Motorola Mobility, Inc. v. Microsoft Corporation
Filing
133
NOTICE by Microsoft Corporation re #126 Defendant's MOTION for Summary Judgment (Redacted) of Filing Additional Exhibits (Attachments: #1 Appendix Index to Additional Exhibits, #2 Exhibit 1103, #3 Exhibit 1104, #4 Exhibit 1106, #5 Exhibit 1107, #6 Exhibit 1108, #7 Exhibit 1109, #8 Exhibit 1113)(Miner, Curtis)
111111
1111111111111111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111111111111111111111111111111111
US006008737A
United States Patent
[19]
Deluca et al.
[11]
[45]
[54]
Inventors: Michael J. Deluca, Boca Raton; Doug
Kraul; Walter L. Davis, both of
Parkland, all of Fla.
[73]
Assignee: Motorola, Inc., Schaumburg, Ill.
[* ]
Notice:
This patent issued on a continued prosecution application filed under 37 CFR
1.53(d), and is subject to the twenty year
u.s.c.
patent term provisions of 35 U.S.c.
154(a)(2).
[21]
Appl. No.: 08/672,004
[22]
Filed:
Jun. 24, 1996
Related U.S. Application Data
[63]
Continuation-in-part of application No. 08/452,785, May
30, 1995, Pat. No. 5,612,682.
[511
[52]
Int. CI. 6 ....................................................... G07D 7/00
U.S. CI. ................................ 340/825.34; 340/825.34;
340/825.44; 455/408; 379/121; 705/32
Field of Search ......................... 340/825.34, 825.44,
340/825.33, 825.35, 825.22; 455/426, 405,
406, 408; 395/200.01, 200.05, 230, 232,
228, 229; 379/114, 121
[58]
[56]
References Cited
u.s.
U.S. PATENT DOCUMENTS
4,875,038 10/1989 Siwiak et al. ...................... 340/825.44
5,155,680 10/1992 Wiedemer ............................... 395/232
5,325,418 6/1994 McGregor et al. ..................... 455/406
ITC Inv. No. 337-TA-
6,008,737
*Dec. 28, 1999
340(825.34
5,335,278 8/1994 Matchett et al. ................... 340/825.34
340(825.33
5,371,493 12/1994 Sharpe et al. ...................... 340/825.33
5,493,492 2/1996 Cramer et al. . ... ....... ... ... ... ... ... 385/232
5,577,100 11/1996 McGregor et al. ..................... 455/406
et
5,606,497 2/1997 Cramer ct al. . ... ....... ... ... ... ... ... 395/232
340(825.44
5,612,682 3/1997 De Luca et al. ................... 340/825.44
340(S25.34
5,633,932 5/1997 Davis et al. ....................... 340/825.34
340(825.34
5,652,793 7/1997 Priem et al. ....................... 340/825.34
455/405
5,664,006 9/1997 Monte et al.
APPARATUS FOR CONTROLLING
UTILIZATION OF SOFTWARE ADDED TO A
PORTABLE COMMUNICATION DEVICE
[75J
Patent Number:
Date of Patent:
Primary Examiner-Edwin C. Holloway, III
Assistant Examiner-Anthony A. Asongwed
[57]
ABSTRACT
An apparatus at a fixed portion (102) of a communication
system controls utilization of software (398) in a portable
communication device (122) that includes a transceiver
(302) for communicating with the fixed portion. The portable communication device receives (604) a request for
utilization of the software. In response, the portable communication device seeks (612) a usage authorization for
utilizing the software by generating (614) an external authorization request (428) that includes at least one of a size
(396) of the software, a software name (394), a secure
checksum, and an address (313) identifying the portable
communication device, and by communicating (616) the
external authorization request to the fixed portion. The
secure checksum is a secure cyclic redundancy check of the
software for which the portable communication device is
requesting usage authorization, and is generated (624) hy the
portable communication device from a secure polynomial
(311) stored in the portable communication device and
separately by the apparatus from a same secure polynomial
(230) stored in the apparatus. The portable communication
device disallows (640) the utilization of the software, in
response to the usage authorization being unobtainable.
9 Claims, 7 Drawing Sheets
MOT ITC 0002661
u.s. Patent
Dec. 28, 1999
6,008,737
Sheet 1 of 7
,.-- 104
~104
------
r-------~~--------1-----r-------1~--------
r
r
122
PORT.
OMM.
DEV.
I
PORT.
PORT.
COMM
DEV.
DEV.
122
122
122
122
122
122
I
PORT.
OMM.
DEV.
:
I
I
I
I
---~
- 118
118
~
118
116
r-116
r- 116
................---:.,
116
BASE
STATION
BASE
STATION
BASE
STATION
114
CONTROLLER
L ____________
110
- - - - - T- - - - 7
'-" - 101
102-'"
PUBLIC
SWITCHED
TELEPHONE
NETWORK
FIG. 1
FIG.l
ITC Inv. No. 337-TA-
MOT ITC 0002662
u.s. Patent
ITC Inv. No. 337-TA-
6,008,737
Sheet 2 of 7
Dec. 28, 1999
I .....-_
214 1 ...... _ _ _ _ _ _ _ _ _ _....,
216 \l.
216'l.
RAM
'l r-
218
PORTABLE DEVICE RECORDS
\ 1
ADDRESS
220~ r220,,";-r- PORTABLE DEVICE
"i~ rt"'t""-1L-..!:.D~~2...:~~C!..!:L-----l I
I
PROCESS RECORD
"1I~~~~~~~:~~~~
•
220
PROCESS RECORD
I
1
I
JI
·
· ADDRESS
PORTABLE DEVICE ADDRESS
•
218 1
I
220,,""--1-220~t- I PROCESS RECORD I
--.-.
TIt.....,IL-.!:P.!:!R~O~C£:ES:2.:S2....!::lRS;EC~O::!JR!:!.!D~.-J1
I
1
220
I
I
JI
PROCESS RECORD
226 {
226~
120
,
L..;,IS..;.,T..,;;O..;.,F..;.,P..;.,R._O...,;;C_E..;,S..;.S,;;.ES.;....____
r r- L -_ _
L..;,IS..;"T..;;O..;"F..;.P..;"R.-O...;;C_E...;,S..;"S,;;"ES';""---I
r - - - - - - 1 1 a..-_ _ _ _~----.........
I II..-----~---- . .
\V • I
\1/
r
r-
I
I
I 1
II
202
.1 .....
1)
1)
118
I
11(
I11\ :
I
~J
204
204
~
1-------1'-='------+-1
I-------''-='--.......
1
I
1
I
~
-
-
-
-
-
-
230\
230\.
-
".......
231
231:''-..
_-"'-
.J
Jil
212
228
,228
r
ReM
ROM
SECURE POL .......__.... L~
~""""S..... .......................YNOM I_A....
E_C URE POLYNOMIAL
~""""""",----~~~ ~~-I
.......
SECURE ENCRYPTION KEY
CALL PROCESSING
234........ I--~P ROCESS~L--IS T ER---I
....................... ............
234......... I--~P~R~O~C~E~S~S~L~IS~T~E""""R---1
236, I---R-E-a-U-E-S-T-R-E-C-E-IV-E-R-.....
236.......
238\.
238,
LIST CHECKER
.....
24~\...... t-E-X-T-E-R-N-A-L-A-UT-H-O-R-I-ZA-T-IO-""'N
24~~ t-E-X-T-E-R-N-A-L-A-UT-H-O-R-I-ZA-T-IO----4
N
112
FIG. 2
j
1 1
__
1_1
TEL. ___ .1:,1:INFC
RCVRI--'
INFC I - - - - - - J
23~
200
/
I'
2~0
,r
1
I
1
I
BASE
STATION
PROCESSOR~
PROCESSOR~
206
'{
RECEIVER
11
I I
-
14-1-4--
208.../
:
~:
116
XMTR
INFC
I
I
L..--....L1-I TRANSMITTER
L---....LI-II
1
101""\i
101""""
~
I
1
I
1
242\......
