Apple Inc. v. HTC Corporation et al

Filing 1

COMPLAINT for Patent Infringement against All Defendants. Filing fee $ 350.00 receipt number 113C-4398912, filed by Motorola Mobility, Inc.. (Attachments: # 1 Civil Cover Sheet, # 2 Summon(s), # 3 Exhibit 1, # 4 Exhibit 2, # 5 Exhibit 3, # 6 Exhibit 4, # 7 Exhibit 5, # 8 Exhibit 6)(Mullins, Edward) [Transferred from Florida Southern on 8/3/2012.]

Download PDF
                                                                        EXHIBIT 5  111111 United States Patent 1111111111111111111111111111111111111111111111111111111111111 US006008737A Deluca et al. [54] Date of Patent: Assignee: Motorola, Inc., Schaumburg, Ill. [ * l Notice: This patent issued on a continued prosecution application filed under 37 CFR 1.53(d), and is subject to the twenty year patent term provisions of 35 U.S.C. 154(a)(2). [21] Appl. No.: 08/672,004 [22] Filed: Jun. 24, 1996 Related U.S. Application Data [63] Continuation-in-part of application No. 08/452,785, May 30, 1995, Pat. No. 5,612,682. [51] [52] Int. Cl. 6 ....................................................... G07D 7/00 U.S. Cl. ................................ 340/825.34; 340/825.34; 340/825.44; 455/408; 379/121; 705/32 Field of Search ......................... 340/825.34, 825.44, 340/825.33, 825.35, 825.22; 455/426, 405, 406, 408; 395/200.01, 200.05, 230, 232, 228, 229; 379/114, 121 [58] [56] References Cited U.S. PATENT DOCUMENTS 4,875,038 10/1989 Siwiak et a!. ...................... 340/825.44 5,155,680 10/1992 Wiedemer ............................... 395/232 5,325,418 6/1994 McGregor eta!. ..................... 455/406 6,008,737 *Dec. 28, 1999 5,335,278 8/1994 Matchett et a!. ................... 340/825.34 5,371,493 12/1994 Sharpe et a!. ...................... 340/825.33 5,493,492 2/1996 Cramer et a!. .... ... .... ... ... ... ... ... 385/232 5,577,100 11/1996 McGregor et a!. ..................... 455/406 5,606,497 2/1997 Cramer et a!. .... ... .... ... ... ... ... ... 395/232 5,612,682 3/1997 De Luca et a!. ................... 340/825.44 5,633,932 5/1997 Davis et a!. ....................... 340/825.34 5,652,793 7/1997 Priem eta!. ....................... 340/825.34 5,664,006 9/1997 Monte et a!. ........................... 455/405 Inventors: Michael J. Deluca, Boca Raton; Doug Kraul; Walter L. Davis, both of Parkland, all of Fla. [73] Patent Number: APPARATUS FOR CONTROLLING UTILIZATION OF SOFTWARE ADDED TO A PORTABLE COMMUNICATION DEVICE [75] [11] [45] [19J Primary Examiner-Edwin C. Holloway, III Assistant Examiner-Anthony A Asongwed [57] ABSTRACT An apparatus at a fixed portion (102) of a communication system controls utilization of software (398) in a portable communication device (122) that includes a transceiver (302) for communicating with the fixed portion. The portable communication device receives (604) a request for utilization of the software. In response, the portable communication device seeks (612) a usage authorization for utilizing the software by generating ( 614) an external authorization request (428) that includes at least one of a size (396) of the software, a software name (394), a secure checksum, and an address (313) identifying the portable communication device, and by communicating (616) the external authorization request to the fixed portion. The secure checksum is a secure cyclic redundancy check of the software for which the portable communication device is requesting usage authorization, and is generated (624) by the portable communication device from a secure polynomial (311) stored in the portable communication device and separately by the apparatus from a same secure polynomial (230) stored in the apparatus. The portable communication device disallows (640) the utilization of the software, m response to the usage authorization being unobtainable. 9 Claims, 7 Drawing Sheets U.S. Patent Dec.28,1999 r-------~n 6,008,737 Sheet 1 of 7 ________ 1 ,.-- 104 _____ _ r PORT. COMM DEV. 122 122 PORT. OMM. DEV. 122 I ----1 118 118 116 r-116 116 .................----..., BASE STATION BASE STATION BASE STATION 114 CONTROLLER L ________________ 110 \....._ 101 PUBLIC SWITCHED TELEPHONE NETWORK FIG. I 102 J ____ _ U.S. Patent 6,008,737 Sheet 2 of 7 Dec.28,1999 1 214 ----------------------~ 216 \l. RAM 'l.._ 218 ·\.1 PORTABLE DEVICE RECORDS PORTABLE DEVICE ADDRESS 220 ... ':--~~~~~r;I~P~R~O~C~E~S~~~R~E~CO~RD~~I 220 '-...L I PROCES; RECORD -~IT~-2~~~~~g_~I . 0 218 I ... 220 '--J..t- PORTABLE DEVICE ADDRESS 1 ~'Tii~~P~R~O~C~E~S~S~R~E~CO~R~D~~~ . • • I 220 1 ·~'lrii~__0 PR~O~C~E~S~S~R~E~C~OnR~D~I 226 ~ 120 ' r - - - - - r 202 r -._____L_I_ST O_F_P_RO_C_E_S.;...S.;...E..;,S____. __ 1 I .____ _ _ _ _ _ _ _ _____. \VI ·: I II TRANSMITTERl--j: I 101""'-• ~~~.._ PROCESSORt-r-208 _./ 118 ~: ~ I 111\: ·I 1 BASE STATION 23~\.... 212 206 1-----' I I _) h '( 1 ~ J 2~0 RCVR~ RECEIVER!-------~~---..INFC 204 116 I' TEL. INFC ,, (228 - - - - - 231\.... 234'-.... 236, - - FIG.2 SECURE ENCRYPTION KEY CALL PROCESSING PROCESS LISTER 238\.... 112 200 ROM SECURE POLYNOMIAL 23~'- - ~ I I 24~'-... 242'- REQUEST RECEIVER LIST CHECKER EXTERNAL AUTHORIZATION AUTHORIZATION DENIAL CONTROLLER 1~'­ I U.S. Patent Dec.28,1999 378 6,008,737 Sheet 3 of 7 RAM '-- INFORMATION STORAGE LOCATIONS v--379 AUTHORIZATION RECORDS v--380 INTERNAL AUTHORIZATION ,- -382 384 ADDRESS POINTERS ,.386 I-PROCESS NAME 387 PROCESS SIZE 388 ~ RANDOM CRC 390 ,....EXPIRATION TIME 122 FIG. 3 ..-- . • • : AUTHORIZATION : r---382 I I MEDIUM I 384 I L--------------.J 386 387 373 388 390 I I INTERNAL AUTHORIZATION ADDRESS POINTERS I-PROCESS NAME PROCESS SIZE ,..RANDOM CRC EXPIRATION TIME ..---..-- r-------L----, HW MODULE .,..-392 SOFTWARE MODULE 394 i""" PROCESS NAME 396 PROCESS SIZE ...... 398 PROCESS EXECUTABLE • • • {374 ....l_. .... ... g~ 30 31 3 JJ EEPROM ADDRESS \.. J; . r ... ~---~-y- 1--- t .. J ~ J!l ,, HW ':- MOD ... INFC r-368 r-+1 DISPLAY I ~ , .... J ,, 372 -392 394 396 398 PROCESSOR ______ : j~ 398 T I._ ll POWER SWITCH .... 364, USER L CONTROLS ,.-310 ROM r TRANSCEIVER 399 SECURE POLYNOMIAL 1--- REAL-TIMEL CLOCK 1. . . '--311 SECURE ENCRYPTION KEY 302\ 3 I .. 308\ I I II PROCESS EXECUTABLE : j PROGRAM INTERFACE 306 I I I I 370 SOFTWARE MODULE PROCESS NAME ...... PROCESS SIZE PROCESS EXECUTABLE 3 76 375 r______ C_ _____ , r-t--312 CALL PROCESSING SECURITY r---314 t--315 U.S. Patent Dec.28,1999 6,008,737 Sheet 4 of 7 ......__ 315 SECURITY AUTHORIZATION FIRST ALLOWER SECOND ALLOWER HARDWARE PERFORMER SOFTWARE PERFORMER 316 1'- r- 318 r-. 320 ~"'--322 ......_ 324 1'-rINTERNAL AUTHORIZER 328 1'- 1-- 330 EXTERNAL AUTHORIZER DETERMINATION 'r- 1-- 332 1'- ~334 RADIO AUTHORIZER TRANSMITTER CONTROLLER ~ r-336 ~"-- - - SECURE CHECKSUM ~ CALCULATOR f'-_ SENDER CREATOR GENERATOR CHOOSER ......_ r--.... CHECKSUM CALCULATOR t"- I STORER PLACER DISALLOWER Fl RST DISABLER SECOND DISABLER THIRD DISABLER FIG.4 - 3 38 340 ... r-- 344 3 46 3 48 3 50 1---•352 354 ~"--356 .... r--358 .... -360 ~'--- 362 U.S. Patent Dec.28,1999 416 6,008,737 Sheet 5 of 7 420 418 ,............:;....__-,----;....__----,- ----c-!_ -------- I PROCESS NAME EXPIRATION TIME I 1 ---------~ 41 1: rlENCRYPTEDI MESSAGE 404 ENCRYPTED MESSAGE I 432 434 436 FIG.S 438 440 U.S. Patent Dec.28,1999 6,008,737 Sheet 6 of 7 502 CONTROLLER RECEIVES ENCRYPTED EXTERNAL AUTHORIZATION REQUEST MESSAGE CONTROLLER DECIPHERS ENCRYPTED MESSAGE FROM THE PORTABLE COMMUNICATION DEVICE 504 506 CONTROLLER IDENTIFIES THE PORTABLE COMMUNICATION DEVICE BY SELECTIVE CALL ADDRESS, AND PROCESS IS IDENTIFIED BY PROCESS NAME, SIZE AND CRC 508 y 512 CONTROLLER SENDS ENCRYPTED PROCESS AUTHORIZATION INCLUDING PROCESS NAME AND SIZE TO BASE TRANSMITTER CONTROLLER SENDS NOT AUTHORIZED COMMAND TO TRANSMITTER 514 BASE TRANSMITTER TRANSMITS AUTHORIZATION ..-------., MESSAGE 516 500 FIG. 6 U.S. Patent Dec.28,1999 6,008,737 Sheet 7 of 7 USER RECEIVES OTA PROGRAM USER INSTALLS USER REQUESTS HARDWARE OR 1--_.1 EXECUTION OF A SOFTWARE MODULE PROCESS AND SENDS REGISTRATION N SEND TO TRANSMITTER ENCRYPTED AUTHORIZATION REQUEST,ADDRESS,PROCESS NAME AND SIZE, AND SECURE CRC 616 ENCRYPTED AUTHORIZATION REQUEST TRANSMITTED 622 y 630 @ 626 TORE ADDRESS POINTERS, PROCESS NAME AND SIZE, RANDOM CRC AND EXPIRATION TIME ENCRYPTED WITH SECURE POLYNOMIAL GENERATOR FIG. 7 6,008,737 1 2 APPARATUS FOR CONTROLLING UTILIZATION OF SOFTWARE ADDED TO A PORTABLE COMMUNICATION DEVICE DESCRIPTION OF THE PREFERRED EMBODIMENT Referring to FIG. 1, an electrical block diagram of a communication system in accordance with the preferred This application is a continuation-in-part of application 5 embodiment of the present invention comprises a fixed Ser. No. 08/452,785 filed May 30, 1995, by Deluca et al., portion 102 and a portable portion 104. The fixed portion entitled "Method and Apparatus for Controlling Utilization 102 includes a plurality of base stations 116, for communiof a Process Added to a Portable Communication Device", cating with the portable portion 104, utilizing conventional now U.S. Pat. No. 5,612,682, issued Mar. 18, 1997. techniques well known in the art, and coupled by commu10 nication links 114 to a controller 112 which controls the base FIELD OF THE INVENTION stations 116. The hardware of the controller 112 is preferably This invention relates in general to communication a combination of the Wireless Messaging Gateway systems, and more specifically to a method and apparatus for (WMG™) Administrator!™ paging terminal and the controlling utilization of a process added to a portable RF-Conductor!® message distributor manufactured by 15 communication device. Motorola, Inc. The hardware of the base stations 116 is preferably a combination of the Nucleus® RF-Orchestra! TM BACKGROUND OF THE INVENTION transmitter and RF-Audience!™ receivers manufactured by In the past, paging devices were limited to alpha-numeric Motorola, Inc. It will be appreciated that other similar and voice paging. With technology improvements in circuit hardware can be utilized as well for the controller 112 and integration and more efficient communication protocols that 20 base stations 116. provide two-way communication, paging devices have Each of the base stations 116 transmits radio signals to the grown in sophistication and services provided. With today's portable portion 104 comprising a plurality of portable technology improvements, paging devices are expected to communication devices 122 via a transmitting antenna 120. acquire more sophisticated functions such as electronic The base stations 116 each receive radio signals from the mailing services, spread sheet applications, investment 25 plurality of portable communication devices 122 via a finance services such as stock market charts, quotation receiving antenna 118. The radio signals comprise selective requests, purchase and sale transactions, etc. These services call addresses and messages transmitted to the portable require sophisticated software applications and/or hardware communication devices 122 and acknowledgments received modules to be operated in the paging device. Paging devices from the portable communication devices 122. It will be using sophisticated services such as these will require a 30 appreciated that the portable communication devices 122 means for registration and licensing to prevent unauthorized can also originate messages other than acknowledgments, as use of processes, including software applications and hardwill be described below. The controller 112 preferably is ware modules. In prior art devices registration has been coupled by telephone links 101 to a public switched teleaccomplished by mailing a signed certificate with a purchase phone network (PSTN) 110 for receiving selective call receipt of a software application or hardware module. This 35 originations therefrom. Selective call originations comprisform of registration, however, does not prevent an unscruing voice and data messages from the PSTN 110 can be pulous user from using pirated software applications and/or generated, for example, from a conventional telephone 124 unauthorized hardware modules. coupled to the PSTN 110 in a manner that is well known in Thus, what is needed is a method and apparatus for 40 the art. controlling utilization of a process added to a portable Data and control transmissions between the base stations communication device. Preferably, the method and appara116 and the portable communication devices 122 preferably tus should serve as a mechanism to prevent unauthorized use utilize a protocol similar to Motorola's well-known FLEX™ of software applications and hardware modules. digital selective call signaling protocol. This protocol uti45 lizes well-known error detection and error correction techBRIEF DESCRIPTION OF THE DRAWINGS niques and is therefore tolerant to bit errors occurring during FIG. 1 is an electrical block diagram of a communication transmission, provided that the bit errors are not too numersystem in accordance with the preferred embodiment of the ous in any one code word. present invention. Outbound channel transmissions comprising data and FIG. 2 is an electrical block diagram of elements of a fixed 50 control signals from the base stations 116 preferably utilize portion of the communication system in accordance with the two and four-level frequency shift keyed (FSK) modulation, preferred embodiment of the present invention. operating at sixteen-hundred or thirty-twohundred symbolsFIGS. 3 and 4 are elements of an electrical block diagram per-second (sps), depending on traffic requirements and of a portable communication device in accordance with the system transmission gain. Inbound channel transmissions preferred embodiment of the present invention. 55 from the portable communication devices 122 to the base FIG. 5 is a timing diagram of elements of an outbound stations 116 preferably utilize four-level FSK modulation at protocol and an inbound protocol of the fixed and portable a rate of ninety-six-hundred bits per second (bps). Inbound portions of the communication system in accordance with channel transmissions preferably occur during predeterthe preferred embodiment of the present invention. mined data packet time slots synchronized with the outFIG. 6 is a flow chart depicting an authorization operation 60 bound channel transmissions. It will be appreciated that, of the fixed portion in response to a message originated by alternatively, other signaling protocols, modulation the portable communication device in accordance with the schemes, and transmission rates can be utilized as well for preferred embodiment of the present invention. either or both transmission directions. The outbound and FIG. 7 is a flow chart depicting an authorization operation inbound channels preferably operate on a single carrier of the portable communication device as it attempts to 65 frequency utilizing well-known time division duplex (TDD) obtain authorization to use a process in accordance with the techniques for sharing the frequency. It will be further preferred embodiment of the present invention. appreciated that, alternatively, the outbound and inbound 6,008,737 3 channels can operate on two different carrier frequencies using frequency division multiplexing (FDM) without requiring the use of TDD techniques. U.S. Pat. No. 4,875,038 to Siwiak et al., which describes a prior art acknowledge-back radio communication system, 5 is hereby incorporated herein by reference. For further information on the operation and structure of an acknowledge-back radio communication system, please refer to the Siwiak et al., patent. Referring to FIG. 2, an electrical block diagram of ele- 10 ments 200 of the fixed portion 102 in accordance with the preferred embodiment of the present invention comprises portions of the controller 112 and the base stations 116. The controller 112 comprises a processor 210 for directing 5 operation of the controller 112. The processor 210 preferably 1 is coupled through a transmitter interface 208 to a transmitter 202 via the communication links 114. The communication links 114 use conventional means well known in the art, such as a direct wire line (telephone) link, a data communication link, or any number of radio frequency links, such 20 as a radio frequency (RF) transceiver link, a microwave transceiver link, or a satellite link, just to mention a few. The transmitter 202 transmits two and four-level FSK data messages to the portable communication devices 122. The processor 210 is also coupled to at least one receiver 204 25 through a receiver interface 206 via the communication links 114. The receiver 204 demodulates four level FSK and can be collocated with the base stations 116, as implied in FIG. 2, but preferably is positioned remote from the base stations 30 116 to avoid interference from the transmitter 202. The receiver 204 is for receiving one or more acknowledgments and/or messages from the portable communication devices 122. The processor 210 is coupled to a telephone interface 212 35 for communicating with the PSTN 110 through the telephone links 101 for receiving selective call originations. The processor 210 is also coupled to a random access memory (RAM) 214 comprising a database of portable device records 216 and a database of processes 226. The database 40 of portable device records 216 contains, as a minimum, a list of process records 220 for each portable communication device 122. To access the list of process records 220 of a portable communication device 122, a portable device address 218 corresponding to the address of a portable 45 communication device 122 is used to search the database of portable device records 216. The list of process records 220 specifies the software and hardware processes which are authorized for use by a portable communication device 122 having the portable device address 218. Each process record 50 220 contains a list of process verification elements used for process authorization of external authorization requests transmitted by the portable communication devices 122, as will be described below. The verification elements contained in the process record 220 for both hardware and software 55 processes include a process name, a process size and a secure cyclic redundancy check (CRC). The database of processes 226 preferably comprises binary executables (machine code) of many of the authorized software processes available for use by the portable 60 communication devices 122. The software processes stored in the RAM 214 of the controller preferably can be delivered to portable communication devices 122 by way of over-theair (OTA) programming utilizing techniques well known in the art. 65 The processor 210 also is coupled to a read-only memory (ROM) 228. It will be appreciated that other types of 4 memory, e.g., electrically erasable programn:~ble ROM (EEPROM) or magnetic disk memory, can be utlhzed for the ROM 228 as well as the RAM 214. It will be further appreciated that the RAM 214 and the ROM 228, singly or in combination, can be integrated as a contiguous portion of the processor 210. Preferably, the processor 210 is similar to the DSP56100 digital signal processor (DSP) manufactured by Motorola, Inc. It will be appreciated that other similar processors can be utilized for the processor 210, and that additional processors of the same or alternate type can be added as required to handle the processing requirements of the controller 112. The first two elements in the ROM 228 include a secure polynomial230 and a secure encryption key 231. The secure polynomial230 is used as a secure polynomial generator for CRC verification of process executables requested by external authorization request messages transmitted by portable communication devices 122. The portable communication devices 122 use the same secure polynomial generator for CRC generation. Using the same secure polynomial generator for both the fixed portion 102 and portable portion 104 of the communication system provides a means for verifying authenticity of software and hardware processes requested by the portable communication devices 122. The secure encryption key 231 is used for encryption and decryption of authorization messages transmitted between the portable communication devices 122 and the base stations 116. Similarly, the portable communication devices 122 use the same secure encryption key for external authorization message transactions. Using secure encryption between the fixed portion 102 and the portable portion 104 of the communication system provides a method for transmitting secure two-way messages which are unlikely to be breached. The encryption process converts an unscrambled sequence to a pseudo-random sequence coded by a scrambler and decoded by a descrambler. The scrambler and descrambler use preferably polynomial generators with feedback paths which use modulo 2 (Exclusive Or) addition on the feedback taps. The descrambler uses the same architecture as the scrambler for descrambling the message. Using a nonlinear feedback shift register (NFSR) architecture provides a secure approach for message encryption which makes it difficult, if not computationally intractable for a person to decipher the encryption key. The present invention preferably uses a conventional self-synchronizing stream encryption system which utilizes a NFSR architecture, as is well known by one of ordinary skill in the art. It will be appreciated that, alternatively, other methods which provide suitably secure encryption can be used. It will be further appreciated that, alternatively, message transactions between the base stations 116 and the portable communication devices 122 can be non-encrypted. To protect against unauthorized access, the secure polynomial230 and the secure encryption key 231 preferably are stored in a secure portion of the ROM 228 which can only be accessed by the processor 210. Preferably, this portion of the ROM 228 is integrated with the processor 210 as a protected mask read only memory (MROM), and is programmed during the manufacturing process of the processor 210. As is well known by one of ordinary skill in the art, once a protected MROM has been programmed the protected portion of the MROM is only accessible by the processor 210 and cannot be accessed by external hardware coupled to the processor 210. Alternatively, the secure polynomial 230 and the secure encryption key 231 can be included in are-programmable non-volatile memory such as a FLASH memory, an EEPROM memory or magnetic disk memory, but accessibility of the secure polynomial 230 and 6,008,737 5 6 secure encryption key 231 are preferably restricted by the appreciated that, alternatively, the external authorization service provider to authorized personnel only. Using response message can include a plurality of process names re-programmable non-volatile memories provides flexibility and expiration times authorizing a plurality of processes requested by the portable communication device 122. of adding more polynomial elements and encryption keys for system and subscriber unit expansion. 5 Before the external authorization element 240 sends the external authorization response message to the transmitter The ROM 228 of the processor 210 also includes firm202 of the base station 116, the external authorization ware elements for use by the processor 210. The firmware response message is encrypted, using the method described elements include a call processing element 232, a process above, to secure the RF transmission of the message. When lister element 234, a request receiver element 236, a list checker element 238, an external authorization element 240 10 the list checker element 238 denies authorization of a process to a portable communication device 122, the proand an authorization denial element 242. The call processing cessor 210 calls on the authorization denial element 242 to element 232 handles the processing of an incoming call for process the external authorization denial response message a called party and for controlling the transmitter 202 to send to be transmitted to the portable communication device 122. a selective call message to the portable communication device 122 corresponding to the called party, utilizing tech- 15 The external authorization denial response message comprises an authorization command which includes a "not niques well known in the art. The process lister element 234 authorized" signal denying authorization, and a process manages the database of portable device records 216 stored name of the process being denied. It will be appreciated that in the RAM 214 for each portable communication device the external authorization denial response message can 122 utilizing database management techniques well known in the art. The request receiver element 236 processes 20 include a plurality of process names denying authorization to a plurality of processes requested by the portable comencrypted external authorization request messages received munication device 122. As is done with the external authoby the receiver 204 of the base station 116 and originating rization response message, the external authorization denial from the portable communication devices 122. The response message is encrypted before it is transmitted to the encrypted external authorization request message is decrypted with the secure encryption key 231 described 25 portable communication device 122 by the base stations 116. According to an auditing operation of the fixed portion above. The external authorization request for hardware and 102, the processor 210 is programmed by way of the ROM software processes comprises at least a process name and a 228 to periodically audit the portable communication device process size corresponding to the process, along with a 122 through a radio channel of the communication system to secure checksum and an address identifying the portable communication device 122. Optionally, an authorization 30 determine a catalog of internal authorizations 382 (FIG. 3) stored in the portable communication device 122. In request command can accompany the external authorization addition, the processor 210 is programmed to periodically request message. Preferably, the authorization request comaudit the portable communication device 122 through a mand is included in the address portion of the portable radio channel of the communication system to determine a communication device 122 address. Alternatively, the authorization request command can be in a separate element in the 35 quantitative usage of each of the processes 398 (FIG. 3) used by the portable communication device 122, and to bill a user external authorization request message. The secure checkof the portable communication device 122 in response to the sum is preferably a secure CRC of the software process for quantitative usage determined. The processor 210 is also which the portable communication device 122 is requesting programmed by way of the ROM 228 to maintain a list of authorization. The CRC is generated by the portable communication device 122 by using a polynomial generator 40 authorized processes 398 in the process records 220 corresponding to the portable communication device 122, and to stored in its memory, which is the same as the secure compare the catalog of internal authorizations 382 with the polynomial 230 used by the controller 112, as described list of authorized processes 398 corresponding to the porabove. The secure checksum provides a means for verifying table communication device to determine whether any of the that the process being used by the portable communication device 122 is an authorized version. The list checker element 45 internal authorizations 382 stored in the portable communication device 122 are invalid. The processor 210 is further 238 uses the address, corresponding to the portable comprogrammed by way of the ROM 228 to store an indication munication device 122, received in the external authorizain a user database entry (not shown) in the RAM 214 tion request message as a portable device address 218. The corresponding to the portable communication device 122 processor 210, as described above, searches through the database of portable device records 216 to find the list of 50 that an invalid internal authorization 382 has been found therein, in response to determining that at least one of the process records 220 corresponding to the portable device internal authorizations 382 stored in the portable commuaddress 218 matching the address of the portable communication device 122 is invalid. The processor 210 is also nication device 122. The list checker element 238 then programmed to transmit a command to the portable comchecks each process record 220 for a match to the process name, process size and secure CRC received in the external 55 munication device 122 to delete at least one of the internal authorizations 382, in response to determining that the at authorization request message. If a match is found, then least one of the internal authorizations 382 stored in the authorization is given to the portable communication device portable communication device 122 is invalid. These opera122 for using the requested software or hardware process. If tional features will be described further herein below. a match is not found, then authorization is denied. When the According to a message sending operation of the fixed list checker element 238 authorizes a process requested by 60 portion 102, the processor 210 is programmed by way of the the portable communication device 122, the processor 210 calls on the external authorization element 240 to process ROM 228 to queue a message for transmission to the the external authorization response message to be transmitportable communication device 122, the message requiring ted to the portable communication device 122. The external a predetermined process 398 in the portable communication authorization response message preferably comprises an 65 device 122 in order to process the message. In addition, the processor 210 is programmed to determine that the portable authorization command, the process name of the authorized process and an expiration time for the process. It will be communication device 122 does not have a predetermined 6,008,737 7 8 usage authorization 382 for utilizing the predetermined above. The internal authorization record 382 for hardware process 398; and in response, to grant the predetermined and software processes comprises address pointers 384, a usage authorization 382 to the portable communication process name 386, a process size 387, a random CRC 388 of device 122 through the radio channel of the communication the authorized hardware or software process executable 398 system (after verifying, for example, that the account of the 5 and an expiration time 390. The address pointers 384 user of the portable communication device 122 is in good preferably include two address pointers which point to two standing). Preferably, the processor 210 determines that the byte locations within the process executable 398 of the portable communication device 122 does not have the authorized hardware or software process. The two bytes are predetermined usage authorization 382 by auditing the porchosen by a random process which preferably uses a realtable communication device 122 over the radio channel. It 10 time clock 399 for generating random address pointers. The will be appreciated that, alternatively, the processor 210 can real-time clock 399 determines time (in hours, minutes and determine from its own internal process records 220 that the seconds) and calendar date, which is also used for deterportable communication device 122 has not been previously mining the expiration time of a process, as will be described authorized for utilizing the predetermined process 398. below. To determine the two random address pointers the If the predetermined process 398 is a software process, the 15 real-time clock 399 is used in conjunction with the random processor 210 is further programmed to determine that the event of the user requesting use of a process through the user portable communication device 122 does not have the controls 364. When the user depresses a button on the user software process, e.g., by receiving from the portable comcontrols 364 requesting execution of a process, the processor munication device 122 a request for the software process; 308 reads the time specified by the real-time clock 399. The and in response, to download the software process to the 20 real-time clock 399 reading is in binary format and is portable communication device 122 through the radio chansufficiently long to cover a wide address spectrum. Dependnel. Preferably, before downloading the software process, ing on the number of bytes contained in the process executthe processor 210 is further programmed to transmit terms of able 398 the user is requesting, a limited number of bits are a licensing agreement to the portable communication device chosen in the real-time clock reading to cover the size of the 122, to receive from the portable communication device 122 25 process executable 398. The limited real-time clock reading a reply indicating whether the user of the portable commuis then used as an address pointer to a first random byte in nication device 122 agrees to the terms, and to omit downthe requested process executable 398. The second random loading of the software process in response to the reply address pointer points to a second random byte location. The indicating that the user does not agree to the terms of the two bytes together represent a 16 bit polynomial generator licensing agreement. These operational features will be 30 seed for generating the random CRC 388 of the hardware or described further herein below. software process executable 398. As is well known by one Referring to FIG. 3, an electrical block diagram of the of ordinary skill in the art, a polynomial generator must portable communication device 122 in accordance with the follow certain guidelines such as, for example, the polynopreferred embodiment of the present invention comprises a mial generator must not contain all zeros or all ones. When transceiver antenna 303 for transmitting radio signals to the 35 the two bytes chosen violate any polynomial generator rules, base stations 116 and for intercepting radio signals from the the address pointers are moved to a next higher location in base stations 116. The transceiver antenna 303 is coupled to the process executable 398. If the end of the process a transceiver 302 utilizing conventional techniques well executable 398 is reached then the random address pointers known in the art. The radio signals received from the base wrap around to the beginning of the process executable 398. stations 116 use conventional two and four-level FSK. The 40 This process continues until a valid set of bytes are chosen radio signals transmitted by the portable communication which meet the polynomial generator rules. It will be device 122 to the base stations 116 use fourlevel FSK. appreciated that, alternatively, more than two bytes can be used for the random polynomial generator. The expiration Radio signals received by the transceiver 302 produce time 390 includes a date, and optionally a time when the demodulated information