System and method for administering licenses stored in an electronic module, and product unit comprising said module

US 9,965,816 B2
Filed: 12/08/2014
Issued: 05/08/2018
Est. Priority Date: 04/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a test rig of a manufacturing system, a first identifier from a product unit, wherein the first identifier identifies the product unit, and wherein the first identifier comprises a globally unique communications address of the product unit;

assessing, by the test rig, performance of the product unit;

transmitting, by the manufacturing system, the first identifier to a first server computer, wherein the manufacturing system and the first server computer are controlled by separate business entities, and wherein the transmitting of the first identifier by the manufacturing system is based on the assessing of the performance of the product unit;

receiving, by the test rig from the first server computer, a first digitally-signed document comprising a first digital signature that is determined mathematically by using the first identifier; and

programming into a first dedicated portion of non-volatile memory of the product unit, by the test rig, the first digitally-signed document after being received from the first server computer, wherein the first digital signature of the first digitally-signed document reflects the globally unique communications address;

receiving, by the test rig from a second server computer, a second digitally-signed document comprising a second digital signature that is determined mathematically by using a second identifier, wherein the second identifier identifies a brand, wherein the manufacturing system and the second server computer are controlled by separate business entities;

programming into a second dedicated portion of memory of the product unit, by the test rig, the second digitally-signed document after being received from the second server computer;

requesting, by a wireless terminal, the first and second digitally-signed documents from the product unit;

receiving, in response to the requesting, the first and second digitally-signed documents comprising the first and second digital signatures, respectively;

verifying whether the first and second digital signatures are valid, by using a first public key and a second public key, respectively;

enabling a user of the wireless terminal to control the product unit, only if the first digital signature is verified as being valid; and

presenting an indicium of the brand on a display on the wireless terminal, only if the second digital signature is verified as being valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The product unit disclosed herein has identification data that are stored internally in memory. This stored identification data can be viewed as the product unit'"'"'s “digital nameplate,” in that the data can represent the product unit'"'"'s identifier, brand, and so on. Each data set is digitally signed while on the production line by using an encryption technique. The digitally signed data set is then written into the product unit'"'"'s memory where it can be used for verification. A first digitally-signed data set can be used to control the use of one or more software modules that are provided by a software owner. The data that are undergoing signature contain at least one globally-unique identifier, which can be used to identify cloning attempts. Additionally, more than one digital signature can be used, in order to protect and control the use of features other than the software, such as the product brand.

24 Citations

View as Search Results

12 Claims

1. A method comprising:
- receiving, by a test rig of a manufacturing system, a first identifier from a product unit, wherein the first identifier identifies the product unit, and wherein the first identifier comprises a globally unique communications address of the product unit;
  
  assessing, by the test rig, performance of the product unit;
  
  transmitting, by the manufacturing system, the first identifier to a first server computer, wherein the manufacturing system and the first server computer are controlled by separate business entities, and wherein the transmitting of the first identifier by the manufacturing system is based on the assessing of the performance of the product unit;
  
  receiving, by the test rig from the first server computer, a first digitally-signed document comprising a first digital signature that is determined mathematically by using the first identifier; and
  
  programming into a first dedicated portion of non-volatile memory of the product unit, by the test rig, the first digitally-signed document after being received from the first server computer, wherein the first digital signature of the first digitally-signed document reflects the globally unique communications address;
  
  receiving, by the test rig from a second server computer, a second digitally-signed document comprising a second digital signature that is determined mathematically by using a second identifier, wherein the second identifier identifies a brand, wherein the manufacturing system and the second server computer are controlled by separate business entities;
  
  programming into a second dedicated portion of memory of the product unit, by the test rig, the second digitally-signed document after being received from the second server computer;
  
  requesting, by a wireless terminal, the first and second digitally-signed documents from the product unit;
  
  receiving, in response to the requesting, the first and second digitally-signed documents comprising the first and second digital signatures, respectively;
  
  verifying whether the first and second digital signatures are valid, by using a first public key and a second public key, respectively;
  
  enabling a user of the wireless terminal to control the product unit, only if the first digital signature is verified as being valid; and
  
  presenting an indicium of the brand on a display on the wireless terminal, only if the second digital signature is verified as being valid.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein the globally unique communications address of the product unit is a media access control (MAC) address.
  - 3. The method of claim 1 wherein the product unit is configured to perform a predetermined task outside of the manufacturing system.

