Motorola Mobility, Inc. v. Microsoft Corporation

Filing 133

NOTICE by Microsoft Corporation re 126 Defendant's MOTION for Summary Judgment (Redacted) of Filing Additional Exhibits (Attachments: # 1 Appendix Index to Additional Exhibits, # 2 Exhibit 1103, # 3 Exhibit 1104, # 4 Exhibit 1106, # 5 Exhibit 1107, # 6 Exhibit 1108, # 7 Exhibit 1109, # 8 Exhibit 1113)(Miner, Curtis)

Download PDF
111111 1111111111111111111111111111111111111111111111111111111111111 111111111111111111111111111111111111111111111111111111111111111111111111111 US006008737A United States Patent [19] Deluca et al. [11] [45] [54] Inventors: Michael J. Deluca, Boca Raton; Doug Kraul; Walter L. Davis, both of Parkland, all of Fla. [73] Assignee: Motorola, Inc., Schaumburg, Ill. [* ] Notice: This patent issued on a continued prosecution application filed under 37 CFR 1.53(d), and is subject to the twenty year u.s.c. patent term provisions of 35 U.S.c. 154(a)(2). [21] Appl. No.: 08/672,004 [22] Filed: Jun. 24, 1996 Related U.S. Application Data [63] Continuation-in-part of application No. 08/452,785, May 30, 1995, Pat. No. 5,612,682. [511 [52] Int. CI. 6 ....................................................... G07D 7/00 U.S. CI. ................................ 340/825.34; 340/825.34; 340/825.44; 455/408; 379/121; 705/32 Field of Search ......................... 340/825.34, 825.44, 340/825.33, 825.35, 825.22; 455/426, 405, 406, 408; 395/200.01, 200.05, 230, 232, 228, 229; 379/114, 121 [58] [56] References Cited u.s. U.S. PATENT DOCUMENTS 4,875,038 10/1989 Siwiak et al. ...................... 340/825.44 5,155,680 10/1992 Wiedemer ............................... 395/232 5,325,418 6/1994 McGregor et al. ..................... 455/406 ITC Inv. No. 337-TA- 6,008,737 *Dec. 28, 1999 340(825.34 5,335,278 8/1994 Matchett et al. ................... 340/825.34 340(825.33 5,371,493 12/1994 Sharpe et al. ...................... 340/825.33 5,493,492 2/1996 Cramer et al. . ... ....... ... ... ... ... ... 385/232 5,577,100 11/1996 McGregor et al. ..................... 455/406 et 5,606,497 2/1997 Cramer ct al. . ... ....... ... ... ... ... ... 395/232 340(825.44 5,612,682 3/1997 De Luca et al. ................... 340/825.44 340(S25.34 5,633,932 5/1997 Davis et al. ....................... 340/825.34 340(825.34 5,652,793 7/1997 Priem et al. ....................... 340/825.34 455/405 5,664,006 9/1997 Monte et al. APPARATUS FOR CONTROLLING UTILIZATION OF SOFTWARE ADDED TO A PORTABLE COMMUNICATION DEVICE [75J Patent Number: Date of Patent: Primary Examiner-Edwin C. Holloway, III Assistant Examiner-Anthony A. Asongwed [57] ABSTRACT An apparatus at a fixed portion (102) of a communication system controls utilization of software (398) in a portable communication device (122) that includes a transceiver (302) for communicating with the fixed portion. The portable communication device receives (604) a request for utilization of the software. In response, the portable communication device seeks (612) a usage authorization for utilizing the software by generating (614) an external authorization request (428) that includes at least one of a size (396) of the software, a software name (394), a secure checksum, and an address (313) identifying the portable communication device, and by communicating (616) the external authorization request to the fixed portion. The secure checksum is a secure cyclic redundancy check of the software for which the portable communication device is requesting usage authorization, and is generated (624) hy the portable communication device from a secure polynomial (311) stored in the portable communication device and separately by the apparatus from a same secure polynomial (230) stored in the apparatus. The portable communication device disallows (640) the utilization of the software, in response to the usage authorization being unobtainable. 9 Claims, 7 Drawing Sheets MOT ITC 0002661 u.s. Patent Dec. 28, 1999 6,008,737 Sheet 1 of 7 ,.-- 104 ~104 ------ r-------~~--------1-----r-------1~-------- r r 122 PORT. OMM. DEV. I PORT. PORT. COMM DEV. DEV. 122 122 122 122 122 122 I PORT. OMM. DEV. : I I I I ---~ - 118 118 ~ 118 116 r-116 r- 116 ................---:., 116 BASE STATION BASE STATION BASE STATION 114 CONTROLLER L ____________ 110 - - - - - T- - - - 7 '-" - 101 102-'" PUBLIC SWITCHED TELEPHONE NETWORK FIG. 1 FIG.l ITC Inv. No. 337-TA- MOT ITC 0002662 u.s. Patent ITC Inv. No. 337-TA- 6,008,737 Sheet 2 of 7 Dec. 28, 1999 I .....-_ 214 1 ...... _ _ _ _ _ _ _ _ _ _...., 216 \l. 216'l. RAM 'l r- 218 PORTABLE DEVICE RECORDS \ 1 ADDRESS 220~ r220,,";-r- PORTABLE DEVICE "i~ rt"'t""-1L-..!:.D~~2...:~~C!..!:L-----l I I PROCESS RECORD "1I~~~~~~~:~~~~ • 220 PROCESS RECORD I 1 I JI · · ADDRESS PORTABLE DEVICE ADDRESS • 218 1 I 220,,""--1-220~t- I PROCESS RECORD I --.-. TIt.....,IL-.!:P.!:!R~O~C£:ES:2.:S2....!::lRS;EC~O::!JR!:!.!D~.-J1 I 1 220 I I JI PROCESS RECORD 226 { 226~ 120 , L..;,IS..;.,T..,;;O..;.,F..;.,P..;.,R._O...,;;C_E..;,S..;.S,;;.ES.;....____ r r- L -_ _ L..;,IS..;"T..;;O..;"F..;.P..;"R.-O...;;C_E...;,S..;"S,;;"ES';""---I r - - - - - - 1 1 a..-_ _ _ _~----......... I II..-----~---- . . \V • I \1/ r r- I I I 1 II 202 .1 ..... 1) 1) 118 I 11( I11\ : I ~J 204 204 ~ 1-------1'-='------+-1 I-------''-='--....... 1 I 1 I ~ - - - - - - 230\ 230\. - "....... 231 231:''-.. _-"'- .J Jil 212 228 ,228 r ReM ROM SECURE POL .......__.... L~ ~""""S..... .......................YNOM I_A.... E_C URE POLYNOMIAL ~""""""",----~~~ ~~-I ....... SECURE ENCRYPTION KEY CALL PROCESSING 234........ I--~P ROCESS~L--IS T ER---I ....................... ............ 234......... I--~P~R~O~C~E~S~S~L~IS~T~E""""R---1 236, I---R-E-a-U-E-S-T-R-E-C-E-IV-E-R-..... 236....... 238\. 238, LIST CHECKER ..... 24~\...... t-E-X-T-E-R-N-A-L-A-UT-H-O-R-I-ZA-T-IO-""'N 24~~ t-E-X-T-E-R-N-A-L-A-UT-H-O-R-I-ZA-T-IO----4 N 112 FIG. 2 j 1 1 __ 1_1 TEL. ___ .1:,1:INFC RCVRI--' INFC I - - - - - - J 23~ 200 / I' 2~0 ,r 1 I 1 I BASE STATION PROCESSOR~ PROCESSOR~ 206 '{ RECEIVER 11 I I - 14-1-4-- 208.../ : ~: 116 XMTR INFC I I L..--....L1-I TRANSMITTER L---....LI-II 1 101""\i 101"""" ~ I 1 I 1 242\...... 242~ AUTHORIZATION DENIAL CONTROLLER -------------- MOT ITC 0002663 u.s. Patent Dec. 28, 1999 378 RAM "- INFORMATION STORAGE LOCATIONS v-379 AUTHORIZATION RECORDS INTERNAL AUTHORIZATION ADDRESS POINTERS ,-10rPROCESS NAME ,-PROCESS SIZE ~ RANDOM CRC ...... EXPIRATION TIME -380 v-38O ~ .-- .-- 122 · : AUTHORIZATION : -382 I I MEDIUM 384 IL ______________ .JI 386 387 373 388 390 Ir------- .-- • • · ,374 ,-374 JJ EEPROM ADDRESS 306 "- J; I . ... ~ ~ .... 14 I" ITC Inv. No. 337-TA- , po i+I ~ t J I .... ... J , r368 r 368 DISPLAY I ~ ALERT I+-~n ... 372 MOD INFC ... ,r H PROCESSOR POWER .... SWITCH .... TRANSCEIVER 308, ~ 364, USER L CONTROLS ,,- 31O 310 r- ROM POL YNOMIAL SECURE POLYNOMIAL f--J.-- --311 SECURE ENCRYPTION KEY ,r 399 J -392 394 396 398 po 302", ,r 302"\ 3 I n PROGRAM INTERFACE 9~ -392 394 396 398 I I 370,-- HW SOFTWARE MODULE PROCESS NAME PROCESS SIZE PROCESS EXECUTABLE .- 313 L ----,I I I PROCESS II : EXECUTABLE : 1--'--- - ______ r7 --..... --...... 398 HW MODULE I I SOFTWARE MODULE .PROCESS NAME PROCESS SIZE PROCESS EXECUTABLE 30 375 r------ C -----, INTERNAL AUTHORIZATION ADDRESS POINTERS ~ ,-PROCESS NAME ~ PROCESS SIZE ,-.-RANDOMCRC 10EXPIRATION TIME r- ~ FIG. 3 -382 384 386 387 388 390 • 3 76 6,008,737 Sheet 3 of 7 r-312 r--312 CALL PROCESSING SECURITY r-314 r-.-314 r--315 r-315 REAL-TIME I CLOCK 1- MOT ITC 0002664 u.s. Patent Dec. 28, 1999 6,008,737 Sheet 4 of 7 SECURITY ""---""'---- 315 AUTHORIZATION r-_ 316 FIRST ALLOWER 318 " SECOND ALLOWER r-_ 320 HARDWARE PERFORMER I ' I'- - 322 SOFTWARE PERFORMER - ""- 324 328 I"- 330 EXTERNAL AUTHORIZER I'r- r- 332 DETERMINATION "r- r-RADIO AUTHORIZER r--3 r-334 ~ TRANSMITTER CONTROLLER -336 INTERNAL AUTHORIZER r-- - ~ SECURE CHECKSUM CALCULATOR '-SENDER "-CREATOR GENERATOR CHOOSER I DISALLOWER FI RST DISABLER SECOND DISABLER THIRD DISABLER 340 "- - 344 346 348 3 50 r-I-- ...... CHECKSUM CALCULATOR r---. STORER PLACER 3 38 1---1 1---'352 354 -356 I' -358 r--.r-. -360 ' - 362 FIG. 4 ITC Inv. No. 337-TA- MOT ITC 0002665 u.s. Patent Dec. 28, 1999 416 420 418 .....-:""""~-.----~-----......-:""""~-.-----~-----.~~--L 6,008,737 Sheet 5 of 7 - - - ~- - - - - - - - - I I PROCESS NAME EXPIRATION TIME 2 I ~ ---------~ ~ENCRYPTED~ I rlENCRYPTEDI 41::I MESSAGE 414 404 403 426 430 432 434 436 438 428 ENCRYPTED MESSAGE I 440 FIG.S ITC Inv. No. 337-TA- MOT ITC 0002666 u.s. Patent Dec. 28, 1999 6,008,737 Sheet 6 of 7 502 CONTROLLER RECEIVES ENCRYPTED EXTERNAL AUTHORIZATION REQUEST MESSAGE CONTROLLER DECIPHERS ENCRYPTED MESSAGE FROM THE PORTABLE COMMUNICATION DEVICE 504 506 CONTROLLER IDENTIFIES THE PORTABLE COMMUNICATION DEVICE BY SELECTIVE CALL ADDRESS, AND PROCESS IS IDENTIFIED BY PROCESS NAME, SIZE AND CRC 508 Y 510 512 CONTROLLER SENDS ENCRYPTED PROCESS AUTHORIZATION INCLUDING PROCESS NAME AND SIZE TO BASE TRANSMITTER CONTROLLER SENDS NOT AUTHORIZED COMMAND TO TRANSMITTER 514 BASE TRANSMITTER TRANSMITS AUTHORIZATION ..------, MESSAGE 516 500 FIG. 6 ITC Inv. No. 337-TA- MOT ITC 0002667 u.s. Patent Dec. 28, 1999 6,008,737 Sheet 7 of 7 604 606 USER INSTALLS USER REQUESTS HARDWARE OR .