Invention for System for the secure distribution of firmware and configuration updates on un-networked devices

Software / By

Invented by Thomas Middleton, Orin Morris, BBY Solutions Inc

The market for system for the secure distribution of firmware and configuration updates on un-networked devices is growing rapidly as more and more companies are realizing the importance of securing their devices from potential cyber threats. Un-networked devices, also known as “offline devices,” are those that are not connected to the internet or any other network. These devices are commonly used in industrial settings, such as manufacturing plants, power plants, and oil rigs, where they are used to control critical infrastructure. The lack of internet connectivity on these devices makes them less vulnerable to cyber attacks, but it also makes it difficult to update their firmware and configuration settings. Without regular updates, these devices can become outdated and vulnerable to cyber threats, which can lead to serious consequences, such as production downtime, equipment damage, and even safety hazards. To address this issue, companies are turning to system for the secure distribution of firmware and configuration updates on un-networked devices. These systems are designed to securely transfer updates to offline devices without compromising their security. They use various techniques, such as USB drives, SD cards, and other removable media, to transfer updates to the devices. One of the key features of these systems is their ability to verify the authenticity of the updates before installing them on the devices. This is important because it ensures that the updates are not tampered with or infected with malware. The systems also provide detailed logs of all update activities, which can be used to track any potential security breaches. The market for system for the secure distribution of firmware and configuration updates on un-networked devices is expected to grow significantly in the coming years. According to a report by MarketsandMarkets, the market is projected to reach $1.35 billion by 2023, growing at a CAGR of 9.3% from 2018 to 2023. The growth of this market is driven by the increasing adoption of un-networked devices in various industries, such as manufacturing, energy, and transportation. The need for secure updates on these devices is also increasing as the number of cyber threats continues to rise. In conclusion, the market for system for the secure distribution of firmware and configuration updates on un-networked devices is a growing and important market. Companies that use un-networked devices should consider investing in these systems to ensure the security and reliability of their devices. As the market continues to grow, we can expect to see more innovative solutions that address the unique challenges of updating offline devices.

The BBY Solutions Inc invention works as follows

Systems and Methods are disclosed for the safe distribution of firmware and configuration upgrades to non-networked devices. Installing a client component on a device that is able to receive a status data pack including a beacon’s status indicator when it is close to the beacon is described. The server receives the packet of status data via the client component. It determines if an update is possible for the beacon, based in part on the indication. It then transmits an encrypted update message to the client to complete the beacon update.

Background for System for the secure distribution of firmware and configuration updates on un-networked devices

The merchandise available from local and national retailers changes constantly. Retailers may display content when customers enter the store or near certain merchandise. It is currently difficult to determine where a customer stands within a retail store. When a retailer sells a variety of merchandise and wants to offer content that is responsive to different situations, it can be difficult to associate content with specific merchandise.

Retailers can address this issue by using beacons that broadcast a signal in order to support micro-location detection. There may be thousands of locations in large organizations, with 100s of beacon devices at each of those locations. These devices often operate without any network connection and are operated independently. In order to perform the typical installation and maintenance, the device must be directly connected one-to-one with a networked configuration tool like a smartphone. The phone and device must have a relationship of trust to be able to configure or reconfigure installed devices safely. It is a time-consuming and expensive process to visit these tens or hundreds of thousands of devices. The systems and methods disclosed in the present disclosure are designed to simplify and facilitate updating beacons, while allowing users to remove the trust relationship that exists between the beacons and the networked configuration devices.

Herein are described systems and methods for secure distributed updating of non-networked devices. The client component is installed on the client device. When the client device comes close to the beacon, the client component is configured to receive a status data package including a state indication. The status data is received by the client component as well as at a server. The server determines that an update for the beacon is available based, at least in part, on the status indicator. The server sends an encrypted update data message to the client for installation on the beacon in order to complete the beacon update.

In one implementation, the client device transmits the encrypted update data messages to the beacon.

In one implementation, an encrypted update data package is decrypted and validated by the beacon before the update is performed.

In one implementation, a client device receives the status data packet from the beacon using a wireless communication protocol. The server receives the status data packet from the client via a wireless communication protocol. This is done without the need for a network connection.

In one implementation, the server includes a nonce in the encrypted update packet.

In one implementation, an encrypted update data package is validated by a beacon. The validating process includes extracting the nonce from the packet and comparing it to previously received nonces.

In one implementation, a beacon transmits a status message encrypted to the server when the delivery is complete.

In one implementation, the encryption is performed using a secret shared key known by the beacon and server.

In one implementation, the server determines that an update for the beacon is available based, at least in part, on the status indicator by retrieving a desired state from a database and comparing it to the status indicated.

In one implementation, client devices include a computer, handheld device or point-of-sale (POS) register. The client device relays the encrypted data update message to the beacon without decrypting it.

In one implementation, an encrypted update data message without authentication is sent to the client device.

In one implementation, the update data message encrypted is packaged atomically for transmission.

Accordingly, another aspect of the disclosure is a method to distribute updates securely to un-networked devices. When the client is close to the beacon, a client component is installed on the device. This receives a status data packet that includes a status indicator from the beacon. The status data packet will be transmitted to the server via a client component. The status indicator is used to determine whether an update for the beacon is available. The server sends an encrypted update data message to the beacon relating to installation of the update to complete the beacon update. The beacon receives the encrypted update data message.

In one implementation, the search for the previously downloaded update data in a local database on the client device is used to obtain the update indicator.

In one implementation, receiving the update indicator includes receiving the indication from the servers, wherein they determine that the update for the beacon is available based on at least in part the status indication.

In one implementation, an encrypted update message is packaged atomically and sent to the beacon by the client without decryption at the client.

In one implementation, a status data packet from the beacon is received via a wireless communication protocol and transmitted from the client to the server via a wireless communication protocol. This is done without the need for a network connection.

In one implementation, an encrypted update data message will be decrypted at the beacon and installed.

Accordingly, another aspect of the disclosure relates a system for securing distributed updates of non-networked devices. The system consists a memory interface and processor. The memory stores an encrypted update message for an update to be installed at a beacon and a component for installing on a device for a client. The communication interface is connected to the memory, configured to: 1) provide the component for the installation on the device, with the device configured to receive a status packet including a state indication from a beacon if the device is close to the beacon; (2) receive the status packet from the component; and (3) transmit an encrypted update data for the beacon update. The processor is connected to the memory, and is configured to: 1) determine that an update is available for a beacon based in part on the current status indication; and 2) prepare the encrypted data message.

Click here to view the patent on Google Patents.