Apple has been granted a patent (number 8239688) by the U.S. Patent & Trademark Office for securely recovering a computing device. It involves the Find my Mac and Find my iPhone features on its various devices.
A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
Here’s Apple’s summary of the invention: “A method and apparatus for establishing an operating environment for a device by certifying a code image received from a host over a communication link are described herein. The code image may be digitally signed. Certification of the code image may be determined by a fingerprint embedded within a ROM (read only memory) of the device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the device. An operating environment of the device may be established after executing the certified code image.
“In an alternative embodiment, a recovery process may be performed to recover a code image immediately after a failure to verify and execute the code image to load and verify another code image. The device may communicate with a host via a communication link to signal that the device is in a recovery mode to receive from the host a new executable image corresponding to the failed code image. The new code image may be verified using a digital certificate embedded within the secure ROM of the device. The new code image may be executed upon being successfully verified. Optionally, the verified new code image may be stored in the mass storage of the device to replacing the failed code image.
“In an alternative embodiment, in response to successfully authenticating a portable device over a communication link based in part on a unique identifier (ID) embedded within a secure ROM (read-only memory) of the device, the device may be determined to be in a recovery mode as a result of a failure to initialize an operating environment of the device. An executable image digitally signed by a signature may be retrieved from a server over a network. The executable image may be delivered to the device over the communication link. The device may verify the signature of the executable image using a digital certificate embedded with the secure ROM. The verified executable image may be loaded in a main memory of the device to establish the operating environment for the device.”
The inventors are Dallas Blake De Atley, Joshua de Cesare, Michael Smith, Matthew Reda, Shantonu Sen and John Andrew Wright.