--..... EXECUTION OF A SOFTWARE MODULE PROCESS AND SENDS REGISTRATION USER RECEIVES OTA PROGRAM 610 612 N SEND TO TRANSMITTER ENCRYPTED AUTHORIZATION REQUEST,ADDRESS, PROCESS NAME AND SIZE, AND SECURE CRC 616 ENCRYPTED AUTHORIZATION REQUEST TRANSMITTED 642 ® GENERATE CRC FOR PROCESS USING RANDOM eRe GENERATOR 626 TORE ADDRESS POINTERS, PROCESS NAME AND SIZE, RANDOM CRC AND EXPIRATION TIME ENCRYPTED WITH SECURE POLYNOMIAL GENERATOR ITC Inv. No. 337-TA- FIG. 7 MOT ITC 0002668 6,008,737 1 2 APPARATUS FOR CONTROLLING UTILIZATION OF SOFTWARE ADDED TO A PORTABLE COMMUNICATION DEVICE DESCRIPTION OF THE PREFERRED EMBODIMENT Referring to FIG. 1, an electrical block diagram of a communication system in accordance with the preferred embodiment of the present invention comprises a fixed portion 102 and a portable portion 104. The fixed portion 102 includes a plurality of base stations 116, for communicating with the portable portion 104, utilizing conventional techniques well known in the art, and coupled by commu10 nication links 114 to a controller 112 which controls the hase FIELD OF THE INVENTION stations 116. The hardware of the controller 112 is preferably This invention relates in general to communication a combination of the Wireless Messaging Gateway systems, and more specifically to a method and apparatus for (WMGTM) Administrator!TM paging terminal and the controlling utilization of a process added to a portable 15 RF-Conductor!® message distributor manufactured by communication device. Motorola, Inc. The hardware of the base stations 116 is preferably a combination of the Nucleus® RF-Orchestra!TM BACKGROUND OF THE INVENTION RF -Audience! ™ transmitter and RF-Audience! ™ receivers manufactured by In the past, paging devices were limited to alpha-numeric Motorola, Inc. It will be appreciated that other similar and voice paging. With technology improvements in circuit hardware can be utilized as well for the controller 112 and integration and more efficient communication protocols that 20 base stations 116. provide two-way communication, paging devices have Each of the base stations 116 transmits radio signals to the grown in sophistication and services provided. With today's portable portion 104 comprising a plurality of portable technology improvements, paging devices are expected to communication devices 122 via a transmitting antenna 120. acquire more sophisticated functions such as electronic 25 The base stations 116 each receive radio signals from the mailing services, spread sheet applications, investment 25 plurality of portable communication devices 122 via a finance services such as stock market charts, quotation receiving antenna 118. The radio signals comprise selective requests, purchase and sale transactions, etc. These services call addresses and messages transmitted to the portable require sophisticated software applications and/or hardware communication devices 122 and acknowledgments received modules to be operated in the paging device. Paging devices 30 from the portable communication devices 122. It will be using sophisticated services such as these will require a 30 appreciated that the portable communication devices 122 means for registration and licensing to prevent unauthorized can also originate messages other than acknowledgments, as use of processes, including software applications and hardwill be described below. The controller 112 preferably is ware modules. In prior art devices registration has been coupled by telephone links 101 to a public switched teleaccomplished by mailing a signed certificate with a purchase 35 phone network (PSTN) 110 for receiving selective call receipt of a software application or hardware module. This 35 originations therefrom. Selective call originations comprisform of registration, however, does not prevent an unscruing voice and data messages from the PSTN 110 can be pulous user from using pirated software applications and/or generated, for example, from a conventional telephone 124 unauthorized hardware moduks. coupled to the PSTN 110 in a manner that is well known in Thus, what is needed is a method and apparatus for 40 the arl. controlling utilization of a process added to a portable Data and control transmissions between the base stations communication device. Preferably, the method and appara116 and the portable communication devices 122 preferably tus should serve as a mechanism to prevent unauthorized use utilize a protocol similar to Motorola's well-known FLEXTM of software applications and hardware modules. digital selective call signaling protocol. This protocol uti45 lizes well-known error detection and error correction techBRIEF DESCRIPTION OF THE DRAWINGS niques and is therefore tolerant to bit errors occurring during FIG. 1 is an electrical block diagram of a communication transmission, provided that the bit errors are not too numersystem in accordance with the preferred embodiment of the ous in anyone code word. present invention. Outbound channel transmissions comprising data and FIG. 2 is an electrical block diagram of elements of a fixed 50 control signals from the base stations 116 preferably utilize portion of the communication system in accordance with the two and four-level frequency shift keyed (PSK) modulation, preferred embodiment of the present invention. operating at sixteen-hundred or thirty-twohundred symbolsFIGS. 3 and 4 are elements of an electrical block diagram per-second (sps) , depending on traffic requirements and (sps), of a portable communication device in accordance with the system transmission gain. Inbound channel transmissions preferred embodiment of the present invention. 55 from the portable communication devices 122 to the base FIG. 5 is a timing diagram of elements of an outbound stations 116 preferably utilize four-level FSK modulation at protocol and an inbound protocol of the fixed and portable a rate of ninety-six-hundred bits per second (bps). Inbound portions of the communication system in accordance with channel transmissions preferably occur during predeterthe preferred embodiment of the present invention. mined data packet time slots synchronized with the outFIG. 6 is a flow chart depicting an authorization operation 60 bound channel transmissions. It will be appreciated that, of the fixed portion in response to a message originated by alternatively, other signaling protocols, modulation the portable communication device in accordance with the schemes, and transmission rates can be utilized as well for preferred embodiment of the present invention. either or both transmission directions. The outbound and FIG. 7 is a now chart depicting an authorization operation inbound channels preferably operate on a singk carrier of the portable communication device as it attempts to 65 frequency utilizing well-known time division duplex (TDD) obtain authorization to use a process in accordance with the techniques for sharing the frequency. It will be further preferred embodiment of the present invention. appreciated that, alternatively, the outbound and inbound This application is a continuation-in-part of application Ser. No. 08/452,785 filed May 30, 1995, by Deluca et aI., entitkd "Method and Apparatus [or Controlling Utilization of a Process Added to a Portable Communication Device", now u.s. Pat. No. 5,612,682, issued Mar. 18, 1997. U.S. ITC Inv. No. 337-TA- 5 MOT ITC 0002669 6,008,737 3 4 channels can operate on two different carrier frequencies memory, e.g., electrically erasable programmable ROM (EEPROM) or magnetic disk memory, can be utilized for the using frequency division multiplexing (FDM) without ROM 228 as well as the RAM 214. It will be further requiring the use of TDD techniques. R0.M 228, sin~ly or appreciated that the RAM 214 and u.s. Pat. No. 4,875,038 to Siwiak et aI., which describes 5 in combination, can be integrated asthecontIguous portlOn of a conttguous a prior art acknowledge-hack radio communication system, the processor 210. Preferably, the processor 210 is similar to is hereby incorporated herein by reference. For further the DSP56100 digital signal processor (DSP) manufactured information on the operation and structure of an by Motorola, Inc. It will be appreciated that other similar acknowledge-back radio communication system, please processors can be utilized for the processor 210, and that refer to the Siwiak et aI., patent. altemate 10 additional processors of the same or alternate type can be Referring to FIG. 2, an electrical block diagram of eleadded as required to handle the processing requirements of ments 200 of the fixed portion 102 in accordance with the the controller 112. preferred embodiment of the present invention comprises The first two elements in the ROM 228 include a secure portions of the controller 112 and the base stations 116. The polynomial 230 and a secure encryption key 231. The secure controller 112 comprises a processor 210 for directing 15 polynomial 230 is used as a secure polynomial generator for operation of the controller 112. TIle processor 210 preferably eRe verification of process executables requested by exterCRC is coupled through a transmitter interface 208 to a transmitnal authorization request messages transmitted by portable ter 202 via the communication links 114. The communicacommunication devices 122. The portable communication tionlinks 114 use conventional means well known in the art, devices 122 use the same secure polynomial generator for such as a direct wire line (telephone) link, a data commu20 eRe generation. Using the same secure polynomial generaCRC nication link, or any number of radio frequency linh, such tor for both the fixed portion 102 and portable portion 104 frcqucncy transcciver as a radio frequency (RF) transceiver link, a microwave of the communication system provides a means for verifying transceiver link, or a satellite link, just to mention a few. The authenticity of software and hardware processes requested transmitter 202 transmits two and four-level FSK data by the portable communication devices 122. The secure messages to the portable communication devices 122. The 25 encryption key 231 is used for encryption and decryption of processor 210 is also coupled to at least one receiver 204 authorization messages transmitted between the portable through a receiver interface 206 via the communication links communication devices 122 and the base stations 116. 114. The receiver 204 demodulates four level FSK and can Similarly, the portable communication devices 122 use the be collocated with the base stations 116, as implied in FIG. same secure encryption key for external authorization mes2, but preferably is positioned remote from the base stations 30 sage transactions. Using secure encryption between the fixed 116 to avoid interference from the transmitter 202. The portion 102 and the portable portion 104 of the communireceiver 204 is for receiving one or more acknowledgments cation system provides a method for transmitting secure and/or messages from the portable communication devices two-way messages which are unlikely to be breached. The 122. encryption process converts an unscrambled sequence to a The processor 210 is coupled to a telephone interface 212 35 pseudo-random sequence coded by a scrambler and decoded for communicating with the PSTN 110 through the teleby a descrambler. The scrambler and descrambler use prefphone links 101 for receiving selective call originations. The erably polynomial generators with feedback paths which use processor 210 is also coupled to a random access mem~ry modulo 2 (Exclusive Or) addition on the feedback taps. The (RAM) 214 comprising a database of portable deVIce descrambler uses the same architecture as the scrambler for records 216 and a database of processes 226. The database 40 descrambling the message. Using a nonlinear feedback shift of portable device records 216 contains, as a minimum, a list register (NFSR) architecture provides a secure approach for of process records 220 for each portahle communication message encryption which makes it difficult, if not compudevice 122. To access the list of process records 220 of a tationally intractable for a person to decipher the encryption portable communication device 122, a portable device key. The present invention preferahly uses a conventional address 218 corresponding to the address of a portable 45 self-synchronizing stream encryption system which utilizes strcam communication device 122 is used to search the database of a NFSR architecture, as is well known by one of ordinary portable device records 216. The list of process reco~ds 220 skill in the art. It will be appreciated that, alternatively, other specifies the software and hardware processes whIch are methods which provide suitably secure encryption can be authorized for use by a portable communication device 122 used. It will be further appreciated that, alternatively, meshaving the portable device address 218. Each process record 50 sage transactions between the base stations 116 and the 220 contains a list of process verification elements used for portable communication devices 122 can be non-encrypted. process authorization of external authorization requests To protect against unauthorized access, the secure polytransmitted by the portable communication devices 122, as nomial230 and the secme encryption key 231 preferably are secure will be described below. The verification elements contained stored in a secure portion of the ROM 228 which can only in the process record 220 for both hardware and software 55 be accessed by the processor 210. Preferably, this portion of processes include a process name, a process size and a the ROM 228 is integrated with the processor 210 as a secure cyclic redundancy check (eRe). (CRC). protected mask read only memory (MROM), and is proThe database of processes 226 preferably comprises grammed during the manufacturing process of the processor binary executables (machine code) of many of the autho210. As is well known by one of ordinary skill in the art, rized software processes available for use by the portable 60 once a protected MROM has been programmed the procommunication devices 122. The software processes stored tected portion of the MROM is only accessible by the in the RAM 214 of the controller preferably can be delivered processor 210 and cannot be accessed by external hardware to portable communication devices 122 by way of over-thecoupled to the processor 210. Alternatively, the secure air (OTA) programming utilizing techniques well known in polynomial 230 and the secure encryption key 231 can be the art. 65 included in a re-programmable non-volatile memory such as a FLASH memory, an EEPROM memory or magnetic disk The processor 210 also is coupled to a read-only memory memory, but accessibility of the secure polynomial 230 and (ROM) 228. It will be appreciated that other types of ITC Inv. No. 337-TA- MOT_ITC MOT_ITC 0002670 6,008,737 5 6 altematively, extemal appreciated that, alternatively, the external authorization secure encryption key 231 are preferably restricted by the service provider to authorized personnel only. Using response message can include a plurality of process names nOll-volatile re-programmable nOIl-volatile memories provides flexibility and expiration times authorizing a plurality of processes requested by the portable communication device 122. of adding more polynomial elements and encryption keys extemal 5 Before the external authorization element 240 sends the for system and subscriber unit expansion. external authorization response message to the transmitter The ROM 228 of the processor 210 also includes firm202 of the base station 116, the external authorization ware elements for use by the processor 210. The firmware response message is encrypted, using the method described elements include a call processing element 232, a process above, to secure the RF transmission of the message. When lister element 234, a request receiver element 236, a list checker element 238, an external authorization element 240 10 the list checker element 238 denies authorization of a process to a portable communication device 122, the proand an authorization denial element 242. The call processing cessor 210 calls on the authorization denial element 242 to element 232 handles the processing of an incoming call for process the external authorization denial response message a called party and for controlling the transmitter 202 to send be transmitted the to bc transmittcd to thc portable communication device 122. dcvicc a selective call message to the portable communication device 122 corresponding to the called party, utilizing tech- 15 The external authorization denial response message comprises an authorization command which includes a "not niques well known in the art. The process lister element 234 authorized" signal denying authorization, and a process manages the database of portable device records 216 stored name of the process being denied. It will be appreciated that in the RAM 214 for each portable communication device the external authorization denial response message can 122 utilizing database management techniques well known dement in the art. The request receiver element 236 processes 20 include a plurality of process names denying authorization to a plurality of processes requested by the portable comencrypted external authorization request messages received munication device 122. As is done with the external authoby the receiver 204 of the base station 116 and originating rization response message, the external authorization denial from the portable communication devices 122. The response message is encrypted before it is transmilled to the transmiUed encrypted external authorization request message is decrypted with the secure encryption key 231 described 25 portable communication device 122 by the base stations 116. According to an auditing operation of the fixed portion above. The external authorization request for hardware and 102, the processor 210 is programmed by way of the ROM software processes comprises at least a process name and a 228 to periodically audit the portable communication device process size corresponding to the process, along with a 122 through a radio channel of the communication system to secure checksum and an address identifying the portable communication device 122. Optionally, an authorization 30 determine a catalog of internal authorizations 382 (FIG. 3) stored in the portable communication device 122. In request command can accompany the external authorization addition, the processor 210 is programmed to periodically request message. Preferably, the rcqucst mcssagc. Prefcrably, thc authorization request comrcqucst audit the portable communication device 122 through a mand is included in the address portion of the portable radio channel of the communication system to determine a communication device 122 address. Alternatively, the authorization request command can be in a separate element in the 35 quantitative usage of each ofthe processes 398 (FIG. 3) used by the portable communication device 122, and to bill a user external authorization request message. The secure checkof the portable communication device 122 in response to the sum is preferably a secure eRe of the software process for CRC quantitative usage determined. The processor 210 is also which the portable communication device 122 is requesting programmed by way of the ROM 228 to maintain a list of authorization. The eRe is generated by the portable comCRC munication device 122 by using a polynomial generator 40 authorized processes 398 in the process records 220 corresponding to the portable communication device 122, and to stored in its memory, which is the same as the secure compare the catalog of internal authorizations 382 with the polynomial 230 used by the controller 112, as described list of authorized processes 398 corresponding to the porabove. The secure checksum provides a means for verifying tahle communication device to determine whether any of the that the process being used by the portable communication intemal stored the device 122 is an authorized version. The list checker element 45 intcrnal authorizations 382 storcd in thc portable communication device 122 are invalid. The processor 210 is further 238 uses the address, corresponding to the portable comprogrammed by way of the ROM 228 to store an indication munication device 122, received in the external authorizain a user database entry (not shown) in the RAM 214 tion request message as a portable device address 218. TIle corresponding to the portable communication device 122 processor 210, as described above, searches through the database of portable device records 216 to find the list of 50 that an invalid internal authorization 382 has been found therein, in response to determining that at least one of the process records 220 corresponding to the portable device internal authorizations 382 stored in the portable commuaddress 218 matching the address of the portable communication device 122 is invalid. The processor 210 is also nication device 122. The list checker element 238 then programmed to transmit a command to the portable comchecks each process record 220 for a match to the process name, process size and secure eRe received in the external 55 munication device 122 to delete at least one of the internal CRC authorizations 382, in response to determining that the at authorization request message. If a match is found, then least one of the internal authorizations 382 stored in the authorization is given to the portable communication device portable communication device 122 is invalid. These opera122 for using the requested software or hardware process. If tiona tional features will be described further herein below. a match is not found, then authorization is denied. When the list checker element 238 authorizes a process requested by 60 According to a message sending operation of the fixed the portable communication device 122, the processor 210 portion 102, the processor 210 is programmed by way of the calls on the external authorization element 240 to process ROM 228 to queue a message for transmission to the the external authorization response message to be transmitportable communication device 122, the message requiring ted to the portable communication device 122. The external a predetermined process 398 in the portable communication authorization response message preferably comprises an 65 device 122 in order to process the message. In addition, the processor 210 is programmed to determine that the portable authorization command, the process name of the authorized process and an expiration time for the process. It will be communication device 122 does not have a predetermined ITC Inv. No. 337-TA- MOT_ITC 0002671 MOT_ITC 6,008,737 7 8 usage authorization 382 for utilizing the predetermined above. The intemal authorization record 382 for hardware process 398; and in response, to grant the predetermined and software processes comprises address pointers 384, a process name 386, a process size 387, a random eRe 388 of usage authorization 382 to the portable communication CRC device 122 through the radio channel of the communication the authorized hardware or software process executable 398 system (after verifying, for example, that the account of the 5 and an expiration time 390. The address pointers 384 user of the portable communication device 122 is in good preferably include two address pointers which point to two standing). Preferahly, the processor 210 determines that the byte locations within the process executable 398 of the portable communication device 122 does not have the authorized hardware or software process. The two bytes are predetermined usage authorization 382 by auditing the porchosen by a random process which preferably uses a realtable communication device 122 over the radio channel. It 10 time clock 399 for generating random address pointers. The will be appreciated that, alternatively, the processor 210 can real-time clock 399 determines lime (in hours, minutes and determine from its own internal process records 220 that the seconds) and calendar date, which is also used for deterportable communication device 122 has not been previously mining the expiration time of a process, as will be described authorized for utilizing the predetermined process 398. below. To determine the two random address pointers the If the predetermined process 398 is a software process, the 15 real-time clock 399 is used in conjunction with the random 15 processor 210 is further programmed to determine that the event of the user requesting use of a process through the user portable communication device 122 does not have the controls 364. When the user depresses a button on the user software process, e.g., by receiving from the portable comcontrols 364 requesting execution of a process, the processor munication device 122 a request for the software process; 308 reads the time specified by the real-time clock 399. The and in response, to download the software process to the 20 real-time clock 399 reading is in binary format and is 20 portable communication device 122 through the radio chansufficiently long to cover a wide address spectrum. Dependnel. Preferably, before downloading the software process, l1l1mber ing on the []lImber of bytes contained in the process executthe processor 210 is further programmed to transmit terms of able 398 the user is requesting, a limited number of bits are a licensing agreement to the portable communication device chosen in the real-time clock reading to cover the size of the 122, to receive from the portable communication device 122 25 process executable 398. The limited real-time clock reading 25 a reply indicating whether the user of the portable commuis then used as an address pointer to a first random byte in nication device 122 agrees to the terms, and to omit downthe requested process executable 398. The second random loading of the software process in response to the reply address pointer points to a second random byte location. The indicating that the user does not agree to the terms of the two bytes together represent a 16 bit polynomial generator licensing agreement. These operational features will be 30 seed for generating the random eRe 388 of the hardware or 30 CRC described further herein below. software process executable 398. As is well known by one Referring to FIG. 3, an electrical block diagram of the of ordinary skill in the art, a polynomial generator must portable communication device 122 in accordance with the follow certain guidelines such as, for example, the polynopreferred embodiment of the present invention comprises a mial generator must not contain all zeros or all ones. When transceiver antenna 303 for transmitting radio signals to the 35 the two bytes chosen violate any polynomial generator rules, base stations 116 and for intercepting radio signals from the the address pointers are moved to a next higher location in base stations 116. The transceiver antenna 303 is coupled to the process executable 398. If the end of the process a transceiver 302 utilizing conventional techniques well executable 398 is