US 11,681,808 B2
Configurable code signing system and method
Tat Keung Chan, San Diego, CA (US); Ting Yao, San Diego, CA (US); and Alexander Medvinsky, San Diego, CA (US)
Assigned to ARRIS Enterprises LLC, Suwanee, GA (US)
Filed by ARRIS Enterprises LLC, Suwanee, GA (US)
Filed on Jan. 6, 2022, as Appl. No. 17/570,374.
Application 17/570,374 is a continuation of application No. 16/246,870, filed on Jan. 14, 2019, granted, now 11,250,133.
Claims priority of provisional application 62/616,497, filed on Jan. 12, 2018.
Prior Publication US 2022/0129557 A1, Apr. 28, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/57 (2013.01); H04L 9/32 (2006.01); G06F 21/64 (2013.01); H04L 9/14 (2006.01)
CPC G06F 21/57 (2013.01) [G06F 21/64 (2013.01); H04L 9/14 (2013.01); H04L 9/3247 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A method of generating a signed input image in a configurable code signing system, comprising:
defining a recipe associated with a recipe identifier, comprising:
defining an operation type associated with the recipe, the operation type defined from one or more input image signing requirements;
defining a plurality of data fields of the input image;
specifying a list of configuration parameters and associating each of the specified configuration parameters with at least one of the plurality of the data fields;
specifying a sequence of atomic operations operating on input image values of the configuration parameters to generate an output image having the signed input image;
wherein the sequence of atomic operations includes at least one of:
an atomic operation for returning a size of particular data;
a data field validation operation for validating the equality between particular data;
a concatenation atomic operation for concatenating particular data
an arithmetic atomic operation for computing an arithmetic result of at least one of a sum of, a difference of, a multiplication of, and a division of particular data;
an execution atomic operation for executing another recipe on particular data;
a byte atomic operation referencing at least one of the plurality of data fields and an offset within the one of the plurality of data fields wherein the byte atomic operation retrieves data of the input image at the offset;
a byte manipulation atomic operation for manipulating binary data, including at least one of a logical OR operation, a logical exclusive OR operation, a logical AND operation and a logical inverse operation; and
a cryptographic operation including a signing atomic operation for signing the input image at least in part according to the input image values of the configuration parameters;
accepting, in the configurable code signing system, a request to sign the input image, the request comprising:
the input image, comprising:
the plurality of data fields; and
software code and input image values of the configuration parameters disposed within the plurality of data fields;
an identifier of a signing configuration, the signing configuration including:
the recipe identifier; and
approved configuration parameter values;
reading the recipe identified by the recipe identifier;
parsing and interpreting the sequence of atomic operations of the recipe;
generating the output image having the signed input image at least in part by executing the parsed and interpreted sequence of atomic operations of the recipe using the input image values of the configuration parameters; and
providing the output image.