Secure Software Execution Such as for Use with a Cell Phone or Mobile Device

US 20080189550A1
Filed: 09/21/2005
Published: 08/07/2008
Est. Priority Date: 09/21/2004
Status: Active Grant

First Claim

Patent Images

1. A security system for securely providing data between a server computer and multiple mobile telecommunications devices, the system comprising:

at least one server computer having at least one database, wherein the database stores software programs, scripts, and/or data, and wherein the server computer is configured to;

generate a unique number,store the unique number in the database, andprovide the unique number to a specific one of the multiple mobile telecommunications devices; and

,wherein the server computer is further configured to;

receive a hash value from the specific mobile telecommunications device,encrypt or digitally sign at least one file containing a software program, script, or data using the hash value, andprovide to the specific mobile telecommunications device the encrypted or digitally signed file; and

a Subscriber Identification Module (SIM), smart card, or tamper resistant memory module, at least releasable secured to the specific mobile telecommunications device, wherein the specific mobile telecommunications device wirelessly receives the unique number, andwherein the SIM, smart card, or tamper resistant memory module stores a locally resident secret or secure number, and generates the hash value based at least in part on the locally resident number and the received unique number; and

,wherein the specific mobile telecommunications device wirelessly provides the hash value to the at least one server computer, wirelessly receives the encrypted or digitally signed file, and locally decrypts or verifies the digital signature based at least in part on the generated hash value and without connectivity to the server or other external computer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securely executing software or securely loading data generates a secret value at a destination device based on a value transmitted to the destination device, which is algorithmically combined with a secure value stored at the destination device. The destination device, such as a cell phone, remotely accesses an entity or otherwise receives the software or data, where the software or data is encrypted or digitally signed based on the secret value. The cell phone then selectively employs the software or data.

Citations

20 Claims

1. A security system for securely providing data between a server computer and multiple mobile telecommunications devices, the system comprising:
- at least one server computer having at least one database, wherein the database stores software programs, scripts, and/or data, and wherein the server computer is configured to;
  
  generate a unique number,store the unique number in the database, andprovide the unique number to a specific one of the multiple mobile telecommunications devices; and
  
  ,wherein the server computer is further configured to;
  
  receive a hash value from the specific mobile telecommunications device,encrypt or digitally sign at least one file containing a software program, script, or data using the hash value, andprovide to the specific mobile telecommunications device the encrypted or digitally signed file; and
  
  a Subscriber Identification Module (SIM), smart card, or tamper resistant memory module, at least releasable secured to the specific mobile telecommunications device, wherein the specific mobile telecommunications device wirelessly receives the unique number, andwherein the SIM, smart card, or tamper resistant memory module stores a locally resident secret or secure number, and generates the hash value based at least in part on the locally resident number and the received unique number; and
  
  ,wherein the specific mobile telecommunications device wirelessly provides the hash value to the at least one server computer, wirelessly receives the encrypted or digitally signed file, and locally decrypts or verifies the digital signature based at least in part on the generated hash value and without connectivity to the server or other external computer.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1 wherein the file includes a software program or script, and wherein the specific mobile telecommunications device decrypts or verifies the digital signature based at least in part on the generated hash value at run-time each time the software program or script are executed.
  - 3. The system of claim 1 wherein the server computer generates the unique number after receiving a short message from the specific mobile telecommunications device when provisioning a new wireless subscriber account.
  - 4. The system of claim 1 wherein the locally resident number on the specific mobile telecommunications device is an International Mobile Equipment Identifier (IMEI), a International Mobile Subscriber Identifier (IMSI), a Medium Access Control (MAC) address, a Universal Subscriber Identity Module (USIM), or an Electronic Serial Number (ESN).

5. A method for securely executing software on a remote mobile device, comprising:
- remotely accessing, from a mobile device, an entity providing software for mobile devices;
  
  downloading from the entity to the mobile device a software program for execution on the mobile device;
  
  determining if the mobile device is authorized to execute the downloaded software program; and
  
  selectively executing the software on the mobile device based upon the determining.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The method of claim 5 wherein the executing includes selectively executing the software program based upon a key value unique to the mobile device.
  - 7. The method of claim 6 wherein the executing includes selectively executing the software program based upon unique hash values associated with the key value.
  - 8. The method of claim 6, further including using a subscriber identification module within the mobile device to store the key value or compute key values using a hash function based on a secret key value previously stored on the subscriber identification module.
  - 9. The method of claim 5, further including selectively executing the software program to provide local customer support functions at the mobile device.
  - 10. The method of claim 5 wherein the downloading includes downloading the software program from a support node in a network accessed by the mobile device.

11. A computer-readable medium whose contents cause at least one telecommunication mobile device or at least one telecommunications server, associated with a wireless telecommunications network, to perform a method to securely process data, or securely execute programs, the method comprising:
- generating a unique number;
  
  storing the unique number;
  
  wirelessly providing the unique number to a specific receiving telecommunications device;
  
  receiving a hash value from the specific receiving telecommunications device, wherein the hash value is generated at least in part on the unique number and a locally resident number at the specific receiving telecommunications device, wherein the locally resident number is locally stored in a secure memory location at the specific receiving telecommunications device;
  
  encrypting or digitally signing at least one file using at least the hash value; and
  
  providing to the specific receiving telecommunications device the encrypted or digitally signed file for locally decrypting or authenticating the file using at least the hash value and without connectivity to an external computer coupled to the wireless telecommunications network.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer-readable medium of claim 11 wherein the computer-readable medium is a memory of the telecommunications mobile device.
  - 13. The computer-readable medium of claim 11 wherein the computer-readable medium is a logical node in a computer network receiving the contents.
  - 14. The computer-readable medium of claim 11 wherein the computer-readable medium is a computer-readable disk.
  - 15. The computer-readable medium of claim 11 wherein the computer-readable medium is a data transmission medium carrying a generated data signal containing the contents.
  - 16. The computer-readable medium of claim 11 wherein the computer-readable medium is a memory of the telecommunications server.

17. A mobile telecommunications apparatus for use with a telecommunications server coupled to a wireless telecommunications network, wherein the mobile telecommunications apparatus is associated with at least one subscriber to wireless telecommunication services from a telecommunications service provider, the apparatus comprising:
- means for wirelessly exchanging communications with the telecommunications server and for receiving an encrypted or digitally signed file;
  
  means for storing data; and
  
  means for processing, wherein the means for processing is coupled among the means for wirelessly exchanging communications and the means for storing, wherein the means for processing includes;
  
  means for algorithmically generating, without an active wireless connection to the wireless telecommunications network, a value based on any combination of a subscriber specific code associated with the subscriber, a code specific to the mobile telecommunications apparatus, and a code specific to the telecommunications service provider, and wherein the value is specific to the mobile telecommunications apparatus; and
  
  ,means for locally authenticating or decrypting the encrypted or digitally signed file on the mobile telecommunications apparatus based at least in part on the algorithmically generated value.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17 wherein the means for storing data includes means for securely storing the code specific to the mobile telecommunications apparatus, and wherein the means for algorithmically generating securely generates the value using the code specific to the mobile telecommunications apparatus.
  - 19. The apparatus of claim 17 wherein the means for algorithmically generating securely generates the value using the subscriber specific code associated with the subscriber and using the code specific to the telecommunications service provider, wherein the subscriber specific code associated with the subscriber is a subscriber ID, and wherein the code specific to the telecommunications service provider is a unique identifier.
  - 20. The apparatus of claim 17 wherein the algorithmically generated value is a hash value, wherein the means for algorithmically generating recalculates the hash value based on a code securely stored in the means for storing, and wherein the apparatus previously provided the hash value as the algorithmically generated value for the telecommunications server to encrypt or digitally sign the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
SNAPin Software, Inc. (Microsoft Corporation)
Inventors
Roundtree, Brian

Granted Patent

US 8,219,811 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/606   by securing the transmissio...

H04L 63/123   received data contents, e.g...

H04M 1/72406   by software upgrading or do...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

Secure Software Execution Such as for Use with a Cell Phone or Mobile Device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Software Execution Such as for Use with a Cell Phone or Mobile Device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links