Abstract: By way of example only, in various embodiments, the present system and system is designed to reduce the size of data on a computer through compression, to improve hash, message digest, and checksum technology and their application to information and data storage, to improve uniqueness by using mutual exclusion in hash and checksum tests, to improve checksum tests providing better computer security, to create an XML compression format and to move binary compression formats to XML or other markup language, to utilize variable length hashes and message digests, and to create an XML based checksum that can be used to verify the integrity of files.

Abstract: A non-transitory computer readable recording medium has stored thereon an application package including at least one file, the application package including an executable file created by compiling a program code, a manifest file including a hash value of the at least one file included in the application package, a digest information file including a hash value of the manifest file, a certificate file including a hash value of the digest information file, the hash value of the digest information file being digitally signed using a private key, security information including a public key corresponding to the private key, the security information being encrypted using an encryption key, and a native library including an application programming interface (API) configured to execute the executable file.

Abstract: Methods, systems, and apparatus, including a method for providing data. The method comprises receiving a first request from a first virtual machine (VM) to store data, obtaining the data and an access control list (ACL) of authorized users, obtaining a data key that has a data key identifier, encrypting the data key and the ACL using a wrapping key to generate a wrapped blob, encrypting the data, storing the wrapped blob and the encrypted data, and providing the data key identifier to users on the ACL. The method further comprises receiving a second request from a second VM to obtain a data snapshot, obtaining an unwrapped blob, obtaining the data key and the ACL from the unwrapped blob, authenticating a user associated with the second request, authorizing the user against the ACL, decrypting the data using the data key, and providing a snapshot of the data to the second VM.

Abstract: Technologies related to shared secret identification for secure communication are generally described. In some examples, devices may exchange hashes, such as file deduplication hashes, to identify a matching hash. The identified matching hash represents a shared data item which may be used as a shared secret to encrypt and/or decrypt subsequent secure communications between the devices. Each device retrieves the shared data item from its respective secure memory and may use the shared data item to encrypt and/or decrypt subsequent secure communications. An eavesdropper may observe the hash exchange, but will not be able to decrypt the secure communications without access to the shared data item, because hashes may be effectively non-invertible.

Abstract: A real-time frame authentication protocol is presented for in-vehicle networks. A frame identifier is made anonymous to unauthorized entities but identifiable by the authorized entities. Anonymous identifiers are generated on a per-frame basis and embedded into each data frame transmitted by a sending ECU. Receiving ECUs use the anonymous identifiers to filter incoming data frames before verifying data integrity. Invalid data frame are filtered without requiring any additional run-time computations.

Abstract: A method and apparatus are described for performing cipher communication in a wireless local area network system. A pseudo noise (PN) code sequence for a plaintext Medium Access Control (MAC) protocol data unit (MPDU) is obtained. An additional authentication data (AAD) is constructed by using at least one field in a header of the plaintext MPDU. A Nonce is constructed from the PN code sequence, an Address 2 field in the header of the plaintext MPDU and a Priority field in the header of the plaintext MPDU. A counter mode (CTR) is generated with cipher block chaining (CBC)-MAC Protocol (CCMP) header. Encrypted data and Message Integrity Code (MIC) are generated by using a temporal key, the AAD, and the Nonce. An encrypted MPDU is generated to be transmitted to a peer station by combining the plaintext MPDU header, the CCMP header, the encrypted data and the MIC.

Abstract: Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value vi associated therewith, wherein the value vi is given by vi=h (vi+1), for a given hash function or other one-way function h. An initial distribution of helper values may be stored for the one-way chain of length s, e.g., at positions given by i=2j for 0?j?log2 s. A given one of the output values vi at a current position in the one-way chain may be computed utilizing a first helper value previously stored for another position in the one-way chain between the current position and an endpoint of the chain. After computation of the given output value, the positions of the helper values are adjusted so as to facilitate computation of subsequent output values.

Abstract: A method and system for ascertaining an object status of an object associated to an authenticity certificate. A first hashing result of an object identifier encoded within a decrypted first encrypted step certificate is extracted. A second hashing result is obtained from hashing the object to be authenticated. A third hashing result of an object identifier encoded within a decrypted second encrypted step certificate is extracted. A fourth hashing result is obtained from hashing the object to be authenticated. It is determining that the first hashing result is equal to the second hashing result and that the third hashing result is equal to the fourth hashing result, from which it is ascertained the object status of the object is that the object is an authentic object, a counterfeited object, or a stolen object. The ascertained object status is displayed on a screen of an authenticity verification equipment.

