System and method for remote device registration

US 8,972,721 B2
Filed: 04/12/2013
Issued: 03/03/2015
Est. Priority Date: 06/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for controlling insertion of sensitive data into devices, said method comprising:

arranging at least one server to be communicably connectable to a controller responsible for distributing said sensitive data and equipment responsible for injecting said sensitive data into said devices, said server being located remote from said controller, and said server comprising a secure module for performing cryptographic operations;

receiving from said controller, a cryptographically protected data transmission comprising a quantity of each of a plurality of types of sensitive data;

receiving a request from said equipment for sensitive data for a product type;

extracting from said cryptographically protected data transmission, one or more of said plurality of types of sensitive data according to said product type; and

providing said one or more of said plurality of types of sensitive data to said equipment.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.

Citations

26 Claims

1. A method for controlling insertion of sensitive data into devices, said method comprising:
- arranging at least one server to be communicably connectable to a controller responsible for distributing said sensitive data and equipment responsible for injecting said sensitive data into said devices, said server being located remote from said controller, and said server comprising a secure module for performing cryptographic operations;
  
  receiving from said controller, a cryptographically protected data transmission comprising a quantity of each of a plurality of types of sensitive data;
  
  receiving a request from said equipment for sensitive data for a product type;
  
  extracting from said cryptographically protected data transmission, one or more of said plurality of types of sensitive data according to said product type; and
  
  providing said one or more of said plurality of types of sensitive data to said equipment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, further comprising receiving an equipment log report indicative of insertion of said one or more of said plurality of types of sensitive data into said product type.
  - 3. The method according to claim 1, further comprising:
    - storing a credit value provided by said controller indicative of a number of sensitive data insertions that are permitted before requesting more of said sensitive data from said controller;
      
      referencing said credit value and providing an amount of said sensitive data to said equipment for injection into said one or more devices according to said credit value; and
      
      if said amount is less than said credit value, updating said credit value according to said amount.
  - 4. The method according to claim 2, further comprising sending said equipment log report to said controller.
  - 5. The method according to claim 1, further comprising preparing a server log report regarding obtaining said sensitive data from said controller, and said server sending said server log report to said controller.
  - 6. The method according to claim 1, further comprising executing a provisioning procedure prior to receiving said sensitive data from said controller, said provisioning procedure being used to initialize said server and said secure module.
  - 7. The method according to claim 3, further comprising receiving a credit instruction from said controller indicating an update for said credit value.
  - 8. The method according to claim 1, further comprising said server receiving from said controller, an object for implementing an existing data injection solution, said existing solution modifying said data;
    - said object having been signed and a signed object is provided to said secure module;
      
      said secure module storing said signed object, verifying said signed object, and modifying said sensitive data according to said existing solution if said signed object is verified; and
      
      said server sending said modified data to said equipment for injection into said one or more devices.
  - 9. The method according to claim 1, further comprising providing to said controller, an indication of which one or more of said plurality of types of sensitive data have been provided by said secure module to said equipment.
  - 10. The method according to claim 1, further comprising receiving a configuration message from said controller for use in modifying settings in said secure module.
  - 11. The method according to claim 1, further comprising providing a server log report to said controller.
  - 12. The method according to claim 1, wherein said secure module decrypts keys upon receipt thereof and individually re-encrypts each key;
    - and wherein certain ones of said keys are decrypted for use by said equipment upon a request made by said equipment.

