6,008,737
`[11] Patent Number:
`[19]
`United States Patent
`
`Deluca et al.
`[45] Date of Patent:
`*Dec. 28, 1999
`
`USOO6008737A
`
`[54] APPARATUS FOR CONTROLLING
`UTILIZATION OF SOFTWARE ADDED TO A
`PORTABLE COMMUNICATION DEVICE
`
`[75]
`
`.
`-
`.
`Inventors EfigflieWAIEZerhffafiEsi? fiifim’fnoug
`’
`'
`’
`0
`0
`Parkland>a110fFla~
`
`[
`
`[73] Assignee: Motorola, Inc., Schaumburg, 111.
`*
`.
`.
`.
`.
`] Notice:
`ThIS. patent issued on a continued pros-
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent
`term provisions of 35 U.S.C.
`5400(2).
`
`.
`[21] Appl. No” 08/672’004
`[22]
`Filed:
`Jun. 24, 1996
`
`Related US. Application Data
`
`[63]
`
`Continuation—in—part of application No. 08/452,785, May
`30: 1995: Pat- N°~ 576127682
`
`...................... G07D 7/00
`Int. Cl.5
`[51]
`
`................................ 340/825.34; 340/825.34;
`[52] US. Cl.
`340/825.44; 455/408; 379/121; 705/32
`[58] Field 0f Search
`340/825 34 825 44
`340/8253382535825 22. 455/426 405’
`406 408? 39$202101 '20’005 230’ 232’
`’
`’
`228 ’229. 37’9/11i 121’
`’
`’
`’
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`...................... 340/825.44
`4,875,038 10/1989 Siwiak et al.
`5,155,680 10/1992 Wiedemer .........
`395/232
`
`5,325,418
`6/1994 McGregor et al.
`..................... 455/406
`
`................... 340/825.34
`8/1994 Matchett et al.
`5,335,278
`
`340/825.33
`12/1994 Sharpe et a1.
`5,371,493
`
`
`..... 385/232
`2/1996 Cramer et al.
`5,493,492
`..................... 455/406
`5,577,100 11/1996 McGregor et al.
`5,606,497
`2/1997 Cramer et al.
`.......................... 395/232
`5,612,682
`3/1997 De Luca etal.
`.
`340/825.44
`
`5,633,932
`.. 340/825.34
`5/1997 Davis et al.
`5,652,793
`.
`7/1997 Priem etal.
`340/825.34
`
`5,664,006
`9/1997 M t
`t
`1.
`..... 455/405
`on e e a
`Primary Examiner—Edwin C. Holloway, III
`Assistant Examiner
`A ithony A. Asongwed
`
`[57]
`
`ABSTRACT
`.
`.
`.
`An apparatus at a fixed portion (102) of a communication
`system controls utilization of software (398) in a portable
`communication device (122) that
`includes a transceiver
`(302) for communicating with the fixed portion. The por-
`table communication device receives (604) a request for
`utilization of the software. In response, the portable com-
`munication device seeks (612) a usage authorization for
`utilizing the software by generating (614) an external autho-
`rization request (428) that includes at least one of a size
`(396) of the software, a software name (394), a secure
`cheeksum, and an address (313) identifying the portable
`C0mmuni€afi°9deYice> and by communicating (.616) the
`external authorization request
`to the fixed portion. The
`secure checksum is a secure cyclic redundancy check of the
`software for which the portable communication device is
`requesting usage authorization, and is generated (624) by the
`portable communication deVice from a secure polynomial
`311
`d '
`h
`bl
`'
`'
`d
`'
`d
`store
`in t e porta e communication
`eVice an
`
`separately by the apparatus from a same secure polynomial
`(230) stored in the apparatus. The portable communication
`device disallows (640) the utilization of the software, in
`response to the usage authorization being unobtainable.
`
`9 Claims, 7 Drawing Sheets
`
`606
`USER
`ECEIVES OTA
`
`
`
`
`
`R D
`
`61
`
`602
`HARDWARE OR
`EXECUTION OF A
`USER INSTALLS I USER REQUESTS
`SOFTWARE MODULE
`PROCESS
`AND SENDS
`REGISTRATION
` PROCESS EXECUTED
`
`
`
`
`
`
`PROGRAM
`
`
`Y
`
`INTERNAL
`AUTH.
`AVAILABL
`7
`
`514
`SEND TO TRANSMITTER
`ENCRYPTED AUTHORIZATION
`
`REQUEST. ADDRESS. PROCESS
`
`NAME AND SIZE, AND SECURE CRC
`
`616
`
`ENCRVPTED
`AUTHORIZATION
`EXECUTED
`
`
`REQUEST TRANSMITFED
`
`9 PROCESS
`PROCESS
`
`
`EXECUTION
`DENIED
`
`PROCESS
`DISCARDED
`FROM MEMORY
`
`AND ALERT
`
`CHOOSE RANDOM
`BYTES FOR
`POLYNOMIAL
`
`GENERATOR
`GENERATE CRC FOR
`
`PROCESS USING
`
`RANDOM CRC
`GENERATOR
`
`PROCESS
`
`EXECUTION
`
`
`DENIED; USE'
`
` TORE ADDRESS POINTERS,
`
`ALERTED
`
`PROCESS NAME AND SIZE,
`RANDOM CRC AND
`
`EXPIRATION TIME
`
`
`ENCRVPTED WITH SECURE
`POLYNOMIAL GENERATOR
`
`
`
`698
`
`
`
`
`
`
`PETITIONERS EX. 1004 Page 1
`
`PETITIONERS Ex. 1004 Page 1
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 1 0f7
`
`6,008,737
`
`104
`
`I
`
`
`
`__
`
`118
`
`I
`I
`I
`
`|
`
`I
`
`I
`
`_|
`
`I____ ____ ____ __
`
`113
`
`120
`
`113
`
`'—
`
`1 a
`
`r
`I
`I V
`
`V
`
`K
`V
`
`V
`
`116
`
`K. 116
`
`11s
`
`BASE
`STATION
`
`BASE
`STATION
`
`BASE
`STATION
`
`114
`
`114
`
`114
`
`CONTROLLER
`
`1 12
`
`
`
`
` PUBLIC
`SWITCHED
`TELEPHONE
`NETWORK
`
`124
`
`TELEPHONE
`
`FIG. 1
`
`II
`
`I I
`
`I I I
`
`I I I I I I
`
`PETITIONERS EX. 1004 Page 2
`
`'—————————123 ———————— L— _____ '
`I
`K—
`I
`PORT
`
`I
`
`'
`I
`I
`
`I
`
`I
`
`I
`
`COMM
`DEV.
`
`f 122
`PORT.
`OMM.
`DEV.
`
`722
`PORT.
`OMM.
`DEV.
`
`122
`
`PORT.
`COMM
`
`DEV.
`
`PETITIONERS Ex. 1004 Page 2
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 2 0f 7
`
`6,008,737
`
`PORTABLE DEVICE RECORDS
`
`PORTABLE DEVICE ADDRESS
`
`PROCESS RECORD
`
`218
`
`220
`
`220
`
`226
`
`PROCESS RECORD LIST OF PROCESSES
`
`PROCESS RECORD
`
`PORTABLE DEVICE ADDRESS
`
`PROCESS RECORD
`
`I
`
`XMTR
`
`101
`
`PROCESSOR
`
`TEL-
`
`J
`212
`
`228
`
`118
`
`' 203
`I
`
`210
`
`206
`
`I '
`
`
`
`I
`
`:0“
`230
`(I
`STATION
`I
`|
`
`
`
`I
`SECURE POLYNOMIAL
`231
`116 -------- I
`
`SECURE ENCRYPTION KEY
`232
`I
`
`CALL PROCESSING
`I
`234
`I
`
`PROCESS LISTER
`236 I
`I
`
`
`REQUEST RECEIVER
`233
`I
`I
`
`LIST CHECKER
`240
`I
`11:I
`
`
`' —M 242 I EXTERNAL AUTHORIZATION
`
`FIG 2
`AUTHORIZATION DENIAL
`
`
`CONTROLLER
`
`PETITIONERS EX. 1004 Page 3
`
`PETITIONERS Ex. 1004 Page 3
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 3 0f 7
`
`6,008,737
`
`379
`
`380
`383,84
`386
`387
`388
`
`1—2—2
`FIG. 3
`
`K375
`39”
`IAUTHORIZATIONI
`2
`38384:
`MEDIUM
`:
`
`
`
`
`
`368
`
`366
`
`
`——
`——
`PROCESS SIZE
`
`RANDOM CRC
`
`EXPIRATION TIME
`
`——
`
`378
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ADDRESS POINTERS
`PROCESS NAME
`PROCESS SIZE
`RANDOM CRC
`EXPIRATION TIME
`
`SOFTWARE MODULE
`
`
`
`
`
`
`
`PROCESS NAME
`PROCESS SIZE
`
`PROCESS EXECUTABLE
`
`
`I
`I
`
`
`
`SOFTWARE MODULE
`
`
`
`
`
`
`
`PROCESS EXECUTABLE
`
`
`PROCESS NAME
`PROCESS SIZE
`
`374
`
`376
`
`PROGRAM
`INTERFACE
`
`308
`
`
`
`PROCESSOR
`
`364
`
`309
`
`313
`
`/¥
`
`306
`
`POWER
`SWITCH
`
`302
`
`3
`
`TRANSCEIVER
`
`399 REAL-TIME
`CLOCK
`
`HESS
`HEDIIIII
`
`'
`
`USER
`CONTROLS
`
`310
`
`
`
`SECURE POLYNOMIAL
`
`SECURE ENCRYPTION KEY
`
`CALL PROCESSING
`
`
`
`
`
`
`
`SECURITY
`
`
`H
`I
`
`311
`
`312
`
`314
`
`315
`
`PETITIONERS EX. 1004 Page 4
`
`PETITIONERS Ex. 1004 Page 4
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 4 0f7
`
`6,008,737
`
`315
`
`315
`I
`AUTHORIZATION
`318
`FIRST ALLOWER
`320
`I
`SECOND ALLOWER
`322
`II
`HARDWARE PERFORMER
`SOFTWARE PERFORMER .|| 324
`INTERNAL AUTHORIZER
`H 323
`EXTERNAL AUTHORIZER
`II
`330
`DETERMINATION
`II
`332
`RADIo AUTHORIZER
`I
`334
`TRANSMITTER CONTROLLER
`I
`336
`SECURE CHECKSUM
`Ill
`CALCULATOR ~ 333
`SENDER
`III
`340
`CREATOR
`I
`344
`GENERATOR
`I
`345
`CHOOSER
`I
`343
`CHECKSUM CALCULATOR
`I
`350
`
`352
`
`ml 352
`PLACER
`l
`354
`
`DISALLOWER
`I
`356
`FIRST DISABLER
`II
`353
`
`—SECONDDISABLER
`I
`360
`
`THIRD DISABLER
`
`FIG. 4
`
`PETITIONERS EX. 1004 Page 5
`
`PETITIONERS Ex. 1004 Page 5
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 5 0f 7
`
`6,008,737
`
`416
`
`418
`
`420
`
`A TH.
`5MB
`
`-------- 'l
`PROCESS NAME EXPIRATION TIME ;
`
`ENCRYPTED
`
`404
`
`MESSAGE OUTBOUND SEL. CALL
`
`MESSAGE
`VECTOR
`
`UTBOUND
`O
`MESSAGE
`
`
`
`
`
`SYNC
`
`ADDRESS
`
`406
`
`4a.
`
`412
`
`
`
`402
`
`
`
`
`INBOUND
`SYNC
`
`INBOUND
`MESSAGE
`
`
`
`
`
`
`ENCRYPTED
`
`430
`
`MESSAGE
`
`RQJE'ST ADDRESS PROCESS NAME PROCESS SIZE-
`
`432
`
`434
`
`436
`
`438
`
`44a
`
`400
`
`FIG. 5
`
`PETITIONERS EX. 1004 Page 6
`
`PETITIONERS Ex. 1004 Page 6
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 6 0f7
`
`6,008,737
`
`CONTROLLER RECEIVES ENCRYPTED
`EXTERNAL AUTHORIZATION
`REQUEST MESSAGE
`
`CONTROLLER DECIPHERS ENCRYPTED
`MESSAGE FROM THE PORTABLE
`COMMUNICATION DEVICE
`
`CONTROLLER IDENTIFIES THE PORTABLE
`COMMUNICATION DEVICE BY SELECTIVE CALL
`ADDRESS, AND PROCESS IS IDENTIFIED BY
`
`PROCESS NAME, SIZE AND CRC
`508
`AUTH.
`
`
`REQUEST
`VALID
`
`7
`
`510
`
`
`
`502
`
`504
`
`506
`
`512
`
`CONTROLLER SENDS
`
`ENCRYPTED PROCESS
`AUTHORIZATION INCLUDING
`PROCESS NAME AND SIZE TO
`
`BASE TRANSMITTER
`
`CONTROLLER SENDS NOT
`AUTHORIZED COMMAND TO
`TRANSMITTER
`
`BASE TRANSMITTER
`TRANSMITS AUTHORIZATION
`MESSAGE
`
`514
`
`Y
`
`ACK
`RECEIVED
`?
`
`500
`
`F123. 6
`
`PETITIONERS EX. 1004 Page 7
`
`PETITIONERS Ex. 1004 Page 7
`
`

`

`US. Patent
`
`Dec. 28, 1999
`
`Sheet 7 0f7
`
`6,008,737
`
`9
`
`602
`
`
`
`USER INSTALLS
`HARDWARE OR
`SOFTWARE MODULE
`AND SENDS
`REGISTRATION
`
`USER REQUESTS
`EXECUTION OF A
`PROCESS
`
`USER
`RECEIVES OTA
`PROGRAM
`
`606
`
`PROCESS XECUTED
`
`
`610
`
`0
`
`6’2
`N
`
`614
`
`
`SEND TO TRANSMITTER
`ENCRYPTED AUTHORIZATION
`
`
`REQUEST, ADDRESS, PROCESS
`
`
`NAME AND SIZE, AND SECURE CRC
`
`638
`
`Y
`
`Y
`
`636
`
`N
`
`
`
`PROCESS
`EXECUTED
`
`
`PROCESS
`EXECUTION
`
`DENIED
`
`
`
`PROCESS
`DISCARDED
`
`FROM MEMORY
`
`AND ALERT
`
`
`
`
`
`616
`
`620
`
`ENCRYPTED
`AUTHORIZATION
`REQUEST TRANSMITTED
`
`51"
`
`Y
`
`
`
`-
`
`©
`
`622
`
`
`
`v
`CHOOSE RANDOM
`BYTES FOR
`POLYNOMIAL
`
`
`GENERATOR
`
`
`
`
`
`TMO
`EXPIRED
`?
`
`Y
`
`
`
`
`GENERATE CRC FOR
`PROCESS USING
`RANDOM CRC
`GENERATOR
`
`
`
`
`6 4
`
`
`
`
`626
`
` TORE ADDRESS POINTERS,
`
`PROCESS NAME AND SIZE,
`
`
`RANDOM CRC AND
`EXPIRATION TIME
`ENCRYPTED WITH SECURE
`
`
`POLYNOMIAL GENERATOR
`
`PROCESS
`EXECUTION
`
`DENIED; USER
`ALERTED
`
`PETITIONERS EX. 1004 Page 8
`
`PETITIONERS Ex. 1004 Page 8
`
`

`

`6,008,737
`
`1
`APPARATUS FOR CONTROLLING
`UTILIZATION OF SOFTWARE ADDED TO A
`PORTABLE COMMUNICATION DEVICE
`
`This application is a continuation-in-part of application
`Ser. No. 08/452,785 filed May 30, 1995, by Deluca et al.,
`entitled “Method and Apparatus for Controlling Utilization
`of a Process Added to a Portable Communication Device”,
`now US. Pat. No. 5,612,682, issued Mar. 18, 1997.
`FIELD OF THE INVENTION
`
`to communication
`This invention relates in general
`systems, and more specifically to a method and apparatus for
`controlling utilization of a process added to a portable
`communication device.
`
`BACKGROUND OF THE INVENTION
`
`In the past, paging devices were limited to alpha-numeric
`and voice paging. With technology improvements in circuit
`integration and more efficient communication protocols that
`provide two-way communication, paging devices have
`grown in sophistication and services provided. With today’s
`technology improvements, paging devices are expected to
`acquire more sophisticated functions such as electronic
`mailing services, spread sheet applications,
`investment
`finance services such as stock market charts, quotation
`requests, purchase and sale transactions, etc. These services
`require sophisticated software applications and/or hardware
`modules to be operated in the paging device. Paging devices
`using sophisticated services such as these will require a
`means for registration and licensing to prevent unauthorized
`use of processes, including software applications and hard-
`ware modules. In prior art devices registration has been
`accomplished by mailing a signed certificate with a purchase
`receipt of a software application or hardware module. This
`form of registration, however, does not prevent an unscru-
`pulous user from using pirated software applications and/or
`unauthorized hardware modules.
`
`is needed is a method and apparatus for
`Thus, what
`controlling utilization of a process added to a portable
`communication device. Preferably, the method and appara-
`tus should serve as a mechanism to prevent unauthorized use
`of software applications and hardware modules.
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is an electrical block diagram of a communication
`system in accordance with the preferred embodiment of the
`present invention.
`FIG. 2 is an electrical block diagram of elements of a fixed
`portion of the communication system in accordance with the
`preferred embodiment of the present invention.