Abstract: A computer-implemented method for negotiating a time and a medium for communications between users is described. The method is performed at a server including one or more processors and memory storing one or more programs. The method includes receiving a request from a first user to negotiate a time and a medium for communication with a second user. The request includes a plurality of acceptable mediums of communication. The method also includes generating a first notification based on the request. The first notification includes the plurality of acceptable mediums of communication. The method furthermore includes transmitting the first notification to the second user, and receiving a response to the first notification from the second user. The response indicates whether the second user has accepted one of the acceptable mediums of communication.

Abstract: A method and apparatus cryptographically process data including a plurality of data segments. The cryptographic process includes (a) receiving a plurality of data segments, (b) selecting, for each data segment, a set of encryption information based on data contained in a predetermined portion of the data segment to be encrypted, and (c) encrypting each data segment using the set of encryption information selected for the data segment. At least one of an encryption algorithm, an encryption key, and an encryption parameter may be changed for each data segment based on the data contained in the predetermined portion. The predetermined portion may include a first predetermined portion for selecting a first set of encryption information, and a second predetermined portion for selecting a second set of encryption information, the encryption information including an encryption algorithm, an encryption key, and optionally an encryption parameter.

Abstract: In one aspect, the present invention comprises one or more processors that generate a first checksum value for a data block and a second checksum value for the data block, wherein the first checksum value is generated by applying a first checksum algorithm to the data block and the second checksum value is generated by applying a second checksum algorithm, different from the first checksum algorithm, to the data block; one or more processors operable to create a data entry comprising data identifying: the first and second checksum values, the first and second checksum algorithms, and at least one of the identified attributes of the data block, the data entry not comprising the data block, and wherein the data block can be recovered using the data entry; and one or more processors that store the data entry in a computer-readable medium. Other aspects comprise related systems, methods, and software.

Abstract: A method and apparatus for maintaining a tamper proof device log are described. In one embodiment, the method comprises maintaining an embedded log in the device, the embedded log being a chain of log entries. In one embodiment, the method may also comprise publishing at least one log entry to a location external to the device.

Abstract: Methods and apparatus to certify digital signatures are disclosed. An example method includes retrieving, from a first database, a first geographical location associated with an identification number associated with a network device and identified in a request to certify a digital signature, comparing the first geographical location associated with the identification number to a second geographical location to verify the second geographical location, determining that the first geographical location matches the second geographical location, and certifying the digital signature to indicate an authenticity of the digital signature based on the verification of the second geographical location and a comparison of (a) biometric information associated with a user associated with the request and (b) stored biometric information.

Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.

Abstract: A method transmits a message between a transmitter and a receiver on a bus using an identifier associated with the transmitter/receiver path for the purpose of authentication and a message counter. The identifier is dynamically selected from an identification sequence depending on the message counter value and is integrated into the message check sum but not transmitted via the bus. A control device and a vehicle are adapted to carry out the method for transmitting a message.

Abstract: A media access control (MAC) security apparatus for a local area network interface includes a parser, an encryption engine, an authentication engine, and a first buffer. The parser is configured to output packets. The encryption engine is configured to receive the packets from the parser and generate encrypted data based on the packets received from the parser and cryptographic primitives. The encryption engine includes an advanced encryption standard engine configured to form the cryptographic primitives. The authentication engine is configured to perform authentication operations of the local area network interface based on the encrypted data from the encryption engine. The first buffer is configured to interface the encryption engine to the parser. The parser and the encryption engine process data at different rates. The first buffer is configured to compensate for the different rates.

Abstract: A new approach for a transport protocol for sensor data collection, such as a smart grid is described. In one embodiment of the invention, each server avoids keeping security and communication state per client through the notion of a secure “state-token”. The state token is issued with each server message and is subsequently attached to corresponding client messages delivered to the server. An implementation is provided in which the server encrypts and authenticates the associated session state, and then gives the resulting encryption for the client to temporarily store and return to the server with a next message. In this way, a server does not keep session state after sending the encryption back to a client and can quickly restore session state when the next message from the client arrives.

Abstract: Aspects of the present invention maintain data integrity of a monitored data object in a monitored storage repository. A first security value for the monitored data object is determined. The first security value is stored along with an authentic copy of the monitored data object in the secure repository. The second security value for the monitored data object is determined after a predetermined time interval. The first security value is compared with the second security value. An alert is generated in response to determining a difference between the second security value and the first security value.