at the output. The demodulated information is coupled to the input of a processor 308, which 45 authorization of the hardware or software process expires. processes the information in a manner well known in the art. Whenever a process execution is requested by the user, the Similarly, inbound response messages are processed by the expiration time 390 is compared to the real-time clock 399 processor 308 and delivered to the transceiver 302 which is to determine if authorization of the hardware or software coupled to the processor 308. The response messages transprocess has expired. It will be appreciated that reprogrammitted by the transceiver 302 are preferably modulated using 50 mabie non-volatile memory devices, such as, for example, four-level FSK. EEPROM or FLASH memories, can be used to prevent loss of the authorization records 380 stored in the RAM 378 A conventional power switch 306, coupled to the procesduring a power outage. sor 308, is used to control the supply of power to the transceiver 302, thereby providing a battery saving function. The processor 308 is also coupled to a programming The processor 308 is coupled to a random access memory 55 interface 374 and a hardware module interface 370. The (RAM) 378 for storing messages in information storage programming interface 374 allows for external software locations 379. The RAM 378 further comprises authorizamodule download into the RAM 378. The programming tion records 380 and software modules 392. The authorizainterface 374 preferably uses a serial communication interface 376 for communication with the processor 308. The tion records 380 include internal authorization records 382 of processes, either software or hardware, which have been 60 serial interface preferably uses a conventional universal authorized for use by the portable communication device asynchronous receiver transmitter (UART) well known in the art. The physical means for the interface preferably uses 122. The software modules 392 include a process name 394, metal contacts. It will be appreciated that, alternatively, a process size 396 and a process executable 398. The internal authorization record 382 is encrypted using a secure encrypother physical means can be used, such as infrared, inductive tion key 312 stored in a read only memory (ROM) 310 of the 65 coupling, etc. The hardware module interface 370 allows for portable communication device 122. The encryption key attachments of hardware modules to the portable commuused is the same as that used by the controller 112 described nication device 122. The hardware module interface 370 6,008,737 9 preferably uses a hardware interface 372, well known in the art, such as the Personal Computer Memory Card International Association (PCMCIA) interface. With this interface any type of hardware module 373 conforming to the PCMCIAstandard can be attached to the portable communication 5 device 122. The function of the hardware module 373 can include any number of functions such as a software module hardware accelerator, video graphics card, expanded memory card, etc. It will be appreciated that the programming interface 374 and the hardware module interface 370 10 can use other interfaces for software download and hardware attachments, well known in the art. The ROM 310 coupled to the processor 308 comprises a secure polynomial 311, a secure encryption key 312 and firmware elements for use by the processor 308. It will be 15 appreciated that other types of memory, e.g., EEPROM, can be utilized as well for the ROM 310. The secure polynomial 311 includes a secure polynomial generator for CRC generation of hardware and software process executables 398. The secure polynomial 311 used by the portable communi- 20 cation device 122 matches the secure polynomial 230 used by the controller 112 described above. The secure encryption key 312 is used for scrambling and descrambling external authorization messages transmitted between the portable communication device 122 and the base stations 116. The 25 secure encryption key 312 used by the portable communication device 122 matches the secure encryption key 231 used by the controller 112. The secure polynomial 311 and secure encryption key 312 are stored in a protected portion of the ROM 310 utilizing the techniques described for the 30 controller 112. The firmware elements comprise a call processing element 314 which handles incoming messages on the outbound channel using techniques well known in the art. When an address is received by the processor 308, the call pro- 35 cessing element 314 compares one or more addresses 313 stored in an EEPROM 309, and when a match is detected, a call alerting signal is generated to alert a user that a message has been received. The call alerting signal is directed to a conventional audible or tactile alerting device 40 366 for generating an audible or tactile call alerting signal. In addition, the call processing element 314 processes the message which is received in a digitized conventional manner and then stores the message in one of the information storage locations 379 in the RAM 378. The message can be 45 accessed by the user through user controls 364, which provide functions such as lock, unlock, delete, read, etc. More specifically, by the use of appropriate functions provided by the user controls 364, the message is recovered from the RAM 378, and then displayed on a display 368, 50 e.g., a conventional liquid crystal display (LCD). The firmware elements further comprise a security element 315 for processing authorization of software modules 392 and hardware modules 373. The elements contained in the security element 315 are shown in FIG. 4. The security 55 element 315 includes an authorization element 316, a second allower element 320, a creator element 344, a starer element 352, a disallower element 356 and a third disabler element 362. When a user requests utilization of a hardware or software process by the use of appropriate functions pro- 60 vided by the user controls 364, the processor 308 calls on the authorization element 316 to process the request. The processor 308 begins the authorization process by invoking a first allower element 318 which, optionally, allows immediate utilization of the process requested. Whether or not the 65 first allower element 318 allows immediate utilization of a process is determined by programming of the portable 10 communication device 122 performed by the system provider. The processor 308 follows by invoking a determination element 332 which is used for making a determination of whether an internal authorization record 382 exists for utilizing the hardware or software process. The determination of a valid internal authorization record 382 is made by searching through the authorization records 380 for a process name 386 which matches the module name of the hardware or software process requested by the user. If a match is determined, then an internal authorizer element 328 is called on by the processor 308 to read the address pointers 384 to determine the random polynomial generator to be used for random CRC generation over the process executable 398 of the hardware or software module. The internal authorizer element 328 uses the process size 387 corresponding to the module size of the hardware or software process executable 398 to calculate a random CRC over the process executable 398 of the hardware or software process. If the CRC generated matches the random CRC 388 stored in the internal authorization record 382, then the processor 308 invokes the second allower element 320 to check the expiration time 390 against the real-time clock 399. If the expiration time has not expired, then the processor 308 allows the utilization of the process, in response to the usage authorization being obtained. However, if the expiration time has expired then the processor 308 calls on the third disabler element 362 for disabling further utilization of the process in response to an expiration of the usage authorization. If the determination element 332 does not find an internal authorization record 382 for the hardware or software process requested by the user, then a radio authorizer element or authorizer element 334 is called on for communicating with the fixed portion 102 by sending a signal indicative of the hardware or software module to obtain the usage authorization as an external authorization, in response to the internal authorization being absent from the authorization records 380. The radio authorizer element 334 attempts to obtain the usage authorization through a first radio channel (the inbound channel) of the communication system. If the external authorization request is denied, then the processor 308 calls on a first disabler element 358 to disable further utilization of the process, in response to