Remote feature activation authentication file system

US 7,890,997 B2
Filed: 01/20/2003
Issued: 02/15/2011
Est. Priority Date: 12/26/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing a first computational component for installation by an untrusted user on a first computational system, the first computational component having a first set of authentication information permitting a first set of operations to be performed on the first computational component, wherein the first set of authentication information corresponds to a first login and comprises a first key and/or password, and wherein the first set of operations comprises requesting delivery of a second set of authentication information to enable a second set of operations to be performed on the first computational component, the first and second sets of operations being different, wherein the first set of operations provides access by the user to fewer validly licensed operational features than the second set of operations;

receiving by a remote feature activation system, at the time of sale or after purchase and installation of the first computational component, a request to create and/or update a system record associated with at least one of the first computational system and component;

creating or updating, by the remote feature activation system, the system record;

after the system record is created or updated successfully, receiving, by an input via signal transmission over a geographically distributed processing network, a request from the untrusted user for the second set of authentication information;

generating, by the remote feature activation system, the second set of authentication information, wherein the second set of authentication information comprises a unique first identifier of the first computational system, corresponds to at least a second login, and comprises a second key and/or password, whereby the unique first identifier associates the second set of authentication information with the first computational system and prevents use of the second set of authentication information with a second computational system having a different unique second identifier;

encrypting, by the remote feature activation system, the second set of authentication information to form an encrypted second set of authentication information;

transmitting, by the remote feature activation system over the geographically distributed processing network, the encrypted second set of authentication information to the first computational system; and

prohibiting, by the first computational system, the untrusted user from accessing a plain text version of at least one of the second key and/or password in the second set of authentication information.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing a user with authorization to perform one or more functions using or otherwise involving a computational component is provided. The system includes an authentication file system 100 operable to (a) receive a request from a user for a second set of authentication information permitting a second set of operations to be performed on a computational component, wherein the computational component is operable to be installed by the user on the computational system, wherein the computational component contains a first set of authentication information permitting a first set of operations to be performed on the computational component; and wherein the first and second sets of operations are different; (b) generate an authentication file containing the second set of authentication information; and (c) transmit the authentication file to the computational system.

Citations

52 Claims

1. A method, comprising:
- providing a first computational component for installation by an untrusted user on a first computational system, the first computational component having a first set of authentication information permitting a first set of operations to be performed on the first computational component, wherein the first set of authentication information corresponds to a first login and comprises a first key and/or password, and wherein the first set of operations comprises requesting delivery of a second set of authentication information to enable a second set of operations to be performed on the first computational component, the first and second sets of operations being different, wherein the first set of operations provides access by the user to fewer validly licensed operational features than the second set of operations;
  
  receiving by a remote feature activation system, at the time of sale or after purchase and installation of the first computational component, a request to create and/or update a system record associated with at least one of the first computational system and component;
  
  creating or updating, by the remote feature activation system, the system record;
  
  after the system record is created or updated successfully, receiving, by an input via signal transmission over a geographically distributed processing network, a request from the untrusted user for the second set of authentication information;
  
  generating, by the remote feature activation system, the second set of authentication information, wherein the second set of authentication information comprises a unique first identifier of the first computational system, corresponds to at least a second login, and comprises a second key and/or password, whereby the unique first identifier associates the second set of authentication information with the first computational system and prevents use of the second set of authentication information with a second computational system having a different unique second identifier;
  
  encrypting, by the remote feature activation system, the second set of authentication information to form an encrypted second set of authentication information;
  
  transmitting, by the remote feature activation system over the geographically distributed processing network, the encrypted second set of authentication information to the first computational system; and
  
  prohibiting, by the first computational system, the untrusted user from accessing a plain text version of at least one of the second key and/or password in the second set of authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the first computational system is a telecommunication switch or server and the first computational component is software to be loaded onto the switch or server, wherein the second set of authentication information is delivered by Web download, wherein the first set of operations do not permit the user to cause execution of the first computational component, and, wherein the first set of operations provides, at most, only limited access to validly licensed operational features and the second set of operations provides full access to validly licensed operational features, and the method further comprising:
    - determining, by the first computational system, whether or not the unique first identifier contained in the second set of authentication information matches the unique first identifier of the first computational system;
      
      determining, by the first computational system, whether or not a right to use the first computational component has expired;
      
      determining, by the first computational system, whether or not a version contained in the second set of authentication information matches a version of the first computational component;
      
