System and Method for Binding a Subscription-Based Computing System to an Internet Service Provider

US 20080250129A1
Filed: 04/04/2007
Published: 10/09/2008
Est. Priority Date: 04/04/2007
Status: Active Grant

First Claim

Patent Images

1. A system for binding a subscription-based computer to a service provider comprising:

a binding module residing on the computer including a computer-readable medium having computer executable instructions comprising;

a detection module for identifying configuration data from a peripheral device of the computer;

a validation module for authenticating the configuration data; and

a security module residing on the computer, in communication with the binding module, and including a computer-readable medium having computer executable instructions comprising;

a network module for degrading operation of the computer if the validation module does not authenticate the configuration data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Citations

20 Claims

1. A system for binding a subscription-based computer to a service provider comprising:
- a binding module residing on the computer including a computer-readable medium having computer executable instructions comprising;
  
  a detection module for identifying configuration data from a peripheral device of the computer;
  
  a validation module for authenticating the configuration data; and
  
  a security module residing on the computer, in communication with the binding module, and including a computer-readable medium having computer executable instructions comprising;
  
  a network module for degrading operation of the computer if the validation module does not authenticate the configuration data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the binding module resides on a Southbridge of the computer.
  - 3. The system of claim 1, wherein the binding module further comprises a cryptographic module for encrypting a request for data from the computer to a remote computer and for decrypting a response to the request for data from the remote computer;
    - wherein the validation module authenticates the configuration data and the response to the request for data from the remote computer; and
      
      wherein the network module degrades the operation of the computer if the validation module does not authenticate the configuration data or the response to the request for data from the remote computer.
  - 4. The system of claim 1, wherein the security module further comprises computer executable instructions comprising:
    - a provisioning module for accessing decrementing, and storing subscription data during operation of the subscription-based computer;
      
      wherein the subscription data includes a number of subscription units.
  - 5. The system of claim 1, wherein the cryptographic module includes a secure memory storing an encryption key.
  - 6. The system of claim 3, wherein the network module further comprises computer executable instructions for degrading the operation of the computer if a time between sending the request for data from the remote computer and receiving the response is above threshold.
  - 7. The system of claim 1, wherein the binding module resides on a PCI bus of the computer.
  - 8. The system of claim 1, wherein the peripheral device includes at least one of a USB device, a 1394 device, a NIC, a hard drive, a network device, or a flash device.
  - 9. The system of claim 3, further comprising a heartbeat module including a computer-readable medium having computer executable instructions comprising:
    - a heartbeat transmission module for transmitting an encrypted ping message; and
      
      a heartbeat validation module for receiving and verifying the encrypted ping message;
      
      wherein the network module does not degrade operation of the computer if the validation module authenticates the configuration data and the response to the request for data from the remote computer, and the heartbeat validation module receives and verifies the encrypted ping message.
  - 10. The system of claim 9, wherein the heartbeat transmission module resides at the remote computer and the heartbeat validation module resides at the subscription-based computer.
  - 12. The method of claim 1, further comprising detecting the configuration data at a Southbridge of the computer.
  - 13. The method of claim 1, further comprising communicating an encrypted packet from the computer to a remote computer of the ISP if the source of the configuration data is authentic, the encrypted packet uniquely identifying the computer;
    - authenticating the encrypted packet at the remote computer;
      
      communicating a heartbeat packet from the remote computer to the computer;
      
      authenticating the heartbeat packet at the computer; and
      
      maintaining communication between the ISP and the computer if the heartbeat packet is authentic.
  - 14. The method of claim 13, wherein the heartbeat packet includes an encrypted ping message from the ISP to the computer.
  - 15. The method of claim 13, further comprising communicating the heartbeat packet from the remote computer to the computer at a random time interval.
  - 16. The method of claim 13, further comprising degrading the operation of the computer if either the source is not authentic, the encrypted packet is not authentic, the encrypted heartbeat packet is not authentic, or the communication between the ISP and the computer is disrupted.
  - 17. The method of claim 16, further comprising degrading operation of the computer if the detected configuration cycle does not belong to a NIC of the computer.

11. A method for binding a subscription-based computer to an internet service provider (ISP) comprising:
- communicating configuration data from a peripheral device to the computer;
  
  detecting the configuration data at the computer;
  
  authenticating a source of the configuration data;
  
  passing the configuration data to a processor of the computer if the source of the configuration data is authentic; and
  
  discarding the configuration data if the source of the configuration data is not authentic.

18. A system including a binding module in communication with a security module of a subscription-based computer, the binding module including a detection module and a cryptographic module, at least one of the binding module and the security module including a memory and a processor physically configured to execute computer executable code for:
- accessing, decrementing, and storing a number of subscription units in the memory during operation of the computer;
  
  communicating configuration data from a peripheral device to the computer;
  
  detecting the configuration data at the computer;
  
  authenticating a source of the configuration data;
  
  passing the configuration data to a processor of the computer if the source of the configuration data is authentic;
  
  discarding the configuration data if the source of the configuration data is not authentic.communicating an encrypted packet from the computer to a remote computer of the ISP if the source of the configuration data is authentic, the encrypted packet uniquely identifying the computer;
  
  authenticating the encrypted packet at the remote computer;
  
  communicating an encrypted ping message from the remote computer to the computer at a random time interval;
  
  authenticating the encrypted ping message at the computer;
  
  maintaining communication between the ISP and the computer if the heartbeat packet is authentic;
- View Dependent Claims (19, 20)
- - 19. degrading operation of the computer if the configuration data is not authentic. The system of claim 18, wherein the peripheral device is a NIC of the computer.
  - 20. The system of claim 18, further comprising degrading the operation of the computer if either the encrypted packet is not authentic or the encrypted ping message packet is not authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Westerinen, William J., Schmidt, Shon, Carpenter, Todd, Sebesta, David J.

Granted Patent

US 7,984,497 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/12 Applying verification of th...

System and Method for Binding a Subscription-Based Computing System to an Internet Service Provider

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Binding a Subscription-Based Computing System to an Internet Service Provider

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links