Secure Configuration of a Computing Device

US 20110007895A1
Filed: 09/09/2010
Published: 01/13/2011
Est. Priority Date: 07/26/2005
Status: Active Grant

First Claim

Patent Images

1. A method of securely configuring a computing device, the method comprising:

receiving a configuration indication into the computing device, the configuration indication including a configuration file and an encrypted digest of the configuration file, the encrypted digest being formed by producing a digest of the configuration file and encrypting the digest, the configuration file including a unique identifier associated with the computing device;

verifying that the received configuration indication is authentic including;

generating a digest of the configuration file;

decrypting the received encrypted digest; and

comparing the generated digest with the decrypted digest;

operating or interoperating with the computing device in accordance with the received configuration file when the generated digest and the decrypted digest match; and

operating or interoperating with the computing device in accordance with another configuration file of the computing device when the generated digest and the received decrypted digest do not match.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication may be verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device may be operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. The configuration indication and digital signature may be provided from the computing device to the service, and the service may interoperate with the computing device in accordance with the configuration indication and the digital signature. For example, the computing device may be a portable media player, and the service may provide media to the computing device based on a capacity indication of the configuration indication.

Citations

21 Claims

1. A method of securely configuring a computing device, the method comprising:
- receiving a configuration indication into the computing device, the configuration indication including a configuration file and an encrypted digest of the configuration file, the encrypted digest being formed by producing a digest of the configuration file and encrypting the digest, the configuration file including a unique identifier associated with the computing device;
  
  verifying that the received configuration indication is authentic including;
  
  generating a digest of the configuration file;
  
  decrypting the received encrypted digest; and
  
  comparing the generated digest with the decrypted digest;
  
  operating or interoperating with the computing device in accordance with the received configuration file when the generated digest and the decrypted digest match; and
  
  operating or interoperating with the computing device in accordance with another configuration file of the computing device when the generated digest and the received decrypted digest do not match.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the configuration indication is a collection of data indicating a configuration for at least a plurality of operations of the computing device.
  - 3. The method of claim 2, wherein the collection of data includes a collection of key/value pairs.
  - 4. The method of claim 3, wherein the collection of key/value pairs is defined by a markup language.
  - 5. The method of claim 4, wherein the markup language is an extensible markup language.
  - 6. The method of claim 4, wherein the collection of data includes a binary encoding of the markup language.
  - 7. The method of claim 1, wherein the received encrypted digest is created in association with a provider of the configuration indication based on a private key of a public/private key pair;
    - andwherein the decrypting of the encrypted digest uses a public key of the public/private key pair.
  - 8. The method of claim 7, wherein the verifying comprises:
    - comparing the unique identifier provided in the configuration file to a unique identifier previously assigned to the computing device.
  - 9. The method of claim 1, further comprising:
    - generating the configuration indication and the encrypted digest by a service, andproviding the configuration indication and the encrypted digest from the service to the computing device, for the configuration indication and the encrypted digest to be received by the computing device.
  - 10. The method of claim 9, further comprising:
    - providing the configuration indication and the encrypted digest from the computing device back to the service,wherein interoperating with the computing device in accordance with the received configuration indication includes the service interoperating with the computing device in accordance with the configuration indication provided back to the service.
  - 11. The method of claim 9, further comprising:
    - performing an action by a user that causes initiation of the configuration indication generating step.
  - 12. The method of claim 11, wherein:
    - the action by the user is with respect to the computing device.the action by the user is with respect to the service,the service includes a user application executing on a client computer and server-based functionality, andthe action by the user with respect to the service is an action by the user with respect to the user application executing on the client computer.
  - 13. The method of claim 12, wherein:
    - the server-based functionality includes commerce functionality to regulate the user application, including regulating whether the user application can generate the configuration indication and the encrypted digest.
  - 14. The method of claim 13, wherein:
    - the commerce functionality includes functionality to receive remuneration in exchange for allowing the user application to generate the configuration indication and the encrypted digest.
  - 15. The method of claim 11, wherein:
    - the action corresponds to a direct request by a user to request a new or modified configuration.
  - 16. The method of claim 11, wherein:
    - the action corresponds to a request by a user to perform an action, wherein the action requires a new or modified configuration.
  - 17. The method of claim 16, wherein:
    - the action by the user with respect to the computing device causes the service to generate the configuration indication and the encrypted digest.
  - 18. The method of claim 17, wherein:
    - the computing device is connected to the service via a wireless network.
  - 19. The method of claim 18, wherein:
    - the wireless network is provided by a wireless carrier; and
      
      the service is provided in cooperation with the wireless carrier.
  - 20. The method of claim 19, wherein:
    - the computing device has wireless communication functionality;
      
      the wireless network is a network provided by a mobile telephone service provider; and
      
      the service is provided in cooperation with the mobile telephone service provider.

21. A non-transitory computer readable medium including at least computer program code stored therein for securely configuring a computing device, the computer readable medium comprising:
- computer program code for receiving a configuration indication at the computing device, the configuration indication including a configuration file and an encrypted digest of the configuration file, the encrypted digest being formed by producing a digest of the configuration file and encrypting the digest, the configuration file including a unique identifier associated with the computing device;
  
  computer program code for verifying that the received configuration indication is authentic, the verifying including at least generating a digest of the configuration file, decrypting the received encrypted digest, and comparing the generated digest with the decrypted digest;
  
  computer program code for causing the computing device to operate in accordance with the received configuration file when the generated digest and the decrypted digest match; and
  
  computer program code for causing the computing device to operate in accordance with another configuration file of the computing device when the generated digest and the received decrypted digest do not match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alan Ward, Christopher R. Wysocki
Original Assignee
Alan Ward, Christopher R. Wysocki
Inventors
Wysocki, Christopher R., Ward, Alan

Granted Patent

US 8,214,648 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

G06Q 20/3678   e-cash details, e.g. blinde...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

Secure Configuration of a Computing Device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Configuration of a Computing Device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links