Motorola Mobility, Inc. v. Apple Inc.
Filing
1
COMPLAINT for Patent Infringement against All Defendants. Filing fee $ 350.00 receipt number 113C-4398912, filed by Motorola Mobility, Inc.. (Attachments: # 1 Civil Cover Sheet, # 2 Summon(s), # 3 Exhibit 1, # 4 Exhibit 2, # 5 Exhibit 3, # 6 Exhibit 4, # 7 Exhibit 5, # 8 Exhibit 6)(Mullins, Edward)
<![CDATA[
EXHIBIT 5
111111
United States Patent
1111111111111111111111111111111111111111111111111111111111111
US006008737A
Deluca et al.
[54]
Date of Patent:
Assignee: Motorola, Inc., Schaumburg, Ill.
[ * l Notice:
This patent issued on a continued prosecution application filed under 37 CFR
1.53(d), and is subject to the twenty year
patent term provisions of 35 U.S.C.
154(a)(2).
[21]
Appl. No.: 08/672,004
[22]
Filed:
Jun. 24, 1996
Related U.S. Application Data
[63]
Continuation-in-part of application No. 08/452,785, May
30, 1995, Pat. No. 5,612,682.
[51]
[52]
Int. Cl. 6 ....................................................... G07D 7/00
U.S. Cl. ................................ 340/825.34; 340/825.34;
340/825.44; 455/408; 379/121; 705/32
Field of Search ......................... 340/825.34, 825.44,
340/825.33, 825.35, 825.22; 455/426, 405,
406, 408; 395/200.01, 200.05, 230, 232,
228, 229; 379/114, 121
[58]
[56]
References Cited
U.S. PATENT DOCUMENTS
4,875,038 10/1989 Siwiak et a!. ...................... 340/825.44
5,155,680 10/1992 Wiedemer ............................... 395/232
5,325,418 6/1994 McGregor eta!. ..................... 455/406
6,008,737
*Dec. 28, 1999
5,335,278 8/1994 Matchett et a!. ................... 340/825.34
5,371,493 12/1994 Sharpe et a!. ...................... 340/825.33
5,493,492 2/1996 Cramer et a!. .... ... .... ... ... ... ... ... 385/232
5,577,100 11/1996 McGregor et a!. ..................... 455/406
5,606,497 2/1997 Cramer et a!. .... ... .... ... ... ... ... ... 395/232
5,612,682 3/1997 De Luca et a!. ................... 340/825.44
5,633,932 5/1997 Davis et a!. ....................... 340/825.34
5,652,793 7/1997 Priem eta!. ....................... 340/825.34
5,664,006 9/1997 Monte et a!. ........................... 455/405
Inventors: Michael J. Deluca, Boca Raton; Doug
Kraul; Walter L. Davis, both of
Parkland, all of Fla.
[73]
Patent Number:
APPARATUS FOR CONTROLLING
UTILIZATION OF SOFTWARE ADDED TO A
PORTABLE COMMUNICATION DEVICE
[75]
[11]
[45]
[19J
Primary Examiner-Edwin C. Holloway, III
Assistant Examiner-Anthony A Asongwed
[57]
ABSTRACT
An apparatus at a fixed portion (102) of a communication
system controls utilization of software (398) in a portable
communication device (122) that includes a transceiver
(302) for communicating with the fixed portion. The portable communication device receives (604) a request for
utilization of the software. In response, the portable communication device seeks (612) a usage authorization for
utilizing the software by generating ( 614) an external authorization request (428) that includes at least one of a size
(396) of the software, a software name (394), a secure
checksum, and an address (313) identifying the portable
communication device, and by communicating (616) the
external authorization request to the fixed portion. The
secure checksum is a secure cyclic redundancy check of the
software for which the portable communication device is
requesting usage authorization, and is generated (624) by the
portable communication device from a secure polynomial
(311) stored in the portable communication device and
separately by the apparatus from a same secure polynomial
(230) stored in the apparatus. The portable communication
device disallows (640) the utilization of the software, m
response to the usage authorization being unobtainable.
9 Claims, 7 Drawing Sheets
U.S. Patent
Dec.28,1999
r-------~n
6,008,737
Sheet 1 of 7
________
1
,.-- 104
_____ _
r
PORT.
COMM
DEV.
122
122
PORT.
OMM.
DEV.
122
I
----1
118
118
116
r-116
116
.................----...,
BASE
STATION
BASE
STATION
BASE
STATION
114
CONTROLLER
L ________________
110
\....._ 101
PUBLIC
SWITCHED
TELEPHONE
NETWORK
FIG. I
102
J ____ _
U.S. Patent
6,008,737
Sheet 2 of 7
Dec.28,1999
1
214 ----------------------~
216 \l.
RAM
'l.._
218
·\.1
PORTABLE DEVICE RECORDS
PORTABLE DEVICE ADDRESS
220 ... ':--~~~~~r;I~P~R~O~C~E~S~~~R~E~CO~RD~~I
220
'-...L
I
PROCES; RECORD
-~IT~-2~~~~~g_~I
.
0
218 I
...
220
'--J..t-
PORTABLE DEVICE ADDRESS
1
~'Tii~~P~R~O~C~E~S~S~R~E~CO~R~D~~~
.
•
•
I
220
1
·~'lrii~__0
PR~O~C~E~S~S~R~E~C~OnR~D~I
226 ~
120
'
r - - - - - r 202
r -._____L_I_ST O_F_P_RO_C_E_S.;...S.;...E..;,S____.
__
1 I .____ _ _ _ _ _ _ _ _____.
\VI
·: I
II
TRANSMITTERl--j: I
101""'-•
~~~.._ PROCESSORt-r-208 _./
118
~:
~
I
111\:
·I
1
BASE
STATION
23~\....
212
206
1-----'
I
I
_)
h
'(
1
~
J
2~0
RCVR~
RECEIVER!-------~~---..INFC
204
116
I'
TEL.
INFC
,,
(228
-
-
-
-
-
231\....
234'-....
236,
-
-
FIG.2
SECURE ENCRYPTION KEY
CALL PROCESSING
PROCESS LISTER
238\....
112
200
ROM
SECURE POLYNOMIAL
23~'-
-
~
I
I
24~'-...
242'-
REQUEST RECEIVER
LIST CHECKER
EXTERNAL AUTHORIZATION
AUTHORIZATION DENIAL
CONTROLLER
1~'
I
U.S. Patent
Dec.28,1999
378
6,008,737
Sheet 3 of 7
RAM
'--
INFORMATION STORAGE
LOCATIONS
v--379
AUTHORIZATION RECORDS v--380
INTERNAL AUTHORIZATION ,- -382
384
ADDRESS POINTERS ,.386
I-PROCESS NAME
387
PROCESS SIZE
388
~
RANDOM CRC
390
,....EXPIRATION TIME
122
FIG. 3
..--
.
•
•
: AUTHORIZATION :
r---382
I
I
MEDIUM
I
384 I
L--------------.J
386
387
373
388
390 I
I
INTERNAL AUTHORIZATION
ADDRESS POINTERS I-PROCESS NAME
PROCESS SIZE
,..RANDOM CRC
EXPIRATION TIME
..---..--
r-------L----,
HW MODULE
.,..-392
SOFTWARE MODULE
394
i"""
PROCESS NAME
396
PROCESS SIZE
......
