US20060059352A1 - Restricted software and hardware usage on a computer - Google Patents
Restricted software and hardware usage on a computer Download PDFInfo
- Publication number
- US20060059352A1 US20060059352A1 US11/265,834 US26583405A US2006059352A1 US 20060059352 A1 US20060059352 A1 US 20060059352A1 US 26583405 A US26583405 A US 26583405A US 2006059352 A1 US2006059352 A1 US 2006059352A1
- Authority
- US
- United States
- Prior art keywords
- computer
- file
- hash value
- digest
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000003860 storage Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims 1
- 238000000034 method Methods 0.000 abstract description 17
- 230000002093 peripheral effect Effects 0.000 abstract description 11
- 230000006870 function Effects 0.000 description 16
- 230000015654 memory Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 10
- 238000009826 distribution Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 230000003287 optical effect Effects 0.000 description 6
- 230000005055 memory storage Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000007789 sealing Methods 0.000 description 3
- KJLPSBMDOIVXSN-UHFFFAOYSA-N 4-[4-[2-[4-(3,4-dicarboxyphenoxy)phenyl]propan-2-yl]phenoxy]phthalic acid Chemical compound C=1C=C(OC=2C=C(C(C(O)=O)=CC=2)C(O)=O)C=CC=1C(C)(C)C(C=C1)=CC=C1OC1=CC=C(C(O)=O)C(C(O)=O)=C1 KJLPSBMDOIVXSN-UHFFFAOYSA-N 0.000 description 2
- 230000004075 alteration Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/106—Enforcing content protection by specific content processing
- G06F21/1063—Personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Definitions
- This invention relates to computers and operating systems. More particularly, the invention relates to restricting usage of software and hardware on a computer.
- Computer technology is continually advancing, resulting in new computers that are more powerful and cheaper than their predecessors. Such advancement has had a significant affect on people, expanding the types of tasks people perform with their computers as well as increasing the number of people who use computers.
- An open architecture operating system refers to an operating system that makes numerous functions available to the user and also allows the user to modify the computer by installing additional software programs on the computer that provide additional functionality to the user or by removing software programs from the computer.
- the operating system can make a wide variety of functionality available to the user, such as recreational or educational programs, reference programs, productivity programs (such as word processing or database functionality), communications programs, etc.
- a client computer runs an operating system that executes applications by loading them using an application loader and executes device drivers for peripheral devices by loading the drivers using a device loader.
- the client computer also includes a digest catalog that includes digital signatures for program files that can be executed by the client computer.
- the appropriate loader checks whether a digital signature for the corresponding program file(s) is included in the digest catalog. If no such digital signature is included, then the loader does not load the program file(s) corresponding to the application or driver.
- the digest catalog includes, for each program file corresponding to an application or driver that should be executable by the computer, a digitally signed hash value that is generated from a hash function based on the corresponding program file.
- the loader When attempting to load a particular file, the loader generates a hash value and compares it to the decrypted hash values in the digest catalog. If the comparison results in no matches, then the corresponding program file (and thus the application or driver) is not loaded.
- a consumer initially purchases a computer with restricted functionality at a price that is less than the price that would be charged for a computer with full functionality. Subsequently, the user can, at an additional cost, acquire a digital key that allows the restrictions to be removed, upgrading the computer to full functionality.
- a consumer can execute additional applications or drivers on his or her computer by obtaining appropriate digital signatures for the additional applications or drivers to add to the digest catalog.
- a software or hardware vendor will acquire a digital signature(s) for the appropriate program files from the supplier of the program files.
- the digital signature(s) will then be transmitted to the consumer in exchange for payment to the vendor.
- the digital signature(s) can then be added to the digest catalog at the consumer's computer, so that the next time he or she attempts to execute the application or driver the appropriate signatures will be in the digest catalog and the program files will be loaded.
- a consumer can execute additional applications or drivers on his or her computer by obtaining the appropriate digital signatures for such applications or drivers from the same OEM (original equipment manufacturer) as manufactured the consumer's computer.
- the consumer's computer executes only applications that have in the digest catalog a digital signature of the OEM. Thus, the OEM can limit what additional applications are made available to the consumer.
- the OEM maintains a digest catalog that can be made available to the consumer's computer (either locally at the computer or remotely).
- the consumer in exchange for payment, is given access to the digest catalog so that any applications for which a corresponding digital signature exists in the OEM's digest catalog can be executed at the client computer.
- the consumer can be given a limited amount of time (e.g., one month or one year) within which he or she can access the OEM's digest catalog.
- FIG. 1 shows a network system and environment in accordance with one embodiment of the invention.
- FIG. 2 shows a general example of a computer that can be used in accordance with the invention.
- FIG. 3 is a block diagram illustrating selected components of an exemplary client computer in more detail.
- FIG. 4 is a flow diagram illustrating the distribution of a sealed computer and the unlocking of restricted functionality in accordance with one embodiment of the invention.
- FIG. 5 is a flowchart illustrating an exemplary process for creating a digest catalog.
- FIG. 6 is a flowchart illustrating an exemplary process for using a digest catalog.
- FIG. 7 is a flowchart illustrating an exemplary process for unlocking restricted functionality on a computer.
- FIG. 8 is an exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer.
- FIG. 9 is another exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer.
- FIG. 10 is a block diagram illustrating the remote storage of a digest catalog in accordance with one embodiment of the invention.
- FIG. 1 shows a network system and environment 100 in accordance with one embodiment of the invention.
- the system 100 includes one or more client or consumer computers 102 , one or more suppliers 104 , and can optionally include one or more vendors 106 and one or more original equipment manufacturers (OEMs) 108 .
- suppliers 104 , vendors 106 , and OEMs 108 each include one or more computers via which they can interact with network 110 .
- the computers 102 , suppliers 104 , vendors 106 , and OEMs 108 communicate with one another over a data communications network.
- the data communications network in FIG. 1 is a public network 110 , such as the Internet.
- the data communications network might also include local-area networks and/or private wide-area networks, and can include both wired and wireless sections.
- computers 102 , suppliers 104 , vendors 106 , and OEMs 108 may communicate with each other directly rather than via network 110 .
- Client computer 102 represents any of a wide variety of conventional computing devices. Examples of client computers 102 include personal computers (e.g., portable, palm-top, or desktop computers), microprocessor-based or programmable consumer electronics (e.g., a “WEBTV” terminal or a gaming console), etc.
- personal computers e.g., portable, palm-top, or desktop computers
- microprocessor-based or programmable consumer electronics e.g., a “WEBTV” terminal or a gaming console
- Supplier 104 represents the source of additional electronic content, such as software applications or other files including instructions and/or data for a software application.
- Supplier 104 can be the actual author(s) of the electronic content, or alternatively an agent of the author(s) or other intervening device(s) between the actual author(s) and the network 110 .
- the electronic content can be designed to be a complete product by itself when executed by computer 102 , or alternatively can be designed to work in conjunction with other software or hardware component(s).
