Feature enablement at a communications terminal
First Claim
Patent Images
1. An apparatus, comprising:
- a plurality of hardware components realizing a plurality of pre-defined features of the apparatus, wherein at least some of the plurality of hardware components are disabled so as to disable corresponding features in the plurality of features;
a digital feature register recording enablement state of each one of the plurality of hardware components;
a secure processor operable to execute machine-readable instructions to perform operations comprising;
validating a received feature token specifying an authorization to change the enablement state of at least one particular hardware component in the plurality of hardware components to enable at least one particular feature in the plurality of features realized by the particular hardware component; and
changing the enablement state of the particular hardware component, based at least in part on the received feature token and in response to validating the received feature token; and
a general purpose processor controlling access to the plurality of hardware components and operable to execute machine-readable instructions to perform operations comprising;
receiving a software request to access the particular hardware component; and
determining whether the particular hardware component is enabled by reading the digital feature register;
wherein the digital feature register is writable to only by the secure processor and the general purpose processor has direct read-only access to the digital feature register and the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method for electronic enablement of features at a communication device that includes receiving a feature token, validating the feature token, and changing the enablement state of one or more features at the communication device in accordance with a valid feature token.
22 Citations
26 Claims
-
1. An apparatus, comprising:
-
a plurality of hardware components realizing a plurality of pre-defined features of the apparatus, wherein at least some of the plurality of hardware components are disabled so as to disable corresponding features in the plurality of features; a digital feature register recording enablement state of each one of the plurality of hardware components; a secure processor operable to execute machine-readable instructions to perform operations comprising; validating a received feature token specifying an authorization to change the enablement state of at least one particular hardware component in the plurality of hardware components to enable at least one particular feature in the plurality of features realized by the particular hardware component; and changing the enablement state of the particular hardware component, based at least in part on the received feature token and in response to validating the received feature token; and a general purpose processor controlling access to the plurality of hardware components and operable to execute machine-readable instructions to perform operations comprising; receiving a software request to access the particular hardware component; and determining whether the particular hardware component is enabled by reading the digital feature register; wherein the digital feature register is writable to only by the secure processor and the general purpose processor has direct read-only access to the digital feature register and the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
receiving a feature token at a communication device including at least one general purpose processor and at least one secure processor, the communication device configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement status defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled, wherein; the feature token includes feature enablement status information specifying an authorization to change the enablement status of at least one particular feature in the plurality of features and the feature token is encrypted, and the enablement status of each feature is stored in a digital feature register, wherein the digital feature register is writable to only by the secure processor and the general purpose processor has read-only access to the digital feature register; validating the feature token at the secure processor, wherein validating the received feature token includes successfully decrypting the feature token using the at least one secure processor; modifying at least one value stored in the digital feature register to toggle the enablement status of the particular feature based on the feature enablement status information; and using the general purpose processor to determine whether the particular hardware component is enabled by reading the digital feature register, wherein the digital feature register is directly read by the general purpose processor; wherein the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method, comprising:
-
transmitting, from a communication device to a remote server device, a feature token request for feature enablement status information for a communication device, wherein; the feature token request includes an identity certificate for the communication device including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device, and the communication device is configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement state defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled; receiving a particular feature token including feature enablement status information communicating an authorization to change the enablement state of at least one particular feature in the plurality of features, wherein the particular feature token is encrypted; validating the received particular feature token by successfully decrypting the particular feature token using the second private key; and changing a corresponding value of a feature register to change the enablement state of the at least one particular feature based, at least in part, on the particular feature token, wherein bits of the feature register are writable to only by the secure processor and the general purpose processor has direct read-only access to the feature register. - View Dependent Claims (12, 13)
-
-
14. A method, comprising:
-
receiving a feature token request from a remote computing device; identifying, using at least one processing device, an identity certificate included in the feature token request, the identity certificate containing identity information for a communication device and including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device; validating, using at least one processing device, the identity certificate by successfully decrypting the message digest using the first public key; generating, using at least one processing device, a feature token in response to validating the identity certificate, the feature token authorizing enablement of a particular one of a plurality of hardware-implemented features pre-configured on the communication device, wherein each of the plurality of features on the communication device has an enablement state and enablement states of the features can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens; encrypting, using at least one processing device, the feature token using the second public key; and transmitting the encrypted feature token to the remote communication device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving a feature token request from a remote computing device; identifying an identity certificate included in the feature token request, the identity certificate containing identity information for a communication device and including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device; validating the identity certificate by successfully decrypting the message digest using the first public key; generating a feature token in response to validating the identity certificate, the feature token authorizing enablement of a particular one of a plurality of hardware-implemented features pre-configured on the communication device, wherein each of the plurality of features on the communication device has an enablement state and enablement states of the features can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens; encrypting the feature token using the second public key; and transmitting the encrypted feature token to the communication device.
-
-
25. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
transmitting, from a communication device to a remote server device, a feature token request for feature enablement status information for a communication device, wherein; the feature token request includes an identity certificate for the communication device including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device, and the communication device is configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement state defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled; receiving a particular feature token including feature enablement status information communicating an authorization to change the enablement state of at least one particular feature in the plurality of features, wherein the particular feature token is encrypted; validating the received particular feature token by successfully decrypting the particular feature token using the second private key; and changing a corresponding value of a feature register to change the enablement state of the at least one particular feature based, at least in part, on the particular feature token, wherein bits of the feature register are writable to only by the secure processor and the general purpose processor has direct read-only access to the feature register.
-
-
26. A method, comprising:
-
transmitting, from a communication device to a remote server device, a feature token request for feature enablement status information for a communication device, wherein; the feature token request includes an identity certificate for the communication device including a message digest encrypted using a first private key paired to a first public key, the message digest including a second public key, paired to a second private key, and an identifier of the communication device, the communication device includes at least one general purpose processor and at least one secure processor and is configured to possess a pre-defined plurality of features realized by one or more hardware components of the communication device, each feature in the plurality of features having an enablement state defining whether a respective underlying hardware component in the one or more hardware components is enabled so as to enable the respective feature, a subset of the pre-defined plurality of features being initially disabled, and the enablement state of each feature is stored in a digital feature register, wherein the digital feature register is writable to only by the secure processor and the general purpose processor has direct read-only access to the digital feature register; receiving, in response to the feature token request, a particular feature token including feature enablement status information communicating an authorization to change the enablement state of at least one particular feature in the plurality of features, wherein the particular feature token is encrypted; validating, using the secure processor, the received particular feature token by successfully decrypting the particular feature token using the second private key; modifying, in response to validating the particular feature token, at least one value stored in the digital feature register to toggle the enablement state of the particular feature based on the feature enablement status information; and using the general purpose processor to determine whether the particular hardware component is enabled by reading the digital feature register; wherein the enablement state of the particular feature can both be toggled from an enabled state to an unenabled state and from an unenabled state to an enabled state in response to received feature tokens authorizing a change in state of the enablement status of the particular feature.
-
Specification