398
PROCESS EXECUTABLE
•
•
•
{374
....l_.
.... ...
g~
30
31 3
JJ
EEPROM
ADDRESS
\..
J;
.
r
...
~---~-y-
1---
t
..
J
~
J!l
,,
HW
':- MOD
... INFC
r-368
r-+1
DISPLAY
I
~
,
....
J
,, 372
-392
394
396
398
PROCESSOR
______ :
j~
398
T
I._
ll
POWER
SWITCH ....
364,
USER
L CONTROLS
,.-310
ROM
r
TRANSCEIVER
399
SECURE POLYNOMIAL
1---
REAL-TIMEL
CLOCK 1. .
.
'--311
SECURE ENCRYPTION KEY
302\
3
I
..
308\
I
I
II
PROCESS
EXECUTABLE
:
j
PROGRAM
INTERFACE
306
I
I
I I
370
SOFTWARE MODULE
PROCESS NAME
......
PROCESS SIZE
PROCESS EXECUTABLE
3 76
375
r______ C_ _____ ,
r-t--312
CALL PROCESSING
SECURITY
r---314
t--315
U.S. Patent
Dec.28,1999
6,008,737
Sheet 4 of 7
......__ 315
SECURITY
AUTHORIZATION
FIRST ALLOWER
SECOND ALLOWER
HARDWARE PERFORMER
SOFTWARE PERFORMER
316
1'- r- 318
r-.
320
~"'--322
......_ 324
1'-rINTERNAL AUTHORIZER
328
1'- 1-- 330
EXTERNAL AUTHORIZER
DETERMINATION
'r- 1-- 332
1'- ~334
RADIO AUTHORIZER
TRANSMITTER CONTROLLER ~ r-336
~"--
-
-
SECURE CHECKSUM
~
CALCULATOR
f'-_
SENDER
CREATOR
GENERATOR
CHOOSER
......_
r--....
CHECKSUM CALCULATOR t"-
I
STORER
PLACER
DISALLOWER
Fl RST DISABLER
SECOND DISABLER
THIRD DISABLER
FIG.4
-
3 38
340
... r--
344
3 46
3 48
3 50
1---•352
354
~"--356
.... r--358
.... -360
~'---
362
U.S. Patent
Dec.28,1999
416
6,008,737
Sheet 5 of 7
420
418
,............:;....__-,----;....__----,- ----c-!_ --------
I
PROCESS NAME EXPIRATION TIME
I
1
---------~
41
1:
rlENCRYPTEDI
MESSAGE
404
ENCRYPTED
MESSAGE
I
432
434
436
FIG.S
438
440
U.S. Patent
Dec.28,1999
6,008,737
Sheet 6 of 7
502
CONTROLLER RECEIVES ENCRYPTED
EXTERNAL AUTHORIZATION
REQUEST MESSAGE
CONTROLLER DECIPHERS ENCRYPTED
MESSAGE FROM THE PORTABLE
COMMUNICATION DEVICE
504
506
CONTROLLER IDENTIFIES THE PORTABLE
COMMUNICATION DEVICE BY SELECTIVE CALL
ADDRESS, AND PROCESS IS IDENTIFIED BY
PROCESS NAME, SIZE AND CRC
508
y
512
CONTROLLER SENDS
ENCRYPTED PROCESS
AUTHORIZATION INCLUDING
PROCESS NAME AND SIZE TO
BASE TRANSMITTER
CONTROLLER SENDS NOT
AUTHORIZED COMMAND TO
TRANSMITTER
514
BASE TRANSMITTER
TRANSMITS AUTHORIZATION ..-------.,
MESSAGE
516
500
FIG. 6
U.S. Patent
Dec.28,1999
6,008,737
Sheet 7 of 7
USER
RECEIVES OTA
PROGRAM
USER INSTALLS
USER REQUESTS
HARDWARE OR
1--_.1 EXECUTION OF A
SOFTWARE MODULE
PROCESS
AND SENDS
REGISTRATION
N
SEND TO TRANSMITTER
ENCRYPTED AUTHORIZATION
REQUEST,ADDRESS,PROCESS
NAME AND SIZE, AND SECURE CRC
616
ENCRYPTED
AUTHORIZATION
REQUEST TRANSMITTED
622
y
630
@
626
TORE ADDRESS POINTERS,
PROCESS NAME AND SIZE,
RANDOM CRC AND
EXPIRATION TIME
ENCRYPTED WITH SECURE
POLYNOMIAL GENERATOR
FIG. 7
6,008,737
1
2
APPARATUS FOR CONTROLLING
UTILIZATION OF SOFTWARE ADDED TO A
PORTABLE COMMUNICATION DEVICE
DESCRIPTION OF THE PREFERRED
EMBODIMENT
Referring to FIG. 1, an electrical block diagram of a
communication system in accordance with the preferred
This application is a continuation-in-part of application 5 embodiment of the present invention comprises a fixed
Ser. No. 08/452,785 filed May 30, 1995, by Deluca et al.,
portion 102 and a portable portion 104. The fixed portion
entitled "Method and Apparatus for Controlling Utilization
102 includes a plurality of base stations 116, for communiof a Process Added to a Portable Communication Device",
cating with the portable portion 104, utilizing conventional
now U.S. Pat. No. 5,612,682, issued Mar. 18, 1997.
techniques well known in the art, and coupled by commu10 nication links 114 to a controller 112 which controls the base
FIELD OF THE INVENTION
stations 116. The hardware of the controller 112 is preferably
This invention relates in general to communication
a combination of the Wireless Messaging Gateway
systems, and more specifically to a method and apparatus for
(WMG™) Administrator!™ paging terminal and the
controlling utilization of a process added to a portable
RF-Conductor!® message distributor manufactured by
15
communication device.
Motorola, Inc. The hardware of the base stations 116 is
preferably a combination of the Nucleus® RF-Orchestra! TM
BACKGROUND OF THE INVENTION
transmitter and RF-Audience!™ receivers manufactured by
In the past, paging devices were limited to alpha-numeric
Motorola, Inc. It will be appreciated that other similar
and voice paging. With technology improvements in circuit
hardware can be utilized as well for the controller 112 and
integration and more efficient communication protocols that 20 base stations 116.
provide two-way communication, paging devices have
Each of the base stations 116 transmits radio signals to the
grown in sophistication and services provided. With today's
portable portion 104 comprising a plurality of portable
technology improvements, paging devices are expected to
communication devices 122 via a transmitting antenna 120.
acquire more sophisticated functions such as electronic
The base stations 116 each receive radio signals from the
mailing services, spread sheet applications, investment 25
plurality of portable communication devices 122 via a
finance services such as stock market charts, quotation
receiving antenna 118. The radio signals comprise selective
requests, purchase and sale transactions, etc. These services
call addresses and messages transmitted to the portable
require sophisticated software applications and/or hardware
communication devices 122 and acknowledgments received
modules to be operated in the paging device. Paging devices
from the portable communication devices 122. It will be
using sophisticated services such as these will require a 30
appreciated that the portable communication devices 122
means for registration and licensing to prevent unauthorized
can also originate messages other than acknowledgments, as
use of processes, including software applications and hardwill be described below. The controller 112 preferably is
ware modules. In prior art devices registration has been
coupled by telephone links 101 to a public switched teleaccomplished by mailing a signed certificate with a purchase
phone network (PSTN) 110 for receiving selective call
receipt of a software application or hardware module. This 35
originations therefrom. Selective call originations comprisform of registration, however, does not prevent an unscruing voice and data messages from the PSTN 110 can be
pulous user from using pirated software applications and/or
generated, for example, from a conventional telephone 124
unauthorized hardware modules.