Abstract: A system for generating a security document includes a plurality of computing nodes forming a computing cluster, each computing node having a node identifier for uniquely identifying the node within the cluster, each node being capable of running multiple concurrent processes, and each process having a process identifier for uniquely identifying the process within the node, at least some of the processes on at least some of the nodes being adapted to perform the steps of: a. collecting information for inclusion in the document, the information including at least a subject identifier for uniquely identifying a subject of the document; b. generating a first random value and a second random value; c. concatenating the subject identifier and the second random value; d. applying a cryptographic hash function to the concatenation of the subject identifier and the second random value, resulting in a message digest value; e. truncating the message digest value; f.

Abstract: When exchanging communication parameter setting information on a wireless network, a communications apparatus selects between a first operation mode in which communications parameter information is exchanged with a specific communications apparatus and a second operation mode in which communications parameter information is exchanged with an unspecified number of communications apparatus. Depending on the selected operation mode, the communications apparatus control security upon holding the communications parameter information exchanged with the specific communications apparatus and the communications parameter information exchanged with the unspecified number of communications apparatus.

Abstract: In an encrypted storage system employing data deduplication, encrypted data units are stored with the respective keyed data digests. A secure equivalence process is performed to determine whether an encrypted data unit on one storage unit is a duplicate of an encrypted data unit on another storage unit. The process includes an exchange phase and a testing phase in which no sensitive information is exposed outside the storage units. If duplication is detected then the duplicate data unit is deleted from one of the storage units and replaced with a mapping to the encrypted data unit as stored on the other storage unit. The mapping is used at the one storage unit when the corresponding logical data unit is accessed there.

Abstract: A secure signing method, a secure authentication method, and an IPTV system are disclosed. The secure signing method includes preparing digital signature header fields and setting an attribute, calculating a hash digest of content using a hashing algorithm, storing the calculated hash value in a message digest field of the digital signature header, encrypting the message digest using a secret key and inserting the encrypted message digest in a signature field of the digital signature header, and associating the digital signature header with the content by prefixing the digital signature header to the content.

Abstract: A method of cipher communication for management frame performed by station in wireless local area network system is provided. The method includes obtaining a first pseudonoise code sequence (PN) for a plaintext Medium Access Control (MAC) protocol data unit (MPDU), constructing an additional authentication data (AAD) by using fields in a header of the plaintext MPDU, constructing a Nonce value from the PN, an Address 2 and a Priority field in the header of the plaintext MPDU, generating a encrypted MPDU from the plaintext MPDU by using a temporal key, the AAD, and the Nonce value, and transmitting the encrypted MPDU to a peer station, wherein the plaintext MPDU is a management frame including a sequence number field, the sequence number field including access category field indicating category of data included in the plaintext MPDU, and the Nonce value includes a priority field matched with the access category field.

Abstract: A method begins with a processing module issuing a retrieval request, receiving secret shares of a set of secret shares to produce received secret shares, and receiving encoded data slices of a set of encoded data slices. The method continues with the processing module decoding the received secret shares to recapture a message authentication key when a threshold number of the secret shares is received. The method continues with the processing module identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received. The method continues with the processing module verifying the authentication code based on the message authentication key and the received encoded data slice. The method continues with the processing module decoding the received encoded data slices to recapture a data segment when the authentication code is verified.

Abstract: The instant disclosure describes various exemplary systems and methods for exonerating an untrusted software component based solely on a trusted software component's non-optional or “hard” dependency on the untrusted software component. In one example, a method for exonerating untrusted software components in this manner may include: 1) identifying a dependent software component, 2) determining that the dependent software component is a non-optional dependent component of at least one trusted software component, and then 3) classifying the dependent software component as a trusted software component. As detailed herein, such a method may enable security software to quickly and efficiently exonerate untrusted components by association without having to scan or perform other intrusive and/or resource-intensive security operations on such untrusted software components.

Abstract: Methods, systems, and apparatuses are disclosed for signing and verifying data using multiple hash algorithms and digests in PKCS including, for example, retrieving, at the originating computing device, a message for signing at the originating computing device to yield a signature for the message; identifying multiple hashing algorithms to be supported by the signature; for each of the multiple hashing algorithms identified to be supported by the signature, hashing the message to yield multiple hashes of the message corresponding to the multiple hashing algorithms identified; constructing a single digest having therein each of the multiple hashes of the messages corresponding to the multiple hashing algorithms identified and further specifying the multiple hashing algorithms to be supported by the signature; applying a signing algorithm to the single digest using a private key of the originating computing device to yield the signature for the message; and distributing the message and the signature to receivin

Abstract: The invention concerns a cryptographic key distribution system comprising a server node, a repeater network connected to the server node through a quantum channel, and a client node connected to the repeater network through a quantum channel; wherein in use: the repeater network and the client node cooperatively generate a transfer quantum key which is supplied to a system subscriber by the client node; the server node and the repeater network cooperatively generate a link quantum key; the repeater network encrypts the link quantum key based on the transfer quantum key and sends the encrypted link quantum key to the system subscriber through a public communication channel; the server node encrypts a traffic cryptographic key based on the link quantum key and a service authentication key and sends the encrypted traffic cryptographic key to the system subscriber through a public communication channel.

