Feature enablement at a communications terminal

US 9,100,548 B2
Filed: 07/17/2008
Issued: 08/04/2015
Est. Priority Date: 07/17/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a plurality of hardware components realizing a plurality of pre-defined features of the apparatus, wherein at least some of the plurality of hardware components are disabled so as to disable corresponding features in the plurality of features;

a digital feature register recording enablement state of each one of the plurality of hardware components;

a secure processor operable to execute machine-readable instructions to perform operations comprising;

validating a received feature token specifying an authorization to change the enablement state of at least one particular hardware component in the plurality of hardware components to enable at least one particular feature in the plurality of features realized by the particular hardware component; and

changing the enablement state of the particular hardware component, based at least in part on the received feature token and in response to validating the received feature token; and

a general purpose processor controlling access to the plurality of hardware components and operable to execute machine-readable instructions to perform operations comprising;

receiving a software request to access the particular hardware component; and

determining whether the particular hardware component is enabled by reading the digital feature register;

wherein the digital feature register is writable to only by the secure processor and the general purpose processor has direct read-only access to the digital feature register and the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for electronic enablement of features at a communication device that includes receiving a feature token, validating the feature token, and changing the enablement state of one or more features at the communication device in accordance with a valid feature token.

22 Citations

View as Search Results

26 Claims

1. An apparatus, comprising:
- a plurality of hardware components realizing a plurality of pre-defined features of the apparatus, wherein at least some of the plurality of hardware components are disabled so as to disable corresponding features in the plurality of features;
  
  a digital feature register recording enablement state of each one of the plurality of hardware components;
  
  a secure processor operable to execute machine-readable instructions to perform operations comprising;
  
  validating a received feature token specifying an authorization to change the enablement state of at least one particular hardware component in the plurality of hardware components to enable at least one particular feature in the plurality of features realized by the particular hardware component; and
  
  changing the enablement state of the particular hardware component, based at least in part on the received feature token and in response to validating the received feature token; and
  
  a general purpose processor controlling access to the plurality of hardware components and operable to execute machine-readable instructions to perform operations comprising;
  
  receiving a software request to access the particular hardware component; and
  
  determining whether the particular hardware component is enabled by reading the digital feature register;
  
  wherein the digital feature register is writable to only by the secure processor and the general purpose processor has direct read-only access to the digital feature register and the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the digital feature register includes a plurality of binary bit values, each bit value representing the respective enablement status of a respective feature in the plurality of features, and modifying at least one value stored in the digital feature register includes toggling a particular binary bit value in the register corresponding to the particular feature, wherein toggling the particular binary bit value of the particular feature toggles the enablement status of the particular hardware component, and each of the one or more hardware components is directly enabled or disabled based on the bit value corresponding to the hardware component in the digital feature register.
  - 3. The apparatus of claim 1, wherein the apparatus is a television set-top box.
  - 4. The apparatus of claim 1, wherein said secure processor is configured to change said the enablement state of the particular hardware component from an unenabled state to an enabled state and from an enabled state to an unenabled state.
  - 5. The apparatus of claim 1, wherein at least a particular one of the disabled hardware components is disabled by disabling a clock signal to the particular hardware component based on a corresponding value of the digital feature register.

6. A method, comprising:
- receiving a feature token at a communication device including at least one general purpose processor and at least one secure processor, the communication device configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement status defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled, wherein;
  
  the feature token includes feature enablement status information specifying an authorization to change the enablement status of at least one particular feature in the plurality of features and the feature token is encrypted, andthe enablement status of each feature is stored in a digital feature register, wherein the digital feature register is writable to only by the secure processor and the general purpose processor has read-only access to the digital feature register;
  
  validating the feature token at the secure processor, wherein validating the received feature token includes successfully decrypting the feature token using the at least one secure processor;
  
  modifying at least one value stored in the digital feature register to toggle the enablement status of the particular feature based on the feature enablement status information; and
  
  using the general purpose processor to determine whether the particular hardware component is enabled by reading the digital feature register, wherein the digital feature register is directly read by the general purpose processor;
  
  wherein the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein said validating said feature token comprises validating communication device identity information and feature token authorization information contained within the feature token.
  - 8. The method of claim 6, wherein the digital feature register includes a plurality of binary bit values, each bit value representing the respective enablement status of a respective feature in the plurality of features, and modifying at least one value stored in the digital feature register includes toggling a particular binary bit value in the register corresponding to the particular feature, wherein toggling the particular binary bit value of the particular feature toggles the enablement status of the particular hardware component.
  - 9. The method of claim 6, wherein the enablement status of the particular feature is toggled from disabled to enabled, the method further comprising:
    - receiving a second feature token specifying that the particular feature is to be disabled;
      
      validating the second feature token at the secure processor; and
      
      modifying, using the secure processor, the at least one value stored in the digital feature register to toggle the enablement status of the particular feature from an enabled state to a disabled state.
  - 10. The method of claim 6, wherein validating the feature token includes identifying whether the at least one particular feature is included in the pre-defined plurality of features of the communication device.

