Method and system to allow performance of permitted activity with respect to a device

US 20030163685A1
Filed: 02/28/2002
Published: 08/28/2003
Est. Priority Date: 02/28/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method to allow at least one party to perform at least one permitted activity with respect to a device, comprising the steps of:

embedding a role certificate in said device, wherein the role certificate identifies said at least one permitted activity and wherein the role certificate is generated by a Certification Authority (CA);

embedding at least information regarding a public key in said device the public key corresponding to the private key used by the CA to sign the role certificate; and

running the device so as to verify the role certificate using said information regarding the CA public key so that said at least one permitted activity can be activated within the device by said at least one party if the role certificate is verified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for generating and using role certificates is described. The role certificate is for use on a specific device (or devices) and provides for enumerated activities to be performed on the device(s). The role certificate can further enumerate the specific entity (third party) that can perform the enumerated activities on the device.

92 Citations

View as Search Results

40 Claims

1. A method to allow at least one party to perform at least one permitted activity with respect to a device, comprising the steps of:
- embedding a role certificate in said device, wherein the role certificate identifies said at least one permitted activity and wherein the role certificate is generated by a Certification Authority (CA);
  
  embedding at least information regarding a public key in said device the public key corresponding to the private key used by the CA to sign the role certificate; and
  
  running the device so as to verify the role certificate using said information regarding the CA public key so that said at least one permitted activity can be activated within the device by said at least one party if the role certificate is verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method as defined in claim 1, wherein the role certificate includes information regarding a control security level for said device so that the device only allows said at least one permitted activity to be a type of action which is within the security level of the device as defined by the role certificate.
  - 3. A method as defined in claim 2, wherein the security level defined by the role certificate allows a type of software code to be downloaded, and/or installed, and/or run on said device by said at least one party.
  - 4. A method as defined in claim 3, wherein the type of software code is from the group of types of software code consisting of test code, production code and special code.
  - 5. A method as defined in claim 4, wherein the special code can be code linked to a specific at least one party.
  - 6. A method as defined in claim 3, wherein the role certificate further contains information with regard to a specific party of said at least one party that can download, and/or install, and/or run said type of software code.
  - 7. A method as defined in claim 1, wherein the role certificate further contains information with regard to a specific party of said at least one party that can activate the at least one permitted activity within the device.
  - 8. A method as defined in claim 7, wherein said information with regard to a specific party is a hash of information identifying said specific party'"'"'s public key, and wherein the device validates said specific party by receiving said information identifying said specific party'"'"'s public key, and hashing this information and comparing the hash value to the hash value contained in the role certificate so that if the hash values are equal, then the specific party is permitted to activate the at least one permitted activity.
  - 9. A method as defined in claim 7, wherein said specific party is a group of entities.
  - 10. A method as defined in claim 1, wherein the embedding of the role certificate into the device is performed after the information regarding the public key of the CA is embedded into the device.
  - 11. A method as defined in claim 1, wherein the information regarding the CA public key is embedded in the device in a tamper resistant area.
  - 12. A method as defined in claim 11, wherein the tamper resistant area of the device is a portion memory in the device such that any modification of information stored therein can be ascertained.
  - 13. A method as defined in claim 1, wherein the role certificate contains information which causes said device to control the debugging facilities of said device with respect to said at least one party.
  - 14. A method as defined in claim 1, wherein the CA is a root CA.
  - 15. A method as defined in claim 1, wherein the device is a wireless device.
  - 16. A method as defined in claim 1, wherein the CA is any entity other than said at least one party.
  - 17. A method as defined in claim 1, wherein the role certificate may contain any use limitation with respect to said at least one permitted activity.
  - 18. A method as defined in claim 17, wherein said any use limitation includes a time limitation with respect to activating said at least one permitted activity.
  - 19. A method as deemed in claim 1, wherein said information regarding the CA public key is a hash value of said CA public key.

