Secure software execution such as for use with a cell phone or mobile device

US 8,219,811 B2
Filed: 09/21/2005
Issued: 07/10/2012
Est. Priority Date: 09/21/2004
Status: Active Grant

First Claim

Patent Images

1. A security system for securely providing data between a server computer and multiple mobile telecommunications devices, the system comprising:

at least one server computer having at least one database, wherein the database stores software programs, scripts, or data, andwherein the server computer is configured to;

generate a globally unique number,store the globally unique number in the database, and provide the globally unique number to a specific one of the multiple mobile telecommunications devices; and

,wherein the server computer is further configured to;

receive a hash value from the specific mobile telecommunications device,encrypt or digitally sign at least one file containing a software program, script, or data using the hash value, andprovide to the specific mobile telecommunications device the encrypted or digitally signed file; and

a Subscriber Identification Module (SIM), smart card, or tamper resistant memory module, at least releasable secured to the specific mobile telecommunications device, wherein the specific mobile telecommunications device wirelessly receives the globally unique number, andwherein the SIM, smart card, or tamper resistant memory module stores a locally resident secret or secure number, and generates the hash value based at least in part on the locally resident number and the wirelessly received globally unique number; and

,wherein the specific mobile telecommunications device wirelessly provides the hash value to the at least one server computer, wirelessly receives the encrypted or digitally signed file, and locally decrypts or verifies the digital signature based at least in part on the generated hash value and without connectivity to the server or other external computer, andwherein the locally resident number on the specific mobile telecommunications device is an International Mobile Equipment Identifier (IMEI), a International Mobile Subscriber Identifier (IMSI), a Medium Access Control (MAC) address, a Universal Subscriber Identity Module (USIM), or an Electronic Serial Number (ESN).

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securely executing software or securely loading data generates a secret value at a destination device based on a value transmitted to the destination device, which is algorithmically combined with a secure value stored at the destination device. The destination device, such as a cell phone, remotely accesses an entity or otherwise receives the software or data, where the software or data is encrypted or digitally signed based on the secret value. The cell phone then selectively employs the software or data.

90 Citations

View as Search Results

9 Claims

1. A security system for securely providing data between a server computer and multiple mobile telecommunications devices, the system comprising:
- at least one server computer having at least one database, wherein the database stores software programs, scripts, or data, andwherein the server computer is configured to;
  
  generate a globally unique number,store the globally unique number in the database, and provide the globally unique number to a specific one of the multiple mobile telecommunications devices; and
  
  ,wherein the server computer is further configured to;
  
  receive a hash value from the specific mobile telecommunications device,encrypt or digitally sign at least one file containing a software program, script, or data using the hash value, andprovide to the specific mobile telecommunications device the encrypted or digitally signed file; and
  
  a Subscriber Identification Module (SIM), smart card, or tamper resistant memory module, at least releasable secured to the specific mobile telecommunications device, wherein the specific mobile telecommunications device wirelessly receives the globally unique number, andwherein the SIM, smart card, or tamper resistant memory module stores a locally resident secret or secure number, and generates the hash value based at least in part on the locally resident number and the wirelessly received globally unique number; and
  
  ,wherein the specific mobile telecommunications device wirelessly provides the hash value to the at least one server computer, wirelessly receives the encrypted or digitally signed file, and locally decrypts or verifies the digital signature based at least in part on the generated hash value and without connectivity to the server or other external computer, andwherein the locally resident number on the specific mobile telecommunications device is an International Mobile Equipment Identifier (IMEI), a International Mobile Subscriber Identifier (IMSI), a Medium Access Control (MAC) address, a Universal Subscriber Identity Module (USIM), or an Electronic Serial Number (ESN).
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein the file includes a software program or script, and wherein the specific mobile telecommunications device decrypts or verifies the digital signature based at least in part on the generated hash value at run-time each time the software program or script are executed.
  - 3. The system of claim 1 wherein the server computer generates the unique number after receiving a short message from the specific mobile telecommunications device when provisioning a new wireless subscriber account.