4. A system comprising:
- (a) a first server computer configured toi) receive a first identifier originating from a product unit, wherein the first identifier identifies the product unit, and wherein the first identifier comprises a globally unique communications address of the product unit,ii) transmit the received first identifier to another server computer based on performance of the product unit, wherein the first server computer and the other server computer are controlled by separate business entities,iii) receive, from the other server computer, a first digitally-signed document comprising a first digital signature that is determined mathematically by using the first identifier, andiv) transmit the first digitally-signed document to a test rig;
  
  (b) the test rig configured toi) read the first identifier from the product unit, and to provide the first identifier to the first server computer;
  
  ii) assess the performance of the product unit;
  
  iii) receive, from the first server computer, the first digitally-signed document comprising the first digital signature; and
  
  iv) program, into a first dedicated portion of non-volatile memory of the product unit, the first digitally-signed document after being received from the first server computer, wherein the first digital signature of the first digitally-signed document reflects the globally unique communications address;
  
  wherein the test rig is further configured to;
  
  i) receive, from the first server computer, a second digitally-signed document comprising a second digital signature that is determined mathematically by using a second identifier, wherein the second identifier identifies a brand; and
  
  ii) program, into a second dedicated portion of memory of the product unit, the second digitally-signed document after being received from the first server computer; and
  
  (c) a wireless terminal implemented using at least one hardware device configured toi) request the first and second digitally-signed documents from the product unit,ii) receive, in response to the request, the first and second digitally-signed documents comprising the first and second digital signatures, respectively,iii) verify whether the first and second digital signatures are valid, by using a first public key and a second public key, respectively,iv) enable a user of the wireless terminal to control the product unit, only if the first digital signature is verified as being valid, andv) display an indicium of the brand, only if the second digital signature is verified as being valid.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4 wherein the globally unique communications address of the product unit is a media access control (MAC) address.
  - 6. The system of claim 4 wherein the product unit is configured to perform a predetermined task outside of the manufacturing system.

7. A product unit comprising:
- a memory configured to store a first digitally-signed document and a second digitally-signed document when received by the product unit from a first device;
  
  a network adapter implemented using at least one hardware device configured toi) transmit a first identifier to the first device, wherein the first identifier comprises a globally unique communications address that identifies the product unit,ii) receive the first digitally-signed document comprising a first digital signature from the first device, wherein the first digital signature is determined mathematically by using the globally unique communications address transmitted to the first device,iii) transmit the stored first digitally-signed document to a second device when requested by the second device,iv) receive the second digitally-signed document comprising a second digital signature from the first device, wherein the second digital signature is determined mathematically by using a second identifier, and wherein the second identifier identifies a brand, andv) transmit the second digitally-signed document to the second device when requested by the second device;
  
  a hardware processor configured to enable performance, by the product unit, of a task of detecting a physical condition when the product unit is instructed to perform the task, wherein the hardware processor enables performance based on the network adapter receiving a message that comprises the globally unique communications address, and wherein the message is based on a verification that the first digital signature is valid; and
  
  a sensor component configured to perform the detecting of the physical condition, only when performance of the task is enabled by the processor;
  
  wherein the physical condition is one of temperature, motion, presence of humans, and light level.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The product unit of claim 7 wherein the globally unique communications address of the product unit is a media access control (MAC) address.
  - 9. The product unit of claim 7 wherein the network adapter is further configured to transmit i) the first identifier to the first device and ii) the first digitally-signed document to the second device, in separate wireless networks.
  - 10. The product unit of claim 7 wherein performance of the task is further based on determining the first digital signature to be valid.
  - 11. The product unit of claim 7 wherein the processor is further configured to deactivate a predetermined function otherwise performed by the product unit, based on determining the first digital signature to be invalid.
  - 12. The product unit of claim 11 wherein the processor is further configured to determine that the first digital signature is invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Silvair sp. z o.o.
Original Assignee
Silvair sp. z o.o.
Inventors
Langman, Maciej, Slupik, Szymon, Gembala, Adam
Primary Examiner(s)
Lemma, Samson
Assistant Examiner(s)
Dhruv, Darshan

Application Number

US14/563,569
Publication Number

US 20150302534A1
Time in Patent Office

1,247 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 8/61   Installation

G06Q 30/0185   Product, service or busines...

G06Q 50/184   Intellectual property manag...

H04L 2463/103   applying security measure f...

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 67/10   in which an application is ...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04W 12/069   using certificates or pre-s...

Y02P 90/845   Inventory and reporting sys...

System and method for administering licenses stored in an electronic module, and product unit comprising said module

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for administering licenses stored in an electronic module, and product unit comprising said module

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links