System and method for activating individualized software modules in a digital broadcast environment

US 7,376,625 B2
Filed: 11/15/2001
Issued: 05/20/2008
Est. Priority Date: 11/15/2001
Status: Active Grant

First Claim

Patent Images

1. A method for providing selective use of locked software modules on a receiver comprising:

decrypting an encrypted certificate stored on a storage medium;

using part of the decrypted certificate to initialize the locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;

receiving a request for the use of a specific locked software module;

checking the code enabled flag corresponding to the specific locked software module to see if can be used;

if the flag indicates use is allowed, using the specific locked software module; and

checking the integrity of the certificate, wherein checking the certificate integrity comprises;

applying a hash function to at least a portion of the certificate and a hash string; and

comparing the result to a hash result stored in the certificate.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is disclosed for enabling individualized software functions in a device. In accordance with one embodiment of the present invention software is distributed as omnibus installations containing various software modules that are initially turned off. The user gains access to the turned off modules by requesting a certificate from a system provider. The system provider creates and transmits a certificate containing the information required to enable the desired module. The device can then use the certificate to access the desired software.

Citations

36 Claims

1. A method for providing selective use of locked software modules on a receiver comprising:
- decrypting an encrypted certificate stored on a storage medium;
  
  using part of the decrypted certificate to initialize the locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  receiving a request for the use of a specific locked software module;
  
  checking the code enabled flag corresponding to the specific locked software module to see if can be used;
  
  if the flag indicates use is allowed, using the specific locked software module; and
  
  checking the integrity of the certificate, wherein checking the certificate integrity comprises;
  
  applying a hash function to at least a portion of the certificate and a hash string; and
  
  comparing the result to a hash result stored in the certificate.
- View Dependent Claims (2)
- - 2. The method of claim 1 further comprising:
    - disabling the receiver if the integrity check fails.

3. A method for obtaining enhanced software capabilities comprising:
- transmitting a features request and a receiver ID from a first device to a system provider;
  
  the system provider;
  
  receiving the features request and the receiver ID at the system provider;
  
  generating a certificate to enable the requested features;
  
  retrieving a secret key associated with the receiver ID;
  
  encrypting at least part of the certificate using the secret key;
  
  transmitting the encrypted certificate;
  
  applying a hash function to at least a portion of the certificate and a hash string; and
  
  incorporating the result in to the certificate;
  
  receiving the encrypted certificate at the first device;
  
  decrypting the encrypted certificate using a secret key stored at the first device;
  
  applying the hash function to the same portion of the certificate and a locally stored copy of the hash string; and
  
  comparing its result to the result stored in the certificate.
- View Dependent Claims (4, 5)
- - 4. The method of claim 3 wherein the features request is transmitted from the first device via a two-way system.
  - 5. The method of claim 3 wherein the encrypted certificate is transmitted as part of a DVB transport stream.

6. A method for enhancing software capabilities on a receiver comprising:
- receiving a features request and a receiver ID;
  
  generating a certificate to enable the requested features;
  
  retrieving a key associated with the receiver ID;
  
  encrypting at least part of the certificate using the key; and
  
  transmitting the encrypted certificate;
  
  wherein the receiver decrypts the encrypted certificate;
  
  wherein the receiver uses part of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  wherein the receiver receives a request for the use of a specific locked software module;
  
  wherein the receiver checks the code enabled flag corresponding to the specific locked software capability to see if can be used; and
  
  wherein, if the flag indicates use is allowed, the receiver uses the specific locked software capability.

7. A method for obtaining enhanced software capabilities comprising:
- transmitting a features request and a receiver ID from a first device to a system provider;
  
  receiving an encrypted certificate at the first device;
  
  decrypting the encrypted certificate using a secret key stored at the first device;
  
  using part of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  receiving a request for the use of a specific locked software module;
  
  checking the code enabled flag corresponding to the specific locked software capability to see if can be used; and
  
  if the flag indicates use is allowed, using the specific locked software capability.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7 further comprising:
    - checking the integrity of the certificate.
  - 9. The method of claim 8 wherein the step of checking certificate integrity comprises:
    - applying a hash function to at least a portion of the certificate and a hash string;
      
      comparing the result to a hash result stored in the certificate.
  - 10. The method of claim 9 further comprising:
    - disabling the receiver if the integrity check fails.
  - 11. The method of claim 8 wherein the features request is transmitted from the first device via a two-way system.
  - 12. The method of claim 8 wherein the encrypted certificate is received as part of a DVB transport stream.
  - 13. The method of claim 8 wherein the features request is transmitted from the first device via a two-way system.
  - 14. The method of claim 8 wherein the encrypted certificate is received as part of a DVB transport stream.

15. An apparatus capable of providing individualized software functions comprising:
- means for interfacing with a user;
  
  means for generating a receiver identification code;
  
  means for transmitting a new function request, including the receiveridentification code;
  
  means for receiving a certificate;
  
  means for decrypting the certificate;
  
  means for using part of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  means for receiving a request for the use of a specific locked software module;
  
  means for checking the code enabled flaa corresponding to the specific locked software capability to see if can be used; and
  
  means for using, if the flag indicates use is allowed, the specific locked software capability.
- View Dependent Claims (16, 17)
- - 16. The apparatus of claim 15 further comprising:
    - means for encrypting the receiver identification code.
  - 17. The apparatus of claim 15 further comprising:
    - means for authenticating the certificate.

18. An apparatus capable of providing individualized software functions comprising:
- means for interfacing with a user;
  
  means for generating a receiver identification code;
  
  means for encrypting the receiver identification code;
  
  means for transmitting a new function request, including the receiver identification code;
  
  means for receiving a certificate;
  
  means for authenticating the certificate;
  
  means for decrypting the certificate;
  
  means for using part of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  means for receiving a request for the use of a specific locked software module;
  
  means for checking the code enabled flag corresponding to the specific locked software capability to see if can be used; and
  
  means for using, if the flag indicates use is allowed, the specific locked software capability.

19. An apparatus, comprising:
- a memory having program code stored therein; and
  
  a processor disposed in communication with the memory for carrying out instructions in accordance with the stored program code;
  
  wherein the program code, when executed by the processor, causes the processor to perform;
  
  decrypting an encrypted certificate stored on a storage medium;
  
  using part of the decrypted certificate to initialize the locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  receiving a request for the use of a specific locked software module;
  
  checking the code enabled flag corresponding to the specific locked software module to see if can be used;
  
  if the flag indicates use is allowed, using the specific locked software module; and
  
  checking the integrity of the certificate, wherein checking the certificate integrity comprises;
  
  applying a hash function to at least a portion of the certificate and a hash string; and
  
  comparing the result to a hash result stored in the certificate.
- View Dependent Claims (20, 21)
- - 20. The apparatus of claim 19 wherein the processor further performs:
    - disabling the apparatus if the integrity check fails.
  - 21. The apparatus of claim 19, further comprising:
    - a network interface disposed in communication with the processor,wherein the apparatus is a receiver.

22. An apparatus, comprising:
- a memory having program code stored therein; and
  
  a processor disposed in communication with the memory for carrying out instructions in accordance with the stored program code;
  
  wherein the program code, when executed by the processor, causes the processor to perform;
  
  receiving a features request and a receiver ID;
  
  generating a certificate to enable the requested features;
  
  retrieving a key associated with the receiver ID;
  
  encrypting at least part of the certificate using the key; and
  
  transmitting the encrypted certificate,wherein the receiver decrypts the encrypted certificate,wherein the receiver uses Dart of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  wherein the receiver receives a recquest for the use of a specific locked software module;
  
  wherein the receiver checks the code enabled flag corresponding to the specific locked software capability to see if can be used; and
  
  wherein, if the flag indicates use is allowed, the receiver uses the specific locked software capability.