242~
AUTHORIZATION DENIAL
CONTROLLER
--------------
MOT ITC 0002663
u.s. Patent
Dec. 28, 1999
378
RAM
"-
INFORMATION STORAGE
LOCATIONS
v-379
AUTHORIZATION RECORDS
INTERNAL AUTHORIZATION
ADDRESS POINTERS ,-10rPROCESS NAME
,-PROCESS SIZE
~
RANDOM CRC
......
EXPIRATION TIME
-380
v-38O
~
.--
.--
122
·
: AUTHORIZATION :
-382
I
I
MEDIUM
384 IL ______________ .JI
386
387
373
388
390 Ir-------
.--
•
•
·
,374
,-374
JJ
EEPROM
ADDRESS
306
"-
J;
I
.
...
~
~
....
14
I"
ITC Inv. No. 337-TA-
,
po
i+I
~
t
J
I
....
...
J
,
r368
r 368
DISPLAY
I
~
ALERT
I+-~n
...
372
MOD
INFC
...
,r
H
PROCESSOR
POWER ....
SWITCH ....
TRANSCEIVER
308,
~
364,
USER
L CONTROLS
,,- 31O
310
r-
ROM
POL YNOMIAL
SECURE POLYNOMIAL
f--J.--
--311
SECURE ENCRYPTION KEY
,r
399
J
-392
394
396
398
po
302", ,r
302"\
3
I
n
PROGRAM
INTERFACE
9~
-392
394
396
398
I
I
370,-- HW
SOFTWARE MODULE
PROCESS NAME
PROCESS SIZE
PROCESS EXECUTABLE .-
313
L ----,I
I
I PROCESS II
: EXECUTABLE :
1--'--- - ______
r7 --.....
--......
398
HW MODULE
I
I
SOFTWARE MODULE
.PROCESS NAME
PROCESS SIZE
PROCESS EXECUTABLE
30
375
r------ C -----,
INTERNAL AUTHORIZATION
ADDRESS POINTERS ~
,-PROCESS NAME
~
PROCESS SIZE
,-.-RANDOMCRC
10EXPIRATION TIME r-
~
FIG. 3
-382
384
386
387
388
390
•
3 76
6,008,737
Sheet 3 of 7
r-312
r--312
CALL PROCESSING
SECURITY
r-314
r-.-314
r--315
r-315
REAL-TIME I
CLOCK 1-
MOT ITC 0002664
u.s. Patent
Dec. 28, 1999
6,008,737
Sheet 4 of 7
SECURITY
""---""'----
315
AUTHORIZATION
r-_ 316
FIRST ALLOWER
318
"
SECOND ALLOWER
r-_
320
HARDWARE PERFORMER I ' I'- - 322
SOFTWARE PERFORMER
-
""-
324
328
I"- 330
EXTERNAL AUTHORIZER
I'r- r- 332
DETERMINATION
"r- r-RADIO AUTHORIZER
r--3
r-334
~
TRANSMITTER CONTROLLER
-336
INTERNAL AUTHORIZER
r--
-
~
SECURE CHECKSUM
CALCULATOR
'-SENDER
"-CREATOR
GENERATOR
CHOOSER
I
DISALLOWER
FI RST DISABLER
SECOND DISABLER
THIRD DISABLER
340
"-
-
344
346
348
3 50
r-I--
......
CHECKSUM CALCULATOR r---.
STORER
PLACER
3 38
1---1
1---'352
354
-356
I' -358
r--.r-. -360
' - 362
FIG. 4
ITC Inv. No. 337-TA-
MOT ITC 0002665
u.s. Patent
Dec. 28, 1999
416
420
418
.....-:""""~-.----~-----......-:""""~-.-----~-----.~~--L
6,008,737
Sheet 5 of 7
- - -
~-
- - - - - - - - I
I
PROCESS NAME EXPIRATION TIME 2
I
~
---------~
~ENCRYPTED~
I
rlENCRYPTEDI
41::I MESSAGE
414
404
403
426
430
432
434
436
438
428
ENCRYPTED
MESSAGE
I
440
FIG.S
ITC Inv. No. 337-TA-
MOT ITC 0002666
u.s. Patent
Dec. 28, 1999
6,008,737
Sheet 6 of 7
502
CONTROLLER RECEIVES ENCRYPTED
EXTERNAL AUTHORIZATION
REQUEST MESSAGE
CONTROLLER DECIPHERS ENCRYPTED
MESSAGE FROM THE PORTABLE
COMMUNICATION DEVICE
504
506
CONTROLLER IDENTIFIES THE PORTABLE
COMMUNICATION DEVICE BY SELECTIVE CALL
ADDRESS, AND PROCESS IS IDENTIFIED BY
PROCESS NAME, SIZE AND CRC
508
Y
510
512
CONTROLLER SENDS
ENCRYPTED PROCESS
AUTHORIZATION INCLUDING
PROCESS NAME AND SIZE TO
BASE TRANSMITTER
CONTROLLER SENDS NOT
AUTHORIZED COMMAND TO
TRANSMITTER
514
BASE TRANSMITTER
TRANSMITS AUTHORIZATION ..------,
MESSAGE
516
500
FIG. 6
ITC Inv. No. 337-TA-
MOT ITC 0002667
u.s. Patent
Dec. 28, 1999
6,008,737
Sheet 7 of 7
604
606
USER INSTALLS
USER REQUESTS
HARDWARE OR
.--..... EXECUTION OF A
SOFTWARE MODULE
PROCESS
AND SENDS
REGISTRATION
USER
RECEIVES OTA
PROGRAM
610
612
N
SEND TO TRANSMITTER
ENCRYPTED AUTHORIZATION
REQUEST,ADDRESS, PROCESS
NAME AND SIZE, AND SECURE CRC
616
ENCRYPTED
AUTHORIZATION
REQUEST TRANSMITTED
642
®
GENERATE CRC FOR
PROCESS USING
RANDOM eRe
GENERATOR
626
TORE ADDRESS POINTERS,
PROCESS NAME AND SIZE,
RANDOM CRC AND
EXPIRATION TIME
ENCRYPTED WITH SECURE
POLYNOMIAL GENERATOR
ITC Inv. No. 337-TA-
FIG. 7
MOT ITC 0002668
6,008,737
1
2
APPARATUS FOR CONTROLLING
UTILIZATION OF SOFTWARE ADDED TO A
PORTABLE COMMUNICATION DEVICE
DESCRIPTION OF THE PREFERRED
EMBODIMENT
Referring to FIG. 1, an electrical block diagram of a
communication system in accordance with the preferred
embodiment of the present invention comprises a fixed
portion 102 and a portable portion 104. The fixed portion
102 includes a plurality of base stations 116, for communicating with the portable portion 104, utilizing conventional
techniques well known in the art, and coupled by commu10 nication links 114 to a controller 112 which controls the hase
FIELD OF THE INVENTION
stations 116. The hardware of the controller 112 is preferably
This invention relates in general to communication
a combination of the Wireless Messaging Gateway
systems, and more specifically to a method and apparatus for
(WMGTM) Administrator!TM paging terminal and the
controlling utilization of a process added to a portable 15 RF-Conductor!® message distributor manufactured by
communication device.
Motorola, Inc. The hardware of the base stations 116 is
preferably a combination of the Nucleus® RF-Orchestra!TM
BACKGROUND OF THE INVENTION
RF -Audience! ™
transmitter and RF-Audience! ™ receivers manufactured by
In the past, paging devices were limited to alpha-numeric
Motorola, Inc. It will be appreciated that other similar
and voice paging. With technology improvements in circuit
hardware can be utilized as well for the controller 112 and
integration and more efficient communication protocols that 20 base stations 116.
provide two-way communication, paging devices have
Each of the base stations 116 transmits radio signals to the
grown in sophistication and services provided. With today's
portable portion 104 comprising a plurality of portable
technology improvements, paging devices are expected to
communication devices 122 via a transmitting antenna 120.
acquire more sophisticated functions such as electronic
25 The base stations 116 each receive radio signals from the
mailing services, spread sheet applications, investment 25
plurality of portable communication devices 122 via a
finance services such as stock market charts, quotation
receiving antenna 118. The radio signals comprise selective
requests, purchase and sale transactions, etc. These services
call addresses and messages transmitted to the portable
require sophisticated software applications and/or hardware
communication devices 122 and acknowledgments received
modules to be operated in the paging device. Paging devices
30 from the portable communication devices 122. It will be
using sophisticated services such as these will require a 30
appreciated that the portable communication devices 122
means for registration and licensing to prevent unauthorized
can also originate messages other than acknowledgments, as
use of processes, including software applications and hardwill be described below. The controller 112 preferably is
ware modules. In prior art devices registration has been
coupled by telephone links 101 to a public switched teleaccomplished by mailing a signed certificate with a purchase
35 phone network (PSTN) 110 for receiving selective call
receipt of a software application or hardware module. This 35
originations therefrom. Selective call originations comprisform of registration, however, does not prevent an unscruing voice and data messages from the PSTN 110 can be
pulous user from using pirated software applications and/or
generated, for example, from a conventional telephone 124
unauthorized hardware moduks.
coupled to the PSTN 110 in a manner that is well known in
Thus, what is needed is a method and apparatus for
40 the arl.
controlling utilization of a process added to a portable
Data and control transmissions between the base stations
communication device. Preferably, the method and appara116 and the portable communication devices 122 preferably
tus should serve as a mechanism to prevent unauthorized use
utilize a protocol similar to Motorola's well-known FLEXTM
of software applications and hardware modules.
digital selective call signaling protocol. This protocol uti45 lizes well-known error detection and error correction techBRIEF DESCRIPTION OF THE DRAWINGS
niques and is therefore tolerant to bit errors occurring during
FIG. 1 is an electrical block diagram of a communication
transmission, provided that the bit errors are not too numersystem in accordance with the preferred embodiment of the
ous in anyone code word.
present invention.
Outbound channel transmissions comprising data and
FIG. 2 is an electrical block diagram of elements of a fixed
50 control signals from the base stations 116 preferably utilize
portion of the communication system in accordance with the
two and four-level frequency shift keyed (PSK) modulation,
preferred embodiment of the present invention.
operating at sixteen-hundred or thirty-twohundred symbolsFIGS. 3 and 4 are elements of an electrical block diagram
per-second (sps) , depending on traffic requirements and
(sps),
of a portable communication device in accordance with the
system transmission gain. Inbound channel transmissions
preferred embodiment of the present invention.
55 from the portable communication devices 122 to the base
FIG. 5 is a timing diagram of elements of an outbound
stations 116 preferably utilize four-level FSK modulation at
protocol and an inbound protocol of the fixed and portable
a rate of ninety-six-hundred bits per second (bps). Inbound
portions of the communication system in accordance with
channel transmissions preferably occur during predeterthe preferred embodiment of the present invention.
mined data packet time slots synchronized with the outFIG. 6 is a flow chart depicting an authorization operation 60 bound channel transmissions. It will be appreciated that,
of the fixed portion in response to a message originated by
alternatively, other signaling protocols, modulation
the portable communication device in accordance with the
schemes, and transmission rates can be utilized as well for
preferred embodiment of the present invention.
either or both transmission directions. The outbound and
FIG. 7 is a now chart depicting an authorization operation
inbound channels preferably operate on a singk carrier
of the portable communication device as it attempts to 65 frequency utilizing well-known time division duplex (TDD)
obtain authorization to use a process in accordance with the
techniques for sharing the frequency. It will be further
preferred embodiment of the present invention.
appreciated that, alternatively, the outbound and inbound
This application is a continuation-in-part of application
Ser. No. 08/452,785 filed May 30, 1995, by Deluca et aI.,
entitkd "Method and Apparatus [or Controlling Utilization
of a Process Added to a Portable Communication Device",
now u.s. Pat. No. 5,612,682, issued Mar. 18, 1997.
U.S.
ITC Inv. No. 337-TA-
5
MOT ITC 0002669
6,008,737
3
4
channels can operate on two different carrier frequencies
memory, e.g., electrically erasable programmable ROM
(EEPROM) or magnetic disk memory, can be utilized for the
using frequency division multiplexing (FDM) without
ROM 228 as well as the RAM 214. It will be further
requiring the use of TDD techniques.
R0.M 228, sin~ly or
appreciated that the RAM 214 and
u.s. Pat. No. 4,875,038 to Siwiak et aI., which describes 5 in combination, can be integrated asthecontIguous portlOn of
a conttguous
a prior art acknowledge-hack radio communication system,
the processor 210. Preferably, the processor 210 is similar to
is hereby incorporated herein by reference. For further
the DSP56100 digital signal processor (DSP) manufactured
information on the operation and structure of an
by Motorola, Inc. It will be appreciated that other similar
acknowledge-back radio communication system, please
processors can be utilized for the processor 210, and that
refer to the Siwiak et aI., patent.
altemate
10 additional processors of the same or alternate type can be
Referring to FIG. 2, an electrical block diagram of eleadded as required to handle the processing requirements of
ments 200 of the fixed portion 102 in accordance with the
the controller 112.
preferred embodiment of the present invention comprises
The first two elements in the ROM 228 include a secure
portions of the controller 112 and the base stations 116. The
polynomial 230 and a secure encryption key 231. The secure
controller 112 comprises a processor 210 for directing
15 polynomial 230 is used as a secure polynomial generator for
operation of the controller 112. TIle processor 210 preferably
eRe verification of process executables requested by exterCRC
is coupled through a transmitter interface 208 to a transmitnal authorization request messages transmitted by portable
ter 202 via the communication links 114. The communicacommunication devices 122. The portable communication
tionlinks 114 use conventional means well known in the art,
devices 122 use the same secure polynomial generator for
such as a direct wire line (telephone) link, a data commu20 eRe generation. Using the same secure polynomial generaCRC
nication link, or any number of radio frequency linh, such
tor for both the fixed portion 102 and portable portion 104
frcqucncy
transcciver
as a radio frequency (RF) transceiver link, a microwave
of the communication system provides a means for verifying
transceiver link, or a satellite link, just to mention a few. The
authenticity of software and hardware processes requested
transmitter 202 transmits two and four-level FSK data
by the portable communication devices 122. The secure
messages to the portable communication devices 122. The
25 encryption key 231 is used for encryption and decryption of
processor 210 is also coupled to at least one receiver 204
authorization messages transmitted between the portable
through a receiver interface 206 via the communication links
communication devices 122 and the base stations 116.
114. The receiver 204 demodulates four level FSK and can
Similarly, the portable communication devices 122 use the
be collocated with the base stations 116, as implied in FIG.
same secure encryption key for external authorization mes2, but preferably is positioned remote from the base stations
30 sage transactions. Using secure encryption between the fixed
116 to avoid interference from the transmitter 202. The
portion 102 and the portable portion 104 of the communireceiver 204 is for receiving one or more acknowledgments
cation system provides a method for transmitting secure
and/or messages from the portable communication devices
two-way messages which are unlikely to be breached. The
122.
encryption process converts an unscrambled sequence to a
The processor 210 is coupled to a telephone interface 212 35 pseudo-random sequence coded by a scrambler and decoded
for communicating with the PSTN 110 through the teleby a descrambler. The scrambler and descrambler use prefphone links 101 for receiving selective call originations. The
erably polynomial generators with feedback paths which use
processor 210 is also coupled to a random access mem~ry
modulo 2 (Exclusive Or) addition on the feedback taps. The
(RAM) 214 comprising a database of portable deVIce
descrambler uses the same architecture as the scrambler for
records 216 and a database of processes 226. The database 40 descrambling the message. Using a nonlinear feedback shift
of portable device records 216 contains, as a minimum, a list
register (NFSR) architecture provides a secure approach for
of process records 220 for each portahle communication
message encryption which makes it difficult, if not compudevice 122. To access the list of process records 220 of a
tationally intractable for a person to decipher the encryption
portable communication device 122, a portable device
key. The present invention preferahly uses a conventional
address 218 corresponding to the address of a portable 45 self-synchronizing stream encryption system which utilizes
strcam
communication device 122 is used to search the database of
a NFSR architecture, as is well known by one of ordinary
portable device records 216. The list of process reco~ds 220
skill in the art. It will be appreciated that, alternatively, other
specifies the software and hardware processes whIch are
methods which provide suitably secure encryption can be
authorized for use by a portable communication device 122
used. It will be further appreciated that, alternatively, meshaving the portable device address 218. Each process record 50 sage transactions between the base stations 116 and the
220 contains a list of process verification elements used for
portable communication devices 122 can be non-encrypted.
process authorization of external authorization requests
To protect against unauthorized access, the secure polytransmitted by the portable communication devices 122, as
nomial230 and the secme encryption key 231 preferably are
secure
will be described below. The verification elements contained
stored in a secure portion of the ROM 228 which can only
in the process record 220 for both hardware and software 55 be accessed by the processor 210. Preferably, this portion of
processes include a process name, a process size and a
the ROM 228 is integrated with the processor 210 as a
secure cyclic redundancy check (eRe).
(CRC).
protected mask read only memory (MROM), and is proThe database of processes 226 preferably comprises
grammed during the manufacturing process of the processor
binary executables (machine code) of many of the autho210. As is well known by one of ordinary skill in the art,
rized software processes available for use by the portable 60 once a protected MROM has been programmed the procommunication devices 122. The software processes stored
tected portion of the MROM is only accessible by the
in the RAM 214 of the controller preferably can be delivered
processor 210 and cannot be accessed by external hardware
to portable communication devices 122 by way of over-thecoupled to the processor 210. Alternatively, the secure
air (OTA) programming utilizing techniques well known in
polynomial 230 and the secure encryption key 231 can be
the art.
65 included in a re-programmable non-volatile memory such as
a FLASH memory, an EEPROM memory or magnetic disk
The processor 210 also is coupled to a read-only memory
memory, but accessibility of the secure polynomial 230 and
(ROM) 228. It will be appreciated that other types of
ITC Inv. No. 337-TA-
MOT_ITC
MOT_ITC 0002670
6,008,737
5
6
altematively,
extemal
appreciated that, alternatively, the external authorization
secure encryption key 231 are preferably restricted by the
service provider to authorized personnel only. Using
response message can include a plurality of process names
nOll-volatile
re-programmable nOIl-volatile memories provides flexibility
and expiration times authorizing a plurality of processes
requested by the portable communication device 122.
of adding more polynomial elements and encryption keys
extemal
5 Before the external authorization element 240 sends the
for system and subscriber unit expansion.
external authorization response message to the transmitter
The ROM 228 of the processor 210 also includes firm202 of the base station 116, the external authorization
ware elements for use by the processor 210. The firmware
response message is encrypted, using the method described
elements include a call processing element 232, a process
above, to secure the RF transmission of the message. When
lister element 234, a request receiver element 236, a list
checker element 238, an external authorization element 240 10 the list checker element 238 denies authorization of a
process to a portable communication device 122, the proand an authorization denial element 242. The call processing
cessor 210 calls on the authorization denial element 242 to
element 232 handles the processing of an incoming call for
process the external authorization denial response message
a called party and for controlling the transmitter 202 to send
be transmitted the
to bc transmittcd to thc portable communication device 122.
dcvicc
a selective call message to the portable communication
device 122 corresponding to the called party, utilizing tech- 15 The external authorization denial response message comprises an authorization command which includes a "not
niques well known in the art. The process lister element 234
authorized" signal denying authorization, and a process
manages the database of portable device records 216 stored
name of the process being denied. It will be appreciated that
in the RAM 214 for each portable communication device
the external authorization denial response message can
122 utilizing database management techniques well known
dement
in the art. The request receiver element 236 processes 20 include a plurality of process names denying authorization
to a plurality of processes requested by the portable comencrypted external authorization request messages received
munication device 122. As is done with the external authoby the receiver 204 of the base station 116 and originating
rization response message, the external authorization denial
from the portable communication devices 122. The
response message is encrypted before it is transmilled to the
transmiUed
encrypted external authorization request message is
decrypted with the secure encryption key 231 described 25 portable communication device 122 by the base stations 116.
According to an auditing operation of the fixed portion
above. The external authorization request for hardware and
102, the processor 210 is programmed by way of the ROM
software processes comprises at least a process name and a
228 to periodically audit the portable communication device
process size corresponding to the process, along with a
122 through a radio channel of the communication system to
secure checksum and an address identifying the portable
communication device 122. Optionally, an authorization 30 determine a catalog of internal authorizations 382 (FIG. 3)
stored in the portable communication device 122. In
request command can accompany the external authorization
addition, the processor 210 is programmed to periodically
request message. Preferably, the
rcqucst mcssagc. Prefcrably, thc authorization request comrcqucst
audit the portable communication device 122 through a
mand is included in the address portion of the portable
radio channel of the communication system to determine a
communication device 122 address. Alternatively, the authorization request command can be in a separate element in the 35 quantitative usage of each ofthe processes 398 (FIG. 3) used
by the portable communication device 122, and to bill a user
external authorization request message. The secure checkof the portable communication device 122 in response to the
sum is preferably a secure eRe of the software process for
CRC
quantitative usage determined. The processor 210 is also
which the portable communication device 122 is requesting
programmed by way of the ROM 228 to maintain a list of
authorization. The eRe is generated by the portable comCRC
munication device 122 by using a polynomial generator 40 authorized processes 398 in the process records 220 corresponding to the portable communication device 122, and to
stored in its memory, which is the same as the secure
compare the catalog of internal authorizations 382 with the
polynomial 230 used by the controller 112, as described
list of authorized processes 398 corresponding to the porabove. The secure checksum provides a means for verifying
tahle communication device to determine whether any of the
that the process being used by the portable communication
intemal
stored
the
device 122 is an authorized version. The list checker element 45 intcrnal authorizations 382 storcd in thc portable communication device 122 are invalid. The processor 210 is further
238 uses the address, corresponding to the portable comprogrammed by way of the ROM 228 to store an indication
munication device 122, received in the external authorizain a user database entry (not shown) in the RAM 214
tion request message as a portable device address 218. TIle
corresponding to the portable communication device 122
processor 210, as described above, searches through the
database of portable device records 216 to find the list of 50 that an invalid internal authorization 382 has been found
therein, in response to determining that at least one of the
process records 220 corresponding to the portable device
internal authorizations 382 stored in the portable commuaddress 218 matching the address of the portable communication device 122 is invalid. The processor 210 is also
nication device 122. The list checker element 238 then
programmed to transmit a command to the portable comchecks each process record 220 for a match to the process
name, process size and secure eRe received in the external 55 munication device 122 to delete at least one of the internal
CRC
authorizations 382, in response to determining that the at
authorization request message. If a match is found, then
least one of the internal authorizations 382 stored in the
authorization is given to the portable communication device
portable communication device 122 is invalid. These opera122 for using the requested software or hardware process. If
tiona
tional features will be described further herein below.
a match is not found, then authorization is denied. When the
list checker element 238 authorizes a process requested by 60
According to a message sending operation of the fixed
the portable communication device 122, the processor 210
portion 102, the processor 210 is programmed by way of the
calls on the external authorization element 240 to process
ROM 228 to queue a message for transmission to the
the external authorization response message to be transmitportable communication device 122, the message requiring
ted to the portable communication device 122. The external
a predetermined process 398 in the portable communication
authorization response message preferably comprises an 65 device 122 in order to process the message. In addition, the
processor 210 is programmed to determine that the portable
authorization command, the process name of the authorized
process and an expiration time for the process. It will be
communication device 122 does not have a predetermined
ITC Inv. No. 337-TA-
MOT_ITC 0002671
MOT_ITC
6,008,737
7
8
usage authorization 382 for utilizing the predetermined
above. The intemal authorization record 382 for hardware
process 398; and in response, to grant the predetermined
and software processes comprises address pointers 384, a
process name 386, a process size 387, a random eRe 388 of
usage authorization 382 to the portable communication
CRC
device 122 through the radio channel of the communication
the authorized hardware or software process executable 398
system (after verifying, for example, that the account of the 5 and an expiration time 390. The address pointers 384
user of the portable communication device 122 is in good
preferably include two address pointers which point to two
standing). Preferahly, the processor 210 determines that the
byte locations within the process executable 398 of the
portable communication device 122 does not have the
authorized hardware or software process. The two bytes are
predetermined usage authorization 382 by auditing the porchosen by a random process which preferably uses a realtable communication device 122 over the radio channel. It 10 time clock 399 for generating random address pointers. The
will be appreciated that, alternatively, the processor 210 can
real-time clock 399 determines lime (in hours, minutes and
determine from its own internal process records 220 that the
seconds) and calendar date, which is also used for deterportable communication device 122 has not been previously
mining the expiration time of a process, as will be described
authorized for utilizing the predetermined process 398.
below. To determine the two random address pointers the
If the predetermined process 398 is a software process, the 15 real-time clock 399 is used in conjunction with the random
15
processor 210 is further programmed to determine that the
event of the user requesting use of a process through the user
portable communication device 122 does not have the
controls 364. When the user depresses a button on the user
software process, e.g., by receiving from the portable comcontrols 364 requesting execution of a process, the processor
munication device 122 a request for the software process;
308 reads the time specified by the real-time clock 399. The
and in response, to download the software process to the 20 real-time clock 399 reading is in binary format and is
20
portable communication device 122 through the radio chansufficiently long to cover a wide address spectrum. Dependnel. Preferably, before downloading the software process,
l1l1mber
ing on the []lImber of bytes contained in the process executthe processor 210 is further programmed to transmit terms of
able 398 the user is requesting, a limited number of bits are
a licensing agreement to the portable communication device
chosen in the real-time clock reading to cover the size of the
122, to receive from the portable communication device 122 25 process executable 398. The limited real-time clock reading
25
a reply indicating whether the user of the portable commuis then used as an address pointer to a first random byte in
nication device 122 agrees to the terms, and to omit downthe requested process executable 398. The second random
loading of the software process in response to the reply
address pointer points to a second random byte location. The
indicating that the user does not agree to the terms of the
two bytes together represent a 16 bit polynomial generator
licensing agreement. These operational features will be 30 seed for generating the random eRe 388 of the hardware or
30
CRC
described further herein below.
software process executable 398. As is well known by one
Referring to FIG. 3, an electrical block diagram of the
of ordinary skill in the art, a polynomial generator must
portable communication device 122 in accordance with the
follow certain guidelines such as, for example, the polynopreferred embodiment of the present invention comprises a
mial generator must not contain all zeros or all ones. When
transceiver antenna 303 for transmitting radio signals to the 35 the two bytes chosen violate any polynomial generator rules,
base stations 116 and for intercepting radio signals from the
the address pointers are moved to a next higher location in
base stations 116. The transceiver antenna 303 is coupled to
the process executable 398. If the end of the process
a transceiver 302 utilizing conventional techniques well
executable 398 is reached then the random address pointers
known in the art. The radio signals received from the base
wrap around to the beginning of the process executable 398.
stations 116 use conventional two and four-level FSK. The 40 This process continues until a valid set of bytes are chosen
radio signals transmitted by the portable communication
which meet the polynomial generator rules. It will be
device 122 to the base stations 116 use fourlevel FSK.
appreciated that, alternatively, more than two bytes can be
Radio signals received by the transceiver 302 produce
used for the random polynomial generator. The expiration
time 390 includes a date, and optionally a time when the
demodulated information at the output. The demodulated
the
processor
information is coupled to thc input of a proccssor 308, which 45 authorization of the hardware or software process expires.
processes the information in a manner well known in the art.
Whenever a process execution is requested by the user, the
expiration time 390 is compared to the real-time clock 399
Similarly, inbound response messages are processed by the
processor 308 and delivered to the transceiver 302 which is
to determine if authorization of the hardware or software
process has expired. It will be appreciated that reprogramcoupled to the processor 308. The response messages transmitted by the transceiver 302 are preferably modulated using 50 mabIe non-volatile memory devices, such as, for example,
four-level FSK.
EEPROM or FLASH memories, can be used to prevent loss
of the authorization records 380 stored in the RAM 378
A conventional power switch 306, coupled to the procesduring a power outage.
sor 308, is used to control the supply of power to the
The processor 308 is also coupled to a programming
transceiver 302, thereby providing a battery saving function.
The processor 308 is coupled to a random access memory 55 interface 374 and a hardware module interface 370. The
(RAM) 378 for storing messages in information storage
programming interface 374 allows for external software
locations 379. The RAM 378 further comprises authorizamodule download into the RAM 378. The programming
tion records 380 and software modules 392. The authorizainterface 374 preferably uses a serial communication intertion records 380 include internal authorization records 382
face 376 for communication with the processor 308. The
of processes, either software or hardware, which have been 60 serial interface preferably uses a conventional universal
authorized for use by the portable communication device
asynchronous receiver transmitter (VART) well known in
the art. The physical means for the interface preferably uses
122. The software modules 392 include a process name 394,
metal contacts. It will be appreciated that, alternatively,
a process size 396 and a process executable 398. The internal
other physical means can be used, such as infrared, inductive
authorization record 382 is encrypted using a secure encryption key 312 stored in a read only memory (ROM) 310 of the 65 coupling, etc. The hardware module interface 370 allows for
attachments of hardware modules to the portable commuportable communication device 122. The encryption key
nication device 122. The hardware module interface 370
used is the same as that used by the controller 112 described
ITC Inv. No. 337-TA-
MOT ITC 0002672
6,008,737
9
10
preferably uses a hardware interface 372, well known in the
communication device 122 performed by the system proart, such as the Personal Computer Memory Card Internavider. The processor 308 follows by invoking a determinational Association (PCMCIA) interface. With this interface
tion element 332 which is used for making a determination
any type of hardware module 373 conforming to the PCMof whether an internal authorization record 382 exists for
CIA standard can be attached to the portable communication 5 utilizing the hardware or software process. The determinadevice 122. The function of the hardware module 373 can
tion of a valid internal authorization record 382 is made by
include any numher of functions such as a software module
searching through the authorization records 380 for a prohardware accelerator, video graphics card, expanded
cess name 386 which matches the module name of the
memory card, etc. It will be appreciated that the programhardware or software process requested by the user. If a
10
ming interface 374 and the hardware module interface 370 10 match is determined, then an internal authorizer element 328
can use other interfaces for software download and hardware
is called on by the processor 308 to read the address pointers
attachments, well known in the art.
