“We need a secure, yet economical way to deliver firmware upgrades to our handset customers. This will improve our service to customers while preventing would-be attackers from installing their own firmware.”

Challenge

In order to improve service and reduce costs, mobile operators and manufacturers would like to deliver feature upgrades and patches to a handset’s firmware through an over-the-air mechanism. This alleviates the need to bring a handset into a regional centre to re-program. Handled securely, it also thwarts potential attackers who may attempt to intercept and tamper with the upgrade.

Solution

The Certicom® Security Architecture™ provides complete support for both handset manufacturers and mobile operators, with features like digital signatures, certificates, hash functions and encryption algorithms.

On the operator side, a provisioning application like Certicom® CodeSign™ can digitally sign and encrypt an update package as well as include a hash integrity code. In addition, the provisioning application can verify the integrity of the target device. A secure firmware agent developed for a handset allows the authentication of the source of the update, decryption of the payload and verification of the hash code.

Value

Using these products, three key principles of information security are achieved—authenticity, privacy and integrity—building a formidable barrier between would-be attackers and your firmware upgrade.

» Learn more from the scenario index