receiving a "not authorized" signal through a second radio channel (the outbound channel) of the communication system. If the external authorization request is not received within a predetermined time interval, then the processor 308 invokes a second disabler element 360 to disable utilization of the process requested by the user. To create the external authorization request message, the radio authorizer element 334 invokes a transmitter controller element 336. The transmitter controller element 336 calls on a secure checksum calculator element 338 which uses the secure polynomial311 stored in the ROM 310 to calculate a secure CRC over the process executable 398 of the hardware or software process requested by the user. Once the secure CRC is determined, the processor 308 prepares an external authorization request message comprising an authorization request command, the address of the portable communication device 122, the process name, the size of the hardware or software process executable 398, and the secure CRC calculated by the secure checksum calculator element 338. Once the external authorization request message has been determined the transmitter controller element 336 encrypts the message with the secure encryption key 312. The processor 308 then invokes a sender element 340 and sends the message to the transceiver 302, which thereafter transmits the encrypted external 6,008,737 11 12 authorization request message to the base stations 116. If an internal authorizations 382 present within the portable comencrypted external authorization response message is munication device 122 for utilizing the processes 398, and to report the internal authorizations 382 present, in response received from the base stations 116 indicating the hardware to receiving an internal authorization audit command from or software process is authorized, then the processor 308 accesses a second allower element 320 to process the 5 the fixed portion 102 of the communication system. The processor 308 is also programmed to delete an internal message. If the external authorization response message was authorization 382, in response to receiving a delete authofor a hardware module 373 authorizing utilization of the rization command directed at the internal authorization 382 process, then the second allower element 320 invokes a from the fixed portion 102 of the communication system. hardware performer element 322 for performing the process in accordance with circuits of the hardware module 373. If 10 These operational features will be described further herein below. the external authorization response message was for a software module 392 authorizing utilization of the process, then For cooperation with the message sending operation of the fixed portion 102, the processor 308 is programmed by the second allower element 320 invokes a software performer element 324 for performing the process in accorway of the ROM 310 to control the transceiver 302 to dance with instructions of the software module 392. 15 request a download of a predetermined software process 398 in response to receiving from the fixed portion 102 a For software modules 392 or hardware modules 373 message that requires the predetermined software process which are user-installed, an authorization medium 375 398 for processing the message. In addition, the processor (preferably a registration form with proof of purchase) is 308 is programmed by way of the ROM 310 to control the physically sent to the service provider to obtain authorization. When the user requests execution of the installed 20 display 368 to display the terms of a software license agreement, in response to receiving the terms of the software process, the process is optionally executed and the processor license agreement from the fixed portion 102 through the 308 invokes the external authorizer element 330 to request radio channel. an external authorization from the controller 112. The external authorizer element 330 obtains usage authorization by Referring to FIG. 5, a timing diagram 400 depicts elereceiving an external authorization from the service provider 25 ments of an outbound protocol and an inbound protocol of through a radio channel (the outbound channel) of the the fixed portion 102 and portable portion 104 of the communication system. The external authorization request communication system in accordance with the preferred message sent to the base stations 116, as described above, embodiment of the present invention. The signaling format comprises an authorization request command, the portable on the outbound and inbound channels preferably operates communication device 122 address, the process name and 30 on a single carrier frequency utilizing well-known time division duplex (TDD) techniques for sharing the frequency. size, and a secure CRC of the hardware or software process executable 398. When the controller 112 sends an authoriIt will be appreciated that the outbound and inbound chanzation message granting authorization of the hardware or nels can use separate frequency channels utilizing frequency division multiplexing (FDM) techniques well known in the software process, the second allower element 320 allows the utilization of the process, in response to the usage authori- 35 art. Using TDD transmission the outbound RF channel zation being obtained. In response to obtaining an external transmission is depicted during an outbound transmission time interval 402, while the inbound RF channel transmisauthorization allowing utilization of a process, the processor 308 accesses the creator element 344 to create an internal sion is depicted during an inbound transmission time interauthorization record 382. To create the internal authorization val 404. The outbound transmission time interval 402 and record the processor 308 invokes a generator element 346 40 the inbound transmission time interval 404 are subdivided which first calls on a chooser element 348 to select preferby a time boundary 403. The time boundary 403 depicts a ably two random bytes of the hardware or software process point in time when the outbound transmissions cease and the executable 398. The random bytes are preferably chosen inbound transmissions commence. using the real-time clock 399 and user invocation of the user The elements of the outbound protocol comprise an controls 364 as described above. Once the random bytes 45 outbound sync 406, a selective call address 408, a message have been determined, and satisfy the polynomial generator vector 410 and an outbound message 412, while the inbound rules, a checksum calculator element 350 is invoked to protocol comprises an inbound sync 426 and an inbound perform a CRC generation on the process executable 398 of message 428. The outbound sync 406 provides the portable the hardware or software module. Once the random CRC communication device 122 a means for synchronization 388 has been calculated, the starer element 352 collects the 50 utilizing techniques well known in the art. The selective call verification elements used for the internal authorization address 408 identifies the portable communication device record 382. The verification elements comprise the address 122 for which the outbound message 412 is intended. The pointers 384 for the random polynomial generator, the message vector 410 points in time within the TDD signal process name 386, the random CRC 388 calculated by the format to the position of the outbound message 412 to be checksum calculator element 350 and the expiration time 55 received by the portable communication device 122. The 390 received in the external authorization message from the outbound message 412 can be either a well known selective controller 112. The processor 308 then calls on a placer call message, or an external authorization response message element 354 which uses the secure encryption key 312 to in accordance with the present invention. When the outencrypt the verification elements and then stores the result in bound message 412 is an external authorization response the authorization records 380 in the RAM 378. 60 message, the message received by the portable communiFor cooperation with the auditing operation of the fixed cation device 122 is an encrypted message 414. The portion 102, the processor 308 is programmed by way of the encrypted message 414 comprises an authorization comROM 310 to maintain in the RAM 378 a record (not shown) mand 416, a process name 418 and, optionally, an expiration of usage of the process 398, and to report the usage in time 420. When the authorization command 416 is an response to receiving a usage audit command from the fixed 65 authorization command denying authorization for utilization portion 102 of the communication system. In addition, the of a requested process, then the expiration time 420 is not processor 308 is programmed to maintain the record of included in the encrypted external authorization response 6,008,737 13 14 message. It will be appreciated that the outbound external the portable communication device 122 received on the authorization response message can be extended to include inbound channel, as described further herein below. It will multiple authorizations and/or denials by sending a plurality be further appreciated that, alternatively, other communicaof authorization commands 416, associated process names tion protocols which support two-way communication can 418 and, optionally, expiration times 420. 