4. A computer-readable storage medium whose contents cause at least one device, associated with a wireless telecommunications network, to perform a method to securely process data, or securely execute programs, the method comprising:
- generating a globally unique number;
  
  storing the globally unique number;
  
  wirelessly providing the globally unique number to a specific receiving telecommunications device;
  
  receiving a hash value from the specific receiving telecommunications device, wherein the hash value is generated at least in part on the globally unique number and a globally unique and locally resident number stored at the specific receiving telecommunications device,wherein the locally resident number is locally stored in a secure memory location of a removable memory media releasably secured to the specific receiving telecommunications device, and wherein the removable memory media comprises a Subscriber Identification Module (SIM), a smart card, or a tamper resistant memory module;
  
  encrypting or digitally signing at least one file using at least the hash value; and
  
  providing to the specific receiving telecommunications device the encrypted or digitally signed file for locally decrypting or authenticating the file using at least the hash value and without connectivity to an external computer coupled to the wireless telecommunications network,wherein the computer-readable storage medium is not a signal, wherein the SIM, smart card, or tamper resistant memory module stores the locally resident number, and generates the hash value based at least in part on the locally resident number and the globally unique number, and,wherein the locally resident number is an International Mobile Equipment Identifier (IMEI), a International Mobile Subscriber Identifier (IMSI), a Medium Access Control (MAC) address, a Universal Subscriber Identity Module (USIM), or an Electronic Serial Number (ESN).
- View Dependent Claims (5, 6, 7, 8)
- - 5. The computer-readable storage medium of claim 4 wherein the computer-readable medium is a memory of the telecommunications mobile device.
  - 6. The computer-readable storage medium of claim 4 wherein the computer-readable medium is a logical node in a computer network receiving the contents.
  - 7. The computer-readable storage medium of claim 4 wherein the computer-readable medium is a computer-readable disk.
  - 8. The computer-readable storage medium of claim 4 wherein the computer-readable medium is a memory of the telecommunications server.

9. A mobile telecommunications apparatus for use with a telecommunications server coupled to a wireless telecommunications network, wherein the mobile telecommunications apparatus is associated with at least one subscriber who subscribes to wireless telecommunication services from a telecommunications service provider, the apparatus comprising:
- means for generating a globally unique number;
  
  means for storing the globally unique number;
  
  means for wirelessly providing the globally unique number to a specific receiving telecommunications component;
  
  means for receiving a hash value from the specific receiving telecommunications device, wherein the hash value is generated at least in part on the globally unique number and a globally unique and locally resident number stored at the specific receiving telecommunications component,wherein the locally resident number is locally stored in a secure memory location of a removable memory media releasably secured to the specific receiving telecommunications component, andwherein the removable memory media comprises a Subscriber Identification Module (SIM), a smart card, or a tamper resistant memory module;
  
  means for encrypting or digitally signing at least one file using at least the hash value; and
  
  means for providing to the specific receiving telecommunications component the encrypted or digitally signed file for locally decrypting or authenticating the file using at least the hash value and without connectivity to an external computer coupled to the wireless telecommunications network,wherein the SIM, smart card, or tamper resistant memory module stores the locally resident number, and generates the hash value based at least in part on the locally resident number and the globally unique number, andwherein the locally resident number is an International Mobile Equipment Identifier (IMEI), a International Mobile Subscriber Identifier (IMSI), a Medium Access Control (MAC) address, a Universal Subscriber Identity Module (USIM), or an Electronic Serial Number (ESN).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Nuance Communications, Inc. (Microsoft Corporation)
Inventors
Roundtree, Brian
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Plecha, Thaddeus

Application Number

US11/575,058
Publication Number

US 20080189550A1
Time in Patent Office

2,484 Days
Field of Search

713/169
US Class Current

713/169
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/606   by securing the transmissio...

H04L 63/123   received data contents, e.g...

H04M 1/72406   by software upgrading or do...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

Secure software execution such as for use with a cell phone or mobile device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Secure software execution such as for use with a cell phone or mobile device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others