`FIGS. 3 and 4 are elements of an electrical block diagram
`of a portable communication device in accordance with the
`preferred embodiment of the present invention.
`FIG. 5 is a timing diagram of elements of an outbound
`protocol and an inbound protocol of the fixed and portable
`portions of the communication system in accordance with
`the preferred embodiment of the present invention.
`FIG. 6 is a flow chart depicting an authorization operation
`of the fixed portion in response to a message originated by
`the portable communication device in accordance with the
`preferred embodiment of the present invention.
`FIG. 7 is a flow chart depicting an authorization operation
`of the portable communication device as it attempts to
`obtain authorization to use a process in accordance with the
`preferred embodiment of the present invention.
`
`2
`DESCRIPTION OF THE PREFERRED
`EMBODIMENT
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Referring to FIG. 1, an electrical block diagram of a
`communication system in accordance with the preferred
`embodiment of the present
`invention comprises a fixed
`portion 102 and a portable portion 104. The fixed portion
`102 includes a plurality of base stations 116, for communi-
`cating with the portable portion 104, utilizing conventional
`techniques well known in the art, and coupled by commu-
`nication links 114 to a controller 112 which controls the base
`
`stations 116. The hardware of the controller 112 is preferably
`a combination of the Wireless Messaging Gateway
`(WMGTM) Administrator!TM paging terminal and the
`RF-Conductor!® message distributor manufactured by
`Motorola, Inc. The hardware of the base stations 116 is
`preferably a combination of the Nucleus® RF-Orchestra! TM
`transmitter and RF-Audience!TM receivers manufactured by
`Motorola, Inc.
`It will be appreciated that other similar
`hardware can be utilized as well for the controller 112 and
`base stations 116.
`
`Each of the base stations 116 transmits radio signals to the
`portable portion 104 comprising a plurality of portable
`communication devices 122 via a transmitting antenna 120.
`The base stations 116 each receive radio signals from the
`plurality of portable communication devices 122 via a
`receiving antenna 118. The radio signals comprise selective
`call addresses and messages transmitted to the portable
`communication devices 122 and acknowledgments received
`from the portable communication devices 122. It will be
`appreciated that the portable communication devices 122
`can also originate messages other than acknowledgments, as
`will be described below. The controller 112 preferably is
`coupled by telephone links 101 to a public switched tele-
`phone network (PSTN) 110 for receiving selective call
`originations therefrom. Selective call originations compris-
`ing voice and data messages from the PSTN 110 can be
`generated, for example, from a conventional telephone 124
`coupled to the PSTN 110 in a manner that is well known in
`the art.
`Data and control transmissions between the base stations
`
`116 and the portable communication devices 122 preferably
`utilize a protocol similar to Motorola’s well-known FLEXTM
`digital selective call signaling protocol. This protocol uti-
`lizes well-known error detection and error correction tech-
`
`niques and is therefore tolerant to bit errors occurring during
`transmission, provided that the bit errors are not too numer-
`ous in any one code word.
`Outbound channel
`transmissions comprising data and
`control signals from the base stations 116 preferably utilize
`two and four-level frequency shift keyed (FSK) modulation,
`operating at sixteen-hundred or thirty-twohundred symbols-
`per-second (sps), depending on traffic requirements and
`system transmission gain. Inbound channel transmissions
`from the portable communication devices 122 to the base
`stations 116 preferably utilize four-level FSK modulation at
`a rate of ninety-six-hundred bits per second (bps). Inbound
`channel
`transmissions preferably occur during predeter-
`mined data packet time slots synchronized with the out-
`bound channel transmissions. It will be appreciated that,
`alternatively, other signaling protocols, modulation
`schemes, and transmission rates can be utilized as well for
`either or both transmission directions. The outbound and
`
`inbound channels preferably operate on a single carrier
`frequency utilizing well-known time division duplex (TDD)
`techniques for sharing the frequency. It will be further
`appreciated that, alternatively, the outbound and inbound
`
`PETITIONERS EX. 1004 Page 9
`
`PETITIONERS Ex. 1004 Page 9
`
`

`

`6,008,737
`
`3
`channels can operate on two different carrier frequencies
`using frequency division multiplexing (FDM) without
`requiring the use of TDD techniques.
`US. Pat. No. 4,875,038 to Siwiak et al., which describes
`a prior art acknowledge-back radio communication system,
`is hereby incorporated herein by reference. For further
`information on the operation and structure of an
`acknowledge-back radio communication system, please
`refer to the Siwiak et al., patent.