5 be used. Similarly, the inbound sync 426 provides the base stations Referring to FIG. 6, a flow chart 500 depicting an autho116 a means for synchronization utilizing techniques well rization operation of the fixed portion 102 in response to a known in the art. The inbound message 428 can be either a message originated by the portable communication device well known acknowledge-back response message, or an 122 in accordance with the preferred embodiment of the external authorization request message in accordance with 10 present invention begins with step 502 where the controller the present invention. When the inbound message 428 is an 112 receives an encrypted external authorization request external authorization request message, the message transmessage. In step 504 the controller 112 deciphers the mitted by the portable communication device 122 is an encrypted message using the secure encryption key 231 encrypted message 430. The encrypted message 430 comstored in the ROM 228. In step 506 the controller 112 prises an authorization request command 432, an address 15 identifies the portable communication device 122 requesting 434 corresponding to the portable communication device the authorization by the address 434 received. Additionally, 122, a process name 436, a process size 438 and a secure the controller 112 reads the process verification elements CRC 440. The secure CRC is determined, as described included in the external authorization request message. In above, using the secure polynomial311 over the hardware or step 508 the controller 112 checks for a match between the software module's process executable 398. It will be appre- 20 process verification elements received and the list of process ciated that the authorization request command 432 can be records 220 corresponding to the portable communication included as part of the field of the address 434. It will also device 122. If a match is found, then in step 510 an external be appreciated that multiple authorization requests can be authorization response message is constructed authorizing included within the same inbound message by sending a utilization of the process. The external authorization plurality of process names 436 and process sizes 438 with 25 response message comprising the authorization command their associated secure CRCs 440. 416 allowing utilization of the process, the process name 418 of the process authorized and an expiration time 420 for During selective call messaging between the base stations 116 and the portable communication devices 122, the comthe process. Before sending the message to the base stations munication system protocol described above begins with an 116 for transmission, the external authorization response outbound message which delivers a message to a portable 30 message is encrypted using the secure encryption key 231 as communication device 122. The portable communication described above. When a match is not found, then in step 512 an external authorization response message with an device 122 can, optionally, acknowledge reception of the "authorization denied" command is constructed. The extermessage on the inbound channel. Acknowledgment mesnal authorization response message then comprises the sages from the portable communication device 122 are transmitted on the inbound channel during a scheduled 35 authorization command 416 for denying authorization to the requested process, and the associated process name 418. The period which is referenced to the time boundary 403 denial message, as described above, is encrypted by the described above. Scheduled inbound messages are preferably reserved for acknowledgment messaging from the controller 112 using the secure encryption key 231. Once either type of the external authorization response message is portable communication devices 122. However, when a user invokes a process which requires transmitting an external 40 constructed, then in step 514 the message is sent to the authorization request message to the base stations 116, the transmitter 202 of the base station 116 where it is transmitted to the portable communication device 122. In step 516 the portable communication device 122 uses an unscheduled time period (slot) referenced to the time boundary 403 for controller 112 checks for a message acknowledgment unscheduled messaging to the base stations 116. Note that response from the portable communication device 122 during inbound messaging, a time period referenced to the 45 acknowledging reception of the external authorization time boundary 403 is reserved for both scheduled and response message. If no acknowledgment is received, then unscheduled inbound messages. Therefore, there is no conthe controller 112 resends the message in step 514. The tention between scheduled and unscheduled inbound mescontroller 112, preferably, has an option to limit the number of re-transmissions by using, for example, a maximum sages. Since the number of unscheduled time slots is limited, it is possible for contention to exist among a plurality of 50 resend count programmed by the system provider. Once an portable communication devices 122 transmitting unschedacknowledgment is received, the controller 112 returns to step 502 where it processes subsequent external authorizauled inbound messages. To resolve contention with unscheduled inbound messages, the present invention preferably tion request messages from the portable communication utilizes ALOHA protocol as is well known by one of devices 122. ordinary skill in the art. 55 Referring to FIG. 7, a flow chart 600 depicting an authorization operation of the portable communication device 122 When the preferred embodiment of the present invention as it attempts to obtain authorization to use a process in is acquiring authorization of hardware and software modules remotely as just described, it will be appreciated that mesaccordance with the preferred embodiment of the present sage transactions originate first from the portable commuinvention begins with any one of steps 602, 604 and 606. In nication device 122 as unscheduled inbound messages. 60 step 602 the user installs a hardware or software module and Subsequent responses from the fixed portion 102 of the registers the hardware or software module by sending prefcommunication system are received on the outbound chanerably an authorization medium 375 comprising a registranel. When the preferred embodiment of the present invention form and proof of purchase receipt. In step 606 the user tion is performing auditing and message sending operations can receive over-the-air (OTA) programming of a software of the fixed portion 102, it will be appreciated that the 65 process. The request for an OTA software download can be message transactions originate first from the fixed portion performed by the user by way of a conventional telephone 102 as outbound messages, with subsequent responses from 124 call to the system provider. It will be appreciated that 6,008,737 15 16 other ways can be used for requesting OTA programming of where the process verification elements are decrypted and a software process, such as by the use of appropriate then checked against the requested process executable 398. If the process verification elements are determined to be functions provided by the user controls 364, in the portable valid, then in step 638 process execution is invoked if it has communication device 122 for requesting software processes. Once a software or hardware module has been added 5 not already been invoked by step 610. Validation of the process verification elements consists of matching the ranto the portable communication device 122 by way of OTA dom CRC generated over the process executable 398 of the programming or userinstallation, the user can request execurequested hardware or software module with the random tion of the process in step 604. In step 610 the process is CRC found in the internal authorization record. If the immediately executed without initial authorization. It will be appreciated that the portable communication device 122, 10 process verification elements are determined to be invalid, then in step 640 process