Patent Application
20070157317
A large percentage of the world population cannot afford to own a computer and/or various software allowing an efficient use of the computer. There is a need to provide affordable access to computing to the populations of the developing countries. This is also true in light of the traditional structure of the software industry, where software licenses are generally sold on a perpetual license basis. As a result of not having enough resources to purchase perpetual licenses for the various software, people are also prohibited from using such software even on a short term basis for training purposes, etc. Moreover, even in the developed countries, when a computer user needs to use a particular software for a limited amount of time, the user is discouraged by the necessity to purchase a perpetual license for that particular software. One solution to get around this is to allow for provisioning of resource on client computers on a prepaid or subscription bases using provisioning servers.
When a provisioning server is used to provision a resource on a client computer, the provisioning server needs to communicate various information regarding the provisioned resource to the client computer. There are a number of different methods that may be used by the provisioning server to communicate such information to the client computer. One method of communicating such provisioning information is using the Internet. Generally speaking, the Internet is utilized to transmit and receive information in the form of web pages that are translated/interpreted and displayed by a web browser on a computer. Document definition languages are interpreted by web browsers and define how a document or information is to be displayed in the browser. Further, sets of rules, referred to as schemas, may provide for a particular structure of information.
So that a browser can interpret and display a web page, document definition languages and standard programming languages are utilized to define the web page. For example, hypertext markup language (HTML) is widely used to define web pages. However, HTML utilizes a predefined set of “tags” to describe elements on the web page. As a result, extensible markup language (XML) has become and is becoming more widely used on the internet. XML is more flexible than HTML and allows tags to be defined by the developer of the web page. XML provides a fairly complete set of tools for describing the parts of a document (elements), annotating those parts (attributes), and constraining the parts that can appear within the elements and attributes (content models and attribute types). Schemas use declarations to describe rules and constraints for elements and attributes, building a framework for documents out of a fairly small set of declarations. Declarations create a vocabulary and a set of constraints, identifying content and where it is to appear. Many schemas can be built using only a combination of element and attribute declarations, while other declarations (like entities and notations) can supplement these core declarations when needed in a particular situation.
Thus, a schema is a model for describing the structure of information. An XML schema describes a model for a whole class of documents. The model describes the possible arrangement of tags and text in a valid document. A schema may also be viewed as an agreement on a common vocabulary for a particular application that involves exchanging documents. In schemas, models are described in terms of constraints. A constraint defines what can appear in any given context. As described, there are basically two kinds of constraints: content model constraints and datatype or attribute constraints. Content model constraints describe the order and sequence of elements and datatype or attribute constraints describe valid units of data.
For using an XML packet to communicate provisioning information between a provisioning server and a client computer, it is necessary to define an XML schema that allows the provisioning server to easily build an XML provisioning packet and that allows the client computer to receive and interpret such a provisioning packet.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
An XML provisioning schema for provisioning and configuring a prepaid and/or a subscription based usage of a provisioned resource is used to communicate between a provisioning server and a client computer. The XML schema disclosed in here includes a content node containing content data identifying the service to be provisioned on the client computer and a signature node containing a signature of the content data. The XML provisioning server may generate an XML provisioning document using the XML provisioning schema, sign such an XML provisioning document using a key derived from a trusted root and communicate the XML provisioning document to the client computer using the provisioned resource.
In an embodiment of the XML provisioning schema, the content node specifies at an amount of prepaid time for which the service is to be provisioned on the client computer or a subscription period expiry date through which the service is to be provisioned on the client computer. Additionally, the content node may also specify, among other things, a version of the provisioning XML document, date of creation of the provisioning XML document, time of creation of the provisioning XML document, hardware identification of the client computer; underwriter identification of the creator of the provisioning XML document; a sequence number of the provisioning XML document; a tracking identification of the provisioning XML document, etc.
The present patent is illustrated by way of examples and not limitations in the accompanying figures, in which like references indicate similar elements, and in which:
Although the following text sets forth a detailed description of-numerous different embodiments, it should be understood that the legal scope of the description is defined by the words of the claims set forth at the end of this patent. The detailed description is to be construed as exemplary only and does not describe every possible embodiment since describing every possible embodiment would be impractical, if not impossible. Numerous alternative embodiments could be implemented, using either current technology or technology developed after the filing date of this patent, which would still fall within the scope of the claims defining the invention.
It should also be understood that, unless a term is expressly defined in this patent using the sentence “As used herein, the term ‘______’ is hereby defined to mean . . . ” or a similar sentence, there is no intent to limit the meaning of that term, either expressly or by implication, beyond its plain or ordinary meaning, and such term should not be interpreted to be limited in scope based on any statement made in any section of this patent (other than the language of the claims). To the extent that any term recited in the claims at the end of this patent is referred to in this patent in a manner consistent with a single meaning, that is done for sake of clarity only so as to not confuse the reader, and it is not intended that such claim term by limited, by implication or otherwise, to that single meaning. Finally, unless a claim element is defined by reciting the word “means” and a function without the recital of any structure, it is not intended that the scope of any claim element be interpreted based on the application of 35 U.S.C. § 112, sixth paragraph.
The memory 104 may include computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS), containing the basic routines that help to transfer information between elements within computer 110, such as during start-up, is typically stored in ROM. RAM typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 120. The memory 104 may also be used to store data related to one or more components and resources used by the computer 100.
The storage device 106 may typically include removable/non-removable, volatile/nonvolatile computer storage media. By way of example only, the storage device 106 may include a hard disk drive, a magnetic disk drive, nonvolatile magnetic disk 152, an optical disk drive, etc. One or more of the forms stored on the memory 104 may be populated using data stored on the storage device 106. The 1/0 controller may be used by the computer 100 to communicate with an input device 112, which may be a keyboard, a mouse, etc., an output device 114, which may be a monitor, a printer, etc.
The provisioning system 200 may include a provisioning server 204, having a core provisioning service module 206, a distribution service module 208, a certificate service module 210, a core database 212, and a distribution database 214. The provisioning server 204 may communicate with a billing system 216 via a billing adapter 218, whereas the core provisioning service module 206 may communicate with the distribution database 214 via a database writer 220 and the distribution database 214 communicates with the distribution service 208 via a database reader 222. The computing device 202 may include a local provisioning module (LPM) 224 that communicates with the distribution service module 208 via a distribution web service module 226 and to the billing system 216 via a billing web service module 228.
The provisioning server 204 may be located on a server system such as the server 30, or other system communicatively connected to the network 10. Similarly, the billing system 216 may also be located on server system such as the server 30, or other system communicatively connected to the network 10. Moreover, one or more of the various components of the provisioning server 204 may be located on a same server or on a number of different servers located in-different locations. For example, the core database 212 may be located on a number of different database servers located at different locations and each communicatively connected to the network 10. The functioning of the provisioning server 204 and its various component modules is explained in further detail below.
While in
When the computing device 202 is a computer such as the computer 110, the LPM 224 may be located on the non-removable non-volatile memory 140, as part of the system memory 130, as part of various hardware components of the computer 110, including the processing unit 120, or as any combination of these. The functioning of the LPM 224 is explained in further detail below. The provisioning server 204 may generate a provisioning packet and communicate the provisioning packet to the computing device 202 where the computing device 202 may validate and parse such a provisioning packet, in a manner disclosed in further detail below.
The provisioning server 204 may generate an instance of an XML packet conforming to the XML packet schema 350 and communicate such an instance of the XML packet to the computing device 202. The provisioning server 204 generates the contents of the content node 354 using various provisioning and configuration information pertinent to the computing device 202, where such information may be provided by a core provisioning service (CPS) module 206, or other modules of the provisioning server 204. Additionally, the provisioning server 204 signs the instance of the XML packet using a signature derived from the signature service module 210. Such instance of the XML packets may be hosted by any of the web services 226-228.
The instance of such an XML packet may be communicated to the computing device 202 at the initiation of the provisioning server 204 either in response to requests received at the web services 226-228 or in any other manner. Once an instance of the provisioning packet is received by the computing device 202, for the computing device 224 to consume the provisioning packet, the LPM 224 has to validate the signature contained in the signature node 354. The LPM 224 may validate the signature using a key derived from a hard-coded trusted root, where such keys are hard-coded into LPM binary image. The LPM 224 also verifies that the root of the certificate chain is one of a plurality of hard-coded trusted roots and that the signer of the certificate is a trusted signer.
If the LPM 224 is able to validate the signature, it parses the content of the content node 352. However, if the LPM 224 is not able to validate the signature, the instance of the XML packet is discarded by the LPM.
Now referring to the generic section 402, it includes a plurality of generic elements, including, but not limited to the following:
The generic section 402 also includes a choice block 414 that specifies whether a particular provisioning packet is for pre-paid provisioning of the resources or for a subscription based provisioning of the resources.
On the other hand, the specific section 404 includes a pre-paid element block 410 and the subscription element block 412. The pre-paid element block 410 includes the fields of:
Whereas the subscription element block 412 includes the fields of:
Finally, the configuration section 406 includes the fields of:
The signed provisioning packet is made available at the web service 226. At a block 456, in response to a request from the computing device 202, the signed provisioning packet is communicated to the computing device 202.
Upon receiving the signed provisioning packet, at a block 458 the computing device 202 validates the signature using the trusted root key hard-coded into the LPM binary image. In an embodiment of the XML provisioning packet 350 may contain a signature, the signature having a certificate chain starting from a signer's public key up to the signer's root public key. The block 458 may validate the signature of the XML provisioning packet 350 with a public key hard-coded in a local provisioning module of the computing device 202. Validating the signature of the content data may further include verifying that a root public key in a certificate chain in the signature is one from a set of hard-coded trusted root keys and verifying that the provisioning server signing the provisioning XML document is among a set of trusted signers.
If the LPM 224 is not able to validate the signature, at a block 460, the LPM 224 discards the signed provisioning packet, without parsing the content data at the CDATA tag of the signed provisioning packet.
However, if the LPM 224 is able to validate the signature, at a block 462, the LPM 224 parses the content data and recovers the various elements from the element blocks 402-412 described above with respect to
As one of ordinary skill in the art would appreciate, not all the blocks of the resource provisioning routine 450 need to be performed for a given implementation of the resource provisioning routine 450. As some of the blocks of the resource provisioning routine 450 may be used primarily to increase the efficiency of the resource provisioning routine 450, one or more such blocks may be omitted in a given implementation without affecting the functionality of the resource provisioning routine 450. Moreover, one or more of the blocks in the resource provisioning routine 450 may also be implemented in an alternate order without affecting the functionality of the resource provisioning routine 450.
Although the forgoing text sets forth a detailed description of numerous different embodiments of the invention, it should be understood that the scope of the invention is defined by the words of the claims set forth at the end of this patent. The detailed description is to be construed as exemplary only and does not describe every possible embodiment of the invention because describing every possible embodiment would be impractical, if not impossible. Numerous alternative embodiments could be implemented, using either current technology or technology developed after the filing date of this patent, which would still fall within the scope of the claims defining the invention.
Thus, many modifications and variations may be made in the techniques and structures described and illustrated herein without departing from the spirit and scope of the present invention. Accordingly, it should be understood that the methods and apparatus described herein are illustrative only and are not limiting upon the scope of the invention.