coupled to the PSTN 110 in a manner that is well known in
Thus, what is needed is a method and apparatus for
40 the art.
controlling utilization of a process added to a portable
Data and control transmissions between the base stations
communication device. Preferably, the method and appara116 and the portable communication devices 122 preferably
tus should serve as a mechanism to prevent unauthorized use
utilize a protocol similar to Motorola's well-known FLEX™
of software applications and hardware modules.
digital selective call signaling protocol. This protocol uti45 lizes well-known error detection and error correction techBRIEF DESCRIPTION OF THE DRAWINGS
niques and is therefore tolerant to bit errors occurring during
FIG. 1 is an electrical block diagram of a communication
transmission, provided that the bit errors are not too numersystem in accordance with the preferred embodiment of the
ous in any one code word.
present invention.
Outbound channel transmissions comprising data and
FIG. 2 is an electrical block diagram of elements of a fixed
50 control signals from the base stations 116 preferably utilize
portion of the communication system in accordance with the
two and four-level frequency shift keyed (FSK) modulation,
preferred embodiment of the present invention.
operating at sixteen-hundred or thirty-twohundred symbolsFIGS. 3 and 4 are elements of an electrical block diagram
per-second (sps), depending on traffic requirements and
of a portable communication device in accordance with the
system transmission gain. Inbound channel transmissions
preferred embodiment of the present invention.
55 from the portable communication devices 122 to the base
FIG. 5 is a timing diagram of elements of an outbound
stations 116 preferably utilize four-level FSK modulation at
protocol and an inbound protocol of the fixed and portable
a rate of ninety-six-hundred bits per second (bps). Inbound
portions of the communication system in accordance with
channel transmissions preferably occur during predeterthe preferred embodiment of the present invention.
mined data packet time slots synchronized with the outFIG. 6 is a flow chart depicting an authorization operation 60 bound channel transmissions. It will be appreciated that,
of the fixed portion in response to a message originated by
alternatively, other signaling protocols, modulation
the portable communication device in accordance with the
schemes, and transmission rates can be utilized as well for
preferred embodiment of the present invention.
either or both transmission directions. The outbound and
FIG. 7 is a flow chart depicting an authorization operation
inbound channels preferably operate on a single carrier
of the portable communication device as it attempts to 65 frequency utilizing well-known time division duplex (TDD)
obtain authorization to use a process in accordance with the
techniques for sharing the frequency. It will be further
preferred embodiment of the present invention.
appreciated that, alternatively, the outbound and inbound
6,008,737
3
channels can operate on two different carrier frequencies
using frequency division multiplexing (FDM) without
requiring the use of TDD techniques.
U.S. Pat. No. 4,875,038 to Siwiak et al., which describes
a prior art acknowledge-back radio communication system, 5
is hereby incorporated herein by reference. For further
information on the operation and structure of an
acknowledge-back radio communication system, please
refer to the Siwiak et al., patent.
Referring to FIG. 2, an electrical block diagram of ele- 10
ments 200 of the fixed portion 102 in accordance with the
preferred embodiment of the present invention comprises
portions of the controller 112 and the base stations 116. The
controller 112 comprises a processor 210 for directing
5
operation of the controller 112. The processor 210 preferably 1
is coupled through a transmitter interface 208 to a transmitter 202 via the communication links 114. The communication links 114 use conventional means well known in the art,
such as a direct wire line (telephone) link, a data communication link, or any number of radio frequency links, such 20
as a radio frequency (RF) transceiver link, a microwave
transceiver link, or a satellite link, just to mention a few. The
transmitter 202 transmits two and four-level FSK data
messages to the portable communication devices 122. The
processor 210 is also coupled to at least one receiver 204 25
through a receiver interface 206 via the communication links
114. The receiver 204 demodulates four level FSK and can
be collocated with the base stations 116, as implied in FIG.
2, but preferably is positioned remote from the base stations
30
116 to avoid interference from the transmitter 202. The
receiver 204 is for receiving one or more acknowledgments
and/or messages from the portable communication devices
122.
The processor 210 is coupled to a telephone interface 212 35
for communicating with the PSTN 110 through the telephone links 101 for receiving selective call originations. The
processor 210 is also coupled to a random access memory
(RAM) 214 comprising a database of portable device
records 216 and a database of processes 226. The database 40
of portable device records 216 contains, as a minimum, a list
of process records 220 for each portable communication
device 122. To access the list of process records 220 of a
portable communication device 122, a portable device
address 218 corresponding to the address of a portable 45
communication device 122 is used to search the database of
portable device records 216. The list of process records 220
specifies the software and hardware processes which are
authorized for use by a portable communication device 122
having the portable device address 218. Each process record 50
220 contains a list of process verification elements used for
process authorization of external authorization requests
transmitted by the portable communication devices 122, as
will be described below. The verification elements contained
in the process record 220 for both hardware and software 55
processes include a process name, a process size and a
secure cyclic redundancy check (CRC).
The database of processes 226 preferably comprises
binary executables (machine code) of many of the authorized software processes available for use by the portable 60
communication devices 122. The software processes stored
in the RAM 214 of the controller preferably can be delivered
to portable communication devices 122 by way of over-theair (OTA) programming utilizing techniques well known in
the art.
65
The processor 210 also is coupled to a read-only memory
(ROM) 228. It will be appreciated that other types of
4
memory, e.g., electrically erasable programn:~ble ROM
(EEPROM) or magnetic disk memory, can be utlhzed for the
ROM 228 as well as the RAM 214. It will be further
appreciated that the RAM 214 and the ROM 228, singly or
in combination, can be integrated as a contiguous portion of
the processor 210. Preferably, the processor 210 is similar to
the DSP56100 digital signal processor (DSP) manufactured
by Motorola, Inc. It will be appreciated that other similar
processors can be utilized for the processor 210, and that
additional processors of the same or alternate type can be
added as required to handle the processing requirements of
the controller 112.
The first two elements in the ROM 228 include a secure
polynomial230 and a secure encryption key 231. The secure
polynomial230 is used as a secure polynomial generator for
CRC verification of process executables requested by external authorization request messages transmitted by portable
communication devices 122. The portable communication
devices 122 use the same secure polynomial generator for
CRC generation. Using the same secure polynomial generator for both the fixed portion 102 and portable portion 104
of the communication system provides a means for verifying
authenticity of software and hardware processes requested
by the portable communication devices 122. The secure
encryption key 231 is used for encryption and decryption of
authorization messages transmitted between the portable
communication devices 122 and the base stations 116.