Abstract: A method and apparatus which ensures that static data entered into a communications device or apparatus is accurate, or at least consistent with data provided to an authentication service.

Abstract: Electronic data is input. The electronic data is divided into N (N is an integer satisfying N?2) segments. Examination data is generated by repeating, up to the Nth segment, the computation processing of using the computation result obtained by performing predetermined computation on the data of the Mth (M is an integer satisfying 1?M?N?1) segment as an input for predetermined computation of the data of the (M+1)th segment. Verification data for the electronic data is generated so as to contain, as intermediate data, the examination data and a computation result in the middle of generating the examination data.

Abstract: The present document relates to techniques for authentication of data streams. Specifically, the present document relates to the insertion of identifiers into a data stream, such as a Dolby Pulse, AAC or HE AAC bitstream, and the authentication and verification of the data stream based on such identifiers. A method and system for encoding a data stream comprising a plurality of data frames is described. The method comprises the step of generating a cryptographic value of a number N of successive data frames and configuration information, wherein the configuration information comprises information for rendering the data stream. The method then inserts the cryptographic value into the data stream subsequent to the N successive data frames.

Abstract: A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs.

Abstract: The present invention provides a method, system, and computer program product for transferring authorization rights to access a file. A method in accordance with an embodiment of the present invention includes: designating a location to store the file; creating a file-transfer-reference for the file based on the location; creating an authorization protocol for the file; selecting at least one recipient of the file-transfer-reference; and forwarding the file-transfer-reference to the at least one recipient according to the authorization protocol. The method may optionally include defining a validity period for which for access to the file.

Abstract: Devices generate security vectors based on their own attributes. A device's security vectors compose its transformation matrix. The devices securely share copies of their transformation matrices with other devices. A transmitting device adds its unique MAC to packets, encrypts those packets using its own transformation matrix, and transmits those packets. A receiving device uses its copy of the transmitting device's transformation matrix to decrypt the data in a packet, determining whether a MAC extracted from that packet matches the transmitting device's MAC. The receiving device can permit or prevent further processing of the packet's data depending on whether the MACs match. Each device can store a copy of a same program that can be used to derive derivative security vectors from existing security vectors. Each device in the network can derive the same set of derivative vectors for any selected other device in the network, thereby “evolving” the transformation matrices.

Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.

Abstract: This disclosure describes a process for storing data on a central server with a plurality of users, each of them having their own user password used for creating a user key, being respectively assigned to some of these users, and some of the data, being divided into data blocks to be uploaded, and each data block being compared to data blocks on the server based on a unique data block ID value in order to determine whether a corresponding data block is already stored on the server and to upload to the server those data blocks which are not already present, a data block list to be uploaded being created and uploaded to the central server, so that in a data recovery step data stored on the central server which are requested by the user can be restored in their original form based on said list.

Abstract: Provided is an apparatus and method of a portable terminal authenticating another portable terminal. The portable terminal may receive a seed generated by the other portable terminal, issue an authentication certificate generated using the seed to the other portable terminal, authenticate the other portable terminal based on the authentication certificate, and provide a secure communication.

Abstract: A first cryptographic device is configured to store a set of keys that is refreshed in each of a plurality of epochs. The first cryptographic device computes for each of at least a subset of the epochs at least one view based on at least a portion of the set of keys for that epoch, and transmits the views to a second cryptographic device in association with their respective epochs. At least one view computed for a current one of the epochs is configured for utilization in combination with one or more previous views computed for one or more previous ones of the epochs to permit the second cryptographic device to confirm authenticity of the set of keys for the current epoch. The first cryptographic device may include an authentication token and the second cryptographic device may include an authentication server.

Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.

Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

Abstract: Each of ECUs counts the number of messages transmitted for each of CAN IDs. A transmission node that has transmitted a main message produces an MAC from a data field and the CAN ID in the main message and a counter value corresponding to the CAN ID, and transmits the MAC as an MAC message. A reception node that has received the main message produces an MAC from the data field and the CAN ID contained in the main message and the counter value corresponding to the CAN ID, and determines whether the MAC matches the MAC contained in the MAC message. By so doing, verification whether the main message is valid or not can be made. According to this configuration, message authentication by the MAC can be made without changing a CAN protocol.