execution is denied, and in step 642 optionally, can be programmed by the system provider to the process is discarded from memory (for a software skip step 610. In step 612 the processor 308 of the portable module) and an alert signal is created. The alert signal is communication device 122 checks for the presence of an preferably an audible and visual alert signal using the internal authorization record 382 in the authorization records alerting device 366 and display 368 of the portable com380 stored in the RAM 378. Each internal authorization 15 munication device 122. Optionally, an alert signal can be record 382 is decrypted using the secure encryption key 312 sent to the controller 112 alerting the communication system stored in the ROM 310. A match is checked between the that an attempt to use an invalid hardware or software process name 386 of the internal authorization record 382 module has been detected. and the process name of the requested process. If a match is Thus, it should be apparent by now that the present not found, the processor 308 proceeds to step 614 where an 20 invention provides a method and apparatus for controlling encrypted external authorization request message is conutilization of a hardware or software process added to a structed comprising the authorization request command 432, portable communication device 122. In particular, the the address 434 of the portable communication device 122, present invention provides a novel method and apparatus for the process name 436, the process size 438, and the secure CRC 440 of the process executable 398 requested. In step 25 remotely authorizing software and hardware modules added to a portable communication device 122. With the present 616 the encrypted external authorization request is transinvention, the authenticity of process executables 398 used mitted to the base stations 116. In step 618 the processor 308 by software and hardware modules can advantageously be waits for an external authorization response message from validated by the fixed portion 102 of the communication the base stations 116. If no external authorization response message has been received, then in step 628 a time-out 30 system. In addition, the fixed portion 102 of the communication system can keep track of unauthorized installations (TMO) indicator is checked. If the TMO indicator has and can act upon unauthorized additions of software and expired, then in step 630 a resend counter is checked for hardware modules to the portable communication devices re-transmission requests. If re-transmission requests of the 122 by disabling operation of a portable communication encrypted external authorization request message have been device 122 using OTA techniques. Another advantage of the exceeded, then in step 632 the process execution is denied 35 present invention is the option for the system provider to and the user is alerted by the alerting device 366 and display program the portable communication device 122 to execute 368 of the portable communication device 122. If the resend a hardware or software process without receiving immediate counter has not been exceeded, then the processor 308 authorization. This option provides a user immediate access resends the encrypted external authorization message in step 614. If in step 628 the TMO indicator has not expired, then 40 to a hardware or software process without burdening the user with the delay of receiving authorization for the prothe processor 308 continues to wait for an external authocess. The present invention also provides an authorization rization response message from the base stations 116. If an method which is secure for both inbound and outbound external authorization response message is received, then messaging by using a message encryption technique step 620 checks if the requested process has been authorized described above. for execution. If the requested process has been denied 45 What is claimed is: authorization, then step 640 is invoked, where the process is 1. An apparatus at a fixed portion of a communication denied execution, and subsequently discarded in step 642 system for authorizing utilization of software in a portable alerting the user to authorization denial. If the requested portion of the communication system, the apparatus comprocess has been authorized for execution, then in step 622 preferably two bytes are chosen from within the process 50 prising: a processor; executable 398 of the hardware or software module to create a memory coupled to the processor for maintaining a list a 16 bit random polynomial generator. The random bytes are of authorized software corresponding to the portable chosen using the real-time clock 399 and user controls 364 portion; as described above. In step 624, the processor 308 generates a request receiver element coupled to the processor for a random CRC over the process executable 398 of the 55 receiving a request from the portable portion, the authorized hardware or software module. In step 626, an request including an address identifying the portable internal authorization record 382 is created comprising the portion, and a software name; random address pointers 384, the process name 386, the process size 387, the random CRC 388, and the expiration a list checker element coupled to the processor for checktime 390 of the authorized process. The internal authoriza- 60 ing the list of authorized software corresponding to the tion record 382 is encrypted with the secure encryption key portable portion identified by the address, to determine whether the software corresponding to the software 312 stored in the ROM 310. Once the internal authorization record 382 has been created, the processor 308 continues to name is authorized; and step 638 where process execution is invoked if it has not an external authorization element coupled to the processor already been invoked by step 610. 65 for transmitting the external authorization to the porIn the case where in step 612 an internal authorization table portion in response to the software being authorecord 382 is found, the processor 308 continues to step 636 rized for the portable portion. 6,008,737 17 2. The apparatus of claim 1 in which the request includes a secure checksum. 3. The apparatus of claim 2 in which the secure checksum is a secure cyclic redundancy check of the software for which the portable portion is requesting authorization. 4. The apparatus of claim 3 in which the apparatus uses a secure polynomial stored in the memory of the apparatus to calculate the secure cyclic redundancy check. 5. The apparatus of claim 1 in which the request includes a software size. 6. A portable communication device in a communication system having a fixed portion, the portable communication device comprising: a processor; an authorization element coupled to the processor for obtaining usage authorization for utilizing software in the portable communication device, in which the authorization element generates an external authorization request, and in which the authorization element communicates with the fixed portion to obtain the usage authorization in response to the external authorization request, and in which the external authorization request includes a secure checksum; and a second authorization element coupled to the processor for allowing utilization of the software, in response to usage authorization being obtained from the fixed portion. 7. The portable communication device of claim 6 in which the secure checksum is a secure cyclic redundancy check of 18 the software for which the portable communication device is requesting authorization. 8. The portable communication device of claim 7 in which the secure cyclic redundancy check is generated by the 5 portable communication device by using a secure polynomial stored in the portable communication device. 9. A portable communication device in a communication system having a fixed portion, the portable communication 10 device comprising: a processor; 15 20 25 an authorization element coupled to the processor for obtaining usage authorization for utilizing software in the portable communication device, in which the authorization element generates an external authorization request, and in which the authorization element communicates with the fixed portion to obtain the usage authorization in response to the external authorization request, and in which the external authorization request includes at least one of: an address identifying the portable communication device, a software name and a size of the software; and a second authorization element coupled to the processor for allowing utilization of the software, in response to usage authorization being obtained from the fixed portion. * * * * *

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?