Similarly, the portable communication devices 122 use the
same secure encryption key for external authorization message transactions. Using secure encryption between the fixed
portion 102 and the portable portion 104 of the communication system provides a method for transmitting secure
two-way messages which are unlikely to be breached. The
encryption process converts an unscrambled sequence to a
pseudo-random sequence coded by a scrambler and decoded
by a descrambler. The scrambler and descrambler use preferably polynomial generators with feedback paths which use
modulo 2 (Exclusive Or) addition on the feedback taps. The
descrambler uses the same architecture as the scrambler for
descrambling the message. Using a nonlinear feedback shift
register (NFSR) architecture provides a secure approach for
message encryption which makes it difficult, if not computationally intractable for a person to decipher the encryption
key. The present invention preferably uses a conventional
self-synchronizing stream encryption system which utilizes
a NFSR architecture, as is well known by one of ordinary
skill in the art. It will be appreciated that, alternatively, other
methods which provide suitably secure encryption can be
used. It will be further appreciated that, alternatively, message transactions between the base stations 116 and the
portable communication devices 122 can be non-encrypted.
To protect against unauthorized access, the secure polynomial230 and the secure encryption key 231 preferably are
stored in a secure portion of the ROM 228 which can only
be accessed by the processor 210. Preferably, this portion of
the ROM 228 is integrated with the processor 210 as a
protected mask read only memory (MROM), and is programmed during the manufacturing process of the processor
210. As is well known by one of ordinary skill in the art,
once a protected MROM has been programmed the protected portion of the MROM is only accessible by the
processor 210 and cannot be accessed by external hardware
coupled to the processor 210. Alternatively, the secure
polynomial 230 and the secure encryption key 231 can be
included in are-programmable non-volatile memory such as
a FLASH memory, an EEPROM memory or magnetic disk
memory, but accessibility of the secure polynomial 230 and
6,008,737
5
6
secure encryption key 231 are preferably restricted by the
appreciated that, alternatively, the external authorization
service provider to authorized personnel only. Using
response message can include a plurality of process names
re-programmable non-volatile memories provides flexibility
and expiration times authorizing a plurality of processes
requested by the portable communication device 122.
of adding more polynomial elements and encryption keys
for system and subscriber unit expansion.
5 Before the external authorization element 240 sends the
external authorization response message to the transmitter
The ROM 228 of the processor 210 also includes firm202 of the base station 116, the external authorization
ware elements for use by the processor 210. The firmware
response message is encrypted, using the method described
elements include a call processing element 232, a process
above, to secure the RF transmission of the message. When
lister element 234, a request receiver element 236, a list
checker element 238, an external authorization element 240 10 the list checker element 238 denies authorization of a
process to a portable communication device 122, the proand an authorization denial element 242. The call processing
cessor 210 calls on the authorization denial element 242 to
element 232 handles the processing of an incoming call for
process the external authorization denial response message
a called party and for controlling the transmitter 202 to send
to be transmitted to the portable communication device 122.
a selective call message to the portable communication
device 122 corresponding to the called party, utilizing tech- 15 The external authorization denial response message comprises an authorization command which includes a "not
niques well known in the art. The process lister element 234
authorized" signal denying authorization, and a process
manages the database of portable device records 216 stored
name of the process being denied. It will be appreciated that
in the RAM 214 for each portable communication device
the external authorization denial response message can
122 utilizing database management techniques well known
in the art. The request receiver element 236 processes 20 include a plurality of process names denying authorization
to a plurality of processes requested by the portable comencrypted external authorization request messages received
munication device 122. As is done with the external authoby the receiver 204 of the base station 116 and originating
rization response message, the external authorization denial
from the portable communication devices 122. The
response message is encrypted before it is transmitted to the
encrypted external authorization request message is
decrypted with the secure encryption key 231 described 25 portable communication device 122 by the base stations 116.
According to an auditing operation of the fixed portion
above. The external authorization request for hardware and
102, the processor 210 is programmed by way of the ROM
software processes comprises at least a process name and a
228 to periodically audit the portable communication device
process size corresponding to the process, along with a
122 through a radio channel of the communication system to
secure checksum and an address identifying the portable
communication device 122. Optionally, an authorization 30 determine a catalog of internal authorizations 382 (FIG. 3)
stored in the portable communication device 122. In
request command can accompany the external authorization
addition, the processor 210 is programmed to periodically
request message. Preferably, the authorization request comaudit the portable communication device 122 through a
mand is included in the address portion of the portable
radio channel of the communication system to determine a
communication device 122 address. Alternatively, the authorization request command can be in a separate element in the 35 quantitative usage of each of the processes 398 (FIG. 3) used
by the portable communication device 122, and to bill a user
external authorization request message. The secure checkof the portable communication device 122 in response to the
sum is preferably a secure CRC of the software process for
quantitative usage determined. The processor 210 is also
which the portable communication device 122 is requesting
programmed by way of the ROM 228 to maintain a list of
authorization. The CRC is generated by the portable communication device 122 by using a polynomial generator 40 authorized processes 398 in the process records 220 corresponding to the portable communication device 122, and to
stored in its memory, which is the same as the secure
compare the catalog of internal authorizations 382 with the
polynomial 230 used by the controller 112, as described
list of authorized processes 398 corresponding to the porabove. The secure checksum provides a means for verifying
table communication device to determine whether any of the
that the process being used by the portable communication
device 122 is an authorized version. The list checker element 45 internal authorizations 382 stored in the portable communication device 122 are invalid. The processor 210 is further
238 uses the address, corresponding to the portable comprogrammed by way of the ROM 228 to store an indication
munication device 122, received in the external authorizain a user database entry (not shown) in the RAM 214
tion request message as a portable device address 218. The
corresponding to the portable communication device 122
processor 210, as described above, searches through the
database of portable device records 216 to find the list of 50 that an invalid internal authorization 382 has been found
therein, in response to determining that at least one of the
process records 220 corresponding to the portable device
internal authorizations 382 stored in the portable commuaddress 218 matching the address of the portable communication device 122 is invalid. The processor 210 is also
nication device 122. The list checker element 238 then
programmed to transmit a command to the portable comchecks each process record 220 for a match to the process
name, process size and secure CRC received in the external 55 munication device 122 to delete at least one of the internal
authorizations 382, in response to determining that the at
authorization request message. If a match is found, then
least one of the internal authorizations 382 stored in the
authorization is given to the portable communication device
portable communication device 122 is invalid. These opera122 for using the requested software or hardware process. If
tional features will be described further herein below.
a match is not found, then authorization is denied. When the
According to a message sending operation of the fixed
list checker element 238 authorizes a process requested by 60
portion 102, the processor 210 is programmed by way of the
the portable communication device 122, the processor 210
calls on the external authorization element 240 to process
ROM 228 to queue a message for transmission to the
the external authorization response message to be transmitportable communication device 122, the message requiring
ted to the portable communication device 122. The external
a predetermined process 398 in the portable communication
authorization response message preferably comprises an 65 device 122 in order to process the message. In addition, the
processor 210 is programmed to determine that the portable
authorization command, the process name of the authorized
process and an expiration time for the process. It will be
communication device 122 does not have a predetermined
6,008,737
7
8
usage authorization 382 for utilizing the predetermined
above. The internal authorization record 382 for hardware
process 398; and in response, to grant the predetermined
and software processes comprises address pointers 384, a
usage authorization 382 to the portable communication
process name 386, a process size 387, a random CRC 388 of
device 122 through the radio channel of the communication
the authorized hardware or software process executable 398
system (after verifying, for example, that the account of the 5 and an expiration time 390. The address pointers 384
user of the portable communication device 122 is in good
preferably include two address pointers which point to two
standing). Preferably, the processor 210 determines that the
byte locations within the process executable 398 of the
portable communication device 122 does not have the
authorized hardware or software process. The two bytes are
predetermined usage authorization 382 by auditing the porchosen by a random process which preferably uses a realtable communication device 122 over the radio channel. It 10 time clock 399 for generating random address pointers. The
will be appreciated that, alternatively, the processor 210 can
real-time clock 399 determines time (in hours, minutes and
determine from its own internal process records 220 that the
seconds) and calendar date, which is also used for deterportable communication device 122 has not been previously
mining the expiration time of a process, as will be described
authorized for utilizing the predetermined process 398.