`Referring to FIG. 2, an electrical block diagram of ele-
`ments 200 of the fixed portion 102 in accordance with the
`preferred embodiment of the present invention comprises
`portions of the controller 112 and the base stations 116. The
`controller 112 comprises a processor 210 for directing
`operation of the controller 112. The processor 210 preferably
`is coupled through a transmitter interface 208 to a transmit-
`ter 202 via the communication links 114. The communica-
`tion links 114 use conventional means well known in the art,
`such as a direct wire line (telephone) link, a data commu-
`nication link, or any number of radio frequency links, such
`as a radio frequency (RF) transceiver link, a microwave
`transceiver link, or a satellite link, just to mention a few. The
`transmitter 202 transmits two and four-level FSK data
`
`messages to the portable communication devices 122. The
`processor 210 is also coupled to at least one receiver 204
`through a receiver interface 206 via the communication links
`114. The receiver 204 demodulates four level FSK and can
`
`10
`
`15
`
`20
`
`25
`
`be collocated with the base stations 116, as implied in FIG.
`2, but preferably is positioned remote from the base stations
`116 to avoid interference from the transmitter 202. The
`
`30
`
`receiver 204 is for receiving one or more acknowledgments
`and/or messages from the portable communication devices
`122.
`
`The processor 210 is coupled to a telephone interface 212
`for communicating with the PSTN 110 through the tele-
`phone links 101 for receiving selective call originations. The
`processor 210 is also coupled to a random access memory
`(RAM) 214 comprising a database of portable device
`records 216 and a database of processes 226. The database
`of portable device records 216 contains, as a minimum, a list
`of process records 220 for each portable communication
`device 122. To access the list of process records 220 of a
`portable communication device 122, a portable device
`address 218 corresponding to the address of a portable
`communication device 122 is used to search the database of
`
`portable device records 216. The list of process records 220
`specifies the software and hardware processes which are
`authorized for use by a portable communication device 122
`having the portable device address 218. Each process record
`220 contains a list of process verification elements used for
`process authorization of external authorization requests
`transmitted by the portable communication devices 122, as
`will be described below. The verification elements contained
`
`in the process record 220 for both hardware and software
`processes include a process name, a process size and a
`secure cyclic redundancy check (CRC).
`The database of processes 226 preferably comprises
`binary executables (machine code) of many of the autho-
`rized software processes available for use by the portable
`communication devices 122. The software processes stored
`in the RAM 214 of the controller preferably can be delivered
`to portable communication devices 122 by way of over-the-
`air (OTA) programming utilizing techniques well known in
`the art.
`
`The processor 210 also is coupled to a read-only memory
`(ROM) 228.
`It will be appreciated that other types of
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`memory, e.g., electrically erasable programmable ROM
`(EEPROM) or magnetic disk memory, can be utilized for the
`ROM 228, as well as the RAM 214. It will be further
`appreciated that the RAM 214 and the ROM 228, singly or
`in combination, can be integrated as a contiguous portion of
`the processor 210. Preferably, the processor 210 is similar to
`the DSP56100 digital signal processor (DSP) manufactured
`by Motorola, Inc. It will be appreciated that other similar
`processors can be utilized for the processor 210, and that
`additional processors of the same or alternate type can be
`added as required to handle the processing requirements of
`the controller 112.
`The first two elements in the ROM 228 include a secure
`
`polynomial 230 and a secure encryption key 231. The secure
`polynomial 230 is used as a secure polynomial generator for
`CRC verification of process executables requested by exter-
`nal authorization request messages transmitted by portable
`communication devices 122. The portable communication
`devices 122 use the same secure polynomial generator for
`CRC generation. Using the same secure polynomial genera-
`tor for both the fixed portion 102 and portable portion 104
`of the communication system provides a means for verifying
`authenticity of software and hardware processes requested
`by the portable communication devices 122. The secure
`encryption key 231 is used for encryption and decryption of
`authorization messages transmitted between the portable
`communication devices 122 and the base stations 116.