11. A method, comprising:
- transmitting, from a communication device to a remote server device, a feature token request for feature enablement status information for a communication device, wherein;
  
  the feature token request includes an identity certificate for the communication device including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device, andthe communication device is configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement state defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled;
  
  receiving a particular feature token including feature enablement status information communicating an authorization to change the enablement state of at least one particular feature in the plurality of features, wherein the particular feature token is encrypted;
  
  validating the received particular feature token by successfully decrypting the particular feature token using the second private key; and
  
  changing a corresponding value of a feature register to change the enablement state of the at least one particular feature based, at least in part, on the particular feature token, wherein bits of the feature register are writable to only by the secure processor and the general purpose processor has direct read-only access to the feature register.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein the communication device transmits the feature token request.
  - 13. The method of claim 11, wherein said enablement state is changed from an unenabled state to an enabled state.

14. A method, comprising:
- receiving a feature token request from a remote computing device;
  
  identifying, using at least one processing device, an identity certificate included in the feature token request, the identity certificate containing identity information for a communication device and including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device;
  
  validating, using at least one processing device, the identity certificate by successfully decrypting the message digest using the first public key;
  
  generating, using at least one processing device, a feature token in response to validating the identity certificate, the feature token authorizing enablement of a particular one of a plurality of hardware-implemented features pre-configured on the communication device, wherein each of the plurality of features on the communication device has an enablement state and enablement states of the features can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens;
  
  encrypting, using at least one processing device, the feature token using the second public key; and
  
  transmitting the encrypted feature token to the remote communication device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, wherein the second public key is associated with the communication device.
  - 16. The method of claim 14, further comprising validating the feature token request.
  - 17. The method of claim 16, wherein validating the feature token request includes successfully decrypting the message digest using the first public key.
  - 18. The method of claim 14, wherein use of the particular hardware feature is subject to a license and the enablement of the particular hardware feature is based at least in part on terms of the license.
  - 19. The method of claim 18, wherein the license terms correspond to a particular geographical region.
  - 20. The method of claim 18, further comprising storing a record of the enablement of the particular hardware feature for use in auditing the license.
  - 21. The method of claim 14, further comprising identifying the first public key, from a plurality of stored public keys, as associated with the communication device.
  - 22. The method of claim 21, wherein the identity certificate includes an unencrypted identifier and the unencrypted identifier is used to identify the first public key from the plurality of stored public keys.
  - 23. The method of claim 14, wherein the communication device is a particular one of a plurality of communication devices and the generated feature token is customized for the particular communication device.

24. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- receiving a feature token request from a remote computing device;
  
  identifying an identity certificate included in the feature token request, the identity certificate containing identity information for a communication device and including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device;
  
  validating the identity certificate by successfully decrypting the message digest using the first public key;
  
  generating a feature token in response to validating the identity certificate, the feature token authorizing enablement of a particular one of a plurality of hardware-implemented features pre-configured on the communication device, wherein each of the plurality of features on the communication device has an enablement state and enablement states of the features can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens;
  
  encrypting the feature token using the second public key; and
  
  transmitting the encrypted feature token to the communication device.

25. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- transmitting, from a communication device to a remote server device, a feature token request for feature enablement status information for a communication device, wherein;
  
  the feature token request includes an identity certificate for the communication device including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device, andthe communication device is configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement state defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled;
  
  receiving a particular feature token including feature enablement status information communicating an authorization to change the enablement state of at least one particular feature in the plurality of features, wherein the particular feature token is encrypted;
  
  validating the received particular feature token by successfully decrypting the particular feature token using the second private key; and
  
  changing a corresponding value of a feature register to change the enablement state of the at least one particular feature based, at least in part, on the particular feature token, wherein bits of the feature register are writable to only by the secure processor and the general purpose processor has direct read-only access to the feature register.

26. A method, comprising:
- transmitting, from a communication device to a remote server device, a feature token request for feature enablement status information for a communication device, wherein;
  
  the feature token request includes an identity certificate for the communication device including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device,the communication device includes at least one general purpose processor and at least one secure processor and is configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement state defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled, andthe enablement state of each feature is stored in a digital feature register, wherein the digital feature register is writable to only by the secure processor and the general purpose processor has direct read-only access to the digital feature register;
  
  receiving, in response to the feature token request, a particular feature token including feature enablement status information communicating an authorization to change the enablement state of at least one particular feature in the plurality of features, wherein the particular feature token is encrypted;
  
  validating, using the secure processor, the received particular feature token by successfully decrypting the particular feature token using the second private key;
  
  modifying, in response to validating the particular feature token, at least one value stored in the digital feature register to toggle the enablement state of the particular feature based on the feature enablement status information; and
  
  using the general purpose processor to determine whether the particular hardware component is enabled by reading the digital feature register;
  
  wherein the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Akins, Glendon L. III, McMullan, Jay C. Jr.
Primary Examiner(s)
Kumar, Pankaj
Assistant Examiner(s)
BROWN, RUEBEN M

Application Number

US12/174,832
Publication Number

US 20100017840A1
Time in Patent Office

2,574 Days
Field of Search

725/31, 725/25, 725/132, 725/140, 725/152, 725/28, 719/327, 712/248, 712/300
US Class Current

1/1
CPC Class Codes

H04N 21/443 OS processes, e.g. booting ...

H04N 7/1675 Providing digital key or au...

Feature enablement at a communications terminal

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Feature enablement at a communications terminal

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links