decrease security under those traditional methods.
In contrast, electronic networks 1 employing method 80 may allow the use of remote maintenance without decreasing security. Particular embodiments of electronic network 1 may increase the security of any particular VM 22 by managing the VMs 22 with VMM 24, where data exchange between the various VMs 22 may be operated and/or controlled by VMM 24.
Step 104 may include maintaining a database including information correlating a list of client system nodes 32 with a respective set of processing instructions. Data center 10 may perform step 104 alone or in conjunction with other resources. For example, an individual may be responsible for updating the database as new information becomes available. As another example, various vendors and/or suppliers associated with client system nodes 32 may deliver updated software and/or firmware packages to data center 10 electronically.
Step 106 may include receiving a request for a software update, the request including an identifier corresponding to a specific client system 20 and a specific set of processing instructions. Data center 10 may perform step 106. Data center may receive the request over network 18.
Step 108 may include accessing the database to retrieve the information related to the client system nodes 32 and the respective set of processing instructions correlated to the associated nodes 32. Data center 10 may perform step 108 based on the received request.
Step 110 may include performing calculations simulating a combination of nodes 32 and respective processing instructions that would result from the installation of the requested software update. Data center 10 may perform step 110.
Method 100 may end at 112.
In some embodiments, client systems 20 may include a complex network system comprising multiple nodes 32 (e.g., CPUs and/or processing resources). Each node 32 may include associated software and/or firmware supplied by the vendor. As any particular node 32 receives updated software and/or firmware from its respective vendor, a new combination of software and/or firmware exists for client system 20. The number of possible combinations may be very large. An inoperative and/or inappropriate combination of software and/or firmware may affect the operation of client system 20. In some embodiments, data center 10 may maintain a database of nodes 32 and their respective software.
Method 100 may allow data center 10 and/or additional components of electronic network 1 to simulate a proposed combination of nodes 32 and/or their associated software and/or firmware before delivering any electronic content to client system 20. Testing a proposed combination for operational integrity, compatibility, and/or any other appropriate standard may increase the reliability and/or stability of client system 20.
Step 124 may include receiving a list of updated software modules available for delivery to the plurality of client systems 20. The updated software modules may be hosted on plurality of servers. Step 124 may be performed by client system 20. For example, first VM 22b may query data center 10 for the list and then receive the list.
Step 126 may include determining whether to request any of the updated software modules on the list based at least in part on the identity of a plurality of nodes 32 associated with client system 20. In some embodiments, first VM 22b may consider the list of processors in client system 20 and compare that list versus the list of available modules. For example, if client system 20 is an automobile and/or a FlexRay system associated with an automobile, first VM 22b may determine whether to request an update based on the make, model, and/or year of the automobile.
Step 128 may include requesting an updated software module. In some embodiments, step 128 may be an over-the-air and/or a remote communication. Client system 20 may perform step 128. For example, first VM 22b may request the updated software module from data center 10.
Step 130 may include receiving the requested updated software module. In some embodiments, the updated software modules may be hosted on a plurality of servers. In such embodiments, client system 20 may receive the requested module from the particular server hosting the requested module. In such embodiments, the list of updated software modules may include a uniform resource locator identifying the location of each module.
Step 132 may include installing the received updated software module on the client system. The updated software module may be delivered over-the-air and/or by another remote communication system. Method 120 may end at 134.
Method 140 may include multiple steps and may be performed by various components of electronic network 1, including data center 10 and/or other resources. In some embodiments, client system 20 may include a mobile phone. Method 140 may start at 142.
Step 144 may include operating data center 10 having a database of software associated with various nodes 32 in a client system. In embodiments where client system 20 includes a mobile phone, nodes 32 may include various software identifier modules (SIMs). Data center 10 may perform step 144.
Step 146 may include communicating with first virtual machine 22b hosted by client system 20. First virtual machine 22b may handle a first data set associated with data center 10. For example, first virtual machine 22b may be configured to access a list of various configurations, revision numbers, etc. related to the various nodes 32 of client system 20. Data center 10 may perform step 146 using network 18. Data center 10 may compare the data set associated with first VM 22b to a list of current versions and/or update status and flag any variations in identity.