- Vendor 106 is a retailer of the electronic content provided by supplier 104 .
- Examples of vendor 106 include an Independent Software Vendor (ISV) or an Independent Hardware Vendor (IHV) that sell the electronic content provided by supplier 104 for use with computers 102 .
- ISV Independent Software Vendor
- IHV Independent Hardware Vendor
- OEM 108 is a manufacturer and retailer of computers 102 .
- OEM 108 may also be a retailer of the electronic content provided by supplier 104 .
- FIG. 2 shows a general example of a computer 142 that can be used in accordance with the invention.
- Computer 142 is shown as an example of a computer that can perform the functions of client computer 102 , supplier 104 , vendor 106 , or OEM 108 of FIG. 1 .
- Computer 142 includes one or more processors or processing units 144 , a system memory 146 , and a system bus 148 that couples various system components including the system memory 146 to processors 144 .
- the bus 148 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures.
- the system memory includes read only memory (ROM) 150 and random access memory (RAM) 152 .
- ROM read only memory
- RAM random access memory
- a basic input/output system (BIOS) 154 containing the basic routines that help to transfer information between elements within computer 142 , such as during start-up, is stored in ROM 150 .
- Computer 142 further includes a hard disk drive 156 for reading from and writing to a hard disk, not shown, connected to bus 148 via a hard disk driver interface 157 (e.g., a SCSI, ATA, or other type of interface); a magnetic disk drive 158 for reading from and writing to a removable magnetic disk 160 , connected to bus 148 via a magnetic disk drive interface 161 ; and an optical disk drive 162 for reading from or writing to a removable optical disk 164 such as a CD ROM, DVD, or other optical media, connected to bus 148 via an optical drive interface 165 .
- the drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for computer 142 .
- exemplary environment described herein employs a hard disk, a removable magnetic disk 160 and a removable optical disk 164 , it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, random access memories (RAMs) read only memories (ROM), and the like, may also be used in the exemplary operating environment.
- RAMs random access memories
- ROM read only memories
- a number of program modules may be stored on the hard disk, magnetic disk 160 , optical disk 164 , ROM 150 , or RAM 152 , including an operating system 170 , one or more application programs 172 , other program modules 174 , and program data 176 .
- Operating system 170 can be any of a variety of operating systems, such as any of the “Windows” family of operating systems available from Microsoft Corporation of Redmond, Wash.
- a user may enter commands and information into computer 142 through input devices such as keyboard 178 and pointing device 180 .
- Other input devices may include a microphone, joystick, game pad, satellite dish, scanner, or the like.
- These and other input devices are connected to the processing unit 144 through an interface 182 that is coupled to the system bus.
- a monitor 184 or other type of display device is also connected to the system bus 148 via an interface, such as a video adapter 186 .
- personal computers typically include other peripheral output devices (not shown) such as speakers and printers.
- Computer 142 can optionally operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 188 .
- the remote computer 188 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to computer 142 , although only a memory storage device 190 has been illustrated in FIG. 2 .
- the logical connections depicted in FIG. 2 include a local area network (LAN) 192 and a wide area network (WAN) 194 .
- LAN local area network
- WAN wide area network
- Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.
- remote computer 188 executes an Internet Web browser program such as the “Internet Explorer” Web browser manufactured and distributed by Microsoft Corporation of Redmond, Wash.
- computer 142 When used in a LAN networking environment, computer 142 is connected to the local network 192 through a network interface or adapter 196 . When used in a WAN networking environment, computer 142 typically includes a modem 198 or other means for establishing communications over the wide area network 194 , such as the Internet.
- the modem 198 which may be internal or external, is connected to the system bus 148 via a serial port interface 168 .
- program modules depicted relative to the personal computer 142 may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
- Computer 142 can also optionally include one or more broadcast tuners 200 .
- Broadcast tuner 200 receives broadcast signals either directly (e.g., analog or digital cable transmissions fed directly into tuner 200 ) or via a reception device (e.g., via an antenna or satellite dish (not shown)).
- the data processors of computer 142 are programmed by means of instructions stored at different times in the various computer-readable storage media of the computer.
- Programs and operating systems are typically distributed, for example, on floppy disks or CD-ROMs. From there, they are installed or loaded into the secondary memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory.
- the invention described herein includes these and other various types of computer-readable storage media when such media contain instructions or programs for implementing the steps described below in conjunction with a microprocessor or other data processor.
- the invention also includes the computer itself when programmed according to the methods and techniques described below.
- certain sub-components of the computer may be programmed to perform the functions and steps described below. The invention includes such sub-components when they are programmed as described.
- the invention described herein includes data structures, described below, as embodied on various types of memory media.
- programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computer, and are executed by the data processor(s) of the computer.
- program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
- program modules may be located in both local and remote memory storage devices.
- embodiments of the invention can be implemented in hardware or a combination of hardware, software, and/or firmware.
- one or more modules for implementing the invention can be embodied in one or more application specific integrated circuits (ASICs).
- ASICs application specific integrated circuits
- FIG. 3 is a block diagram illustrating selected components of an exemplary client computer in more detail.
- Client computer 102 includes an operating system 200 , one or more applications 202 , and one or more device drivers 204 .
- Operating system 200 controls the execution of software applications 202 on computer 102 , provides a user interface to allow users to interact with operating system 200 , and manages (with the assistance of device driver 204 ) the input and output of data and control information to and from computer 102 .
- Applications 202 represent software applications that can be executed by computer 102 . Any of a wide variety of software applications can be executed by computer 102 , including productivity, recreational, educational, entertainment, etc. applications.
- Device drivers 204 represent software modules that include instructions and/or data.
- a device driver 204 controls a corresponding peripheral device, allowing operating system 200 to communicate with the peripheral device when coupled to computer 102 . Examples of such peripheral devices include input devices (such as digital cameras, scanners, keyboards, cursor control devices, etc.), output devices (such as monitors, printers, etc.), and combinations thereof (e.g., modems, network adapters, etc.).
- FIG. 3 Selected components of operating system 200 are illustrated in FIG. 3 , including device loader 206 , application loader 208 , digest catalog 210 , cryptography module 212 , access control list 214 , file system module 216 , and upgrade module 220 .
- Each of these components and modules 206 , 208 , 210 , 212 , 214 , 216 , and 220 represents a set of instructions to carry out various functions when executed by a processor, and are illustrated as separate components and modules for ease of illustration. Depending on the implementation of operating system 200 , these instructions may be grouped together differently.
- Device loader 206 includes instructions for loading device drivers 204 stored in one or more files of nonvolatile memory into the volatile system RAM. Once loaded into system RAM, the processor of computer 102 can execute (or otherwise access) the drivers, enabling operating system 200 to communicate with the corresponding peripheral devices.
- application loader 208 includes instructions for loading applications 202 stored in one or more files of nonvolatile memory into the volatile system RAM. Once loaded into system RAM, the processor of computer 102 can execute (or otherwise access) the application. It should be noted that although device drivers and applications are loaded into system RAM, at various times some of their instructions may be stored in nonvolatile memory instead (e.g., using a conventional “swap” file on a hard disk).
- Digest catalog 210 stores digitally signed identifiers of the various applications 202 and device drivers 204 that should be executable on computer 102 .
- Applications and drivers that “should be executable” on computer 102 refers to applications and/or drivers for which a supplier 104 of FIG. 1 has given their permission to execute on computer 102 , rather than a technical or compatibility issue with computer 102 .
- Cryptography module 212 performs the necessary cryptographic functions of the invention, including generating and verifying digital signatures, encrypting and decrypting information, generating hash values from cryptographic hash functions, etc.
- the discussion herein assumes that the reader is familiar with public key cryptography. For a basic introduction to cryptography, the reader is directed to a text written by Bruce Schneier and entitled, “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” published by John Wiley & Sons, copyright 1994 (second edition 1996).
- Access control list 214 stores a set of one or more entities that are allowed to modify digest catalog 210 .
- An entity can be an individual or group of individuals, or alternatively machines (e.g., an identifier of supplier 104 or OEM 108 of FIG. 1 ). The identity of any entity trying to modify digest 210 is checked by operating system 200 . If the entity is not identified in access control list 214 , then any attempts to modify digest catalog 210 are ignored by operating system 200 .
- File system module 216 manages the storage of applications 202 and device drivers 204 , as well as application data files (not shown) in the nonvolatile storage device(s) of computer 102 .
- operating system 200 may not be available to the user, illustrated as restricted portion 218 .
- Functionality of operating system 200 may be restricted, for example, in exchange for a lower purchase price for computer 102 .
- an optional upgrade module 220 can “unlock” restricted portion 218 making the restricted functionality available to the user. Such restricted functionality and “unlocking” is discussed in more detail below.
- FIG. 4 is a flow diagram illustrating the distribution of a sealed computer and the unlocking of restricted functionality in accordance with one embodiment of the invention.
- a sealed computer 232 is distributed from a vendor or OEM 234 to a consumer 236 .
- Sealed computer 232 can be, for example, client computer 102 of FIGS. 1 and 3
- vendor or OEM 234 can be, for example, vendor 106 or OEM 108 of FIG. 1 .
- consumer 236 provides an agreed upon sum of money 238 (or alternatively other compensation) to vendor or OEM 234 .
- Sealed computer 232 includes various software applications and device drivers for a general purpose open architecture operating system. However, additional software applications and device drivers cannot be added to the computer 232 , thereby “sealing” the computer and restricting it to executing only specified software applications and device drivers.
- Purchase of a sealed computer 232 can be a great benefit for consumer 236 .
- consumer 236 could purchase a sealed computer at a lower price 238 than he or she would have paid for a non-sealed computer.
- a computer 102 of FIG. 3 can be “sealed” using features of operating system 200 .
- Digest catalog 210 is loaded with a digitally signed hash value (or alternatively other identifier) for the applications 202 and device drivers 204 that can be executed by computer 102 .
- Operating system 200 allows only entities identified by access control list 214 to modify digest catalog 210 , so unauthorized individuals/devices are not able to add hash values for additional applications or device drivers to digest catalog 210 .
- application loader 208 When a user wants to execute a particular software application 202 , application loader 208 generates a hash value for the application 202 and checks whether a corresponding digitally signed hash value exists in digest catalog 210 . If such a digitally signed hash value exists, then loader 208 loads the application; otherwise, loader 208 does not load the application. Analogous checks are performed by device loader 206 prior to loading a device driver 204 for use with a particular hardware device.
- file system module 216 can prevent the alteration of the files stored on the storage devices of computer 102 , such as by ignoring any requests to add or delete files.
- File system module 216 can prevent the alteration of files based on their location within the storage hierarchy of the storage devices (e.g., files cannot be deleted from particular folders or directories), based on their location on the storage device (e.g., files cannot be written to particular sectors of a hard disk), or alternatively without regard for the location of the files.
- FIG. 5 is a flowchart illustrating an exemplary process for creating digest catalog 210 of FIG. 3 .
- the acts of FIG. 5 are implemented by supplier 104 , vendor 106 , or OEM 108 of FIG. 1 , or a combination thereof, and may be performed in software.
- FIG. 5 is described with additional reference to components in FIGS. 1 and 3 .
- a file that is to be accessible at the computer device is selected (act 252 ), such as a file including instructions for an application 202 or device driver 204 .
- a hash value is then generated for the selected file (act 254 ).
- the hash value can be generated using any of a wide variety of conventional hash functions, including cryptographic one-way hash functions. Typically, such hash functions produce a different hash value for different input values.
- the generated hash value is then digitally signed (act 256 ).
- the hash value can be digitally signed using any of a wide variety of conventional encryption techniques, such as the well-known RSA (Rivest, Shamir, and Adelman) public-key encryption technique.
- RSA Rivest, Shamir, and Adelman
- device loader 206 or application loader 208 can subsequently verify that the hash value was signed by the appropriate device (e.g., supplier 104 , vendor 106 , or OEM 108 ) as discussed in more detail below.
- the digitally signed hash value is then added to the digest catalog 210 (act 258 ).
- a check is then made as to whether any additional files are to be accessible at the computer (act 260 ). If no additional files are to be accessible at the computer, then the process ends (act 262 ). Otherwise, acts 252 - 258 are repeated for an additional file.
- FIG. 6 is a flowchart illustrating an exemplary process for using digest catalog 210 of FIG. 3 in accessing files.
- the acts of FIG. 6 are implemented by device loader 206 if a device driver 204 is to be loaded, and by application loader 208 if an application 202 is to be loaded.
- the process of FIG. 6 may be performed in software.
- FIG. 6 is described with additional reference to components in FIGS. 1, 3 and 5 .
- a request to load a software application 202 or device driver 204 is received (act 272 ).
- application loader 208 (or device loader 206 ) generates a hash value for the file(s) including the requested application (or device driver) (act 274 ).
- the hash function used to generate the hash value in act 274 is the same hash function as was used to generate the hash value in act 254 of FIG. 5 .
- Application loader 208 (or device loader 206 ) then decrypts the hash values in digest catalog 210 (act 276 ).
- the manner in which the hash values are decrypted is dependent on the manner in which they were encrypted.
- the public key for the signing device is used by loader 208 (or loader 206 ) in a conventional manner to decrypt the hash values.
- loader 208 compares the decrypted hash values to the hash value generated in act 274 (act 278 ), and determines whether the generated hash value matches any of the decrypted hash values. If there is no match, then the request is denied and the requested software application 202 or device driver 204 is not loaded (act 282 ). However, if there is a match, then the request is executed and the requested software application 202 or device driver 204 is loaded and executed (act 284 ).
- computer 102 may be a restricted device that can be subsequently upgraded.
- certain functions may be stored in restricted portion 218 and thus be unavailable to the user.
- the instructions in restricted portion 218 can be made available to the user.
- operating system 200 can be restricted in a variety of manners in addition to or in place of the use of digest catalog 210 described above.
- the instructions that are executed by a processor to carry out the restricted functions are contained, in encrypted form, in restricted portion 218 of operating system 200 .
- These instructions may be grouped together in particular files that are encrypted, or alternatively distributed (in encrypted form) throughout the instructions of operating system 200 .
- a digital key 240 can be obtained from vendor/OEM 234 in exchange for an agreed upon sum of money (or alternatively other compensation) 242 .
- Digital key 240 is used to “unlock” or otherwise make available the restricted functionality of the restricted (or alternatively sealed) computer.
- FIG. 7 is a flowchart illustrating an exemplary process for unlocking restricted functionality on a computer.
- the acts of FIG. 7 are implemented by upgrade module 220 of FIG. 3 , and may be performed in software.
- FIG. 7 is described with additional reference to components in FIGS. 1 and 5 .
- upgrade module 220 obtains a digital key to unlock the full version of the operating system (act 302 ).
- the digital key is then used to turn off or disable the lock down mechanisms(s) at the computer (act 304 ).
- the lock down mechanisms are disabled by disabling the signature checking of device loader 206 and application loader 208 described above if the digital key is verified as being from the appropriate vendor (or OEM or supplier). This verification can be performed, for example, using the RSA public key of the vendor (or OEM or supplier).
- the digital key is also used to decrypt any necessary files to generate the full version of the operating system (act 306 ).
- this decryption includes decrypting all of the instructions in restricted portion 218 .
- the exact manner in which the decryption occurs is dependent on the manner in which the files were originally encrypted (which is known to upgrade module 220 , or alternatively which is provided to upgrade module 220 by the appropriate vendor, OEM, or supplier).
- the digital key can be used to decrypt the necessary files to generate the full version of the operating system (act 306 ) in any of a variety of manners.
- the digital key obtained in act 302 may be (or may include) an RSA public key corresponding to the RSA private key that was used to encrypt the files prior to their placement in computer 102 .
- This RSA public key can be used in a conventional manner to decrypt the encrypted files.
- the full version functionality of the operating system is then installed (act 308 ), making all of the functions in restricted portion 218 available to the user.
- a computer 102 may be limited to executing only certain software applications 202 and/or device drivers 204 , with device loader 206 and application loader 208 loading only those device drivers and applications that have a corresponding encrypted hash value in digest catalog 210 .
- Additional applications 202 and device drivers 204 can be made available to the user of computer 102 by adding the appropriate digitally signed hash values to digest catalog 210 .
- a user could purchase an additional software application (or peripheral device with an associated device driver) and be able to execute that application (or peripheral/driver) by adding the appropriate digitally signed hash value(s) corresponding to the files of the application (or driver) to the digest catalog 210 .
- FIG. 8 is an exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer.
- Such applications or drivers can be new applications or drivers that the consumer has not previously installed, or alternatively can be updates or upgrades for previously installed applications. In the case of upgrades or updates, new digital signatures can be obtained for the files that are updated/upgraded.
- a consumer 322 (using client computer 102 of FIGS. 1 and 3 ) provides an agreed upon sum of money 324 (or alternatively other compensation) to vendor 326 in order to add the desired software applications and/or device drivers to his or her computer.
- Vendor 326 in turn provides an agreed upon sum of money 328 (or alternatively other compensation) to supplier 330 .
- Supplier 330 provides a digital signature 332 to vendor 326 , which in turn provides digital signature 332 to consumer 322 .
- supplier 330 becomes the central authority for the distribution of the digital signatures.
- Supplier 330 can optionally insist that vendor 326 satisfy various standards in order to obtain a digital signature. For example, supplier 330 may verify the identity of vendor 326 (e.g., using public key encryption techniques) and/or obtain assurances from vendor 326 that improper actions will not be taken with digital signature(s) it receives from supplier 330 .
- supplier 330 may optionally provide a sum of money 334 (or alternatively other compensation) to an OEM 336 based on the receipt of money 328 .
- Supplier 330 may do so, for example, to provide an additional incentive to OEM 336 to market/advertise products for which supplier 330 provides digital signatures 332 .
- supplier 330 maintains control over who is able to purchase and use its applications and/or device drivers. This control is maintained regardless of which vendor or OEM a user purchases the application and/or device drivers from.
- FIG. 9 is another exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer.
- Such applications or drivers can be new applications or drivers that the consumer has not previously installed, or alternatively can be updates or upgrades for previously installed applications. In the case of upgrades or updates, new digital signatures can be obtained for the files that are updated/upgraded.
- a consumer 352 (using a client computer 102 of FIGS. 1 and 3 ) requests the ability to use a particular software application or device driver that is not already available to him or her on computer 102 . This request is transmitted to OEM 354 either directly from consumer 352 or alternatively via vendor 356 .
- Consumer 352 provides an agreed upon sum of money 358 (or alternatively other compensation) to OEM in exchange for a digital signature that can be added to digest catalog 210 .
- the digital signature can be provided directly to consumer 352 from OEM 354 (illustrated as digital signature 360 ), or alternatively via vendor 356 (illustrated as digital signature 362 ).
- the digital signature that OEM 354 can provide to consumer 352 is received from supplier 364 .
- Supplier 364 generates a digital signature (e.g., a digitally signed hash value) 366 for the application or device driver file(s) that correspond to the request of consumer 352 .
- This digital signature 366 may be provided to consumer 352 as digital signature 360 or 362 .
- OEM 354 may also digitally sign digital signature 366 and provide the resultant digital signature to consumer 352 as signature 360 or 362 .
- supplier 364 may digitally sign files in different manners for different OEMs, thereby alleviating OEM 354 from having to re-sign the signatures it receives but still tying the digital signature to OEM 354 .
- OEM 354 also provides an agreed upon sum of money 368 (or alternatively other compensation) to supplier 364 in exchange for the digital signature 366 . OEM 354 may also provide an agreed upon sum of money 370 (or alternatively other compensation) to vendor 356 (e.g., if the request for the ability to use the particular software application or device driver came from vendor 356 , or if the digital signature is provided to consumer 352 via vendor 356 ).
- Distributing digital signatures in the manner illustrated in FIG. 9 allows OEM 354 to maintain control over which applications and device drivers are executed on a computer.
- OEM 354 can include digital signatures for only certain applications and device drivers in digest catalog 210 during the manufacturing process.
- Access control list 214 is also limited to include only OEM 354 , thereby allowing only OEM 354 to alter the contents of digest catalog 210 .
- These limitations on computer 102 limit the consumer to executing additional applications or device drivers only by obtaining the appropriate digital signatures for such, and the digital signatures can only come from OEM 354 (otherwise, they would not be added to digest catalog 210 ).
- Consumer 352 can receive significant benefit from such a distribution method, as the cost of the initial computer 102 can be reduced; additional costs would be incurred only if and when consumer 352 wants the ability to execute the additional software applications or device drivers.
- Digest catalog 210 can be located locally at computer 102 , or alternatively can be located at a remote location or separated among computer 102 and one or more remote locations.
- FIG. 10 is a block diagram illustrating the remote storage of a digest catalog in accordance with one embodiment of the invention.
- a computer 102 is coupled to communicate with a server 382 via a data communications network 110 .
- Server 382 can be any of a wide variety of conventional computing devices, such as computer 142 of FIG. 2 .
- Server 382 further includes digest catalog 384 .
- the appropriate loader 206 or 208 communicates over network 110 with server 382 .
- the digitally signed hash value(s) for the files of the requested application or driver are compared to those in digest catalog 384 and loaded only if a match is found. This comparison can be performed locally at client 102 (e.g., by loaders 206 and 208 ) or alternatively remotely at server 382 and an indication returned to computer 102 from server 382 of the result of the comparison.
- a consumer may provide monetary or other compensation to the owner of server 382 (e.g., OEM 354 of FIG. 9 ) in exchange for access to digest catalog 384 .
- Such access may be for a limited time, such as monthly or annually.
- Such scenarios allow a user to obtain the ability to execute whatever applications/drivers are identified in digest catalog 384 , which may be, for example, all of the software applications and drivers that are distributed by OEM 354 .
- Such applications and drivers could be continually updated by OEM 354 , thereby continually providing the consumer with the latest upgrades and versions of the applications and drivers.
- the distribution models discussed above provide various techniques for expanding and/or contracting user rights. After distribution of a computer to a user, the user's rights can be expanded and/or contracted by, for example, a supplier 104 or OEM 108 . The computer will not execute applications and/or drivers for which the user does not have appropriate rights, thereby limiting the user's ability to use the computer beyond the agreed upon rights.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
A client computer runs an operating system that executes additional applications by loading them using an application loader and executes device drivers for peripheral devices by loading the drivers using a device loader. The operating system restricts the functionality of the operating system, such as by making selected portions and functionality of the operating system unavailable to the user or by limiting the user's ability to add software applications or device drivers to the computer. Additionally, various techniques can be used to remove or reduce the functionality limitations of the computer
Description
- This application is a divisional application of U.S. patent application Ser. No. 09/568,095, filed May 9, 2000, which is hereby incorporated by reference herein.
- This invention relates to computers and operating systems. More particularly, the invention relates to restricting usage of software and hardware on a computer.
- Computer technology is continually advancing, resulting in new computers that are more powerful and cheaper than their predecessors. Such advancement has had a significant affect on people, expanding the types of tasks people perform with their computers as well as increasing the number of people who use computers.
- Many computers are currently manufactured with a general purpose “open architecture” operating system installed. An open architecture operating system refers to an operating system that makes numerous functions available to the user and also allows the user to modify the computer by installing additional software programs on the computer that provide additional functionality to the user or by removing software programs from the computer. The operating system can make a wide variety of functionality available to the user, such as recreational or educational programs, reference programs, productivity programs (such as word processing or database functionality), communications programs, etc.
- One problem inherent in open architecture systems is they are generally licensed with complete use rights and/or functionality that may be beyond the need or desire of the system purchaser. Consequentially, the purchase price of these systems being indifferent to usage scenarios means users with limited needs pay the same rate for these systems as those with universal needs.
- An additional problem with open architecture systems is that virtually anyone can write an application that can be executed on the system. Some applications or devices may not operate properly due to a problem with the application or associated driver, yet many users associate such problems with the manufacturer of the system. Thus, it would be beneficial to provide a way for the manufacturer of the system to control the extensibility of the system.
- The invention described below addresses these disadvantages by providing restricted software and hardware usage on a computer.
- According to one aspect of the invention, a client computer runs an operating system that executes applications by loading them using an application loader and executes device drivers for peripheral devices by loading the drivers using a device loader. The client computer also includes a digest catalog that includes digital signatures for program files that can be executed by the client computer. When attempting to load an application or driver, the appropriate loader checks whether a digital signature for the corresponding program file(s) is included in the digest catalog. If no such digital signature is included, then the loader does not load the program file(s) corresponding to the application or driver.
- According to another aspect of the invention, the digest catalog includes, for each program file corresponding to an application or driver that should be executable by the computer, a digitally signed hash value that is generated from a hash function based on the corresponding program file. When attempting to load a particular file, the loader generates a hash value and compares it to the decrypted hash values in the digest catalog. If the comparison results in no matches, then the corresponding program file (and thus the application or driver) is not loaded.
- According to another aspect of the invention, a consumer initially purchases a computer with restricted functionality at a price that is less than the price that would be charged for a computer with full functionality. Subsequently, the user can, at an additional cost, acquire a digital key that allows the restrictions to be removed, upgrading the computer to full functionality.
- According to another aspect of the invention, a consumer can execute additional applications or drivers on his or her computer by obtaining appropriate digital signatures for the additional applications or drivers to add to the digest catalog. In exchange for payment, a software or hardware vendor will acquire a digital signature(s) for the appropriate program files from the supplier of the program files. The digital signature(s) will then be transmitted to the consumer in exchange for payment to the vendor. The digital signature(s) can then be added to the digest catalog at the consumer's computer, so that the next time he or she attempts to execute the application or driver the appropriate signatures will be in the digest catalog and the program files will be loaded.
- According to another aspect of the invention, a consumer can execute additional applications or drivers on his or her computer by obtaining the appropriate digital signatures for such applications or drivers from the same OEM (original equipment manufacturer) as manufactured the consumer's computer. The consumer's computer executes only applications that have in the digest catalog a digital signature of the OEM. Thus, the OEM can limit what additional applications are made available to the consumer.
- According to another aspect of the invention, the OEM maintains a digest catalog that can be made available to the consumer's computer (either locally at the computer or remotely). The consumer, in exchange for payment, is given access to the digest catalog so that any applications for which a corresponding digital signature exists in the OEM's digest catalog can be executed at the client computer. The consumer can be given a limited amount of time (e.g., one month or one year) within which he or she can access the OEM's digest catalog.
- The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings. The same numbers are used throughout the figures to reference like components and/or features.
-
FIG. 1 shows a network system and environment in accordance with one embodiment of the invention. -
FIG. 2 shows a general example of a computer that can be used in accordance with the invention. -
FIG. 3 is a block diagram illustrating selected components of an exemplary client computer in more detail. -
FIG. 4 is a flow diagram illustrating the distribution of a sealed computer and the unlocking of restricted functionality in accordance with one embodiment of the invention. -
FIG. 5 is a flowchart illustrating an exemplary process for creating a digest catalog. -
FIG. 6 is a flowchart illustrating an exemplary process for using a digest catalog. -
FIG. 7 is a flowchart illustrating an exemplary process for unlocking restricted functionality on a computer. -
FIG. 8 is an exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer. -
FIG. 9 is another exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer. -
FIG. 10 is a block diagram illustrating the remote storage of a digest catalog in accordance with one embodiment of the invention. -
FIG. 1 shows a network system andenvironment 100 in accordance with one embodiment of the invention. Generally, thesystem 100 includes one or more client orconsumer computers 102, one ormore suppliers 104, and can optionally include one ormore vendors 106 and one or more original equipment manufacturers (OEMs) 108. Although illustrated as business entities,suppliers 104,vendors 106, and OEMs 108 each include one or more computers via which they can interact withnetwork 110. Thecomputers 102,suppliers 104,vendors 106, and OEMs 108 communicate with one another over a data communications network. The data communications network inFIG. 1 is apublic network 110, such as the Internet. The data communications network might also include local-area networks and/or private wide-area networks, and can include both wired and wireless sections. Alternatively, one or more ofcomputers 102,suppliers 104,vendors 106, and OEMs 108 may communicate with each other directly rather than vianetwork 110. -
Client computer 102 represents any of a wide variety of conventional computing devices. Examples ofclient computers 102 include personal computers (e.g., portable, palm-top, or desktop computers), microprocessor-based or programmable consumer electronics (e.g., a “WEBTV” terminal or a gaming console), etc. -
Supplier 104 represents the source of additional electronic content, such as software applications or other files including instructions and/or data for a software application.Supplier 104 can be the actual author(s) of the electronic content, or alternatively an agent of the author(s) or other intervening device(s) between the actual author(s) and thenetwork 110. The electronic content can be designed to be a complete product by itself when executed bycomputer 102, or alternatively can be designed to work in conjunction with other software or hardware component(s). -
Vendor 106 is a retailer of the electronic content provided bysupplier 104. Examples ofvendor 106 include an Independent Software Vendor (ISV) or an Independent Hardware Vendor (IHV) that sell the electronic content provided bysupplier 104 for use withcomputers 102. -
OEM 108 is a manufacturer and retailer ofcomputers 102.OEM 108 may also be a retailer of the electronic content provided bysupplier 104. -
FIG. 2 shows a general example of acomputer 142 that can be used in accordance with the invention.Computer 142 is shown as an example of a computer that can perform the functions ofclient computer 102,supplier 104,vendor 106, orOEM 108 ofFIG. 1 .Computer 142 includes one or more processors orprocessing units 144, asystem memory 146, and asystem bus 148 that couples various system components including thesystem memory 146 toprocessors 144. - The
bus 148 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM) 150 and random access memory (RAM) 152. A basic input/output system (BIOS) 154, containing the basic routines that help to transfer information between elements withincomputer 142, such as during start-up, is stored inROM 150.Computer 142 further includes ahard disk drive 156 for reading from and writing to a hard disk, not shown, connected tobus 148 via a hard disk driver interface 157 (e.g., a SCSI, ATA, or other type of interface); amagnetic disk drive 158 for reading from and writing to a removablemagnetic disk 160, connected tobus 148 via a magneticdisk drive interface 161; and anoptical disk drive 162 for reading from or writing to a removableoptical disk 164 such as a CD ROM, DVD, or other optical media, connected tobus 148 via anoptical drive interface 165. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data forcomputer 142. Although the exemplary environment described herein employs a hard disk, a removablemagnetic disk 160 and a removableoptical disk 164, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, random access memories (RAMs) read only memories (ROM), and the like, may also be used in the exemplary operating environment. - A number of program modules may be stored on the hard disk,
magnetic disk 160,optical disk 164,ROM 150, orRAM 152, including anoperating system 170, one ormore application programs 172,other program modules 174, andprogram data 176.Operating system 170 can be any of a variety of operating systems, such as any of the “Windows” family of operating systems available from Microsoft Corporation of Redmond, Wash. A user may enter commands and information intocomputer 142 through input devices such askeyboard 178 andpointing device 180. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are connected to theprocessing unit 144 through an interface 182 that is coupled to the system bus. Amonitor 184 or other type of display device is also connected to thesystem bus 148 via an interface, such as avideo adapter 186. In addition to the monitor, personal computers typically include other peripheral output devices (not shown) such as speakers and printers. -
Computer 142 can optionally operate in a networked environment using logical connections to one or more remote computers, such as aremote computer 188. Theremote computer 188 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative tocomputer 142, although only amemory storage device 190 has been illustrated inFIG. 2 . The logical connections depicted inFIG. 2 include a local area network (LAN) 192 and a wide area network (WAN) 194. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet. In the described embodiment of the invention,remote computer 188 executes an Internet Web browser program such as the “Internet Explorer” Web browser manufactured and distributed by Microsoft Corporation of Redmond, Wash. - When used in a LAN networking environment,
computer 142 is connected to thelocal network 192 through a network interface oradapter 196. When used in a WAN networking environment,computer 142 typically includes amodem 198 or other means for establishing communications over thewide area network 194, such as the Internet. Themodem 198, which may be internal or external, is connected to thesystem bus 148 via aserial port interface 168. In a networked environment, program modules depicted relative to thepersonal computer 142, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used. -
Computer 142 can also optionally include one ormore broadcast tuners 200.Broadcast tuner 200 receives broadcast signals either directly (e.g., analog or digital cable transmissions fed directly into tuner 200) or via a reception device (e.g., via an antenna or satellite dish (not shown)). - Generally, the data processors of
computer 142 are programmed by means of instructions stored at different times in the various computer-readable storage media of the computer. Programs and operating systems are typically distributed, for example, on floppy disks or CD-ROMs. From there, they are installed or loaded into the secondary memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory. The invention described herein includes these and other various types of computer-readable storage media when such media contain instructions or programs for implementing the steps described below in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described below. Furthermore, certain sub-components of the computer may be programmed to perform the functions and steps described below. The invention includes such sub-components when they are programmed as described. In addition, the invention described herein includes data structures, described below, as embodied on various types of memory media. - For purposes of illustration, programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computer, and are executed by the data processor(s) of the computer.
- In the discussion below, embodiments of the invention will be described in the general context of computer-executable instructions, such as program modules, being executed by one or more conventional personal computers. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that various embodiments of the invention may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. In a distributed computer environment, program modules may be located in both local and remote memory storage devices.
- Alternatively, embodiments of the invention can be implemented in hardware or a combination of hardware, software, and/or firmware. For example, one or more modules for implementing the invention can be embodied in one or more application specific integrated circuits (ASICs).
