Wednesday, January 22, 2014

Facebook patents secure upgrade of a wireless mobile device.

Facebook got a nice patent (US 8,631,239) that covers a secure software upgrade of a wireless mobile device. According to the specification, the system uses a public key to authenticate the software delivered over the air (OTA).

Wireless connections are notoriously unsafe and prone to hacker interception. The Facebook solution enables a service provider to perform a reliable upgrade over an unreliable channel. It's highly likely that in the future most software upgrades, especially in the enterprise environment, will be done using this approach - simple and powerful!

Unfortunately,  the patent itself has an important flaw: it does not define the term "endpoint", which figures prominently in claim 1. Moreover, in Fig 1B it uses a different term "System Front End (120)."

As I noted several times before, the company's quality control over their patenting process seems to be spotty, at best. A simple document search would allow them to spot and fix the definition problem.
1. A method comprising, by one or more computing systems: executing software from a first partition of system memory; requesting an over-the-air (OTA) software update from an endpoint; receiving a manifest for the OTA update; downloading a payload pursuant to the manifest; installing the payload into a second partition of system memory; and rebooting, pursuant to the manifest, to the second partition of system memory, wherein rebooting to the second partition of system memory comprises authenticating a bootloader signature with a bootloader public key.
Brief system analysis: the manifest represents the "Aboutness"; encrypted software update - Packaged Payload; device  - Tool; a process that runs on the device to verify authenticity - Control; endpoint - Source; over-the-air channel - Distribution. Overall, it's a textbook example of system composition (Scalable Innovation, Chapter 2). To solve the problem, the inventors use Separation in Space - one of the key TRIZ principles.

Model-wise, it is quite similar to my patent US 7,529,806. They have a different payload, but the aboutness is managed and created for the same purpose. I should use the Facebook patent as a system analysis homework assignment in BUS 74 this summer.

In view of the Nortel patent and invention principles listed above, the Facebook patent can be attacked as "obvious."

tags: patent, invention, innovation, security, mobile, enterprise, system, model, aboutness

No comments: