Binding a device to a provider

US 8,073,442 B2
Filed: 10/05/2005
Issued: 12/06/2011
Est. Priority Date: 10/05/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for configuring and provisioning a computer for metered operation, the computer comprising a main processor and memory, and a hardware security module comprising a cryptographic unit, a processor, and a tamper resistant memory, the method comprising:

providing the computer with first and second components that are associated with first and second service providers, respectively;

causing the computer to receive from a scheme owner at least a portion of a unique program identifier that represents the first and second components of the computer;

causing a scheme owner to receive a request for a registration document for the computer, the request comprising a full unique program identifier and a hardware identifier, the hardware identifier associated with the computer for uniquely identifying the computer, including the first and second components thereof, within a domain;

receiving the registration document from the scheme owner at the computer, the registration document digitally signed and includes the hardware identifier and a complete version of the unique program identifier, the registration being verified by the cryptographic unit and in response providing an amount of time according to which the hardware security module meters use of the first or second hardware components;

causing a provisioning request to be sent from the computer to the scheme owner;

preparing a provisioning instruction that is digitally signed and comprises the unique program identifier and the hardware identifier for use in qualifying the provisioning instruction;

providing the provisioning instruction to the computer for configuring the computer according to the provisioning instruction, the hardware security module verifying the provisioning instruction and in response enabling permanent access to the first or second component;

wherein the unique program identifier allows (i) the first service provider to maintain the contribution of the first component to the computer without accessing the second component and allows (ii) the second service provider to maintain the contribution of the second component to the computer without accessing the first component;

wherein the first and second components both comprise a peripheral device physically connected to a port of the computer or a computer program stored within a memory of the computer; and

wherein the tamper resistant memory stores the unique program identifier and hardware identifier, the computer being capable of gaining access to the tamper resistant memory only upon cryptographic authorization by the cryptographic unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A pay-per-use or pay-as-you-go computer uses a secure memory to store individual unique program identifiers. Each unique program identifier is associated with a particular hardware or software component, or service, or the entire computer available to a user. By combining the unique program identifier with a computer hardware identifier uniquely identified transactions may be tracked for both billing and reconciliation. Certificates associated with each unique program identifier, and coupled to the hardware identifier, provide a cryptographic basis for mutual verification of messages, requests, configuration instructions, and provisioning.

26 Citations

View as Search Results

8 Claims

1. A method for configuring and provisioning a computer for metered operation, the computer comprising a main processor and memory, and a hardware security module comprising a cryptographic unit, a processor, and a tamper resistant memory, the method comprising:
- providing the computer with first and second components that are associated with first and second service providers, respectively;
  
  causing the computer to receive from a scheme owner at least a portion of a unique program identifier that represents the first and second components of the computer;
  
  causing a scheme owner to receive a request for a registration document for the computer, the request comprising a full unique program identifier and a hardware identifier, the hardware identifier associated with the computer for uniquely identifying the computer, including the first and second components thereof, within a domain;
  
  receiving the registration document from the scheme owner at the computer, the registration document digitally signed and includes the hardware identifier and a complete version of the unique program identifier, the registration being verified by the cryptographic unit and in response providing an amount of time according to which the hardware security module meters use of the first or second hardware components;
  
  causing a provisioning request to be sent from the computer to the scheme owner;
  
  preparing a provisioning instruction that is digitally signed and comprises the unique program identifier and the hardware identifier for use in qualifying the provisioning instruction;
  
  providing the provisioning instruction to the computer for configuring the computer according to the provisioning instruction, the hardware security module verifying the provisioning instruction and in response enabling permanent access to the first or second component;
  
  wherein the unique program identifier allows (i) the first service provider to maintain the contribution of the first component to the computer without accessing the second component and allows (ii) the second service provider to maintain the contribution of the second component to the computer without accessing the first component;
  
  wherein the first and second components both comprise a peripheral device physically connected to a port of the computer or a computer program stored within a memory of the computer; and
  
  wherein the tamper resistant memory stores the unique program identifier and hardware identifier, the computer being capable of gaining access to the tamper resistant memory only upon cryptographic authorization by the cryptographic unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising the steps of:
    - periodically sending status messages from the computer to the scheme owner while the computer is provisioned; and
      
      if the scheme owner does not receive a periodic status message within a predetermined period of time, then invoking a sanction.
  - 3. The method of claim 1, wherein the at least a portion of the unique program identifier comprises a business code.
  - 4. The method of claim 1, wherein the unique program identifier comprises a business code and a model code.
  - 5. The method of claim 1, further comprising storing a second unique identifier wherein the second unique program identifier comprises the business code and a second model code.
  - 6. The method of claim 5, wherein the second unique program identifier comprises a second business code and a second model code.
  - 7. The method of claim 1, further comprising:
    - providing the complete unique program identifier to a supply chain entity for installation in the computer in a tamper-resistant memory.

8. A method for configuring and provisioning a computer for metered operation, the computer comprising a main processor and memory, and a hardware security module comprising a cryptographic unit, a processor, and a tamper resistant memory, the method comprising:
- providing the computer with first and second components that are associated with first and second service providers, respectively;
  
  causing a computer to receive from a scheme owner at least a portion of a unique program identifier that represents the first and second components of the computer;
  
  causing a scheme owner to receive a request for a registration document for the computer, the request comprising a full unique program identifier and a hardware identifier, the hardware identifier associated with the computer for uniquely identifying the computer, including the first and second components thereof, within a domain;
  
  sending the registration document from the scheme owner to the computer, the registration document digitally signed with a signature and includes the hardware identifier and a complete version of the unique program identifier, the hardware security module verifying the signature and in response permitting metered access to the first or second component, and during the metered access continued access to the first or second component requires periodic updates from the scheme owner which are verified by the hardware security module to permit continued metered access;
  
  causing a provisioning request to be sent from the computer to the scheme owner;
  
  preparing a provisioning instruction that is digitally signed and comprises the unique program identifier and the hardware identifier for use in qualifying the provisioning instruction;
  
  while the metered access is in effect, providing the provisioning instruction to the computer for configuring the computer according to the provisioning instruction, wherein a signature of the provisioning instruction is verified by the hardware security module and in response permanent access is granted to the first or second component; and
  
  wherein the unique program identifier allows (i) the first service provider to maintain the contribution of the first component to the computer without accessing the second component and allows (ii) the second service provider to maintain the contribution of the second component to the computer without accessing the first component;
  
  wherein the first and second components both comprise a product, a program or a service provided by the computer;
  
  wherein the unique identifier comprises first and second unique identifiers, the first unique program identifier comprising a first business code and a first model code, the second unique program identifier comprising a second business code and a second model code;
  
  wherein the first and second components both comprise a peripheral device physically connected to a port of the computer or a computer program stored within a memory of the computer;
  
  wherein the computer includes the tamper resistant memory in which the unique program identifier and hardware identifier are stored, the computer being capable of gaining access to the tamper resistant memory only upon cryptographic authorization; and
  
  receiving a provisioning packet, verifying the provisioning packet by the hardware security module, and in response converting access to the first or second component from metered access to permanent access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Frank, Alexander, Raciborski, Bohdan, Duffus, James S., Herold, Jeffrey A., Hall, Martin H., Sutton, Paul C., Phillips, Thomas G.
Primary Examiner(s)
Truong, Thanhnga
Assistant Examiner(s)
LEE, JASON T

Application Number

US11/244,217
Publication Number

US 20070079127A1
Time in Patent Office

2,253 Days
Field of Search

726/2, 726/17, 726/34, 726/27, 713/176, 713/189, 713/170, 713/181, 713/175, 713/193, 713/186, 713/158, 713/172, 713/153, 705/34, 705/51, 705/39, 705/50, 705/75
US Class Current

455/426
CPC Class Codes

G06Q 30/04   Billing or invoicing

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

Binding a device to a provider

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Binding a device to a provider

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links