	US 12,223,306 B2
	Secure device update by passing encryption and data together
Piotr Wolnowski, Gdansk (PL); and Pawel Raasz, Gdansk (PL)
Assigned to CARRIER FIRE & SECURITY EMEA BV, Diegem (BE)
Filed by Carrier Fire & Security EMEA BV, Diegem (BE)
Filed on Apr. 28, 2022, as Appl. No. 17/731,661.
Claims priority of provisional application 63/180,736, filed on Apr. 28, 2021.
Prior Publication US 2022/0350590 A1, Nov. 3, 2022
Int. Cl. G06F 8/65 (2018.01); G06F 21/44 (2013.01); G06F 21/57 (2013.01)

CPC G06F 8/65 (2013.01) [G06F 21/44 (2013.01); G06F 21/572 (2013.01); G06F 2221/033 (2013.01)]

16 Claims

1. A method of updating firmware of a device, the method comprising:

receiving in an update package an encrypted firmware and a decryption engine including a decryption algorithm for decrypting the encrypted firmware;

loading the decryption engine into a first memory of a device;

obtaining a pre-stored encryption key from a second memory of the device, wherein the second memory is a different type of memory than the first memory;

decrypting the encrypted firmware using the encryption key and the decryption engine, wherein the decryption of the encrypted firmware occurs in the first memory;

authenticating the decryption engine prior to receiving the encrypted firmware by comparing a digest stored in the device to a computed digest of the decryption engine;

wherein the authenticating comprises comparing, in the first memory, a first digest and a second digest, wherein the first digest is generated by a provider of the decryption algorithm, wherein the first digest is stored in the device and the first digest corresponds to the decryption algorithm and the second digest corresponds to an output of multiple XOR operations of selected bootloader code parts with the decryption algorithm.