System and method for administering licenses stored in an electronic module, and product unit comprising said module
First Claim
1. A method comprising:
- receiving, by a test rig of a manufacturing system, a first identifier from a product unit, wherein the first identifier identifies the product unit, and wherein the first identifier comprises a globally unique communications address of the product unit;
assessing, by the test rig, performance of the product unit;
transmitting, by the manufacturing system, the first identifier to a first server computer, wherein the manufacturing system and the first server computer are controlled by separate business entities, and wherein the transmitting of the first identifier by the manufacturing system is based on the assessing of the performance of the product unit;
receiving, by the test rig from the first server computer, a first digitally-signed document comprising a first digital signature that is determined mathematically by using the first identifier; and
programming into a first dedicated portion of non-volatile memory of the product unit, by the test rig, the first digitally-signed document after being received from the first server computer, wherein the first digital signature of the first digitally-signed document reflects the globally unique communications address;
receiving, by the test rig from a second server computer, a second digitally-signed document comprising a second digital signature that is determined mathematically by using a second identifier, wherein the second identifier identifies a brand, wherein the manufacturing system and the second server computer are controlled by separate business entities;
programming into a second dedicated portion of memory of the product unit, by the test rig, the second digitally-signed document after being received from the second server computer;
requesting, by a wireless terminal, the first and second digitally-signed documents from the product unit;
receiving, in response to the requesting, the first and second digitally-signed documents comprising the first and second digital signatures, respectively;
verifying whether the first and second digital signatures are valid, by using a first public key and a second public key, respectively;
enabling a user of the wireless terminal to control the product unit, only if the first digital signature is verified as being valid; and
presenting an indicium of the brand on a display on the wireless terminal, only if the second digital signature is verified as being valid.
2 Assignments
0 Petitions
Accused Products
Abstract
The product unit disclosed herein has identification data that are stored internally in memory. This stored identification data can be viewed as the product unit'"'"'s “digital nameplate,” in that the data can represent the product unit'"'"'s identifier, brand, and so on. Each data set is digitally signed while on the production line by using an encryption technique. The digitally signed data set is then written into the product unit'"'"'s memory where it can be used for verification. A first digitally-signed data set can be used to control the use of one or more software modules that are provided by a software owner. The data that are undergoing signature contain at least one globally-unique identifier, which can be used to identify cloning attempts. Additionally, more than one digital signature can be used, in order to protect and control the use of features other than the software, such as the product brand.
24 Citations
12 Claims
-
1. A method comprising:
-
receiving, by a test rig of a manufacturing system, a first identifier from a product unit, wherein the first identifier identifies the product unit, and wherein the first identifier comprises a globally unique communications address of the product unit; assessing, by the test rig, performance of the product unit; transmitting, by the manufacturing system, the first identifier to a first server computer, wherein the manufacturing system and the first server computer are controlled by separate business entities, and wherein the transmitting of the first identifier by the manufacturing system is based on the assessing of the performance of the product unit; receiving, by the test rig from the first server computer, a first digitally-signed document comprising a first digital signature that is determined mathematically by using the first identifier; and programming into a first dedicated portion of non-volatile memory of the product unit, by the test rig, the first digitally-signed document after being received from the first server computer, wherein the first digital signature of the first digitally-signed document reflects the globally unique communications address; receiving, by the test rig from a second server computer, a second digitally-signed document comprising a second digital signature that is determined mathematically by using a second identifier, wherein the second identifier identifies a brand, wherein the manufacturing system and the second server computer are controlled by separate business entities; programming into a second dedicated portion of memory of the product unit, by the test rig, the second digitally-signed document after being received from the second server computer; requesting, by a wireless terminal, the first and second digitally-signed documents from the product unit; receiving, in response to the requesting, the first and second digitally-signed documents comprising the first and second digital signatures, respectively; verifying whether the first and second digital signatures are valid, by using a first public key and a second public key, respectively; enabling a user of the wireless terminal to control the product unit, only if the first digital signature is verified as being valid; and presenting an indicium of the brand on a display on the wireless terminal, only if the second digital signature is verified as being valid. - View Dependent Claims (2, 3)
-
-
4. A system comprising:
-
(a) a first server computer configured to i) receive a first identifier originating from a product unit, wherein the first identifier identifies the product unit, and wherein the first identifier comprises a globally unique communications address of the product unit, ii) transmit the received first identifier to another server computer based on performance of the product unit, wherein the first server computer and the other server computer are controlled by separate business entities, iii) receive, from the other server computer, a first digitally-signed document comprising a first digital signature that is determined mathematically by using the first identifier, and iv) transmit the first digitally-signed document to a test rig; (b) the test rig configured to i) read the first identifier from the product unit, and to provide the first identifier to the first server computer; ii) assess the performance of the product unit; iii) receive, from the first server computer, the first digitally-signed document comprising the first digital signature; and iv) program, into a first dedicated portion of non-volatile memory of the product unit, the first digitally-signed document after being received from the first server computer, wherein the first digital signature of the first digitally-signed document reflects the globally unique communications address; wherein the test rig is further configured to; i) receive, from the first server computer, a second digitally-signed document comprising a second digital signature that is determined mathematically by using a second identifier, wherein the second identifier identifies a brand; and ii) program, into a second dedicated portion of memory of the product unit, the second digitally-signed document after being received from the first server computer; and (c) a wireless terminal implemented using at least one hardware device configured to i) request the first and second digitally-signed documents from the product unit, ii) receive, in response to the request, the first and second digitally-signed documents comprising the first and second digital signatures, respectively, iii) verify whether the first and second digital signatures are valid, by using a first public key and a second public key, respectively, iv) enable a user of the wireless terminal to control the product unit, only if the first digital signature is verified as being valid, and v) display an indicium of the brand, only if the second digital signature is verified as being valid. - View Dependent Claims (5, 6)
-
-
7. A product unit comprising:
-
a memory configured to store a first digitally-signed document and a second digitally-signed document when received by the product unit from a first device; a network adapter implemented using at least one hardware device configured to i) transmit a first identifier to the first device, wherein the first identifier comprises a globally unique communications address that identifies the product unit, ii) receive the first digitally-signed document comprising a first digital signature from the first device, wherein the first digital signature is determined mathematically by using the globally unique communications address transmitted to the first device, iii) transmit the stored first digitally-signed document to a second device when requested by the second device, iv) receive the second digitally-signed document comprising a second digital signature from the first device, wherein the second digital signature is determined mathematically by using a second identifier, and wherein the second identifier identifies a brand, and v) transmit the second digitally-signed document to the second device when requested by the second device; a hardware processor configured to enable performance, by the product unit, of a task of detecting a physical condition when the product unit is instructed to perform the task, wherein the hardware processor enables performance based on the network adapter receiving a message that comprises the globally unique communications address, and wherein the message is based on a verification that the first digital signature is valid; and a sensor component configured to perform the detecting of the physical condition, only when performance of the task is enabled by the processor; wherein the physical condition is one of temperature, motion, presence of humans, and light level. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification