Search

US-20260127251-A1 - ROLLBACK-SECURE ACCOUNTABLE REVOCATION OF FEATURES

US20260127251A1US 20260127251 A1US20260127251 A1US 20260127251A1US-20260127251-A1

Abstract

Techniques and systems are provided for feature distribution. For instance, a process can include obtaining a downgrade license for a set of features for an apparatus, wherein the downgrade license enables fewer features as compared to a previous license; incrementing a non-volatile rollback counter based on the downgrade license; digitally signing the downgrade license and a value of the non-volatile rollback counter using a key to generate a digital signature; outputting the digital signature for transmission to a license server; and limiting features of the apparatus based on the downgrade license.

Inventors

  • Joona Verneri KANNISTO
  • Marcel Selhorst

Assignees

  • QUALCOMM INCORPORATED

Dates

Publication Date
20260507
Application Date
20241106

Claims (20)

  1. 1 . An apparatus for feature distribution, the apparatus comprising: at least one memory; a non-volatile rollback counter; and at least one processor coupled to the at least one memory, the at least one processor being configured to: obtain a downgrade license for a set of features for the apparatus, wherein the downgrade license does not include a feature included in a previous license; increment the non-volatile rollback counter based on the downgrade license; digitally sign the downgrade license and a value of the non-volatile rollback counter using a key to generate a digital signature; output the digital signature for transmission to a license server; and limit features of the apparatus based on the downgrade license.
  2. 2 . The apparatus of claim 1 , wherein the non-volatile rollback counter comprises a set of fuses, and wherein, to increment the non-volatile rollback counter, the at least one processor is configured to blow a fuse of the set of fuses.
  3. 3 . The apparatus of claim 1 , wherein the at least one processor is configured to determine the downgrade license does not include the feature included in the previous license by comparing features enabled or disabled by the downgrade license to features enabled or disabled by the previous license.
  4. 4 . The apparatus of claim 1 , wherein the key comprises a symmetrical key provisioned to the apparatus.
  5. 5 . The apparatus of claim 4 , wherein the symmetrical key is provisioned to the apparatus as a part of manufacturing the apparatus.
  6. 6 . The apparatus of claim 1 , wherein the key comprises a private key provisioned to the apparatus as a part of manufacturing the apparatus.
  7. 7 . The apparatus of claim 1 , wherein the key comprises a private key generated by the apparatus, and wherein the at least one processor is further configured to transmit a public key corresponding to the private key to a manufacturer of the apparatus.
  8. 8 . The apparatus of claim 1 , wherein the key is generated using a key derivation formula based on an identifier for a subsystem of the apparatus.
  9. 9 . The apparatus of claim 8 wherein the identifier for the subsystem is provisioned to the subsystem.
  10. 10 . The apparatus of claim 1 , the apparatus further comprising a root of trust, wherein the non-volatile rollback counter is incremented by the root of trust, and wherein the downgrade license and value of the non-volatile rollback counter are signed by the root of trust.
  11. 11 . The apparatus of claim 1 , wherein the at least one processor is configured to: receive a digitally signed upgrade license, the digitally signed upgrade license including a received value for the non-volatile rollback counter; verify the digitally signed upgrade license based on the key; verify the received value for the non-volatile rollback counter with a current value for the non-volatile rollback counter; and limit features of the apparatus based on the upgrade license, wherein the upgrade license includes one or more features not included in a previous license.
  12. 12 . The apparatus of claim 1 , wherein the set of features is determined based on an indication to deactivate a feature.
  13. 13 . The apparatus of claim 1 , wherein the at least one processor is further configured to receive the downgrade license from a server.
  14. 14 . The apparatus of claim 1 , wherein the key comprises a symmetrical key, and wherein the digital signature comprises evidence of a downgrade for the license server.
  15. 15 . The apparatus of claim 1 , wherein the at least one processor is configured to: receive the digital signature from the license server; and activate one or more features based on the digital signature without incrementing the non-volatile rollback counter.
  16. 16 . A method for feature distribution, comprising: obtaining a downgrade license for a set of features for an apparatus, wherein the downgrade license enables fewer features as compared to a previous license; incrementing a non-volatile rollback counter based on the downgrade license; digitally signing the downgrade license and a value of the non-volatile rollback counter using a key to generate a digital signature; outputting the digital signature for transmission to a license server; and limiting features of the apparatus based on the downgrade license.
  17. 17 . The method of claim 16 , wherein the non-volatile rollback counter comprises a set of fuses, and wherein incrementing the non-volatile rollback counter comprises blowing a fuse of the set of fuses.
  18. 18 . The method of claim 16 , further comprising determining the downgrade license does not include the feature included in the previous license by comparing features enabled or disabled by the downgrade license to features enabled or disabled by the previous license.
  19. 19 . The method of claim 16 , wherein the key comprises a symmetrical key provisioned to the apparatus.
  20. 20 . The method of claim 19 , wherein the symmetrical key is provisioned to the apparatus as a part of manufacturing the apparatus.

Description

FIELD The present application is related to feature distribution. For example, aspects of the present application relate to systems and techniques for a rollback secure accountable revocation of features. BACKGROUND Device components may be shipped with a set of features to original equipment manufacturers (OEM) (e.g., reseller, device manufacturer, component integrator, etc.) which may incorporate device components into a device, such as a mobile phone, computer, laptop, vehicle entertainment system, extended reality (XR) device, etc. While the device component includes a set of features, the OEM may not enable all of the features of the set of features. For example, the OEM may purchase a single type of device component and incorporate that same device component into multiple OEM product lines. These multiple product lines may be differentiated by enabling or disabling (e.g., not using, not enabling) certain features of the device component, or certain features may be enabled/disabled based on usage (e.g., radio bands for different countries, etc.). The device component manufacturer may support enabling/disabling of features of the device component. For example, it may be more cost effective to manufacture a single configuration of the device component and allow OEMs to select which features to enable as compared to manufacturing many versions of the device component. It may also be useful to offer different prices for the device component based on the features enabled. To offer flexibility for the OEM, it may be useful to sell the device component at a single price and then rebate the OEM based on features that were enabled/disabled by the OEM and/or the user. Alternatively, once purchased, it may be useful to allow an end-user may be able to activate features that may not have been enabled by the OEM. SUMMARY The following presents a simplified summary relating to one or more aspects disclosed herein. Thus, the following summary should not be considered an extensive overview relating to all contemplated aspects, nor should the following summary be considered to identify key or critical elements relating to all contemplated aspects or to delineate the scope associated with any particular aspect. Accordingly, the following summary presents certain concepts relating to one or more aspects relating to the mechanisms disclosed herein in a simplified form to precede the detailed description presented below. Disclosed are systems, apparatuses, methods and computer-readable media for feature distribution are provided. In one illustrative example, an apparatus for feature distribution is provided. The apparatus includes: at least one memory; a non-volatile rollback counter; and at least one processor coupled to the at least one memory, the at least one processor being configured to: obtain a downgrade license for a set of features for the apparatus, wherein the downgrade license does not include a feature included in a previous license; increment the non-volatile rollback counter based on the downgrade license; digitally sign the downgrade license and a value of the non-volatile rollback counter using a key to generate a digital signature; output the digital signature for transmission to a license server; and limit features of the apparatus based on the downgrade license. As another example, a method for feature distribution is provided. The method includes: obtaining a downgrade license for a set of features for an apparatus, wherein the downgrade license enables fewer features as compared to a previous license; incrementing a non-volatile rollback counter based on the downgrade license; digitally signing the downgrade license and a value of the non-volatile rollback counter using a key to generate a digital signature; outputting the digital signature for transmission to a license server; and limiting features of the apparatus based on the downgrade license. In another example, a non-transitory computer-readable medium of an apparatus having stored thereon instructions is provided. The instructions, when executed by at least one processor, cause the at least one processor to: obtain a downgrade license for a set of features for the apparatus, wherein the downgrade license does not include a feature included in a previous license; increment the non-volatile rollback counter based on the downgrade license; digitally sign the downgrade license and a value of the non-volatile rollback counter using a key to generate a digital signature; output the digital signature for transmission to a license server; and limit features of the apparatus based on the downgrade license. As another example, an apparatus for feature distribution is provided. The apparatus includes: means for obtaining a downgrade license for a set of features for an apparatus, wherein the downgrade license enables fewer features as compared to a previous license; means for incrementing a non-volatile rollback counter based on the downgrade license; me