In this use case example, we will demonstrate the authentication of a firmware update. The example we've chosen uses asymmetric cryptography to establish a chain of trust to validate the update.
Preparing a Secure Digital Envelope
The Original Equipment Manufacturer (OEM) Signer module contains a secure device with a unique set of Manufacturing Public and Private keys. It also contains a Manufacturing Certificate that has a digital signature root of trust which is a critical component in the Chain of Trust.
The Firmware Update is prepared to be sent to the field by the following steps:
1
The Firmware Update is processed by a Hash Function to create a Firmware Digest.
2
The Firmware Digest is signed by the Manufacturing Private Key (which is securely stored inside the OEM Signer CryptoAuthentication device).
3
a
A Digital Envelope is created containing the Firmware Update, Digital Signature, Manufacturing Public Key and Manufacturing Certificate.
b
The Manufacturing Public Key will be used to verify the Digital Signature.
c
The Manufacturing Certificate contains a digital signature of the Manufacturing Public Key by the Signing Authority.
The Digital Envelope can be delivered to the field via a USB Flash Drive, email, or download.
Firmware Update in the Field
The Field Unit contains a CryptoAuthentication™ device. Contained in the device is the Authority Public Key.
The following steps verify that the Firmware Update is authentic:
1
The digital envelope arrives from the OEM.
2
a
The Manufacturing Certificate is validated against the Authority’s Public Key contained in the Field Unit.
b
If it verifies, go to Step 3.
c
Otherwise, if it does not verify, discard the Firmware Update and DO NOT update the Field Unit’s firmware.
3
The Firmware Update is processed by a Hash Function to create a Firmware Digest.
4
a
The Firmware Digest is verified against the Firmware Update’s Digital Signature and Manufacturing Public Key.
b
If it verifies, go to Step 5.
c
Otherwise, if it does not verify, discard the Firmware Update and DO NOT update the Field Unit’s firmware.
5
The Firmware Update has been verified as authentic. Proceed with the firmware update of the field unit.