reached then the random address pointers known in the art. The radio signals received from the base wrap around to the beginning of the process executable 398. stations 116 use conventional two and four-level FSK. The 40 This process continues until a valid set of bytes are chosen radio signals transmitted by the portable communication which meet the polynomial generator rules. It will be device 122 to the base stations 116 use fourlevel FSK. appreciated that, alternatively, more than two bytes can be Radio signals received by the transceiver 302 produce used for the random polynomial generator. The expiration time 390 includes a date, and optionally a time when the demodulated information at the output. The demodulated the processor information is coupled to thc input of a proccssor 308, which 45 authorization of the hardware or software process expires. processes the information in a manner well known in the art. Whenever a process execution is requested by the user, the expiration time 390 is compared to the real-time clock 399 Similarly, inbound response messages are processed by the processor 308 and delivered to the transceiver 302 which is to determine if authorization of the hardware or software process has expired. It will be appreciated that reprogramcoupled to the processor 308. The response messages transmitted by the transceiver 302 are preferably modulated using 50 mabIe non-volatile memory devices, such as, for example, four-level FSK. EEPROM or FLASH memories, can be used to prevent loss of the authorization records 380 stored in the RAM 378 A conventional power switch 306, coupled to the procesduring a power outage. sor 308, is used to control the supply of power to the The processor 308 is also coupled to a programming transceiver 302, thereby providing a battery saving function. The processor 308 is coupled to a random access memory 55 interface 374 and a hardware module interface 370. The (RAM) 378 for storing messages in information storage programming interface 374 allows for external software locations 379. The RAM 378 further comprises authorizamodule download into the RAM 378. The programming tion records 380 and software modules 392. The authorizainterface 374 preferably uses a serial communication intertion records 380 include internal authorization records 382 face 376 for communication with the processor 308. The of processes, either software or hardware, which have been 60 serial interface preferably uses a conventional universal authorized for use by the portable communication device asynchronous receiver transmitter (VART) well known in the art. The physical means for the interface preferably uses 122. The software modules 392 include a process name 394, metal contacts. It will be appreciated that, alternatively, a process size 396 and a process executable 398. The internal other physical means can be used, such as infrared, inductive authorization record 382 is encrypted using a secure encryption key 312 stored in a read only memory (ROM) 310 of the 65 coupling, etc. The hardware module interface 370 allows for attachments of hardware modules to the portable commuportable communication device 122. The encryption key nication device 122. The hardware module interface 370 used is the same as that used by the controller 112 described ITC Inv. No. 337-TA- MOT ITC 0002672 6,008,737 9 10 preferably uses a hardware interface 372, well known in the communication device 122 performed by the system proart, such as the Personal Computer Memory Card Internavider. The processor 308 follows by invoking a determinational Association (PCMCIA) interface. With this interface tion element 332 which is used for making a determination any type of hardware module 373 conforming to the PCMof whether an internal authorization record 382 exists for CIA standard can be attached to the portable communication 5 utilizing the hardware or software process. The determinadevice 122. The function of the hardware module 373 can tion of a valid internal authorization record 382 is made by include any numher of functions such as a software module searching through the authorization records 380 for a prohardware accelerator, video graphics card, expanded cess name 386 which matches the module name of the memory card, etc. It will be appreciated that the programhardware or software process requested by the user. If a 10 ming interface 374 and the hardware module interface 370 10 match is determined, then an internal authorizer element 328 can use other interfaces for software download and hardware is called on by the processor 308 to read the address pointers attachments, well known in the art. 384 to determine the random polynomial generator to be The ROM 310 coupled to the processor 308 comprises a used for random CRC generation over the process executsecure polynomial 311, a secure encryption key 312 and able 398 of the hardware or software module. TIle internal firmware elements for use by the processor 308. It will be 15 authorizer element 328 uses the process size 387 correappreciated that other types of memory, e.g., EEPROM, can sponding to the module size of the hardware or software be utilized as well for the ROM 310. The secure polynomial process executable 398 to calculate a random CRC over the 311 includes a secure polynomial generator for CRC genprocess executable 398 of the hardware or software process. eration of hardware and software process executables 398. If the eRe generated matches the random eRe 388 stored CRC CRC The secure polynomial 311 used by the portable communi- 20 in the internal authorization record 382, then the processor cation device 122 matches the secure polynomial 230 used 308 invokes the second allower element 320 to check the by the controller 112 described above. The secure encryption expiration time 390 against the real-time clock 399. If the key 312 is used for scrambling and descrambling external expiration time has not expired, then the processor 308 transmilled authorization messages transmitted between the portable allows the utilization of the process, in response to the usage communication device 122 and the base stations 116. The 25 authorization being obtained. However, if the expiration secure encryption key 312 used by the portable communitime has expired then the processor 308 calls on the third cation device 122 matches the secure encryption key 231 disabler element 362 for disabling further utilization of the used by the controller 112. The secure polynomial 311 and process in response to an expiration of the usage authorizasecure encryption key 312 are stored in a protected portion tion. of the ROM 310 utilizing the techniques described for the 30 If the determination element 332 does not find an internal controller 112. authorization record 382 for the hardware or software proThe firmware elements comprise a call processing eleccss rcqucstcd thc uscr, authorizcr clcment cess requested by the user, then a radio authorizer clement ment 314 which handles incoming messages on the outor authorizer element 334 is called on for communicating bound channel using techniques well known in the art. When with the fixed portion 102 hy sending a signal indicative of an address is received by the processor 308, the call pro- 35 the hardware or software module to obtain the usage authocessing element 314 compares one or more addresses 313 rization as an external authorization, in response to the stored in an EEPROM 309, and when a match is detected, internal authorization being absent from the authorization a call alerting signal is generated to alert a user that a records 380. The radio authorizer element 334 attempts to message has been received. The call alerting signal is obtain the usage authorization through a first radio channel directed to a conventional audible or tactile alerting device 40 (the inbound channel) of the communication system. If the 366 for generating an audible or tactile call alerting signal. external authorization request is denied, then the processor In addition, the call processing element 314 processes the 308 calls on a first disabler element 358 to disable further message which is received in a digitized conventional manutilization of the process, in response to receiving a "not ner and then stores the message in one of the information authorized" signal through a second radio channel (the storage locations 379 in the RAM 378. The message can be 45 outbound channel) of the communication system. If the accessed by the user through user controls 364, which external authorization request is not received within a preprovide functions such as lock, unlock, delete, read, etc. determined time interval, then the processor 308 invokes a More specifically, by the use of appropriate functions prosecond disabler element 360 to disable utilization of the vided by the user controls 364, the message is recovered process requested by the user. To create the external authofrom the RAM 378, and then displayed on a display 368, 50 rization request message, the radio authorizer element 334 e.g., a conventional liquid crystal display (LCD). invokes a transmitter controller element 336. The transmitter The firmware elements further comprise a security elecontroller element 336 calls on a secure checksum calculator element 338 which uses the secure polynomial 311 stored in ment 315 for processing authorization of software modules the ROM 310 to calculate a secure eRC over the process 392 and hardware modules 373. The elements contained in CRC the security element 315 are shown in FIG. 4. The security 55 executable 398 of the hardware or software process element 315 includes an authorization element 316, a second CRC requested by the user. Once the secure eRC is determined, allower element 320, a creator element 344, a storer element the processor 308 prepares an external authorization request message comprising an authorization request command, the 352, a disallower element 356 and a third disabler element address of the portable communication device 122, the 362. When a user requests utilization of a hardware or software process by the use of appropriate functions pro- 60 process name, the size of the hardware or software process vided by the user controls 364, the processor 308 calls on the executable 398, and the secure CRC calculated by the secure authorization element 316 to process the request. The prochecksum calculator element 338. Once the external authocessor 308 begins the authorization process by invoking a rization request message has been determined the transmitter controller element 336 encrypts the message with the secure mcrypts first allower element 318 which, optionally, allows immediate utilization of the process requested. Whether or not the 65 encryption key 312. The processor 308 then invokes a sender element 340 and sends the message to the transceiver first allower element 318 allows immediate utilization of a 302, which thereafter transmits the encrypted external process is determined by programming of the portable ITC Inv. No. 337-TA- MOT ITC 0002673 6,008,737 11 12 internal authorizations 382 present within the portable comauthorization request message to the base stations 116. If an munication device 122 for utilizing the processes 398, and encrypted external authorization response message is to report the internal authorizations 382 present, in response received from the base stations 116 indicating the hardware to receiving an internal authorization audit command from or software process is authorized, then the processor 308 accesses a second allower element 320 to process the 5 the fixed portion 102 of the communication system. The processor 308 is also programmed to delete an internal message. If the external authorization response message was authorization 382, in response to receiving a delete authofor a hardware module 373 authorizing utilization of the rization command directed at the internal authorization 382 process, then the second allower element 320 invokes a from the fixed portion 102 of the communication system. hardware performer element 322 for performing the process in accordance with circuits of the hardware module 373. If 10 These operational features will be described further herein below. the external authorization response message was for a softFor cooperation with the message sending operation of ware module 392 authorizing utilization of the process, then the fixed portion 102, the processor 308 is programmed hy the second allower element 320 invokes a software perway of the ROM 310 to control the transceiver 302 to former elcment 324 for performing the process in accorclement dance with instructions of the software module 392. 15 request a download of a predetermined software process 398 in response to receiving from the fixed portion 102 a For software modules 392 or hardware modules 373 message that requires the predetermined software process which are user-installed, an authorization medium 375 398 for processing the message. In addition, the processor (preferably a registration form with proof of purchase) is 308 is programmed by way of the ROM 310 to control the physically sent to the service provider to obtain authoriza20 tion. When the user requests execution of the installed 20 display 368 to display the terms of a software license agreement, in response to receiving the terms of the software process, the process is optionally executed and the processor license agreement from the fixed portion 102 through the 308 invokes the external authorizer element 330 to request radio channel. an external authorization from the controller 112. The external authorizer element 330 obtains usage authorization by Referring to FIG. 5, a timing diagram 400 depicts elereceiving an external authorization from the service provider 25 ments of an outbound protocol and an inbound protocol of through a radio channel (the outbound channel) of the the fixed portion 102 and portable portion 104 of the communication system. The external authorization request communication system in accordance with the preferred message sent to the base stations 116, as described above, embodiment of the present invention. The signaling format on the outbound and inbound channels preferably operates comprises an authorization request command, the portable communication device 122 address, the process name and 30 on a single carrier frequency utilizing well-known time division duplex (TOO) techniques for sharing the frequency. size, and a secure eRe of the hardware or software process CRC It will be appreciated that the outbound and inbound chanexecutable 398. When the controller 112 sends an authorinels can use separate frequency channels utilizing frequency zation message granting authorization of the hardware or division multiplexing (FOM) techniques well known in the software process, the second allower element 320 allows the utilization of the process, in response to the usage authori- 35 art. Using TOO transmission the outbound RF channel transmission is depicted during an outbound transmission zation being obtained. In response to obtaining an external time interval 402, while the inbound RF channel transmisauthorization allowing utilization of a process, the processor sion is depicted during an inbound transmission time inter308 accesses the creator element 344 to create an internal authorization record 382. To create the internal authorization val 404. The outbound transmission time interval 402 and record the processor 308 invokes a generator element 346 40 the inbound transmission time interval 404 are subdivided which first calls on a chooser element 348 to select preferby a time boundary 403. The time boundary 403 depicts a ably two random bytes of the hardware or software process point in time when the outbound transmissions cease and the executable 398. The random bytes are preferably chosen inbound transmissions commence. using the real-time clock 399 and user invocation of the user The elements of the outbound protocol comprise an controls 364 as described above. Once the random bytes 45 outbound sync 406, a selective call address 408, a message have been determined, and satisfy the polynomial generator vector 410 and an outbound message 412, while the inbound rules, a checksum calculator element 350 is invoked to protocol comprises an inbound sync 426 and an inbound perform a eRe generation on the process executable 398 of CRC message 428. The outbound sync 406 provides the portable the hardware or software module. Once the random eRe CRC communication device 122 a means for synchronization 388 has been calculated, the storer element 352 collects the 50 utilizing techniques well known in the art. The selective call verification elements used for the internal authorization address 408 identifies the portable communication device record 382. The verification elements comprise the address 122 for which the outbound message 412 is intended. The pointers 384 for the random polynomial generator, the message vector 410 points in time within the TOO signal process name 386, the random eRe 388 calculated by the CRC format to the position of the outbound message 412 to be checksum calculator element 350 and the expiration time 55 received by the portable communication device 122. The 390 received in the external authorization message from the outbound message 412 can be either a well known selective controller 112. The processor 308 then calls on a placer call message, or an external authorization response message element 354 which uses the secure encryption key 312 to in accordance with the present invention. When the outencrypt the verification elements and then stores the result in bound message 412 is an external authorization response the authorization records 380 in the RAM 378. 60 message, the message received by the portable communication device 122 is an encrypted message 414. The For cooperation with the auditing operation of the fixed encrypted message 414 comprises an authorization comportion 102, the processor 308 is programmed by way of the ROM 310 to maintain in the RAM 378 a record (not shown) mand 416, a process name 418 and, optionally, an expiration of usage of the process 398, and to report the usage in time 420. When the authorization command 416 is an response to receiving a usage audit command from the fixed 65 authorization command denying authorization for utilization portion 102 of the communication system. In addition, the of a requested process, then the expiration time 420 is not processor 308 is programmed to maintain the record of included in the encrypted external authorization response ITC Inv. No. 337-TA- MOT ITC 0002674 6,008,737 13 14 message. It will be appreciated that the outbound external the portable communication device 122 received on the authorization response message can be extended to include inbound channel, as described further herein below. It will be further appreciated that, alternatively, other communicamultiple authorizations and/or denials by sending a plurality tion protocols which support two-way communication can of authorization commands 416, associated process names 418 and, optionally, expiration times 420. 5 be used. Similarly, the inbound sync 426 provides the base stations Referring to FIG. 6, a flow chart 500 depicting an autho116 a means for synchronization utilizing techniques well rization operation of the fixed portion 102 in response to a known in the art. The inbound message 428 can be either a message originated by the portable communication device well known acknowledge-back response message, or an 122 in accordance with the preferred embodiment of the external authorization request message in accordance with 10 present invention begins with step 502 where the controller the present invention. When the inbound message 428 is an 112 receives an encrypted external authorization request external authorization request message, the message transmessage. In step 504 the controller 112 deciphers the mitted hy the portahle communication device 122 is an encrypted message using the secure encryption key 231 encrypted message 430. Thc encrypted message 430 comThe cncryptcd mcssagc cncryptcd mcssagc stored in the ROM 228. In step 506 the controller 112 prises an authorization request command 432, an address 15 identifies the portable communication device 122 requesting 434 corresponding to the portable communication device the authorization by the address 434 received. Additionally, 122, a process name 436, a process size 438 and a secure the controller 112 reads the process verification elements CRC 440. The secure CRC is determined, as described included in the external authorization request message. In above, using the secure polynomial 311 over the hardware or step 508 the controller 112 checks for a match between the software module's process executable 398. It will be appre- 20 process verification elements received and the list of process ciated that the authorization request command 432 can be records 220 corresponding to the portable communication included as part of the field of the address 434. It will also fOllnd, device 122. If a match is found, then in step 510 an external be appreciated that multiple authorization requests can be authorization response message is constructed authorizing included within the same inbound message by sending a utilization of the process. The external authorization plurality of process names 436 and process sizes 438 with 25 response message comprising the authorization command their associated secure CRCs 440. 416 allowing utilization of the process, the process name During selective call messaging between the base stations 418 of the process authorized and an expiration time 420 for 116 and the portable communication devices 122, the comthe process. Before sending the message to the base stations munication system protocol described above begins with an 116 for transmission, the external authorization response outbound message which delivers a message to a portable 30 message is encrypted using the secure encryption key 231 as communication device 122. The portable communication described above. When a match is not found, then in step device 122 can, optionally, acknowledge reception of the 512 an external authorization response message with an "authorization denied" command is constructed. The extermessage on the inbound channel. Acknowledgment mesnal authorization response message then comprises the sages from the portable communication device 122 are transmitted on the inbound channel during a scheduled 35 authorization command 416 for denying authorization to the period which is referenced to the time boundary 403 requested process, and the associated process name 418. The described above. Scheduled inbound messages are preferdenial message, as described above, is encrypted by the controller 112 using the secure encryption key 231. Once ably reserved for acknowledgment messaging from the portable communication devices 122. However, when a user either type of the external authorization response message is invokes a process which requires transmitting an external 40 constructed, then in step 514 the message is sent to the authorization request message to the base stations 116, the transmitter 202 of the base station 116 where it is transmitted portable communication device 122 uses an unscheduled to the portable communication device 122. In step 516 the controller 112 checks for a message acknowledgment time period (slot) referenced to the time boundary 403 for unscheduled messaging to the hase stations 116. Note that response from the portahle communication device 122 messaging, during inbound mcssaging, a timc pcriod rcfcrcnccd to thc 45 acknowledging rcccption of thc cxtcrnal authorization time boundary 403 is reserved for both scheduled and response message. If no acknowledgment is received, then unscheduled inbound messages. Therefore, there is no conthe controller 112 resends the message in step 514. The tention between scheduled and unscheduled inbound mescontroller 112, preferably, has an option to limit the number of re-transmissions by using, for example, a maximum sages. Since the number of unscheduled time slots is limited, it is possible for contention to exist among a plurality of 50 resend count programmed by the system provider. Once an portable communication devices 122 transmitting unschedacknowledgment is received, the controller 112 returns to uled inbound messages. To resolve contention with unschedstep 502 where it processes subsequent external authorizauled inbound messages, the present invention preferably tion request messages from the portable communication utilizes ALOHA protocol as is well known by one of devices 122. ordinary skill in the art. Referring to FIG. 7, a flow chart 600 depicting an autho55 When the preferred embodiment of the present invention rization operation of the portable communication device 122 as it attempts to obtain authorization to use a process in is acquiring authorization of hardware and software modules remotely as just described, it will be appreciated that mesaccordance with the preferred embodiment of the present sage transactions originate first from the portable commuinvention begins with anyone of steps 602, 604 and 606. In nication device 122 as unscheduled inbound messages. 60 step 602 the user installs a hardware or software module and Subsequent responses from the fixed portion 102 of the registers the hardware or software module by sending preferably an authorization medium 375 comprising a registracommunication system are received on the outbound chantion form and proof of purchase receipt. In step 606 the user nel. When the preferred embodiment of the present invention is performing auditing and message sending operations can receive over-the-air (OTA) programming of a software of the fixed portion 102, it will be appreciated that the 65 process. The request for an OTA software download can be performed by the user by way of a conventional telephone message transactions originate first from the fixed portion 102 as outbound messages, with subsequent responses from 124 call to the system provider. It will be appreciated that ITC Inv. No. 337-TA- MOT ITC 0002675 6,008,737 15 16 where the process verification elements are decrypted and other ways can be used for requesting OTA programming of a software process, such as by the use of appropriate then checked against the requested process executable 398. functions provided by the user controls 364, in the portable If the process verification elements are determined to be valid, then in step 638 process execution is invoked if it has communication device 122 for requesting software processes. Once a software or hardware module has been added 5 not already been invoked by step 610. Validation of the process verification elements consists of matching the ranto the portable communication device 122 by way of OTA dom CRC generated over the process executahle 398 of the programming or userinstallation, the user can request execurequested hardware or software module with the random tion of the process in step 604. In step 610 the process is eRe found in the internal authorization record. If the CRC immediately executed without