below. To determine the two random address pointers the
If the predetermined process 398 is a software process, the 15 real-time clock 399 is used in conjunction with the random
processor 210 is further programmed to determine that the
event of the user requesting use of a process through the user
portable communication device 122 does not have the
controls 364. When the user depresses a button on the user
software process, e.g., by receiving from the portable comcontrols 364 requesting execution of a process, the processor
munication device 122 a request for the software process;
308 reads the time specified by the real-time clock 399. The
and in response, to download the software process to the 20 real-time clock 399 reading is in binary format and is
portable communication device 122 through the radio chansufficiently long to cover a wide address spectrum. Dependnel. Preferably, before downloading the software process,
ing on the number of bytes contained in the process executthe processor 210 is further programmed to transmit terms of
able 398 the user is requesting, a limited number of bits are
a licensing agreement to the portable communication device
chosen in the real-time clock reading to cover the size of the
122, to receive from the portable communication device 122 25 process executable 398. The limited real-time clock reading
a reply indicating whether the user of the portable commuis then used as an address pointer to a first random byte in
nication device 122 agrees to the terms, and to omit downthe requested process executable 398. The second random
loading of the software process in response to the reply
address pointer points to a second random byte location. The
indicating that the user does not agree to the terms of the
two bytes together represent a 16 bit polynomial generator
licensing agreement. These operational features will be 30 seed for generating the random CRC 388 of the hardware or
described further herein below.
software process executable 398. As is well known by one
Referring to FIG. 3, an electrical block diagram of the
of ordinary skill in the art, a polynomial generator must
portable communication device 122 in accordance with the
follow certain guidelines such as, for example, the polynopreferred embodiment of the present invention comprises a
mial generator must not contain all zeros or all ones. When
transceiver antenna 303 for transmitting radio signals to the 35 the two bytes chosen violate any polynomial generator rules,
base stations 116 and for intercepting radio signals from the
the address pointers are moved to a next higher location in
base stations 116. The transceiver antenna 303 is coupled to
the process executable 398. If the end of the process
a transceiver 302 utilizing conventional techniques well
executable 398 is reached then the random address pointers
known in the art. The radio signals received from the base
wrap around to the beginning of the process executable 398.
stations 116 use conventional two and four-level FSK. The 40 This process continues until a valid set of bytes are chosen
radio signals transmitted by the portable communication
which meet the polynomial generator rules. It will be
device 122 to the base stations 116 use fourlevel FSK.
appreciated that, alternatively, more than two bytes can be
used for the random polynomial generator. The expiration
Radio signals received by the transceiver 302 produce
time 390 includes a date, and optionally a time when the
demodulated information at the output. The demodulated
information is coupled to the input of a processor 308, which 45 authorization of the hardware or software process expires.
processes the information in a manner well known in the art.
Whenever a process execution is requested by the user, the
Similarly, inbound response messages are processed by the
expiration time 390 is compared to the real-time clock 399
processor 308 and delivered to the transceiver 302 which is
to determine if authorization of the hardware or software
coupled to the processor 308. The response messages transprocess has expired. It will be appreciated that reprogrammitted by the transceiver 302 are preferably modulated using 50 mabie non-volatile memory devices, such as, for example,
four-level FSK.
EEPROM or FLASH memories, can be used to prevent loss
of the authorization records 380 stored in the RAM 378
A conventional power switch 306, coupled to the procesduring a power outage.
sor 308, is used to control the supply of power to the
transceiver 302, thereby providing a battery saving function.
The processor 308 is also coupled to a programming
The processor 308 is coupled to a random access memory 55 interface 374 and a hardware module interface 370. The
(RAM) 378 for storing messages in information storage
programming interface 374 allows for external software
locations 379. The RAM 378 further comprises authorizamodule download into the RAM 378. The programming
tion records 380 and software modules 392. The authorizainterface 374 preferably uses a serial communication interface 376 for communication with the processor 308. The
tion records 380 include internal authorization records 382
of processes, either software or hardware, which have been 60 serial interface preferably uses a conventional universal
authorized for use by the portable communication device
asynchronous receiver transmitter (UART) well known in
the art. The physical means for the interface preferably uses
122. The software modules 392 include a process name 394,
metal contacts. It will be appreciated that, alternatively,
a process size 396 and a process executable 398. The internal
authorization record 382 is encrypted using a secure encrypother physical means can be used, such as infrared, inductive
tion key 312 stored in a read only memory (ROM) 310 of the 65 coupling, etc. The hardware module interface 370 allows for
portable communication device 122. The encryption key
attachments of hardware modules to the portable commuused is the same as that used by the controller 112 described
nication device 122. The hardware module interface 370
6,008,737
9
preferably uses a hardware interface 372, well known in the
art, such as the Personal Computer Memory Card International Association (PCMCIA) interface. With this interface
any type of hardware module 373 conforming to the PCMCIAstandard can be attached to the portable communication 5
device 122. The function of the hardware module 373 can
include any number of functions such as a software module
hardware accelerator, video graphics card, expanded
memory card, etc. It will be appreciated that the programming interface 374 and the hardware module interface 370 10
can use other interfaces for software download and hardware
attachments, well known in the art.
The ROM 310 coupled to the processor 308 comprises a
secure polynomial 311, a secure encryption key 312 and
firmware elements for use by the processor 308. It will be 15
appreciated that other types of memory, e.g., EEPROM, can
be utilized as well for the ROM 310. The secure polynomial
311 includes a secure polynomial generator for CRC generation of hardware and software process executables 398.
The secure polynomial 311 used by the portable communi- 20
cation device 122 matches the secure polynomial 230 used
by the controller 112 described above. The secure encryption
key 312 is used for scrambling and descrambling external
authorization messages transmitted between the portable
communication device 122 and the base stations 116. The 25
secure encryption key 312 used by the portable communication device 122 matches the secure encryption key 231
used by the controller 112. The secure polynomial 311 and
secure encryption key 312 are stored in a protected portion
of the ROM 310 utilizing the techniques described for the 30
controller 112.
The firmware elements comprise a call processing element 314 which handles incoming messages on the outbound channel using techniques well known in the art. When
an address is received by the processor 308, the call pro- 35
cessing element 314 compares one or more addresses 313
stored in an EEPROM 309, and when a match is detected,
a call alerting signal is generated to alert a user that a
message has been received. The call alerting signal is
directed to a conventional audible or tactile alerting device 40
366 for generating an audible or tactile call alerting signal.
In addition, the call processing element 314 processes the
message which is received in a digitized conventional manner and then stores the message in one of the information
storage locations 379 in the RAM 378. The message can be 45
accessed by the user through user controls 364, which
provide functions such as lock, unlock, delete, read, etc.
More specifically, by the use of appropriate functions provided by the user controls 364, the message is recovered
from the RAM 378, and then displayed on a display 368, 50
e.g., a conventional liquid crystal display (LCD).
The firmware elements further comprise a security element 315 for processing authorization of software modules
392 and hardware modules 373. The elements contained in
the security element 315 are shown in FIG. 4. The security 55
element 315 includes an authorization element 316, a second
allower element 320, a creator element 344, a starer element
352, a disallower element 356 and a third disabler element
362. When a user requests utilization of a hardware or
software process by the use of appropriate functions pro- 60
vided by the user controls 364, the processor 308 calls on the
authorization element 316 to process the request. The processor 308 begins the authorization process by invoking a
first allower element 318 which, optionally, allows immediate utilization of the process requested. Whether or not the 65
first allower element 318 allows immediate utilization of a
process is determined by programming of the portable
10
communication device 122 performed by the system provider. The processor 308 follows by invoking a determination element 332 which is used for making a determination
of whether an internal authorization record 382 exists for
utilizing the hardware or software process. The determination of a valid internal authorization record 382 is made by
searching through the authorization records 380 for a process name 386 which matches the module name of the
hardware or software process requested by the user. If a
match is determined, then an internal authorizer element 328
is called on by the processor 308 to read the address pointers
384 to determine the random polynomial generator to be
used for random CRC generation over the process executable 398 of the hardware or software module. The internal
authorizer element 328 uses the process size 387 corresponding to the module size of the hardware or software
process executable 398 to calculate a random CRC over the
process executable 398 of the hardware or software process.
If the CRC generated matches the random CRC 388 stored
in the internal authorization record 382, then the processor
308 invokes the second allower element 320 to check the
expiration time 390 against the real-time clock 399. If the
expiration time has not expired, then the processor 308
allows the utilization of the process, in response to the usage
authorization being obtained. However, if the expiration
time has expired then the processor 308 calls on the third
disabler element 362 for disabling further utilization of the
process in response to an expiration of the usage authorization.
If the determination element 332 does not find an internal
authorization record 382 for the hardware or software process requested by the user, then a radio authorizer element
or authorizer element 334 is called on for communicating
with the fixed portion 102 by sending a signal indicative of
the hardware or software module to obtain the usage authorization as an external authorization, in response to the
internal authorization being absent from the authorization
records 380. The radio authorizer element 334 attempts to
obtain the usage authorization through a first radio channel
(the inbound channel) of the communication system. If the
external authorization request is denied, then the processor
308 calls on a first disabler element 358 to disable further
utilization of the process, in response to receiving a "not
authorized" signal through a second radio channel (the
outbound channel) of the communication system. If the
external authorization request is not received within a predetermined time interval, then the processor 308 invokes a
second disabler element 360 to disable utilization of the
process requested by the user. To create the external authorization request message, the radio authorizer element 334
invokes a transmitter controller element 336. The transmitter
controller element 336 calls on a secure checksum calculator
element 338 which uses the secure polynomial311 stored in
the ROM 310 to calculate a secure CRC over the process
executable 398 of the hardware or software process
requested by the user. Once the secure CRC is determined,
the processor 308 prepares an external authorization request
message comprising an authorization request command, the
address of the portable communication device 122, the
process name, the size of the hardware or software process
executable 398, and the secure CRC calculated by the secure
checksum calculator element 338. Once the external authorization request message has been determined the transmitter
controller element 336 encrypts the message with the secure
encryption key 312. The processor 308 then invokes a
sender element 340 and sends the message to the transceiver
302, which thereafter transmits the encrypted external
6,008,737
11
12
authorization request message to the base stations 116. If an
internal authorizations 382 present within the portable comencrypted external authorization response message is
munication device 122 for utilizing the processes 398, and
to report the internal authorizations 382 present, in response
received from the base stations 116 indicating the hardware
to receiving an internal authorization audit command from
or software process is authorized, then the processor 308
accesses a second allower element 320 to process the 5 the fixed portion 102 of the communication system. The
processor 308 is also programmed to delete an internal
message. If the external authorization response message was
authorization 382, in response to receiving a delete authofor a hardware module 373 authorizing utilization of the
rization command directed at the internal authorization 382
process, then the second allower element 320 invokes a
from the fixed portion 102 of the communication system.
hardware performer element 322 for performing the process
in accordance with circuits of the hardware module 373. If 10 These operational features will be described further herein
below.
the external authorization response message was for a software module 392 authorizing utilization of the process, then
For cooperation with the message sending operation of
the fixed portion 102, the processor 308 is programmed by
the second allower element 320 invokes a software performer element 324 for performing the process in accorway of the ROM 310 to control the transceiver 302 to
dance with instructions of the software module 392.
15 request a download of a predetermined software process 398
in response to receiving from the fixed portion 102 a
For software modules 392 or hardware modules 373
message that requires the predetermined software process
which are user-installed, an authorization medium 375
398 for processing the message. In addition, the processor
(preferably a registration form with proof of purchase) is
308 is programmed by way of the ROM 310 to control the
physically sent to the service provider to obtain authorization. When the user requests execution of the installed 20 display 368 to display the terms of a software license
agreement, in response to receiving the terms of the software
process, the process is optionally executed and the processor
license agreement from the fixed portion 102 through the
308 invokes the external authorizer element 330 to request
radio channel.
an external authorization from the controller 112. The external authorizer element 330 obtains usage authorization by
Referring to FIG. 5, a timing diagram 400 depicts elereceiving an external authorization from the service provider 25 ments of an outbound protocol and an inbound protocol of
through a radio channel (the outbound channel) of the
the fixed portion 102 and portable portion 104 of the
communication system. The external authorization request
communication system in accordance with the preferred
message sent to the base stations 116, as described above,
embodiment of the present invention. The signaling format
comprises an authorization request command, the portable
on the outbound and inbound channels preferably operates
communication device 122 address, the process name and 30 on a single carrier frequency utilizing well-known time
division duplex (TDD) techniques for sharing the frequency.
size, and a secure CRC of the hardware or software process
executable 398. When the controller 112 sends an authoriIt will be appreciated that the outbound and inbound chanzation message granting authorization of the hardware or
nels can use separate frequency channels utilizing frequency
division multiplexing (FDM) techniques well known in the
software process, the second allower element 320 allows the
utilization of the process, in response to the usage authori- 35 art. Using TDD transmission the outbound RF channel
zation being obtained. In response to obtaining an external
transmission is depicted during an outbound transmission
time interval 402, while the inbound RF channel transmisauthorization allowing utilization of a process, the processor
308 accesses the creator element 344 to create an internal
sion is depicted during an inbound transmission time interauthorization record 382. To create the internal authorization
val 404. The outbound transmission time interval 402 and
record the processor 308 invokes a generator element 346 40 the inbound transmission time interval 404 are subdivided
which first calls on a chooser element 348 to select preferby a time boundary 403. The time boundary 403 depicts a
ably two random bytes of the hardware or software process
point in time when the outbound transmissions cease and the
executable 398. The random bytes are preferably chosen
inbound transmissions commence.
