System and method for controlling features on a device

US 10,003,580 B2
Filed: 09/13/2012
Issued: 06/19/2018
Est. Priority Date: 12/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method operable with a feature controller of a device for provisioning features in the device, the feature controller performing:

participating in a public key based key agreement with a remote server, by performing cryptographic operations using a connection between the feature controller and the remote server, to establish a shared secret with the remote server, wherein the shared secret is a shared key established in the key agreement;

storing the shared secret in a secure memory within the feature controller;

receiving, at the device, a message comprising an encrypted control instruction for controlling the device and a signature, the signature having been generated using the control instruction and information provided by the device, the information provided by the device comprising an identifier associated with the device derived from at least a portion of a public key of a static key pair;

decrypting the encrypted control instruction using the shared secret to obtain a decrypted control instruction;

storing the decrypted control instruction in the feature controller;

verifying the signature; and

in response to said verifying the signature, executing the control instruction.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

38 Citations

View as Search Results

12 Claims

1. A method operable with a feature controller of a device for provisioning features in the device, the feature controller performing:
- participating in a public key based key agreement with a remote server, by performing cryptographic operations using a connection between the feature controller and the remote server, to establish a shared secret with the remote server, wherein the shared secret is a shared key established in the key agreement;
  
  storing the shared secret in a secure memory within the feature controller;
  
  receiving, at the device, a message comprising an encrypted control instruction for controlling the device and a signature, the signature having been generated using the control instruction and information provided by the device, the information provided by the device comprising an identifier associated with the device derived from at least a portion of a public key of a static key pair;
  
  decrypting the encrypted control instruction using the shared secret to obtain a decrypted control instruction;
  
  storing the decrypted control instruction in the feature controller;
  
  verifying the signature; and
  
  in response to said verifying the signature, executing the control instruction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the information provided by the device comprises an ephemeral public key provided to the remote server during the key agreement.
  - 3. The method of claim 1, wherein the key agreement comprises an elliptic curve based key agreement.
  - 4. The method of claim 1, wherein the key agreement comprises an elliptic curve Menezes-Qu-Vanstone (ECMQV) key agreement.
  - 5. The method of claim 1, wherein the identifier associated with the device is generated using a static key pair.
  - 6. The method of claim 1, wherein the control instruction comprises feature control programming.
  - 7. The method of claim 1, wherein the control instruction comprises at least one command.
  - 8. The method of claim 1, wherein the identifier is unique to the device.
  - 9. The method of claim 1, wherein the identifier is unique to a group comprising a plurality of devices.
  - 10. The method of claim 1, wherein the message is a concatenation of the encrypted control instruction and the signature.

11. A non-transitory computer readable medium comprising computer executable instructions for performing operations at a device for provisioning features in the device, the operations comprising:
- participating in a public key based key agreement with a remote server, by performing cryptographic operations using a connection between a feature controller of a device and the remote server, to establish a shared secret with the remote server, wherein the shared secret is a shared key established in the key agreement;
  
  storing the shared secret in a secure memory within the feature controller;
  
  receiving, at the device, a message comprising an encrypted control instruction for controlling the device and a signature, the signature having been generated using the control instruction and information provided by the device, the information provided by the device comprising an identifier associated with the device derived from at least a portion of a public key of a static key pair;
  
  decrypting the encrypted control instruction using the shared secret to obtain a decrypted control instruction;
  
  storing the decrypted control instruction in the feature controller;
  
  verifying the signature; and
  
  in response to said verifying the signature, executing the control instruction.

12. A device comprising:
- a processor;
  
  a feature controller for provisioning features of the device;
  
  a connection between the feature controller and a remote server; and
  
  at least one memory, the memory comprising computer executable instructions that when executed by the processor operate the device to;
  
  participate in a public key based key agreement with the remote server, by performing cryptographic operations using the connection between the feature controller and the remote server, to establish a shared secret with the remote server, wherein the shared secret is a shared key established in the key agreement;
  
  store the shared secret in a secure memory within the feature controller;
  
  receive, at the device, a message comprising an encrypted control instruction for controlling the device and a signature, the signature having been generated using the control instruction and information provided by the device, the information provided by the device comprising an identifier associated with the device derived from at least a portion of a public key of a static key pair;
  
  decrypt the encrypted control instruction using the shared secret to obtain a decrypted control instruction;
  
  store the decrypted control instruction in the feature controller;
  
  verify the signature; and
  
  in response to verifying the signature, execute the control instruction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Daskalopoulos, Michael, Vadekar, Ashok, Wong, David, Lattin, William, O'Loughlin, Daniel, Sequino, David R.
Primary Examiner(s)
Coppola, Jacob C.

Application Number

US13/615,311
Publication Number

US 20130003970A1
Time in Patent Office

2,105 Days
Field of Search

705 50- 79
US Class Current
CPC Class Codes

G06F 21/1063   Personalisation

G06F 21/57   Certifying or maintaining t...

G06F 2221/2135   Metering

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/125   involving control of end-de...

System and method for controlling features on a device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling features on a device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links