23. An apparatus, comprising:
- a memory having program code stored therein; and
  
  a processor disposed in communication with the memory for carrying out instructions in accordance with the stored program code;
  
  wherein the program code, when executed by the processor, causes the processor to perform;
  
  transmitting a features request and a receiver ID from the apparatus to a system provider;
  
  receiving an encrypted certificate at the apparatus;
  
  decrypting the encrypted certificate using a secret key stored at the apparatus;
  
  using part of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  receiving a request for the use of a specific locked software module;
  
  checking the code enabled flag corresponding to the specific locked software capability to see if can be used; and
  
  if the flag indicates use is allowed, using the specific locked software capability.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The apparatus of claim 23 wherein the processor further performs:
    - checking the integrity of the certificate.
  - 25. The apparatus of claim 24 wherein checking certificate integrity comprises:
    - applying a hash function to at least a portion of the certificate and a hash string; and
      
      comparing the result to a hash result stored in the certificate.
  - 26. The apparatus of claim 25, wherein the processor further performs:
    - disabling the apparatus if the integrity check fails.
  - 27. The apparatus of claim 23 wherein the features request is transmitted from the apparatus via a two-way system.
  - 28. The apparatus of claim 23 wherein the encrypted certificate is received as part of a DVB transport stream.
  - 29. The apparatus of claim 23 wherein the features request is transmitted from the apparatus via a two-way system.
  - 30. The apparatus of claim 23 wherein the encrypted certificate is received as part of a DVB transport stream.
  - 31. The apparatus of claim 23, further comprising:
    - a network interface disposed in communication with the processor,wherein the apparatus is a receiver.

32. A system, comprising:
- a device disposed in communication with a system provider,wherein the system provider is configured to;
  
  receive a features request and a receiver ID;
  
  generate a certificate to enable the requested features;
  
  retrieve a secret key associated with the receiver ID;
  
  encrypt at least part of the certificate using the secret key; and
  
  transmit the encrypted certificate;
  
  apply a hash function to at least a portion of the certificate and a hash string; and
  
  incorporate the result in to the certificate; and
  
  wherein the device is configured to;
  
  transmit the features request and the receiver ID to the system provider;
  
  receive the encrypted certificate;
  
  decrypt the encrypted certificate using a stored secret key;
  
  apply the hash function to the same portion of the certificate and a locally stored copy of the hash string; and
  
  compare its result to the result stored in the certificate.
- View Dependent Claims (33, 34)
- - 33. The system of claim 32 wherein the features request is transmitted from the device via a two-way system.
  - 34. The system of claim 32 wherein the encrypted certificate is transmitted as part of a DVB transport stream.

35. An article of manufacture comprising a computer readable medium containing program code that when executed causes an apparatus to perform:
- decrypting an encrypted certificate stored on a storage medium;
  
  using part of the decrypted certificate to initialize the locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  receiving a request for the use of a specific locked software module;
  
  checking the code enabled flag corresponding to the specific locked software module to see if can be used;
  
  if the flag indicates use is allowed, using the specific locked software module and checking the integrity of the certificate, wherein checking the certificate integrity comprises;
  
  applying a hash function to at least a portion of the certificate and a hash string; and
  
  comparing the result to a hash result stored in the certificate.

36. An article of manufacture comprising a computer readable medium containing program code that when executed causes an apparatus to perform:
- transmitting a features request and a receiver ID from the apparatus to a system provider;
  
  receiving an encrypted certificate at the apparatus;
  
  decrypting the encrypted certificate using a secret key stored at the apparatus;
  
  using part of the decrypted certificate to initialize any locked software modules indicated by the certificate, including setting a code enabled flag corresponding to the enabled modules;
  
  receiving a request for the use of a specific locked software module;
  
  checking the code enabled flag corresponding to the specific locked software capability to see if can be used; and
  
  if the flag indicates use is allowed, using the specific locked software capability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Nokia Corporation
Inventors
Koskela, Antti, Koivisto, Kyösti, Kangas, Mauri
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US10/000,645
Publication Number

US 20050005286A1
Time in Patent Office

2,378 Days
Field of Search

705/57, 705/50, 705/51
US Class Current

705/57
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

H04N 21/235   Processing of additional da...

H04N 21/25858   involving client software c...

H04N 21/4108   characterised by an identif...

H04N 21/435   Processing of additional da...

H04N 21/4586   Content update operation tr...

H04N 21/8173   End-user applications, e.g....

H04N 7/165   Centralised control of user...

System and method for activating individualized software modules in a digital broadcast environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for activating individualized software modules in a digital broadcast environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links