20. A role certificate mechanism to permit at least one activity to be activated in a device, comprising:
- memory within the device containing a role certificate, wherein the role certificate identifies said at least one activity, and further where the memory contains information regarding a first key corresponding to a second key used to sign the role certificate; and
  
  means for running the device so as to verify the role certificate using said information regarding the first key so that said at least one permitted activity can be activated within the device.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. A role certificate mechanism as defined in claim 20, wherein the memory has a tamper resistant area and wherein said information regarding the first key is stored in said tamper resistant area.
  - 22. A role certificate mechanism as defined in claim 20, wherein the role certificate further includes information regarding the identity of a third party, and wherein the means for verifying the role certificate includes means for reading said third party identity;
    - wherein the role certificate mechanism further comprises means for receiving information from a third party and comparing at least a portion of said received information with the read third party identity from said role certificate, and if the comparison is the same, allowing said third party to perform said at least one activity on said device.
  - 23. A role certificate mechanism as defined in claim 22, wherein said device is a mobile phone.
  - 24. A role certificate mechanism as defined in claim 20, wherein said device is a mobile phone.
  - 25. A role certificate mechanism as defined in claim 20, wherein said information regarding the first key is a hash of said first key.

26. An apparatus to allow at least one party to perform at least one permitted activity with respect to a device, comprising:
- means for embedding a role certificate in said device, wherein the role certificate identifies said at least one permitted activity and wherein the role certificate is generated by a Certification Authority (CA);
  
  means for embedding information regarding a public key in said device, the public key corresponding to the private key used by the CA to sign the role certificate; and
  
  means for running the device so as to verify the role certificate using said information regarding the CA public key so that said at least one permitted activity can be activated within the device by said at least one party.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 27. An apparatus as defined in claim 26, wherein the role certificate includes information regarding a control security level for said device so that the means for running the device provides that the at least one permitted activity to only be a type of action which is within the security level of the device as defined by the role certificate.
  - 28. An apparatus as defined in claim 27, wherein the security level defined by the role certificate allows a type of software code to be downloaded to said device by said at least one party.
  - 29. An apparatus as defined in claim 28, wherein the type of software code is from the group of types of software code consisting of test code, production code and special code.
  - 30. An apparatus as defined in claim 29, wherein the special code can be code linked to a specific at least one party.
  - 31. An apparatus as defined in claim 29, wherein the role certificate further contains information with regard to a specific party of said at least one party that can download, and/or install, and/or run said type of software code.
  - 32. An apparatus as defined in claim 27, wherein the role certificate further contains information with regard to a specific party of said at least one party that can activate the at least one permitted activity within the device.
  - 33. An apparatus as defined in claim 32, wherein said information with regard to a specific party is a hash of information identifying said specific party'"'"'s public key, and wherein the device validates said specific party by receiving said information identifying said specific party'"'"'s public key, and hashing this information and comparing the hash value to the hash value contained in the role certificate so that if the hash values are equal, then the specific party is permitted to activate the at least one permitted activity.
  - 34. An apparatus as defined in claim 32, wherein said specific party is a group of entities.
  - 35. An apparatus as defined in claim 26, wherein the information regarding the CA public key is embedded in the device in a tamper resistant area.
  - 36. An apparatus as defined in claim 26, wherein said information regarding the CA public key is a hash of said CA public key.
  - 37. An apparatus as defined in claim 26, wherein the role certificate contains information which causes said device to control the debugging facilities of said device with respect to said at least one party.
  - 38. An apparatus as defined in claim 26, wherein the device is a wireless device.
  - 39. An apparatus as defined in claim 26, wherein the role certificate may contain any use limitation with respect to said at least one permitted activity.
  - 40. An apparatus as defined in claim 39, wherein said any use limitation includes a time limitation with respect to activating said at least one permitted activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Paatero, Lauri

Application Number

US10/090,426
Publication Number

US 20030163685A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 2209/80   Wireless network architectu...

H04L 9/3263   involving certificates, e.g...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/67   Risk-dependent, e.g. select...

Method and system to allow performance of permitted activity with respect to a device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

Method and system to allow performance of permitted activity with respect to a device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others