384 to determine the random polynomial generator to be
The ROM 310 coupled to the processor 308 comprises a
used for random CRC generation over the process executsecure polynomial 311, a secure encryption key 312 and
able 398 of the hardware or software module. TIle internal
firmware elements for use by the processor 308. It will be 15 authorizer element 328 uses the process size 387 correappreciated that other types of memory, e.g., EEPROM, can
sponding to the module size of the hardware or software
be utilized as well for the ROM 310. The secure polynomial
process executable 398 to calculate a random CRC over the
311 includes a secure polynomial generator for CRC genprocess executable 398 of the hardware or software process.
eration of hardware and software process executables 398.
If the eRe generated matches the random eRe 388 stored
CRC
CRC
The secure polynomial 311 used by the portable communi- 20 in the internal authorization record 382, then the processor
cation device 122 matches the secure polynomial 230 used
308 invokes the second allower element 320 to check the
by the controller 112 described above. The secure encryption
expiration time 390 against the real-time clock 399. If the
key 312 is used for scrambling and descrambling external
expiration time has not expired, then the processor 308
transmilled
authorization messages transmitted between the portable
allows the utilization of the process, in response to the usage
communication device 122 and the base stations 116. The 25 authorization being obtained. However, if the expiration
secure encryption key 312 used by the portable communitime has expired then the processor 308 calls on the third
cation device 122 matches the secure encryption key 231
disabler element 362 for disabling further utilization of the
used by the controller 112. The secure polynomial 311 and
process in response to an expiration of the usage authorizasecure encryption key 312 are stored in a protected portion
tion.
of the ROM 310 utilizing the techniques described for the 30
If the determination element 332 does not find an internal
controller 112.
authorization record 382 for the hardware or software proThe firmware elements comprise a call processing eleccss rcqucstcd
thc uscr,
authorizcr clcment
cess requested by the user, then a radio authorizer clement
ment 314 which handles incoming messages on the outor authorizer element 334 is called on for communicating
bound channel using techniques well known in the art. When
with the fixed portion 102 hy sending a signal indicative of
an address is received by the processor 308, the call pro- 35 the hardware or software module to obtain the usage authocessing element 314 compares one or more addresses 313
rization as an external authorization, in response to the
stored in an EEPROM 309, and when a match is detected,
internal authorization being absent from the authorization
a call alerting signal is generated to alert a user that a
records 380. The radio authorizer element 334 attempts to
message has been received. The call alerting signal is
obtain the usage authorization through a first radio channel
directed to a conventional audible or tactile alerting device 40 (the inbound channel) of the communication system. If the
366 for generating an audible or tactile call alerting signal.
external authorization request is denied, then the processor
In addition, the call processing element 314 processes the
308 calls on a first disabler element 358 to disable further
message which is received in a digitized conventional manutilization of the process, in response to receiving a "not
ner and then stores the message in one of the information
authorized" signal through a second radio channel (the
storage locations 379 in the RAM 378. The message can be 45 outbound channel) of the communication system. If the
accessed by the user through user controls 364, which
external authorization request is not received within a preprovide functions such as lock, unlock, delete, read, etc.
determined time interval, then the processor 308 invokes a
More specifically, by the use of appropriate functions prosecond disabler element 360 to disable utilization of the
vided by the user controls 364, the message is recovered
process requested by the user. To create the external authofrom the RAM 378, and then displayed on a display 368, 50 rization request message, the radio authorizer element 334
e.g., a conventional liquid crystal display (LCD).
invokes a transmitter controller element 336. The transmitter
The firmware elements further comprise a security elecontroller element 336 calls on a secure checksum calculator
element 338 which uses the secure polynomial 311 stored in
ment 315 for processing authorization of software modules
the ROM 310 to calculate a secure eRC over the process
392 and hardware modules 373. The elements contained in
CRC
the security element 315 are shown in FIG. 4. The security 55 executable 398 of the hardware or software process
element 315 includes an authorization element 316, a second
CRC
requested by the user. Once the secure eRC is determined,
allower element 320, a creator element 344, a storer element
the processor 308 prepares an external authorization request
message comprising an authorization request command, the
352, a disallower element 356 and a third disabler element
address of the portable communication device 122, the
362. When a user requests utilization of a hardware or
software process by the use of appropriate functions pro- 60 process name, the size of the hardware or software process
vided by the user controls 364, the processor 308 calls on the
executable 398, and the secure CRC calculated by the secure
authorization element 316 to process the request. The prochecksum calculator element 338. Once the external authocessor 308 begins the authorization process by invoking a
rization request message has been determined the transmitter
controller element 336 encrypts the message with the secure
mcrypts
first allower element 318 which, optionally, allows immediate utilization of the process requested. Whether or not the 65 encryption key 312. The processor 308 then invokes a
sender element 340 and sends the message to the transceiver
first allower element 318 allows immediate utilization of a
302, which thereafter transmits the encrypted external
process is determined by programming of the portable
ITC Inv. No. 337-TA-
MOT ITC 0002673
6,008,737
11
12
internal authorizations 382 present within the portable comauthorization request message to the base stations 116. If an
munication device 122 for utilizing the processes 398, and
encrypted external authorization response message is
to report the internal authorizations 382 present, in response
received from the base stations 116 indicating the hardware
to receiving an internal authorization audit command from
or software process is authorized, then the processor 308
accesses a second allower element 320 to process the 5 the fixed portion 102 of the communication system. The
processor 308 is also programmed to delete an internal
message. If the external authorization response message was
authorization 382, in response to receiving a delete authofor a hardware module 373 authorizing utilization of the
rization command directed at the internal authorization 382
process, then the second allower element 320 invokes a
from the fixed portion 102 of the communication system.
hardware performer element 322 for performing the process
in accordance with circuits of the hardware module 373. If 10 These operational features will be described further herein
below.
the external authorization response message was for a softFor cooperation with the message sending operation of
ware module 392 authorizing utilization of the process, then
the fixed portion 102, the processor 308 is programmed hy
the second allower element 320 invokes a software perway of the ROM 310 to control the transceiver 302 to
former elcment 324 for performing the process in accorclement
dance with instructions of the software module 392.
15 request a download of a predetermined software process 398
in response to receiving from the fixed portion 102 a
For software modules 392 or hardware modules 373
message that requires the predetermined software process
which are user-installed, an authorization medium 375
398 for processing the message. In addition, the processor
(preferably a registration form with proof of purchase) is
308 is programmed by way of the ROM 310 to control the
physically sent to the service provider to obtain authoriza20
tion. When the user requests execution of the installed 20 display 368 to display the terms of a software license
agreement, in response to receiving the terms of the software
process, the process is optionally executed and the processor
license agreement from the fixed portion 102 through the
308 invokes the external authorizer element 330 to request
radio channel.
an external authorization from the controller 112. The external authorizer element 330 obtains usage authorization by
Referring to FIG. 5, a timing diagram 400 depicts elereceiving an external authorization from the service provider 25 ments of an outbound protocol and an inbound protocol of
through a radio channel (the outbound channel) of the
the fixed portion 102 and portable portion 104 of the
communication system. The external authorization request
communication system in accordance with the preferred
message sent to the base stations 116, as described above,
embodiment of the present invention. The signaling format
on the outbound and inbound channels preferably operates
comprises an authorization request command, the portable
communication device 122 address, the process name and 30 on a single carrier frequency utilizing well-known time
division duplex (TOO) techniques for sharing the frequency.
size, and a secure eRe of the hardware or software process
CRC
It will be appreciated that the outbound and inbound chanexecutable 398. When the controller 112 sends an authorinels can use separate frequency channels utilizing frequency
zation message granting authorization of the hardware or
division multiplexing (FOM) techniques well known in the
software process, the second allower element 320 allows the
utilization of the process, in response to the usage authori- 35 art. Using TOO transmission the outbound RF channel
transmission is depicted during an outbound transmission
zation being obtained. In response to obtaining an external
time interval 402, while the inbound RF channel transmisauthorization allowing utilization of a process, the processor
sion is depicted during an inbound transmission time inter308 accesses the creator element 344 to create an internal
authorization record 382. To create the internal authorization
val 404. The outbound transmission time interval 402 and
record the processor 308 invokes a generator element 346 40 the inbound transmission time interval 404 are subdivided
which first calls on a chooser element 348 to select preferby a time boundary 403. The time boundary 403 depicts a
ably two random bytes of the hardware or software process
point in time when the outbound transmissions cease and the
executable 398. The random bytes are preferably chosen
inbound transmissions commence.
using the real-time clock 399 and user invocation of the user
The elements of the outbound protocol comprise an
controls 364 as described above. Once the random bytes 45 outbound sync 406, a selective call address 408, a message
have been determined, and satisfy the polynomial generator
vector 410 and an outbound message 412, while the inbound
rules, a checksum calculator element 350 is invoked to
protocol comprises an inbound sync 426 and an inbound
perform a eRe generation on the process executable 398 of
CRC
message 428. The outbound sync 406 provides the portable
the hardware or software module. Once the random eRe
CRC
communication device 122 a means for synchronization
388 has been calculated, the storer element 352 collects the 50 utilizing techniques well known in the art. The selective call
verification elements used for the internal authorization
address 408 identifies the portable communication device
record 382. The verification elements comprise the address
122 for which the outbound message 412 is intended. The
pointers 384 for the random polynomial generator, the
message vector 410 points in time within the TOO signal
process name 386, the random eRe 388 calculated by the
CRC
format to the position of the outbound message 412 to be
checksum calculator element 350 and the expiration time 55 received by the portable communication device 122. The
390 received in the external authorization message from the
outbound message 412 can be either a well known selective
controller 112. The processor 308 then calls on a placer
call message, or an external authorization response message
element 354 which uses the secure encryption key 312 to
in accordance with the present invention. When the outencrypt the verification elements and then stores the result in
bound message 412 is an external authorization response
the authorization records 380 in the RAM 378.
60 message, the message received by the portable communication device 122 is an encrypted message 414. The
For cooperation with the auditing operation of the fixed
encrypted message 414 comprises an authorization comportion 102, the processor 308 is programmed by way of the
ROM 310 to maintain in the RAM 378 a record (not shown)
mand 416, a process name 418 and, optionally, an expiration
of usage of the process 398, and to report the usage in
time 420. When the authorization command 416 is an
response to receiving a usage audit command from the fixed 65 authorization command denying authorization for utilization
portion 102 of the communication system. In addition, the
of a requested process, then the expiration time 420 is not
processor 308 is programmed to maintain the record of
included in the encrypted external authorization response
ITC Inv. No. 337-TA-
MOT ITC 0002674
6,008,737
13
14
message. It will be appreciated that the outbound external
the portable communication device 122 received on the
authorization response message can be extended to include
inbound channel, as described further herein below. It will
be further appreciated that, alternatively, other communicamultiple authorizations and/or denials by sending a plurality
tion protocols which support two-way communication can
of authorization commands 416, associated process names
418 and, optionally, expiration times 420.
5 be used.
Similarly, the inbound sync 426 provides the base stations
Referring to FIG. 6, a flow chart 500 depicting an autho116 a means for synchronization utilizing techniques well
rization operation of the fixed portion 102 in response to a
known in the art. The inbound message 428 can be either a
message originated by the portable communication device
well known acknowledge-back response message, or an
122 in accordance with the preferred embodiment of the
external authorization request message in accordance with 10 present invention begins with step 502 where the controller
the present invention. When the inbound message 428 is an
112 receives an encrypted external authorization request
external authorization request message, the message transmessage. In step 504 the controller 112 deciphers the
mitted hy the portahle communication device 122 is an
encrypted message using the secure encryption key 231
encrypted message 430. Thc encrypted message 430 comThe cncryptcd mcssagc
cncryptcd mcssagc
stored in the ROM 228. In step 506 the controller 112
prises an authorization request command 432, an address 15 identifies the portable communication device 122 requesting
434 corresponding to the portable communication device
the authorization by the address 434 received. Additionally,
122, a process name 436, a process size 438 and a secure
the controller 112 reads the process verification elements
CRC 440. The secure CRC is determined, as described
included in the external authorization request message. In
above, using the secure polynomial 311 over the hardware or
step 508 the controller 112 checks for a match between the
software module's process executable 398. It will be appre- 20 process verification elements received and the list of process
ciated that the authorization request command 432 can be
records 220 corresponding to the portable communication
included as part of the field of the address 434. It will also
fOllnd,
device 122. If a match is found, then in step 510 an external
be appreciated that multiple authorization requests can be
authorization response message is constructed authorizing
included within the same inbound message by sending a
utilization of the process. The external authorization
plurality of process names 436 and process sizes 438 with 25 response message comprising the authorization command
their associated secure CRCs 440.
416 allowing utilization of the process, the process name
During selective call messaging between the base stations
418 of the process authorized and an expiration time 420 for
116 and the portable communication devices 122, the comthe process. Before sending the message to the base stations
munication system protocol described above begins with an
116 for transmission, the external authorization response
outbound message which delivers a message to a portable 30 message is encrypted using the secure encryption key 231 as
communication device 122. The portable communication
described above. When a match is not found, then in step
device 122 can, optionally, acknowledge reception of the
512 an external authorization response message with an
"authorization denied" command is constructed. The extermessage on the inbound channel. Acknowledgment mesnal authorization response message then comprises the
sages from the portable communication device 122 are
transmitted on the inbound channel during a scheduled 35 authorization command 416 for denying authorization to the
period which is referenced to the time boundary 403
requested process, and the associated process name 418. The
described above. Scheduled inbound messages are preferdenial message, as described above, is encrypted by the
controller 112 using the secure encryption key 231. Once
ably reserved for acknowledgment messaging from the
portable communication devices 122. However, when a user
either type of the external authorization response message is
invokes a process which requires transmitting an external 40 constructed, then in step 514 the message is sent to the
authorization request message to the base stations 116, the
transmitter 202 of the base station 116 where it is transmitted
portable communication device 122 uses an unscheduled
to the portable communication device 122. In step 516 the
controller 112 checks for a message acknowledgment
time period (slot) referenced to the time boundary 403 for
unscheduled messaging to the hase stations 116. Note that
response from the portahle communication device 122
messaging,
during inbound mcssaging, a timc pcriod rcfcrcnccd to thc 45 acknowledging rcccption of thc cxtcrnal authorization
time boundary 403 is reserved for both scheduled and
response message. If no acknowledgment is received, then
unscheduled inbound messages. Therefore, there is no conthe controller 112 resends the message in step 514. The
tention between scheduled and unscheduled inbound mescontroller 112, preferably, has an option to limit the number
of re-transmissions by using, for example, a maximum
sages. Since the number of unscheduled time slots is limited,
it is possible for contention to exist among a plurality of 50 resend count programmed by the system provider. Once an
portable communication devices 122 transmitting unschedacknowledgment is received, the controller 112 returns to
uled inbound messages. To resolve contention with unschedstep 502 where it processes subsequent external authorizauled inbound messages, the present invention preferably
tion request messages from the portable communication
utilizes ALOHA protocol as is well known by one of
devices 122.
ordinary skill in the art.