using the real-time clock 399 and user invocation of the user
The elements of the outbound protocol comprise an
controls 364 as described above. Once the random bytes 45 outbound sync 406, a selective call address 408, a message
have been determined, and satisfy the polynomial generator
vector 410 and an outbound message 412, while the inbound
rules, a checksum calculator element 350 is invoked to
protocol comprises an inbound sync 426 and an inbound
perform a CRC generation on the process executable 398 of
message 428. The outbound sync 406 provides the portable
the hardware or software module. Once the random CRC
communication device 122 a means for synchronization
388 has been calculated, the starer element 352 collects the 50 utilizing techniques well known in the art. The selective call
verification elements used for the internal authorization
address 408 identifies the portable communication device
record 382. The verification elements comprise the address
122 for which the outbound message 412 is intended. The
pointers 384 for the random polynomial generator, the
message vector 410 points in time within the TDD signal
process name 386, the random CRC 388 calculated by the
format to the position of the outbound message 412 to be
checksum calculator element 350 and the expiration time 55 received by the portable communication device 122. The
390 received in the external authorization message from the
outbound message 412 can be either a well known selective
controller 112. The processor 308 then calls on a placer
call message, or an external authorization response message
element 354 which uses the secure encryption key 312 to
in accordance with the present invention. When the outencrypt the verification elements and then stores the result in
bound message 412 is an external authorization response
the authorization records 380 in the RAM 378.
60 message, the message received by the portable communiFor cooperation with the auditing operation of the fixed
cation device 122 is an encrypted message 414. The
portion 102, the processor 308 is programmed by way of the
encrypted message 414 comprises an authorization comROM 310 to maintain in the RAM 378 a record (not shown)
mand 416, a process name 418 and, optionally, an expiration
of usage of the process 398, and to report the usage in
time 420. When the authorization command 416 is an
response to receiving a usage audit command from the fixed 65 authorization command denying authorization for utilization
portion 102 of the communication system. In addition, the
of a requested process, then the expiration time 420 is not
processor 308 is programmed to maintain the record of
included in the encrypted external authorization response
6,008,737
13
14
message. It will be appreciated that the outbound external
the portable communication device 122 received on the
authorization response message can be extended to include
inbound channel, as described further herein below. It will
multiple authorizations and/or denials by sending a plurality
be further appreciated that, alternatively, other communicaof authorization commands 416, associated process names
tion protocols which support two-way communication can
418 and, optionally, expiration times 420.
5 be used.
Similarly, the inbound sync 426 provides the base stations
Referring to FIG. 6, a flow chart 500 depicting an autho116 a means for synchronization utilizing techniques well
rization operation of the fixed portion 102 in response to a
known in the art. The inbound message 428 can be either a
message originated by the portable communication device
well known acknowledge-back response message, or an
122 in accordance with the preferred embodiment of the
external authorization request message in accordance with 10 present invention begins with step 502 where the controller
the present invention. When the inbound message 428 is an
112 receives an encrypted external authorization request
external authorization request message, the message transmessage. In step 504 the controller 112 deciphers the
mitted by the portable communication device 122 is an
encrypted message using the secure encryption key 231
encrypted message 430. The encrypted message 430 comstored in the ROM 228. In step 506 the controller 112
prises an authorization request command 432, an address 15 identifies the portable communication device 122 requesting
434 corresponding to the portable communication device
the authorization by the address 434 received. Additionally,
122, a process name 436, a process size 438 and a secure
the controller 112 reads the process verification elements
CRC 440. The secure CRC is determined, as described
included in the external authorization request message. In
above, using the secure polynomial311 over the hardware or
step 508 the controller 112 checks for a match between the
software module's process executable 398. It will be appre- 20 process verification elements received and the list of process
ciated that the authorization request command 432 can be
records 220 corresponding to the portable communication
included as part of the field of the address 434. It will also
device 122. If a match is found, then in step 510 an external
be appreciated that multiple authorization requests can be
authorization response message is constructed authorizing
included within the same inbound message by sending a
utilization of the process. The external authorization
plurality of process names 436 and process sizes 438 with 25 response message comprising the authorization command
their associated secure CRCs 440.
416 allowing utilization of the process, the process name
418 of the process authorized and an expiration time 420 for
During selective call messaging between the base stations
116 and the portable communication devices 122, the comthe process. Before sending the message to the base stations
munication system protocol described above begins with an
116 for transmission, the external authorization response
outbound message which delivers a message to a portable 30 message is encrypted using the secure encryption key 231 as
communication device 122. The portable communication
described above. When a match is not found, then in step
512 an external authorization response message with an
device 122 can, optionally, acknowledge reception of the
"authorization denied" command is constructed. The extermessage on the inbound channel. Acknowledgment mesnal authorization response message then comprises the
sages from the portable communication device 122 are
transmitted on the inbound channel during a scheduled 35 authorization command 416 for denying authorization to the
requested process, and the associated process name 418. The
period which is referenced to the time boundary 403
denial message, as described above, is encrypted by the
described above. Scheduled inbound messages are preferably reserved for acknowledgment messaging from the
controller 112 using the secure encryption key 231. Once
either type of the external authorization response message is
portable communication devices 122. However, when a user
invokes a process which requires transmitting an external 40 constructed, then in step 514 the message is sent to the
authorization request message to the base stations 116, the
transmitter 202 of the base station 116 where it is transmitted
to the portable communication device 122. In step 516 the
portable communication device 122 uses an unscheduled
time period (slot) referenced to the time boundary 403 for
controller 112 checks for a message acknowledgment
unscheduled messaging to the base stations 116. Note that
response from the portable communication device 122
during inbound messaging, a time period referenced to the 45 acknowledging reception of the external authorization
time boundary 403 is reserved for both scheduled and
response message. If no acknowledgment is received, then
unscheduled inbound messages. Therefore, there is no conthe controller 112 resends the message in step 514. The
tention between scheduled and unscheduled inbound mescontroller 112, preferably, has an option to limit the number
of re-transmissions by using, for example, a maximum
sages. Since the number of unscheduled time slots is limited,
it is possible for contention to exist among a plurality of 50 resend count programmed by the system provider. Once an
portable communication devices 122 transmitting unschedacknowledgment is received, the controller 112 returns to
step 502 where it processes subsequent external authorizauled inbound messages. To resolve contention with unscheduled inbound messages, the present invention preferably
tion request messages from the portable communication
utilizes ALOHA protocol as is well known by one of
devices 122.
ordinary skill in the art.
55
Referring to FIG. 7, a flow chart 600 depicting an authorization operation of the portable communication device 122
When the preferred embodiment of the present invention
as it attempts to obtain authorization to use a process in
is acquiring authorization of hardware and software modules
remotely as just described, it will be appreciated that mesaccordance with the preferred embodiment of the present
sage transactions originate first from the portable commuinvention begins with any one of steps 602, 604 and 606. In
nication device 122 as unscheduled inbound messages. 60 step 602 the user installs a hardware or software module and
Subsequent responses from the fixed portion 102 of the
registers the hardware or software module by sending prefcommunication system are received on the outbound chanerably an authorization medium 375 comprising a registranel. When the preferred embodiment of the present invention form and proof of purchase receipt. In step 606 the user
tion is performing auditing and message sending operations
can receive over-the-air (OTA) programming of a software
of the fixed portion 102, it will be appreciated that the 65 process. The request for an OTA software download can be
message transactions originate first from the fixed portion
performed by the user by way of a conventional telephone
102 as outbound messages, with subsequent responses from
124 call to the system provider. It will be appreciated that
6,008,737
15
16
other ways can be used for requesting OTA programming of
where the process verification elements are decrypted and
a software process, such as by the use of appropriate
then checked against the requested process executable 398.