      wherein, when the unique first identifier in the second set of authentication information matches the unique first identifier of the first computational system, when the right to use the first computational component has not expired, and when the version in the second set of authentication information matches the version of the first computational component, the second set of authentication information is considered to be valid; and
      
      wherein, when one or more of the following is true;
      
      when the unique first identifier in the second set of authentication information does not match the unique first identifier of the first computational system, when the right to use the first computational component has expired, or when the version in the second set of authentication information does not match the version of the first computational component, the second set of authentication information is considered to be invalid.
  - 3. The method of claim 1, wherein the first set of authentication information comprises a default password and the first set of operations comprise requesting delivery of the second set of authentication information and wherein the default password does not entitle the user to access the second set of authentication information.
  - 4. The method of claim 1, wherein the second set of authentication information is unique to the second login.
  - 5. The method of claim 4, wherein the second set of authentication information comprises a plurality of platform type, the first identifier, a platform identifier, a software release, a right-to-use expiration date, one or more login names, one or more passwords associated respectively with the one or more login names, and one or more keys associated, respectively, with the one or more login names.
  - 6. The method of claim 1, wherein the second set of authentication information is transmitted by electronic mail.
  - 7. The method of claim 1, wherein the second set of authentication information comprises at least one of a password and key associated with a login name and wherein each login has a unique at least one of a password and key.
  - 8. The method of claim 1, wherein the second set of operations comprise logging onto the first computational component and accessing information contained therein and wherein the user does not have use privileges to access in unencrypted form the second key and/or password in the second set of authentication information.
  - 9. The method of claim 1, wherein the encrypted second set of authentication information is in a data file and is transmitted without a real-time direct connection between the first computational system and the remote feature activation system.
  - 10. The method of claim 1, wherein the generating step comprises:
    - determining whether the request is for a newly created password or an existing password;
      
      when the request is for a newly created password, creating the new password; and
      
      when the request is for an existing password, retrieving the password from password storage.
  - 11. The method of claim 10, further comprising:
    - determining whether there are any unconfirmed keys associated with the first computational system.
  - 12. The method of claim 11, further comprising:
    - determining whether the request is for a newly created key or an existing key;
      
      when the request is for a newly created key, creating the new key; and
      
      when the request is for an existing key, retrieving the key from key storage.
  - 13. The method of claim 1, further comprising:
    - receiving a record creation request, the record creation request comprising at least two of the following;
      
      a first computational component identifier, the first computational system identifier, a request number, a request type, a platform type, a software release, a software version, a platform identifier, and a serial number;
      
      creating a new record in response to the record creation request, the new record comprising a plurality of at least one of passwords and keys for each of a plurality of logins; and
      
      verifying, by the first computational system, that the second set of authentication information is valid, said verification comprising at least one of serial number matching, right-to-use expiration, version or release matching, data integrity verification, and authentication file length and format verification; and
      
      wherein the request for the second set of authentication information comprises at least two of the first computational component identifier, the first computational system identifier, the request number, the platform type, an application description, the software version, the platform identifier, the serial number, an expiration date of a right-to-use, a password type, and a key type; and
      
      wherein the generating step comprises;
      
      in response to the request for the second set of authentication information, obtaining at least two of a password and key corresponding to the at least one of the first computational system identifier, the first computational component identifier, the request number, the platform type, the application description, the software version, the platform identifier, the serial number, the expiration date of the right-to-use, the password type, and the key type; and
      
      assembling the second set of authentication information.

14. A system, comprising a non-transitory computer-readable medium that includes:
- a processor-executable retrieval agent operable to (i) receive, at the time of sale or after purchase and installation of a first computational component, from a remote feature activation system, and by a network, a request to create or update a system record associated with at least one of a first computational system and the first computational component and (ii) create and/or update the system record; and
  
  a processor-executable authentication file system operable, after the system record is created or updated successfully, to;
  
  (a) receive a request from an untrusted user for a second set of authentication information permitting a second set of operations to be performed on the first computational component, wherein the first computational component is operable to be installed by the untrusted user on the first computational system, wherein the first computational component contains a first set of authentication information permitting a first set of operations to be performed on the first computational component, wherein the first set of authentication information corresponds to a first login and comprises a first key and/or password, and wherein the first set of operations comprises requesting delivery of the second set of authentication information, and wherein the first and second sets of operations are different;
  