13. A server system for controlling insertion of sensitive data into devices, said system comprising:
- at least one server communicably connectable to a controller responsible for distributing said sensitive data and equipment responsible for injecting said sensitive data into said devices, said server being located remote from said controller, said server comprising a secure module for performing cryptographic operations and being configured for;
  
  receiving from said controller, a cryptographically protected data transmission comprising a quantity of each of a plurality of types of sensitive data;
  
  receiving a request from said equipment for sensitive data for a product type;
  
  extracting from said cryptographically protected data transmission, one or more of said plurality of types of sensitive data according to said product type; and
  
  providing said one or more of said plurality of types of sensitive data to said equipment.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system according to claim 13, further configured for receiving an equipment log report indicative of insertion of said one or more of said plurality of types of sensitive data into said product type.
  - 15. The system according to claim 13, further configured for:
    - storing a credit value provided by said controller indicative of a number of sensitive data insertions that are permitted before requesting more of said sensitive data from said controller;
      
      referencing said credit value and providing an amount of said sensitive data to said equipment for injection into said one or more devices according to said credit value; and
      
      if said amount is less than said credit value, updating said credit value according to said amount.
  - 16. The system according to claim 14, further configured for sending said equipment log report to said controller.
  - 17. The system according to claim 13, further configured for preparing a server log report regarding obtaining said sensitive data from said controller, and said server sending said server log report to said controller.
  - 18. The system according to claim 13, further configured for executing a provisioning procedure prior to receiving said sensitive data from said controller, said provisioning procedure being used to initialize said server and said secure module.
  - 19. The system according to claim 15, further configured for receiving a credit instruction from said controller indicating an update for said credit value.
  - 20. The system according to claim 13, further configured for said server receiving from said controller, an object for implementing an existing data injection solution, said existing solution modifying said data;
    - said object having been signed and a signed object is provided to said secure module;
      
      said secure module storing said signed object, verifying said signed object, and modifying said sensitive data according to said existing solution if said signed object is verified; and
      
      said server sending said modified data to said equipment for injection into said one or more devices.
  - 21. The system according to claim 13, further configured for providing to said controller, an indication of which one or more of said plurality of types of sensitive data have been provided by said secure module to said equipment.
  - 22. The system according to claim 13, further configured for receiving a configuration message from said controller for use in modifying settings in said secure module.
  - 23. The system according to claim 13, further configured for providing a server log report to said controller.
  - 24. The system according to claim 13, wherein said secure module decrypts keys upon receipt thereof and individually re-encrypts each key;
    - and wherein certain ones of said keys are decrypted for use by said equipment upon a request made by said equipment.

25. A method for controlling insertion of sensitive data into devices, said method comprising:
- arranging a controller to be communicably connectable to a server being located remote therefrom and configured to be communicably connectable to equipment responsible for injecting said sensitive data into said devices, said controller being configured for distributing said sensitive data to said server to enable said server to provide said sensitive data to said equipment, said controller comprising a secure module for performing cryptographic operations;
  
  determining a plurality of types of sensitive data required by said server to satisfy requests from said equipment for sensitive data for a product type, one or more of said plurality of types of sensitive data being required for said product type; and
  
  sending to said server, a cryptographically protected data transmission comprising a quantity of each of a plurality of types of sensitive data to enable said server to provide said one or more of said plurality of types of sensitive data to said equipment.

26. A system for controlling insertion of sensitive data into devices, said system comprising:
- a controller device communicably connectable to a server being located remote therefrom and configured to be communicably connectable to equipment responsible for injecting said sensitive data into said devices, said controller device being configured for distributing said sensitive data to said server to enable said server to provide said sensitive data to said equipment, said controller device comprising a secure module for performing cryptographic operations;
  
  said controller device being configured for;
  
  determining a plurality of types of sensitive data required by said server to satisfy requests from said equipment for sensitive data for a product type, one or more of said plurality of types of sensitive data being required for said product type; and
  
  sending to said server, a cryptographically protected data transmission comprising a quantity of each of a plurality of types of sensitive data to enable said server to provide said one or more of said plurality of types of sensitive data to said equipment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Neill, Brian, Vadekar, Ashok, Xu, Patrick
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US13/861,540
Publication Number

US 20130238899A1
Time in Patent Office

690 Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/72   in cryptographic circuits

H04L 2209/04   Masking or blinding

H04L 2209/60   Digital content management,...

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0897   involving additional device...

System and method for remote device registration

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remote device registration

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links