Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
System and method for controlling features on a device
US9485223B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9485223-B2 |
| Application number | US-31461008-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 12, 2008 |
| Priority date | Dec 13, 2007 |
| Publication date | Nov 1, 2016 |
| Grant date | Nov 1, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method operable with a feature controller enabling device features of an integrated circuit device to be controlled, said feature controller performing: participating in a public key based key agreement with a remote feature control server, using a connection between said feature controller and said feature control server, to establish a shared secret with said feature control server; storing the shared secret in a secure memory store within the feature controller; receiving a feature set from said feature control server, said feature set having undergone cryptographic processing to encrypt the feature set using said shared secret; using a cryptographic unit, performing complementary cryptographic processing on said received encrypted feature set using said shared secret stored in the secure memory store to decrypt the feature set; storing the decrypted feature set in the feature controller; and selectively activating/deactivating device features of the integrated circuit device based on the decrypted feature set to control one or more of said device features. 2. The method according to claim 1 wherein said feature set identifies one or more features of the integrated circuit device to be activated or deactivated. 3. The method according to claim 2 wherein said one or more features are activated or deactivated by setting selected ones of an array of bits, each bit corresponding to one of said features. 4. The method according to claim 2 wherein said one or more features are activated by having said feature controller access a memory map. 5. The method according to claim 4 wherein said memory map comprises one or more permit masks and one or more forbid masks pertaining to operations for controlling said features. 6. The method according to claim 1 wherein the integrated circuit device comprises the feature controller for controlling a plurality of features. 7. The method according to claim 1 wherein the integrated circuit device comprises a plurality of feature controllers for controlling a plurality of respective features. 8. The method according to claim 1 wherein said complementary cryptographic processing further comprises using a decrypted version of said feature set to generate a message authentication code (MAC) and using said MAC to verify said feature set prior to implementing said feature set. 9. The method according to claim 1 wherein said cryptographic processing comprises signing said feature set using a unique identifier for said feature controller and said complementary cryptographic processing comprises verifying a signature on said feature set. 10. The method according to claim 9 wherein said complementary cryptographic processing further comprises validating a certificate provided by said feature control server. 11. The method according to claim 9 wherein said establishing said connection between said feature controller and said feature control server comprises generating a nonce, combining said nonce with said unique identifier, and providing the combination to said feature control server for use in generating said signature. 12. The method according to claim 1 wherein said shared secret is established using an elliptic curve cryptographic key. 13. The method according to claim 1 wherein said shared secret is generated using an ephemeral key pair utilized in said public key based key agreement and injected into the feature controller by the feature control server. 14. The method according to claim 13 wherein said complementary cryptographic processing comprises using said shared secret for the duration of a programming session to decrypt messages encrypted by said feature control server using said shared secret. 15. The method according to claim 14 further comprising using a public key of said ephemeral key pair to verify signatures on said messages for the duration of said programming. 16. The method according to claim 1 further comprising providing feedback to said feature control server after selectively activating/deactivating the device features based on said feature set. 17. A feature controller for enabling control of device features of an integrated circuit device to be controlled, said feature controller comprising: a cryptographic unit for performing cryptographic operations, said cryptographic unit being configured to: participate in a public key based key agreement with a remote feature control server, using a connection between said feature controller and said feature control server, to establish a shared secret with said feature control server; store the shared secret in a secure memory store within the feature controller; receive a feature set from said feature control server, said feature set having undergone cryptographic processing to encrypt the feature set using said shared secret; perform complementary cryptographic processing on said received encrypted feature set using said shared secret stored in the secure memory store to decrypt the feature set; store the decrypted feature set in the feature controller; and selectively activate/deactivate device features of the integrated circuit device based on the feature set to control one or more of said device features; and the secure memory store for storing the shared secret. 18. The feature controller according to claim 17 wherein said feature set identifies one or more features in said system to be activated or deactivated. 19. The feature controller according to claim 18 wherein said one or more features are activated or deactivated by setting selected ones of an array of bits, each bit corresponding to one of said features. 20. The feature controller according to claim 18 wherein said one or more features are activated by having said feature controller access a memory map. 21. The feature controller according to claim 20 wherein said memory map comprises one or more permit masks and one or more forbid masks pertaining to operations for controlling said features. 22. The feature controller according to claim 17 wherein the integrated circuit device comprises one feature controller for controlling a plurality of features. 23. The feature controller according to claim 17 wherein the integrated circuit device comprises a plurality of feature controllers for controlling a plurality of respective features. 24. The feature controller according to claim 17 wherein said complementary cryptographic processing further comprises using a decrypted version of said feature set to generate a message authentication code (MAC) and using said MAC to verify said feature set prior to implementing said feature set. 25. The feature controller according to claim 17 wherein said cryptographic processing comprises signing said feature set using a unique identifier for said feature controller and said complementary cryptographic processing comprises verifying a signature on said feature set. 26. The feature controller according to claim 25 wherein said complementary cryptographic processing further comprises validating a certificate provided by said feature control server. 27. The feature controller according to claim 25 wherein said establishing said connection between said feature controller and said feature control server comprises generating a nonce, combining said nonce with said unique identifier, and providing the combination to said feature cont
Assignees
Inventors
Classifications
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
involving control of end-device applications over a network · CPC title
Metering · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9485223B2 cover?
- Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installat…
- Who is the assignee on this patent?
- Daskalopoulos Michael, Vadekar Ashok, Wong David, and 4 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 01 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).