Step 148 may include receiving a request first virtual machine 22b identifying a software update for delivery to one of the various nodes 32 in client system 20. For example, first VM 22b may request a software update for a particular SIM in a mobile phone. Data center 10 may perform step 148.
Step 150 may include performing an attestation process verifying the identity of client system 20. Data center 10 may perform step 150. An attestation process may include any of the verification processes discussed above. In some embodiments, an attestation process may include receiving, testing, and/or verifying one or more biometric indicators. In some embodiments, client system 20 may perform the attestation process to verify the identity of data center 10 using second VM 22b, TPM 24, and/or resource list 28.
Step 152 may include sending the identified software update to the first virtual machine using a network. In some embodiments, data center 10 may send the identified software over network 18. In some embodiments, step 152 may be performed by sending the identified software update wireless and/or over-the-air.
Step 154 may include authorizing first VM 22b to install the received software update on client system 20 using a second VM 22c associated with the one of the various nodes 32. First VM 22b and second VM 22c may communicate through VMM 24. In some embodiments, client system 20 may perform an attestation process verifying the integrity and/or safety of the received software before accepting it from data center 10. Method 140 may end at 156. Attestation may occur before and/or after the installation of the received software update.
In some embodiments, first 22b may interrogate second VM 22c to verify client system 20 has received the software update. In some client systems 20, each of multiple nodes 32 may operate with a unique operating system. For example, in a mobile phone with multiple SIM cards, each SIM card may operate on its own OS. Data exchange between multiple SIM cards and/or between various VMs 22 of client system 20 may be complicated because of the variation in OS. In some embodiments, a particular SIM card may have lower level security requirements in comparison with another SIM care and its OS. In such embodiments, traditional maintenance requires the client system 20 to be serviced in a secure maintenance location.
Use of method 140 and the teachings of the present disclosure may allow over-the-air and/or wireless maintenance of client system 20. In client systems with multiple VMs 22 linked through VMM 24, data exchange between data center 10 and client system 20 may be supported by TPM 26 and provide increased security and/or reliability.
Step 144 may include hosting two virtual machines 22 associated with the client system 20. First VM 22b may handle a first data set associated with external data center 10. Second VM 22c may handle a second data set associated with node 32 in client system 10. First VM 22b and second VM 22c may communicate through VMM 24 to maintain data integrity and/or reliability for the various VMs 22.
Step 146 may include operating VMM 24 configured to manage communication between the two VMs. Client system 20 may perform step 146 in combination with TPM 26.
Step 148 may include recognizing the first data set is out of identity with the second data set. Data center 10, VM 22b or 22c, and/or VMM 24 may perform step 148.
Step 150 may include identifying a software update for delivery to node 32, the software update configured to restore identity between the first data set and the second data set.
Step 152 may include performing an attestation process verifying the identity of the client system, verifying the identity of the data center 10, and/or the reliability and/or safety of the software update identified. Any portion of electronic network 1 may perform the attestation process. For example, VMM 24 may operate in conjunction with TPM 26 to validate the identity of the software package and/or data center 10.
Step 154 may include requesting the identified software update from external data center 10. First VM 22b may perform step 154.
Step 156 may include receiving the identified software update from external data center 10 to first VM 22b.
Step 158 may include installing the sent software update on node 32 through second VM 22c. In some embodiments, first 22b may interrogate second VM 22c to verify node 32 has received the software update.
In some client systems 20, each of multiple nodes 32 may operate with a unique operating system. For example, in a mobile phone with multiple SIM cards, each SIM card may operate on its own OS. Data exchange between multiple SIM cards and/or between various VMs 22 of client system 20 may be complicated because of the variation in OS. In some embodiments, a particular SIM card may have lower level security requirements in comparison with another SIM care and its OS. In such embodiments, traditional maintenance requires the client system 20 to be serviced in a secure maintenance location.