If the process verification elements are determined to be
functions provided by the user controls 364, in the portable
valid, then in step 638 process execution is invoked if it has
communication device 122 for requesting software processes. Once a software or hardware module has been added 5 not already been invoked by step 610. Validation of the
process verification elements consists of matching the ranto the portable communication device 122 by way of OTA
dom CRC generated over the process executable 398 of the
programming or userinstallation, the user can request execurequested hardware or software module with the random
tion of the process in step 604. In step 610 the process is
CRC found in the internal authorization record. If the
immediately executed without initial authorization. It will be
appreciated that the portable communication device 122, 10 process verification elements are determined to be invalid,
then in step 640 process execution is denied, and in step 642
optionally, can be programmed by the system provider to
the process is discarded from memory (for a software
skip step 610. In step 612 the processor 308 of the portable
module) and an alert signal is created. The alert signal is
communication device 122 checks for the presence of an
preferably an audible and visual alert signal using the
internal authorization record 382 in the authorization records
alerting device 366 and display 368 of the portable com380 stored in the RAM 378. Each internal authorization 15
munication device 122. Optionally, an alert signal can be
record 382 is decrypted using the secure encryption key 312
sent to the controller 112 alerting the communication system
stored in the ROM 310. A match is checked between the
that an attempt to use an invalid hardware or software
process name 386 of the internal authorization record 382
module has been detected.
and the process name of the requested process. If a match is
Thus, it should be apparent by now that the present
not found, the processor 308 proceeds to step 614 where an 20
invention provides a method and apparatus for controlling
encrypted external authorization request message is conutilization of a hardware or software process added to a
structed comprising the authorization request command 432,
portable communication device 122. In particular, the
the address 434 of the portable communication device 122,
present invention provides a novel method and apparatus for
the process name 436, the process size 438, and the secure
CRC 440 of the process executable 398 requested. In step 25 remotely authorizing software and hardware modules added
to a portable communication device 122. With the present
616 the encrypted external authorization request is transinvention, the authenticity of process executables 398 used
mitted to the base stations 116. In step 618 the processor 308
by software and hardware modules can advantageously be
waits for an external authorization response message from
validated by the fixed portion 102 of the communication
the base stations 116. If no external authorization response
message has been received, then in step 628 a time-out 30 system. In addition, the fixed portion 102 of the communication system can keep track of unauthorized installations
(TMO) indicator is checked. If the TMO indicator has
and can act upon unauthorized additions of software and
expired, then in step 630 a resend counter is checked for
hardware modules to the portable communication devices
re-transmission requests. If re-transmission requests of the
122 by disabling operation of a portable communication
encrypted external authorization request message have been
device 122 using OTA techniques. Another advantage of the
exceeded, then in step 632 the process execution is denied 35
present invention is the option for the system provider to
and the user is alerted by the alerting device 366 and display
program the portable communication device 122 to execute
368 of the portable communication device 122. If the resend
a hardware or software process without receiving immediate
counter has not been exceeded, then the processor 308
authorization. This option provides a user immediate access
resends the encrypted external authorization message in step
614. If in step 628 the TMO indicator has not expired, then 40 to a hardware or software process without burdening the
user with the delay of receiving authorization for the prothe processor 308 continues to wait for an external authocess. The present invention also provides an authorization
rization response message from the base stations 116. If an
method which is secure for both inbound and outbound
external authorization response message is received, then
messaging by using a message encryption technique
step 620 checks if the requested process has been authorized
described above.
for execution. If the requested process has been denied 45
What is claimed is:
authorization, then step 640 is invoked, where the process is
1. An apparatus at a fixed portion of a communication
denied execution, and subsequently discarded in step 642
system for authorizing utilization of software in a portable
alerting the user to authorization denial. If the requested
portion of the communication system, the apparatus comprocess has been authorized for execution, then in step 622
preferably two bytes are chosen from within the process 50 prising:
a processor;
executable 398 of the hardware or software module to create
a memory coupled to the processor for maintaining a list
a 16 bit random polynomial generator. The random bytes are
of authorized software corresponding to the portable
chosen using the real-time clock 399 and user controls 364
portion;
as described above. In step 624, the processor 308 generates
a request receiver element coupled to the processor for
a random CRC over the process executable 398 of the 55
receiving a request from the portable portion, the
authorized hardware or software module. In step 626, an
request including an address identifying the portable
internal authorization record 382 is created comprising the
portion, and a software name;
random address pointers 384, the process name 386, the
process size 387, the random CRC 388, and the expiration
a list checker element coupled to the processor for checktime 390 of the authorized process. The internal authoriza- 60
ing the list of authorized software corresponding to the
tion record 382 is encrypted with the secure encryption key
portable portion identified by the address, to determine
whether the software corresponding to the software
312 stored in the ROM 310. Once the internal authorization
record 382 has been created, the processor 308 continues to
name is authorized; and
step 638 where process execution is invoked if it has not
an external authorization element coupled to the processor
already been invoked by step 610.
65
for transmitting the external authorization to the porIn the case where in step 612 an internal authorization
table portion in response to the software being authorecord 382 is found, the processor 308 continues to step 636
rized for the portable portion.
6,008,737
17
2. The apparatus of claim 1 in which the request includes
a secure checksum.
3. The apparatus of claim 2 in which the secure checksum
is a secure cyclic redundancy check of the software for
which the portable portion is requesting authorization.
4. The apparatus of claim 3 in which the apparatus uses a
secure polynomial stored in the memory of the apparatus to
calculate the secure cyclic redundancy check.
5. The apparatus of claim 1 in which the request includes
a software size.
6. A portable communication device in a communication
system having a fixed portion, the portable communication
device comprising:
a processor;
an authorization element coupled to the processor for
obtaining usage authorization for utilizing software in
the portable communication device, in which the authorization element generates an external authorization
request, and in which the authorization element communicates with the fixed portion to obtain the usage
authorization in response to the external authorization
request, and in which the external authorization request
includes a secure checksum; and
a second authorization element coupled to the processor
for allowing utilization of the software, in response to
usage authorization being obtained from the fixed portion.
7. The portable communication device of claim 6 in which
the secure checksum is a secure cyclic redundancy check of
18
the software for which the portable communication device is
requesting authorization.
8. The portable communication device of claim 7 in which
the secure cyclic redundancy check is generated by the
5
portable communication device by using a secure polynomial stored in the portable communication device.
9. A portable communication device in a communication
system having a fixed portion, the portable communication
10 device comprising:
a processor;
15
20
25
an authorization element coupled to the processor for
obtaining usage authorization for utilizing software in
the portable communication device, in which the authorization element generates an external authorization
request, and in which the authorization element communicates with the fixed portion to obtain the usage
authorization in response to the external authorization
request, and in which the external authorization request
includes at least one of: an address identifying the
portable communication device, a software name and a
size of the software; and
a second authorization element coupled to the processor
for allowing utilization of the software, in response to
usage authorization being obtained from the fixed portion.
* * * * *
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