  (b) generate an encrypted authentication file containing the second set of authentication information, wherein the second set of authentication information comprises a unique first identifier of the first computational system, corresponds to at least a second login, and comprises a second key and/or password, whereby the unique first identifier prevents use of the second set of authentication information with a second computational system having a different unique second identifier; and
  
  (c) transmit, over a geographically distributed processing network, the encrypted authentication file to the first computational system, wherein the untrusted user does not have a privilege to access, through the first computational system, a plain text version of at least one of the second key and/or password in the encrypted authentication file.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 15. The system of claim 14, wherein the first computational system is a telecommunication switch or server and the first computational component is software to be loaded onto the switch or server, wherein the authentication file is delivered by Web download, wherein the first set of operations do not permit the user to cause execution of the first computational component, wherein the first set of operations provides, at most, only limited access to validly licensed operational features and the second set of operations provides full access to validly licensed operational features and wherein the first computational system is further operable to:
    - determine, by the first computational system, whether or not the unique first identifier contained in the second set of authentication information matches the unique first identifier of the first computational system;
      
      determine, by the first computational system, whether or not a right to use the first computational component has expired;
      
      determine, by the first computational system, whether or not a version contained in the second set of authentication information matches a version of the first computational component;
      
      wherein, when the unique first identifier in the second set of authentication information matches the unique first identifier of the first computational system, when the right to use the first computational component has not expired, and when the version in the second set of authentication information matches the version of the first computational component, the second set of authentication information is considered to be valid; and
      
      when one or more of the following is true;
      
      when the unique first identifier in the second set of authentication information does not match the unique first identifier of the first computational system, when the right to use the first computational component has expired, or when the version in the second set of authentication information does not match the version of the first computational component, the second set of authentication information is considered to be invalid.
  - 16. The system of claim 14, wherein the first set of operations provides, at most, limited access to validly licensed operational features of the first computational component, wherein the second set of operations provides full access to validly licensed operational features of the first computational component, wherein the first set of authentication information comprises a default password and the first set of operations comprise requesting delivery of the authentication file and wherein the default password does not entitle the user to access the second set of authentication information.
  - 17. The system of claim 14, wherein the second set of authentication information is unique to the second login.
  - 18. The system of claim 14, wherein the authentication file is transmitted by electronic mail.
  - 19. The system of claim 14, wherein the second set of authentication information comprises at least one of a password and key associated with a login name and wherein each login has a unique at least one of a password and key.
  - 20. The system of claim 14, wherein the second set of operations comprise logging onto the first computational component and accessing information contained therein and wherein the user does not have use privileges to access in unencrypted form the second key and/or password in the encrypted authentication file after transmission to the user.
  - 21. The system of claim 14, wherein the authentication file system comprises an encryptor operable to encrypt the authentication file in a data file, without a direct connection between the first computational system and the remote feature activation system.
  - 22. The system of claim 14, wherein the authentication file system comprises:
    - an authentication file generator operable to generate the authentication file;
      
      a password creator operable to create at least one of a random and pseudo random password;
      
      an authentication file encryptor operable to encrypt the authentication file; and
      
      a platform login table comprising a listing of login names and at least one of an associated password and key.
  - 23. The system of claim 22, further comprising:
    - a password retrieval agent operable to store passwords in and retrieve passwords from password storage;
      
      a key manager operable to generate new keys and store keys in and retrieve keys from key storage; and
      
      a password change system scheduler operable to periodically request a new authentication file to be generated and transmitted to the first computational system.
  - 24. The system of claim 14, wherein the authentication file comprises a plurality of platform type, a software release, an expiration date, one or more login names, one or more passwords associated respectively with the one or more login names, and one or more keys associated respectively with the one or more login names.
  - 25. The system of claim 14, wherein the authentication file comprises:
    - a set of login names;
      
      for each login name in the set of login names, at least one of a password and a key; and
      
      a unique first identifier associated with the first computational system.
  - 26. The system of claim 25, wherein each login name has a corresponding password.
  - 27. The system of claim 25, wherein each login name has a corresponding key and wherein the authentication file further comprises a plurality of a platform type, a software release, and a right-to-use expiration date.
  - 28. The system of claim 25, wherein the unique first identifier is a serial number of a processor in the first computational system.
  - 29. The system of claim 25, further comprising a platform type associated with the first computational system, a software release associated with software operating on the first computational system, and a right-to-use expiration date associated with the software.

30. A method, comprising:
- providing a first computational component for installation by an untrusted user on a first computational system;
  
  providing the untrusted user with at least one of a first password and key corresponding to a first login;
  
  after a first set of operations is enabled and after the untrusted user has successfully logged in to the first computational component using the first login and the at least one of the first password and key, receiving, at an input, a request from the untrusted user for authentication information permitting a second set of operations by the first computational component on the first computational system to be enabled, the authentication information corresponding to at least a second login and comprising a unique first identifier of at least one of the first computational component and first computational system and at least one of a second password and key, whereby the unique first identifier prevents use of the authentication information, on a second computational system, with a second computational component, wherein at least one of the second computational component and second computational system has a unique second identifier different from the first identifier;
  
  generating, by a remote feature activation system, an encrypted authentication file containing the set of authentication information; and
  
  transmitting, by the remote feature activation system over a distributed processing network, the encrypted authentication file to the user, wherein the user is not privileged to access, through the first computational system, a plain text version of at least one of the second password and key in the encrypted authentication file.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The method of claim 30, wherein the first login and the at least one of a first password and key permit the first set of operations to be performed on the first computational system, wherein the first set of operations provides the untrusted user with, at most, limited access to validly licensed features of the first computational component, wherein the request is transmitted over the distributed processing network, and wherein the first computational system is a telecommunication switch or server, and the first computational component is software to be loaded onto the switch or server, wherein the authentication file is delivered by Web download, wherein the first set of operations do not permit the user to cause execution of the first computational component, and wherein the first set of operations permit the user to request delivery of the authentication file and installation of the first computational component, and wherein the authentication information and second set of operations permit full access, by the untrusted user, to the validly licensed features.
  - 32. The method of claim 30, wherein the first login and at least one of a first password and key permits the first set of operations to be performed on the first computational component, wherein the first set of operations includes requesting authentication information, wherein the request is transmitted over the distributed processing network, wherein the first computational system is a telecommunication switch or server, and the first computational component is software to be loaded onto the switch or server, wherein the authentication file is delivered by Web download, wherein the second set of operations, but not the first set of operations, permit the user to cause execution of the first computational component, and wherein the first set of operations permit the user to request delivery of the authentication file and installation of the first computational component.
  - 33. The method of claim 30, wherein the at least one of a first password and key is different from the at least one of the second password and key.
  - 34. The method of claim 33, wherein the authentication file comprises a plurality of platform type, a software release, an expiration date, one or more login names, one or more passwords associated respectively with the one or more login names, and one or more keys associated respectively with the one or more login names.
  - 35. The method of claim 30, wherein the first login and the at least one of a first password and key provide the untrusted user with, at most, only limited access to validly licensed operational features and the authentication information provides, by the second set of operations, the untrusted user with full access to validly licensed operational features and wherein the authentication file is transmitted by electronic mail.
  - 36. The method of claim 30, wherein the encrypted authentication file is transmitted in a data file, without a direct connection between the first computational system and the remote feature activation system.
  - 37. The method of claim 30, wherein the generating step comprises:
    - determining whether the request is for a newly created password or an existing password;
      
      when the request is for a newly created password, creating the new password; and
      
      when the request is for an existing password, retrieving the password from password storage.
  - 38. The method of claim 37, further comprising:
    - determining whether there are any unconfirmed keys associated with the first computational system.
  - 39. The method of claim 38, further comprising:
    - determining whether the request is for a newly created key or an existing key;
      
      when the request is for a newly created key, creating the new key; and
      
      when the request is for an existing key, retrieving the key from key storage.
  - 40. The method of claim 30, further comprising:
    - receiving a record creation request, the record creation request comprising at least two of the following;
      
      the first identifier, a request number, a request type, a platform type, a software release, a software version, a platform identifier, and a serial number;
      
      creating a new record in response to the record creation request, the new record comprising a plurality of at least one of passwords and keys for each of a plurality of logins; and
      
      verifying, by the first computational system, that the authentication information is valid, said verification comprising at least one of serial number matching, right-to-use expiration, version or release matching, data integrity verification, and authentication file length and format verification; and
      
      wherein the request for the authentication information comprises at least two of the first identifier, the request number, the platform type, an application description, the software version, the platform identifier, the serial number, an expiration date of a right-to-use, a password type, and a key type; and
      
      wherein the generating step comprises;
      
      in response to the request for the authentication information, obtaining at least one of a password and key corresponding to the at least two of the first identifier, the request number, the platform type, the application description, the software version, the platform identifier, the serial number, the expiration date of a right-to-use, the password type, and the key type;
      
      assembling the authentication information; and
      
      encrypting the authentication information for transmission over the network to the user.

41. A system, comprising a non-transitory computer-readable medium that includes:
- a processor-executable authentication file system operable to;
  
  receive a request from an untrusted user for authentication information permitting installation of a first computational component on a first computational system, wherein the untrusted user uses at least one of a first password and key corresponding to a first login to generate the request, the authentication information corresponding to at least a second login and comprising a unique first identifier of at least one of the first computational component and first computational system and at least one of a second password and key, whereby the unique first identifier prevents use of the authentication information, on a second computational system, with a second computational component, wherein at least one of the second computational component and second computational system has a unique second identifier different from the first identifier;
  
  generate an encrypted authentication file containing the set of authentication information as cipher text; and
  
  transmit, over a distributed processing network, the encrypted authentication file to the user, wherein the user is prohibited, by the first computational system, from accessing a plain text form of the at least one of the second password and key in the encrypted authentication file.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 42. The system of claim 41, wherein the first login provides the untrusted user with, at most, limited access to validly licensed features of the first computational component and the authentication information provides the user with full access to validly licensed features, wherein the first login and the at least one of a first password and key permit a first set of operations to be performed on the first computational system, wherein the first set of operations provides the untrusted user with, at most, limited access to validly licensed features of the computational component, wherein the request is transmitted to the user over the distributed processing network, and wherein the first computational system is a telecommunication switch or server, and the first computational component is software to be loaded onto the switch or server, wherein the authentication file is delivered by Web download, wherein the first set of operations do not permit the user to cause execution of the first computational component, and wherein the first set of operations permit the user to request delivery of the authentication file.
  - 43. The system of claim 41, wherein the first login and at least one of a first password and key permit a first set of operations to be performed on the first computational component, wherein the first set of operations includes requesting authentication information, wherein the request is transmitted over the distributed processing network, wherein the first computational system is a telecommunication switch or server, and the first computational component is software to be loaded onto the switch or server, wherein the authentication file is delivered by Web download, wherein the first set of operations do not permit the user to cause execution of the first computational component, and wherein the first set of operations permit the user to request delivery of the authentication file.
  - 44. The system of claim 41, wherein the at least one of a first password and key is different from the at least one of the second password and key and wherein the authentication information is unique to each login.
  - 45. The system of claim 44, wherein the authentication file comprises a plurality of platform type, a software release, an expiration date, one or more login names, one or more passwords associated respectively with the one or more login names, and one or more keys associated respectively with the one or more login names.
  - 46. The system of claim 41, wherein the first login and the at least one of a first password and key provide, at most, only limited access to validly licensed operational features and the authentication information provides full access to validly licensed operational features and wherein the authentication file is transmitted by electronic mail.
  - 47. The system of claim 41, wherein each login has a unique at least one of a password and key.
  - 48. The system of claim 41, wherein the user does not have use privileges to access in unencrypted form the at least one of the second password and key in the encrypted authentication file after transmission to the user.
  - 49. The system of claim 41, wherein the encrypted authentication file is transmitted in a data file, without a direct connection between the first computational system and the remote feature activation system.
  - 50. The system of claim 41, wherein the authentication file system is operable to:
    - determine whether the request is for a newly created password or an existing password;
      
      when the request is for a newly created password, create the new password; and
      
      when the request is for an existing password, retrieve the password from password storage.
  - 51. The system of claim 50, wherein the authentication file system is operable to:
    - determine whether there are any unconfirmed keys associated with the first computational system.
  - 52. The system of claim 51, wherein the authentication file system is operable to:
    - determine whether the request is for a newly created key or an existing key;
      
      when the request is for a newly created key, create the new key; and
      
      when the request is for an existing key, retrieve the key from key storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Serkowski, Robert J., Walker, William T.
Primary Examiner(s)
Davis, Zachary A

Application Number

US10/348,107
Publication Number

US 20040128551A1
Time in Patent Office

2,948 Days
Field of Search

726 17- 19, 726 5- 7, 380/278, 713/168
US Class Current

726/18
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Remote feature activation authentication file system

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Remote feature activation authentication file system

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links