-
FIG. 3 is a block diagram illustrating selected components of an exemplary client computer in more detail.Client computer 102 includes anoperating system 200, one ormore applications 202, and one ormore device drivers 204.Operating system 200 controls the execution ofsoftware applications 202 oncomputer 102, provides a user interface to allow users to interact withoperating system 200, and manages (with the assistance of device driver 204) the input and output of data and control information to and fromcomputer 102. -
Applications 202 represent software applications that can be executed bycomputer 102. Any of a wide variety of software applications can be executed bycomputer 102, including productivity, recreational, educational, entertainment, etc. applications.Device drivers 204 represent software modules that include instructions and/or data. Adevice driver 204 controls a corresponding peripheral device, allowingoperating system 200 to communicate with the peripheral device when coupled tocomputer 102. Examples of such peripheral devices include input devices (such as digital cameras, scanners, keyboards, cursor control devices, etc.), output devices (such as monitors, printers, etc.), and combinations thereof (e.g., modems, network adapters, etc.). - Selected components of
operating system 200 are illustrated inFIG. 3 , includingdevice loader 206,application loader 208, digestcatalog 210,cryptography module 212,access control list 214,file system module 216, and upgrademodule 220. Each of these components andmodules operating system 200, these instructions may be grouped together differently. -
Device loader 206 includes instructions forloading device drivers 204 stored in one or more files of nonvolatile memory into the volatile system RAM. Once loaded into system RAM, the processor ofcomputer 102 can execute (or otherwise access) the drivers, enablingoperating system 200 to communicate with the corresponding peripheral devices. - Similarly,
application loader 208 includes instructions forloading applications 202 stored in one or more files of nonvolatile memory into the volatile system RAM. Once loaded into system RAM, the processor ofcomputer 102 can execute (or otherwise access) the application. It should be noted that although device drivers and applications are loaded into system RAM, at various times some of their instructions may be stored in nonvolatile memory instead (e.g., using a conventional “swap” file on a hard disk). -
Digest catalog 210 stores digitally signed identifiers of thevarious applications 202 anddevice drivers 204 that should be executable oncomputer 102. Applications and drivers that “should be executable” oncomputer 102 refers to applications and/or drivers for which asupplier 104 ofFIG. 1 has given their permission to execute oncomputer 102, rather than a technical or compatibility issue withcomputer 102. -
Cryptography module 212 performs the necessary cryptographic functions of the invention, including generating and verifying digital signatures, encrypting and decrypting information, generating hash values from cryptographic hash functions, etc. The discussion herein assumes that the reader is familiar with public key cryptography. For a basic introduction to cryptography, the reader is directed to a text written by Bruce Schneier and entitled, “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” published by John Wiley & Sons, copyright 1994 (second edition 1996). -
Access control list 214 stores a set of one or more entities that are allowed to modify digestcatalog 210. An entity can be an individual or group of individuals, or alternatively machines (e.g., an identifier ofsupplier 104 orOEM 108 ofFIG. 1 ). The identity of any entity trying to modifydigest 210 is checked by operatingsystem 200. If the entity is not identified inaccess control list 214, then any attempts to modify digestcatalog 210 are ignored by operatingsystem 200. -
File system module 216 manages the storage ofapplications 202 anddevice drivers 204, as well as application data files (not shown) in the nonvolatile storage device(s) ofcomputer 102. - Certain functions of
operating system 200 may not be available to the user, illustrated as restrictedportion 218. Functionality ofoperating system 200 may be restricted, for example, in exchange for a lower purchase price forcomputer 102. However, upon certain conditions being satisfied, anoptional upgrade module 220 can “unlock” restrictedportion 218 making the restricted functionality available to the user. Such restricted functionality and “unlocking” is discussed in more detail below. -
FIG. 4 is a flow diagram illustrating the distribution of a sealed computer and the unlocking of restricted functionality in accordance with one embodiment of the invention. A sealedcomputer 232 is distributed from a vendor orOEM 234 to aconsumer 236.Sealed computer 232 can be, for example,client computer 102 ofFIGS. 1 and 3 , while vendor orOEM 234 can be, for example,vendor 106 orOEM 108 ofFIG. 1 . In exchange for sealedcomputer 232,consumer 236 provides an agreed upon sum of money 238 (or alternatively other compensation) to vendor orOEM 234. -
Sealed computer 232 includes various software applications and device drivers for a general purpose open architecture operating system. However, additional software applications and device drivers cannot be added to thecomputer 232, thereby “sealing” the computer and restricting it to executing only specified software applications and device drivers. - The sealing of
computer 232 ensures thatconsumer 236 is limited to executing only specific applications and device drivers (e.g., only those applications that are installed oncomputer 232 by vendor/OEM 234 and included oncomputer 232 at the time it is distributed to consumer 236). By preventing additional device drivers from being installed oncomputer 232,consumer 236 is further prevented from adding any additional peripheral devices (which would require an additional device driver(s)) tocomputer 232. - Purchase of a sealed
computer 232 can be a great benefit forconsumer 236. For example,consumer 236 could purchase a sealed computer at alower price 238 than he or she would have paid for a non-sealed computer. - A
computer 102 ofFIG. 3 can be “sealed” using features ofoperating system 200.Digest catalog 210 is loaded with a digitally signed hash value (or alternatively other identifier) for theapplications 202 anddevice drivers 204 that can be executed bycomputer 102.Operating system 200 allows only entities identified byaccess control list 214 to modify digestcatalog 210, so unauthorized individuals/devices are not able to add hash values for additional applications or device drivers to digestcatalog 210. - When a user wants to execute a
particular software application 202,application loader 208 generates a hash value for theapplication 202 and checks whether a corresponding digitally signed hash value exists indigest catalog 210. If such a digitally signed hash value exists, thenloader 208 loads the application; otherwise,loader 208 does not load the application. Analogous checks are performed bydevice loader 206 prior to loading adevice driver 204 for use with a particular hardware device. - Other techniques for sealing the
computer 102 can also be used, either in addition to or in place of the use of digestcatalog 210 discussed above. For example,file system module 216 can prevent the alteration of the files stored on the storage devices ofcomputer 102, such as by ignoring any requests to add or delete files.File system module 216 can prevent the alteration of files based on their location within the storage hierarchy of the storage devices (e.g., files cannot be deleted from particular folders or directories), based on their location on the storage device (e.g., files cannot be written to particular sectors of a hard disk), or alternatively without regard for the location of the files. -
FIG. 5 is a flowchart illustrating an exemplary process for creating digestcatalog 210 ofFIG. 3 . The acts ofFIG. 5 are implemented bysupplier 104,vendor 106, orOEM 108 ofFIG. 1 , or a combination thereof, and may be performed in software.FIG. 5 is described with additional reference to components inFIGS. 1 and 3 . - Initially, a file that is to be accessible at the computer device is selected (act 252), such as a file including instructions for an
application 202 ordevice driver 204. A hash value is then generated for the selected file (act 254). The hash value can be generated using any of a wide variety of conventional hash functions, including cryptographic one-way hash functions. Typically, such hash functions produce a different hash value for different input values. - The generated hash value is then digitally signed (act 256). The hash value can be digitally signed using any of a wide variety of conventional encryption techniques, such as the well-known RSA (Rivest, Shamir, and Adelman) public-key encryption technique. By digitally signing the hash value,
device loader 206 orapplication loader 208 can subsequently verify that the hash value was signed by the appropriate device (e.g.,supplier 104,vendor 106, or OEM 108) as discussed in more detail below. - The digitally signed hash value is then added to the digest catalog 210 (act 258). A check is then made as to whether any additional files are to be accessible at the computer (act 260). If no additional files are to be accessible at the computer, then the process ends (act 262). Otherwise, acts 252-258 are repeated for an additional file.