Use of method 160 and the teachings of the present disclosure may allow over-the-air and/or wireless maintenance of client system 20. In client systems with multiple VMs 22 linked through VMM 24, data exchange between data center 10 and client system 20 may be supported by TPM 26 and provide increased security and/or reliability.
Step 186 may include providing a plurality of encryption keys to client system 20, each of the plurality of encryption keys correlated to a respective time factor. The time factor may depend at least in part on a control factor and a time stamp generated at the delivery of the software code packet, an update timing of the software code packet, or an update timing of a trusted protocol module associated with the client.
Step 188 may include encrypting a software code packet using one of the plurality of encryption keys based on a time factor related to the software code packet. Step 190 may include delivering the encrypted software code packet to client system 20.
Step 192 may include informing client 20 to choose a decryption key based on the time factor correlating to the time client 20 receives the software code packet. Method 182 may end at 194.
Traditional software code integrity may be checked using an electronic signature (e.g., a public key infrastructure (PKI) certification method). Use of an electronic signature, however, may be unreliable compared to the methods of this disclosure. For example, electronic signatures may incorporate an expiration date, after which the signature will fail. It may be possible to replace and/or change code before and/or after the electronic signature validation process is performed.
In accordance with the teachings of the present disclosure, code integrity may be substantially improved by including an update timing/key control. The encryption key may change based on a time factor. For example, the time factor may depend at least in part on a time stamp related to the sending and/or the delivery of electronic content. As another example, the time factor may depend at least in part on the update timing of TPM 26 and/or a VM 22. In any case, the time factor may also depend on a pre-arranged control factor, a. Multiple encryption keys may be stored by resource list 28 associated with TPM 26. Using the appropriate encryption key, TPM 26 may also check the expiration of the electronic content using its electronic signature date.
In accordance with the teachings of the present disclosure, code integrity may be substantially improved by including an update timing/key control. The encryption key may change based on a time factor. For example, the time factor may depend at least in part on a time stamp related to the sending and/or the delivery of electronic content. As another example, the time factor may depend at least in part on the update timing of TPM 26 and/or a VM 22. In any case, the time factor may also depend on a pre-arranged control factor, a. Multiple encryption keys may be stored by resource list 28 associated with TPM 26. Using the appropriate encryption key, TPM 26 may also check the expiration of the electronic content using its electronic signature date.
Step 204 may include storing a list of encryption keys from data center 10, each of the encryption keys correlated to a respective time factor. The list may be stored by TPM 24 and/or by a storage resource associated with TPM 24.
Step 206 may include receiving an encrypted software code packet from data center 10. In some embodiments, an electronic signature may also be received.
Step 208 may include choosing an encryption key based on a time factor. In some embodiments, TPM 24 may also check an electronic signature delivered with the encrypted software packet. Method 200 may end at 210.
Although
Although the present invention has been described with several embodiments, various changes and modifications may be suggested to one skilled in the art. It is intended that the present invention encompass such changes and modifications as fall within the scope of the appended claims. The teachings of the present disclosure encompass all changes, substitutions, variations, alterations, modifications to the example embodiments herein that a person having ordinary skill in the art would comprehend.
In particular embodiments, one or more web pages may be associated with a networking system and/or networking service. Particular embodiments may involve the retrieval and/or rendering of structured documents hosted by any type of network addressable resource or web site. Additionally, as used herein, a “user” may include an individual, a group, and/or a corporate entity (e.g., a business and a third party application).
Claims
1. A system for performing remote maintenance in an electronic network configured to serve a plurality of clients, the system comprising:
- a client including a plurality of nodes;
- each one of the plurality of nodes having a respective set of processing instructions stored on an respective associated computer readable memory;
- a database associated with the electronic network, the database including information correlating a list of nodes with a respective set of processing instructions; and
- a virtual machine operable to access the database and perform calculations simulating proposed combinations of nodes and their respective set of processing instructions before approving a software update requested for the client.
