Resource management system and corresponding method

US 8,752,189 B2
Filed: 06/04/2012
Issued: 06/10/2014
Est. Priority Date: 06/27/2011
Status: Active Grant

First Claim

Patent Images

1. A resource management system for managing configurable resources of a secure element, the resource management system comprising a licensor, a licensee and the secure element, wherein:

the licensor stores a license and first key in the secure element and transmits the license to the licensee;

the licensor generates a second key by applying a derivation function to the license using the first key;

the licensor transmits the second key to the licensee;

the licensee generates a configuration request comprising the license and license usage instructions;

the licensee applies a protection function to at least part of the configuration request using the second key;

the licensee transmits the configuration request to the secure element after applying the protection function to the at least part of the configuration;

the secure element is configured to generate a validation key by applying said derivation function to the license using the first key; and

the secure element is further configured to validate the received configuration request by applying said protection function to the at least part of the configuration request using the validation key and by comparing the result thereof with the result of the protection function applied by the licensee and the secure element configures its resources in accordance with the license usage instructions if the compared results are the same.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

133 Citations

9 Claims

1. A resource management system for managing configurable resources of a secure element, the resource management system comprising a licensor, a licensee and the secure element, wherein:
- the licensor stores a license and first key in the secure element and transmits the license to the licensee;
  
  the licensor generates a second key by applying a derivation function to the license using the first key;
  
  the licensor transmits the second key to the licensee;
  
  the licensee generates a configuration request comprising the license and license usage instructions;
  
  the licensee applies a protection function to at least part of the configuration request using the second key;
  
  the licensee transmits the configuration request to the secure element after applying the protection function to the at least part of the configuration;
  
  the secure element is configured to generate a validation key by applying said derivation function to the license using the first key; and
  
  the secure element is further configured to validate the received configuration request by applying said protection function to the at least part of the configuration request using the validation key and by comparing the result thereof with the result of the protection function applied by the licensee and the secure element configures its resources in accordance with the license usage instructions if the compared results are the same.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A resource management system as claimed in claim 1, wherein the license and the license usage instructions comprise a byte string.
  - 3. A resource management system as claimed in claim 1, wherein the configuration request comprises optional other information.
  - 4. A resource management system as claimed in claim 1, wherein the protection function applied by the licensee and the secure element comprises the generation of a Message Authentication Code computed over the license and the license usage instructions using the second key and the validation key, respectively.
  - 5. A resource management system as claimed in claim 1, wherein the protection function applied by the licensee comprises a symmetric encryption algorithm applied to the license and license usage instruction using the second key, and the protection function applied by the secure element comprises a corresponding decryption algorithm using the validation key.
  - 6. A resource management system as claimed in claim 1,wherein the licensee is further arranged to transmit the configuration request to the secure element via a service operator;
    - wherein the service operator is arranged to append a keyset to the configuration request;
      
      wherein the secure element is further arranged to grant access to its resources only if the configuration request comprises said keyset.
  - 7. A resource management system as claimed in claim 6, wherein the secure element is further arranged to generate said keyset and to transmit said keyset to the service operator.
  - 8. A resource management system as claimed in claim 1,wherein the secure element is embedded in a mobile device.

9. A method for managing configurable resources of a secure element in a resource management system, the resource management system comprising a licensor, a licensee and the secure element, whereinthe licensor stores a license and a first key in the secure element and transmits the license to the licensee;
- the licensor further generates a second key by applying a derivation function to the license using the first key;
  
  the licensor further transmits the second key to the licensee;
  
  the licensee generates a configuration request comprising the license and license usage instructions;
  
  the licensee applies a protection function to at least part of the configuration request using the second key;
  
  the licensee further transmits the configuration request to the secure element after applying the protection function to the at least part of the configuration request;
  
  the secure element generates a validation key by applying said derivation function to the license using the first key; and
  
  the secure element validates the received configuration request by applying the protection function to the at least part of the configuration request using the validation key and by comparing the result thereof with the result of the protection function applied by the licensee and the secure element configures its resources in accordance with the license usage instructions if the compared results are the same.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
NXP B.V. (NXP Semiconductors NV)
Inventors
de Jong, Hans
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US13/488,170
Publication Number

US 20120331559A1
Time in Patent Office

736 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 21/1073   Conversion

G06F 21/1075   Editing

Resource management system and corresponding method

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

133 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Resource management system and corresponding method

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others