Abstract: The present invention provides a method, an apparatus, and a system for securely transmitting data. A method for securely transmitting data is provided, where the method includes: sending, by a user terminal, a resource access request carrying a first authentication header field to a server, where the first authentication header field includes a user identifier and a server identifier; and receiving a request response returned by the server, where the request response includes a second authentication header field and a message body, where the second authentication header field carries a third integrity digest, and the third integrity digest is obtained by the server by performing, after receiving the resource access request, calculation by using a third message-digest algorithm further according to a user password and message content; so that M2M transmission based on the CoAP protocol can be performed securely and reliably.

Abstract: A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory.

Abstract: The examples of the present invention provide a method and device for verifying a dynamic password. In the method and device, some algorithm parameters can be exchanged in public by using a DH algorithm, and thus a same key is shared safely between two entities, so as to implement the verification of the dynamic password and further improve the security of identity verification. Moreover, the method and device can be easy to use. Further, by the above technical solution, no message exchange is needed between a mobile device and a verification server, and a user does not need to pay for additional flux, so as to decrease the burden of the user and verification costs.

Abstract: A method for erasing bootstrapping, at a device or a gateway in a Machine-to-Machine (M2M) service is provided. The method includes receiving an erase request containing a first M2M-Erase-Token from an M2M Authentication Server (MAS) or an M2M Service Bootstrapping Function (MSBF), processing the erase request based on the first M2M-Erase-Token or a local policy of the device or the gateway, and sending an erase response containing a second M2M-Erase-Token to the MAS or the MSBF.

Abstract: An apparatus implementing a secure zone on one or more virtual machines may be provided. In one aspect, the apparatus may comprise a peripheral device, a security-enhancing chip and a computer processor. The chip may comprise a non-volatile storage for storing an encryption key and a first configuration digest, and may be configured to receive configuration data, create a second configuration digest based on the received configuration data, and allow access to the encryption key based on comparison of the first and the second configuration digests. The computer processor may be configured to initialize a hypervisor, establish one virtual machine for executing code for a secure zone, and establish a second virtual machine for executing code for a non-secure. The code for the secure zone may initiate executing a task, and assume or transfer control over the peripheral device depending whether the apparatus is operating in a secure mode.

Abstract: Blind attacks on a protocol connection, such as a TCP connection, are prevented by inserting checksums computed during protocol connection establishment handshake into data sent through the connection and invalidating data sent through the connection that lacks the protocol setup information checksums. Reset attacks are prevented by invalidating reset requests unless a master checksum computed from the protocol setup information checksums is included with the reset request. Checksums computed from protocol setup information have improved robustness by including a random number with the protocol setup information.

Abstract: A dual-channel electronic signature system is disclosed, having a signature verification server, a signature requester device, and a hand-held device. The signature requester device calculates a characteristic value related to content of a target document, encodes the characteristic value and a destination message to generate a first graph, and outputs the first graph The hand-held device captures and decodes an image of the first graph to obtain the characteristic value, performs an electronic signature operation on the characteristic value to generate a signature data, encodes the signature data to generate a second graph, and transmits the second graph to a destination network address. If the signature data contained in the second graph passes a verification procedure of the signature verification server, the signature verification server transmits a verification graph corresponding to the second graph to the signature requester device.

Abstract: A source authentication method and apparatus according to the present invention are disclosed. The source authentication method is performed with respect to a transmission packet on a message transmission side, and includes generating a first hash value to which a first hash function is applied using a message to be included in a next packet and a key value, and generating the transmission packet including the first hash value, wherein the key value is one of at least one key value generated in advance by applying a second hash function. Meanwhile, according to the present invention, effective low-cost multicast authentication may be performed by reducing a variety of loads such as buffer management, key calculation costs, and the like.

Abstract: A method and an apparatus that provides a hard problem based hashing mechanism to improve security of hash functions are described. The hashing mechanism can include a custom padding and/or a post processing to a hashed value strengthened via operations specifying a hard problem. In one embodiment, a new hash function may be provided or defined directly without introducing or relying on existing hash functions to embed security features based on this hard problem. The new hash functions can be used in usual constructions implying hash functions. For example, the standard HMAC construction could be applied on these hash functions, standard signature algorithms or authentication protocol, etc.

Abstract: In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.