2. A system according to claim 1, wherein the virtual machine includes:
- an operating system; and
- processing instructions encoded in a computer readable memory, the processing instructions, when executed by the processing resource, operable to perform operations comprising: receiving a request to provide a software update to the client; querying the database for information associated with the client; simulating a combination of the plurality of nodes of the client with the requested software update; comparing a result of the simulation to one or more rules for compatibility; and approving the requested software update if the result complies with the one or more rules for compatibility.
3. A system according to claim 1, wherein the client is an automobile.
4. A system according to claim 1, further comprising the virtual machine configured to receive data regarding a current status of the client through a trusted platform module.
5. A system according to claim 1, wherein the client includes a FlexRay system associated with an automobile.
6. A system according to claim 1, further comprising the virtual machine operable to perform a risk analysis for a requested software update based on one or more safety factors.
7. A system according to claim 1, further comprising the virtual machine operable to perform a risk analysis for a requested software update based at least on a high speed performance metric.
8. A system according to claim 1, further comprising the virtual machine operable to perform a risk analysis for a requested software update based at least on an environmental resistance performance metric.
9. A system according to claim 1, further comprising the virtual machine operable to create a report regarding the software update requested for the client.
10. A system according to claim 1, further comprising the virtual machine operable to create a report regarding the software update requested for the client, the report including a summary of operational information related to the client.
11. A system according to claim 1, further comprising the virtual machine operable to create a report regarding the software update requested for the client, the report including a Hash value calculated by a trusted platform module.
12. A system according to claim 1, further comprising the virtual machine operable to create a report regarding the software update requested for the client, the report including a time stamp.
13. A system according to claim 1, further comprising the virtual machine operable to create a report regarding the software update requested for the client, the report stored by a computer readable memory associated with the electronic network.
14. A system according to claim 1, further comprising the virtual machine operable to propose an alternative software update if the requested software update fails to comply with a rule for compatibility.
15. A method for performing remote maintenance in a client system served by an electronic network, the method comprising:
- maintaining a database including information correlating a list of client system nodes with a respective set of processing instructions;
- receiving a request for a software update, the request including an identifier corresponding to a specific client system and a specific set of processing instructions;
- accessing the database to retrieve the information related to the nodes associated with the client systems and the respective set of processing instructions correlated to the associated processors; and
- performing calculations simulating a combination of nodes and respective processing instructions that would result from the installation of the requested software update.
16. A method according to claim 15, further comprising comparing a result of the simulation calculations to one or more rules for compatibility.
17. A method according to claim 15, further comprising approving the requested software update if a result of the simulation calculations complies with one or more rules for compatibility.
18. A method according to claim 15, further comprising receiving data regarding a current status of the client system through a trusted platform module.
19. A method according to claim 15, wherein the client system includes a FlexRay system associated with an automobile.
20. A method according to claim 15, further comprising performing a risk analysis for the requested software update based on one or more safety factors.
21. A method according to claim 15, further comprising performing a risk analysis for a requested software update based at least on a high speed performance metric.
22. A method according to claim 15, further comprising performing a risk analysis for a requested software update based at least on an environmental resistance performance metric.
23. A method according to claim 15, further comprising creating a report regarding the software update requested for the client system.
24. A method according to claim 15, further comprising creating a report regarding the software update requested for the client system, the report including a summary of operational information related to the client.
25. A method according to claim 15, further comprising creating a report regarding the software update requested for the client system, the report including a Hash value calculated by a trusted platform module.
26. A method according to claim 15, further comprising creating a report regarding the software update requested for the client system, the report including a time stamp.
27. A method according to claim 15, further comprising creating a report regarding the software update requested for the client, the report stored by a computer readable memory associated with the electronic network.
28. A method according to claim 15, further comprising proposing an alternative software update if the requested software update fails to comply with a rule for compatibility.
Type: Application
Filed: May 15, 2015
Publication Date: Sep 3, 2015
Inventors: Seigo Kotani (Kawasaki), Masato Suzuki (Tokyo)
Application Number: 14/713,470