initial authorization. It will be appreciated that the portable communication device 122, 10 process verification elements are determined to be invalid, then in step 640 process execution is denied, and in step 642 optionally, can be programmed by the system provider to the process is discarded from memory (for a software skip step 610. In step 612 the processor 308 of the portable module) and an alert signal is created. The alert signal is communication device 122 checks for the presence of an preferably an audible and visual alert signal using the internal authorization record 382 in the authorization records alerting device 366 and display 368 of the portable com380 stored in the RAM 378. Each internal authorization 15 munication device 122. Optionally, an alert signal can be record 382 is decrypted using the secure encryption key 312 sent to the controller 112 alerting the communication system stored in the ROM 310. A match is checked between the that an attempt to use an invalid hardware or software process name 386 of the internal authorization record 382 module has been detected. and the process name of the requested process. If a match is Thus, it should be apparent by now that the present not found, the processor 308 proceeds to step 614 where an 20 invention provides a method and apparatus for controlling encrypted external authorization request message is conutilization of a hardware or software process added to a structed comprising the authorization request command 432, portable communication device 122. In particular, the the address 434 of the portable communication device 122, present invention provides a novel method and apparatus for the process name 436, the process size 438, and the secure eRe 440 of the process executable 398 requested. In step 25 remotely authorizing software and hardware modules added CRC to a portable communication device 122. With the present 616 the encrypted external authorization request is transinvention, the authenticity of process executables 398 used mitted to the base stations 116. In step 618 the processor 308 by software and hardware modules can advantageously be waits for an external authorization response message from validated by the fixed portion 102 of the communication the base stations 116. If no external authorization response message has been received, then in step 628 a time-out 30 system. In addition, the fixed portion 102 of the communication system can keep track of unauthorized installations (TMO) indicator is checked. If the TMO indicator has and can act upon unauthorized additions of software and expired, then in step 630 a resend counter is checked for hardware modules to the portahle communication devices re-transmission requests. If re-transmission requests of the 122 by disabling operation of a portable communication encrypted external authorization request message have been exceeded, then in step 632 the process execution is denied 35 device 122 using OTA techniques. Another advantage of the present invention is the option for the system provider to and the user is alerted by the alerting device 366 and display program the portable communication device 122 to execute 368 of the portable communication device 122. If the resend a hardware or software process without receiving immediate counter has not been exceeded, then the processor 308 authorization. This option provides a user immediate access resends the encrypted external authorization message in step 614. If in step 628 the TMO indicator has not expired, then 40 to a hardware or software process without burdening the user with the delay of receiving authorization for the prothe processor 308 continues to wait for an external authocess. The present invention also provides an authorization rization response message from the base stations 116. If an method which is secure for both inbound and outbound external authorization response message is received, then messaging by using a message encryption technique step 620 checks if the requested process has heen authorized cxecution. the for cxccution. If thc requested process has been denied 45 described above. What is claimed is: authorization, then step 640 is invoked, where the process is 1. An apparatus at a fixed portion of a communication denied execution, and subsequently discarded in step 642 system for authorizing utilization of software in a portable alerting the user to authorization denial. If the requested portion of the communication system, the apparatus comprocess has been authorized for execution, then in step 622 50 prising: preferably two bytes are chosen from within the process 50 a processor; executable 398 of the hardware or software module to create a memory coupled to the processor for maintaining a list a 16 bit random polynomial generator. The random bytes are of authorized software corresponding to the portable chosen using the real-time clock 399 and user controls 364 portion; as described above. In step 624, the processor 308 generates a request receiver element coupled to the processor for a random eRe over the process executable 398 of the 55 CRC receiving a request from the portable portion, the authorized hardware or software module. In step 626, an request including an address identifying the portable internal authorization record 382 is created comprising the portion, and a software name; random address pointers 384, the process name 386, the a list checker element coupled to the processor for checkprocess size 387, the random eRe 388, and the expiration CRC time 390 of the authorized process. The internal authoriza- 60 ing the list of authorized software corresponding to the tion record 382 is encrypted with the secure encryption key portable portion identified by the address, to determine 312 stored in the ROM 310. Once the internal authorization whether the software corresponding to the software name is authorized; and record 382 has been created, the processor 308 continues to step 638 where process execution is invoked if it has not an external authorization element coupled to the processor already been invoked by step 610. for transmitting the external authorization to the por65 In the case where in step 612 an internal authorization table portion in response to the software being authorized for the portable portion. record 382 is found, the processor 308 continues to step 636 ITC Inv. No. 337-TA- MOT ITC 0002676 6,008,737 17 18 2. The apparatus of claim 1 in which the request includes the software for which the portable communication device is a secure checksum. requesting authorization. 3. The apparatus of claim 2 in which the secure checksum S. 8. The portable communication device of claim 7 in which is a secure cyclic redundancy check of the software for the secure cyclic redundancy check is generated by the which the portable portion is requesting authorization. 5 portable communication device by using a secure polyno4. The apparatus of claim 3 in which the apparatus uses a mial stored in the portable communication device. secure polynomial stored in the memory of the apparatus to 9. A portable communication device in a communication calculate the secure cyclic redundancy check. system having a fixed portion, the portable communication 5. The apparatus of claim 1 in which the request includes 10 device comprising: a software size. 6. A portable communication device in a communication a processor; system having a fixed portion, the portable communication for an authorization element coupled to the processor [or device comprising: obtaining usage authorization for utilizing software in a processor; the portable communication device, in which the authoan authorization element coupled to the processor for 15 rization element generates an external authorization obtaining usage authorization for utilizing software in request, and in which the authorization element comthe portable communication device, in which the authomunicates with the fixed portion to obtain the usage rization element generates an external authorization authorization in response to the external authorization request, and in which the authorization element comrequest, and in which the external authorization request municates with the fixed portion to obtain the usage 20 includes at least one of: an address identifying the authorization in response to the external authorization portable communication device, a software name and a request, and in which the external authorization request size of the software; and includes a secure checksum; and a second authorization element coupled to the processor a second authorization element coupled to the processor 25 for allowing utilization of the software, in response to for allowing utilization of the software, in response to usage authorization being obtained from the fixed porusage authorization being obtained from the fixed portion. tion. 7. The portable communication device of claim 6 in which the secure checksum is a secure cyclic redundancy check of * * * * * ITC Inv. No. 337-TA- MOT ITC 0002677

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?