`
`Similarly, the portable communication devices 122 use the
`same secure encryption key for external authorization mes-
`sage transactions. Using secure encryption between the fixed
`portion 102 and the portable portion 104 of the communi-
`cation system provides a method for transmitting secure
`two-way messages which are unlikely to be breached. The
`encryption process converts an unscrambled sequence to a
`pseudo-random sequence coded by a scrambler and decoded
`by a descrambler. The scrambler and descrambler use pref-
`erably polynomial generators with feedback paths which use
`modulo 2 (Exclusive Or) addition on the feedback taps. The
`descrambler uses the same architecture as the scrambler for
`
`descrambling the message. Using a nonlinear feedback shift
`register (NFSR) architecture provides a secure approach for
`message encryption which makes it difficult, if not compu-
`tationally intractable for a person to decipher the encryption
`key. The present invention preferably uses a conventional
`self-synchronizing stream encryption system which utilizes
`a NFSR architecture, as is well known by one of ordinary
`skill in the art. It will be appreciated that, alternatively, other
`methods which provide suitably secure encryption can be
`used. It will be further appreciated that, alternatively, mes-
`sage transactions between the base stations 116 and the
`portable communication devices 122 can be non-encrypted.
`To protect against unauthorized access, the secure poly-
`nomial 230 and the secure encryption key 231 preferably are
`stored in a secure portion of the ROM 228 which can only
`be accessed by the processor 210. Preferably, this portion of
`the ROM 228 is integrated with the processor 210 as a
`protected mask read only memory (MROM), and is pro-
`grammed during the manufacturing process of the processor
`210. As is well known by one of ordinary skill in the art,
`once a protected MROM has been programmed the pro-
`tected portion of the MROM is only accessible by the
`processor 210 and cannot be accessed by external hardware
`coupled to the processor 210. Alternatively,
`the secure
`polynomial 230 and the secure encryption key 231 can be
`included in a re-programmable non-volatile memory such as
`a FLASH memory, an EEPROM memory or magnetic disk
`memory, but accessibility of the secure polynomial 230 and
`
`PETITIONERS EX. 1004 Page 10
`
`PETITIONERS Ex. 1004 Page 10
`
`

`

`6,008,737
`
`5
`secure encryption key 231 are preferably restricted by the
`service provider to authorized personnel only. Using
`re-programmable non-volatile memories provides flexibility
`of adding more polynomial elements and encryption keys
`for system and subscriber unit expansion.
`The ROM 228 of the processor 210 also includes firm-
`ware elements for use by the processor 210. The firmware
`elements include a call processing element 232, a process
`lister element 234, a request receiver element 236, a list
`checker element 238, an external authorization element 240
`and an authorization denial element 242. The call processing
`element 232 handles the processing of an incoming call for
`a called party and for controlling the transmitter 202 to send
`a selective call message to the portable communication
`device 122 corresponding to the called party, utilizing tech-
`niques well known in the art. The process lister element 234
`manages the database of portable device records 216 stored
`in the RAM 214 for each portable communication device
`122 utilizing database management techniques well known
`in the art. The request receiver element 236 processes
`encrypted external authorization request messages received
`by the receiver 204 of the base station 116 and originating
`from the portable communication devices 122. The
`encrypted external authorization request message is
`decrypted with the secure encryption key 231 described
`above. The external authorization request for hardware and
`software processes comprises at least a process name and a
`process size corresponding to the process, along with a
`secure checksum and an address identifying the portable
`communication device 122. Optionally, an authorization
`request command can accompany the external authorization
`request message. Preferably, the authorization request com-
`mand is included in the address portion of the portable
`communication device 122 address. Alternatively, the autho-
`rization request command can be in a separate element in the
`external authorization request message. The secure check-
`sum is preferably a secure CRC of the software process for
`which the portable communication device 122 is requesting
`authorization. The CRC is generated by the portable com-
`munication device 122 by using a polynomial generator
`stored in its memory, which is the same as the secure
`polynomial 230 used by the controller 112, as described
`above. The secure checksum provides a means for verifying
`that the process being used by the portable communication
`device 122 is an authorized version. The list checker element
`
`238 uses the address, corresponding to the portable com-
`munication device 122, received in the external authoriza-
`tion request message as a portable device address 218. The
`processor 210, as described above, searches through the
`database of portable device records 216 to find the list of
`process records 220 corresponding to the portable device
`address 218 matching the address of the portable commu-
`nication device 122. The list checker element 238 then
`
`checks each process record 220 for a match to the process
`name, process size and secure CRC received in the external
`authorization request message. If a match is found, then
`authorization is given to the portable communication device
`122 for using the requested software or hardware process. If
`a match is not found, then authorization is denied. When the
`list checker element 238 authorizes a process requested by
`the portable communication device 122, the processor 210
`calls on the external authorization element 240 to process
`the external authorization response message to be transmit-
`ted to the portable communication device 122. The external
`authorization response message preferably comprises an
`authorization command, the process name of the authorized
`process and an expiration time for the process. It will be
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`the external authorization
`appreciated that, alternatively,
`response message can include a plurality of process names
`and expiration times authorizing a plurality of processes
`requested by the portable communication device 122.