Referring to FIG. 7, a flow chart 600 depicting an autho55
When the preferred embodiment of the present invention
rization operation of the portable communication device 122
as it attempts to obtain authorization to use a process in
is acquiring authorization of hardware and software modules
remotely as just described, it will be appreciated that mesaccordance with the preferred embodiment of the present
sage transactions originate first from the portable commuinvention begins with anyone of steps 602, 604 and 606. In
nication device 122 as unscheduled inbound messages. 60 step 602 the user installs a hardware or software module and
Subsequent responses from the fixed portion 102 of the
registers the hardware or software module by sending preferably an authorization medium 375 comprising a registracommunication system are received on the outbound chantion form and proof of purchase receipt. In step 606 the user
nel. When the preferred embodiment of the present invention is performing auditing and message sending operations
can receive over-the-air (OTA) programming of a software
of the fixed portion 102, it will be appreciated that the 65 process. The request for an OTA software download can be
performed by the user by way of a conventional telephone
message transactions originate first from the fixed portion
102 as outbound messages, with subsequent responses from
124 call to the system provider. It will be appreciated that
ITC Inv. No. 337-TA-
MOT ITC 0002675
6,008,737
15
16
where the process verification elements are decrypted and
other ways can be used for requesting OTA programming of
a software process, such as by the use of appropriate
then checked against the requested process executable 398.
functions provided by the user controls 364, in the portable
If the process verification elements are determined to be
valid, then in step 638 process execution is invoked if it has
communication device 122 for requesting software processes. Once a software or hardware module has been added 5 not already been invoked by step 610. Validation of the
process verification elements consists of matching the ranto the portable communication device 122 by way of OTA
dom CRC generated over the process executahle 398 of the
programming or userinstallation, the user can request execurequested hardware or software module with the random
tion of the process in step 604. In step 610 the process is
eRe found in the internal authorization record. If the
CRC
immediately executed without initial authorization. It will be
appreciated that the portable communication device 122, 10 process verification elements are determined to be invalid,
then in step 640 process execution is denied, and in step 642
optionally, can be programmed by the system provider to
the process is discarded from memory (for a software
skip step 610. In step 612 the processor 308 of the portable
module) and an alert signal is created. The alert signal is
communication device 122 checks for the presence of an
preferably an audible and visual alert signal using the
internal authorization record 382 in the authorization records
alerting device 366 and display 368 of the portable com380 stored in the RAM 378. Each internal authorization
15 munication device 122. Optionally, an alert signal can be
record 382 is decrypted using the secure encryption key 312
sent to the controller 112 alerting the communication system
stored in the ROM 310. A match is checked between the
that an attempt to use an invalid hardware or software
process name 386 of the internal authorization record 382
module has been detected.
and the process name of the requested process. If a match is
Thus, it should be apparent by now that the present
not found, the processor 308 proceeds to step 614 where an 20
invention provides a method and apparatus for controlling
encrypted external authorization request message is conutilization of a hardware or software process added to a
structed comprising the authorization request command 432,
portable communication device 122. In particular, the
the address 434 of the portable communication device 122,
present invention provides a novel method and apparatus for
the process name 436, the process size 438, and the secure
eRe 440 of the process executable 398 requested. In step 25 remotely authorizing software and hardware modules added
CRC
to a portable communication device 122. With the present
616 the encrypted external authorization request is transinvention, the authenticity of process executables 398 used
mitted to the base stations 116. In step 618 the processor 308
by software and hardware modules can advantageously be
waits for an external authorization response message from
validated by the fixed portion 102 of the communication
the base stations 116. If no external authorization response
message has been received, then in step 628 a time-out 30 system. In addition, the fixed portion 102 of the communication system can keep track of unauthorized installations
(TMO) indicator is checked. If the TMO indicator has
and can act upon unauthorized additions of software and
expired, then in step 630 a resend counter is checked for
hardware modules to the portahle communication devices
re-transmission requests. If re-transmission requests of the
122 by disabling operation of a portable communication
encrypted external authorization request message have been
exceeded, then in step 632 the process execution is denied 35 device 122 using OTA techniques. Another advantage of the
present invention is the option for the system provider to
and the user is alerted by the alerting device 366 and display
program the portable communication device 122 to execute
368 of the portable communication device 122. If the resend
a hardware or software process without receiving immediate
counter has not been exceeded, then the processor 308
authorization. This option provides a user immediate access
resends the encrypted external authorization message in step
614. If in step 628 the TMO indicator has not expired, then 40 to a hardware or software process without burdening the
user with the delay of receiving authorization for the prothe processor 308 continues to wait for an external authocess. The present invention also provides an authorization
rization response message from the base stations 116. If an
method which is secure for both inbound and outbound
external authorization response message is received, then
messaging by using a message encryption technique
step 620 checks if the requested process has heen authorized
cxecution.
the
for cxccution. If thc requested process has been denied 45 described above.
What is claimed is:
authorization, then step 640 is invoked, where the process is
1. An apparatus at a fixed portion of a communication
denied execution, and subsequently discarded in step 642
system for authorizing utilization of software in a portable
alerting the user to authorization denial. If the requested
portion of the communication system, the apparatus comprocess has been authorized for execution, then in step 622
50 prising:
preferably two bytes are chosen from within the process 50
a processor;
executable 398 of the hardware or software module to create
a memory coupled to the processor for maintaining a list
a 16 bit random polynomial generator. The random bytes are
of authorized software corresponding to the portable
chosen using the real-time clock 399 and user controls 364
portion;
as described above. In step 624, the processor 308 generates
a request receiver element coupled to the processor for
a random eRe over the process executable 398 of the 55
CRC
receiving a request from the portable portion, the
authorized hardware or software module. In step 626, an
request including an address identifying the portable
internal authorization record 382 is created comprising the
portion, and a software name;
random address pointers 384, the process name 386, the
a list checker element coupled to the processor for checkprocess size 387, the random eRe 388, and the expiration
CRC
time 390 of the authorized process. The internal authoriza- 60
ing the list of authorized software corresponding to the
tion record 382 is encrypted with the secure encryption key
portable portion identified by the address, to determine
312 stored in the ROM 310. Once the internal authorization
whether the software corresponding to the software
name is authorized; and
record 382 has been created, the processor 308 continues to
step 638 where process execution is invoked if it has not
an external authorization element coupled to the processor
already been invoked by step 610.
for transmitting the external authorization to the por65
In the case where in step 612 an internal authorization
table portion in response to the software being authorized for the portable portion.
record 382 is found, the processor 308 continues to step 636
ITC Inv. No. 337-TA-
MOT ITC 0002676
6,008,737
17
18
2. The apparatus of claim 1 in which the request includes
the software for which the portable communication device is
a secure checksum.
requesting authorization.
3. The apparatus of claim 2 in which the secure checksum
S.
8. The portable communication device of claim 7 in which
is a secure cyclic redundancy check of the software for
the secure cyclic redundancy check is generated by the
which the portable portion is requesting authorization.
5 portable communication device by using a secure polyno4. The apparatus of claim 3 in which the apparatus uses a
mial stored in the portable communication device.
secure polynomial stored in the memory of the apparatus to
9. A portable communication device in a communication
calculate the secure cyclic redundancy check.
system having a fixed portion, the portable communication
5. The apparatus of claim 1 in which the request includes
10 device comprising:
a software size.
6. A portable communication device in a communication
a processor;
system having a fixed portion, the portable communication
for
an authorization element coupled to the processor [or
device comprising:
obtaining usage authorization for utilizing software in
a processor;
the portable communication device, in which the authoan authorization element coupled to the processor for 15
rization element generates an external authorization
obtaining usage authorization for utilizing software in
request, and in which the authorization element comthe portable communication device, in which the authomunicates with the fixed portion to obtain the usage
rization element generates an external authorization
authorization in response to the external authorization
request, and in which the authorization element comrequest, and in which the external authorization request
municates with the fixed portion to obtain the usage 20
includes at least one of: an address identifying the
authorization in response to the external authorization
portable communication device, a software name and a
request, and in which the external authorization request
size of the software; and
includes a secure checksum; and
a second authorization element coupled to the processor
a second authorization element coupled to the processor 25
for allowing utilization of the software, in response to
for allowing utilization of the software, in response to
usage authorization being obtained from the fixed porusage authorization being obtained from the fixed portion.
tion.
7. The portable communication device of claim 6 in which
the secure checksum is a secure cyclic redundancy check of
* * * * *
ITC Inv. No. 337-TA-
MOT ITC 0002677
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?