`Before the external authorization element 240 sends the
`
`external authorization response message to the transmitter
`202 of the base station 116,
`the external authorization
`response message is encrypted, using the method described
`above, to secure the RF transmission of the message. When
`the list checker element 238 denies authorization of a
`
`process to a portable communication device 122, the pro-
`cessor 210 calls on the authorization denial element 242 to
`
`process the external authorization denial response message
`to be transmitted to the portable communication device 122.
`The external authorization denial response message com-
`prises an authorization command which includes a “not
`authorized” signal denying authorization, and a process
`name of the process being denied. It will be appreciated that
`the external authorization denial response message can
`include a plurality of process names denying authorization
`to a plurality of processes requested by the portable com-
`munication device 122. As is done with the external autho-
`
`rization response message, the external authorization denial
`response message is encrypted before it is transmitted to the
`portable communication device 122 by the base stations 116.
`According to an auditing operation of the fixed portion
`102, the processor 210 is programmed by way of the ROM
`228 to periodically audit the portable communication device
`122 through a radio channel of the communication system to
`determine a catalog of internal authorizations 382 (FIG. 3)
`stored in the portable communication device 122.
`In
`addition, the processor 210 is programmed to periodically
`audit
`the portable communication device 122 through a
`radio channel of the communication system to determine a
`quantitative usage of each of the processes 398 (FIG. 3) used
`by the portable communication device 122, and to bill a user
`of the portable communication device 122 in response to the
`quantitative usage determined. The processor 210 is also
`programmed by way of the ROM 228 to maintain a list of
`authorized processes 398 in the process records 220 corre-
`sponding to the portable communication device 122, and to
`compare the catalog of internal authorizations 382 with the
`list of authorized processes 398 corresponding to the por-
`table communication device to determine whether any of the
`internal authorizations 382 stored in the portable commu-
`nication device 122 are invalid. The processor 210 is further
`programmed by way of the ROM 228 to store an indication
`in a user database entry (not shown) in the RAM 214
`corresponding to the portable communication device 122
`that an invalid internal authorization 382 has been found
`
`therein, in response to determining that at least one of the
`internal authorizations 382 stored in the portable commu-
`nication device 122 is invalid. The processor 210 is also
`programmed to transmit a command to the portable com-
`munication device 122 to delete at least one of the internal
`
`authorizations 382, in response to determining that the at
`least one of the internal authorizations 382 stored in the
`
`portable communication device 122 is invalid. These opera-
`tional features will be described further herein below.
`
`According to a message sending operation of the fixed
`portion 102, the processor 210 is programmed by way of the
`ROM 228 to queue a message for transmission to the
`portable communication device 122, the message requiring
`a predetermined process 398 in the portable communication
`device 122 in order to process the message. In addition, the
`processor 210 is programmed to determine that the portable
`communication device 122 does not have a predetermined
`
`PETITIONERS EX. 1004 Page 11
`
`PETITIONERS Ex. 1004 Page 11
`
`

`

`6,008,737
`
`7
`usage authorization 382 for utilizing the predetermined
`process 398; and in response, to grant the predetermined
`usage authorization 382 to the portable communication
`device 122 through the radio channel of the communication
`system (after verifying, for example, that the account of the
`user of the portable communication device 122 is in good
`standing). Preferably, the processor 210 determines that the
`portable communication device 122 does not have the
`predetermined usage authorization 382 by auditing the por-
`table communication device 122 over the radio channel. It
`
`will be appreciated that, alternatively, the processor 210 can
`determine from its own internal process records 220 that the
`portable communication device 122 has not been previously
`authorized for utilizing the predetermined process 398.
`If the predetermined process 398 is a software process, the
`processor 210 is further programmed to determine that the
`portable communication device 122 does not have the
`software process, e.g., by receiving from the portable com-
`munication device 122 a request for the software process;
`and in response, to download the software process to the
`portable communication device 122 through the radio chan-
`nel. Preferably, before downloading the software process,
`the processor 210 is further programmed to transmit terms of
`a licensing agreement to the portable communication device
`122, to receive from the portable communication device 122
`a reply indicating whether the user of the portable commu-
`nication device 122 agrees to the terms, and to omit down-
`lo