-
FIG. 6 is a flowchart illustrating an exemplary process for using digestcatalog 210 ofFIG. 3 in accessing files. The acts ofFIG. 6 are implemented bydevice loader 206 if adevice driver 204 is to be loaded, and byapplication loader 208 if anapplication 202 is to be loaded. The process ofFIG. 6 may be performed in software.FIG. 6 is described with additional reference to components inFIGS. 1, 3 and 5. - Eventually, a request to load a
software application 202 ordevice driver 204 is received (act 272). In response to the request, application loader 208 (or device loader 206) generates a hash value for the file(s) including the requested application (or device driver) (act 274). The hash function used to generate the hash value inact 274 is the same hash function as was used to generate the hash value inact 254 ofFIG. 5 . - Application loader 208 (or device loader 206) then decrypts the hash values in digest catalog 210 (act 276). The manner in which the hash values are decrypted is dependent on the manner in which they were encrypted. By way of example, if RSA public-key encryption was used to digitally sign the hash values in
act 256 ofFIG. 5 , then the public key for the signing device is used by loader 208 (or loader 206) in a conventional manner to decrypt the hash values. - Once decrypted, loader 208 (or loader 206) compares the decrypted hash values to the hash value generated in act 274 (act 278), and determines whether the generated hash value matches any of the decrypted hash values. If there is no match, then the request is denied and the requested
software application 202 ordevice driver 204 is not loaded (act 282). However, if there is a match, then the request is executed and the requestedsoftware application 202 ordevice driver 204 is loaded and executed (act 284). - Thus, even if a user were to obtain additional application or device driver files and add them to
computer 102, he or she would be unable to execute the corresponding application or driver asloader 206 orloader 208 would not load the files. Additionally, in some situations the user would be prevented from installing the application or device driver oncomputer 102. For example, many applications include an executable “setup” file that is executed by the processor ofcomputer 102 and that controls the installation of the necessary files for the application. In such situations, if a digitally signed hash value for the setup file is not included indigest catalog 210, then the setup file could not be loaded and executed oncomputer 102. - Returning to
FIG. 3 ,computer 102 may be a restricted device that can be subsequently upgraded. For example, certain functions may be stored in restrictedportion 218 and thus be unavailable to the user. However, under the appropriate circumstances, the instructions in restrictedportion 218 can be made available to the user. - Functionality of
operating system 200 can be restricted in a variety of manners in addition to or in place of the use of digestcatalog 210 described above. In accordance with one embodiment, the instructions that are executed by a processor to carry out the restricted functions are contained, in encrypted form, in restrictedportion 218 ofoperating system 200. These instructions may be grouped together in particular files that are encrypted, or alternatively distributed (in encrypted form) throughout the instructions ofoperating system 200. - Referring again to
FIG. 4 , adigital key 240 can be obtained from vendor/OEM 234 in exchange for an agreed upon sum of money (or alternatively other compensation) 242.Digital key 240 is used to “unlock” or otherwise make available the restricted functionality of the restricted (or alternatively sealed) computer. -
FIG. 7 is a flowchart illustrating an exemplary process for unlocking restricted functionality on a computer. The acts ofFIG. 7 are implemented byupgrade module 220 ofFIG. 3 , and may be performed in software.FIG. 7 is described with additional reference to components inFIGS. 1 and 5 . - Initially, upgrade
module 220 obtains a digital key to unlock the full version of the operating system (act 302). The digital key is then used to turn off or disable the lock down mechanisms(s) at the computer (act 304). In one implementation, the lock down mechanisms are disabled by disabling the signature checking ofdevice loader 206 andapplication loader 208 described above if the digital key is verified as being from the appropriate vendor (or OEM or supplier). This verification can be performed, for example, using the RSA public key of the vendor (or OEM or supplier). - The digital key is also used to decrypt any necessary files to generate the full version of the operating system (act 306). In one implementation, this decryption includes decrypting all of the instructions in restricted
portion 218. The exact manner in which the decryption occurs is dependent on the manner in which the files were originally encrypted (which is known to upgrademodule 220, or alternatively which is provided to upgrademodule 220 by the appropriate vendor, OEM, or supplier). - The digital key can be used to decrypt the necessary files to generate the full version of the operating system (act 306) in any of a variety of manners. By way of example, the digital key obtained in
act 302 may be (or may include) an RSA public key corresponding to the RSA private key that was used to encrypt the files prior to their placement incomputer 102. This RSA public key can be used in a conventional manner to decrypt the encrypted files. The full version functionality of the operating system is then installed (act 308), making all of the functions in restrictedportion 218 available to the user. - Returning again to
FIG. 3 , acomputer 102 may be limited to executing onlycertain software applications 202 and/ordevice drivers 204, withdevice loader 206 andapplication loader 208 loading only those device drivers and applications that have a corresponding encrypted hash value indigest catalog 210.Additional applications 202 anddevice drivers 204 can be made available to the user ofcomputer 102 by adding the appropriate digitally signed hash values to digestcatalog 210. Thus, for example, a user could purchase an additional software application (or peripheral device with an associated device driver) and be able to execute that application (or peripheral/driver) by adding the appropriate digitally signed hash value(s) corresponding to the files of the application (or driver) to the digestcatalog 210. -
FIG. 8 is an exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer. Such applications or drivers can be new applications or drivers that the consumer has not previously installed, or alternatively can be updates or upgrades for previously installed applications. In the case of upgrades or updates, new digital signatures can be obtained for the files that are updated/upgraded. A consumer 322 (usingclient computer 102 ofFIGS. 1 and 3 ) provides an agreed upon sum of money 324 (or alternatively other compensation) tovendor 326 in order to add the desired software applications and/or device drivers to his or her computer.Vendor 326 in turn provides an agreed upon sum of money 328 (or alternatively other compensation) tosupplier 330. -
Supplier 330 provides adigital signature 332 tovendor 326, which in turn providesdigital signature 332 toconsumer 322. By distributing digital signatures in the manner illustrated inFIG. 8 ,supplier 330 becomes the central authority for the distribution of the digital signatures. -
Supplier 330 can optionally insist thatvendor 326 satisfy various standards in order to obtain a digital signature. For example,supplier 330 may verify the identity of vendor 326 (e.g., using public key encryption techniques) and/or obtain assurances fromvendor 326 that improper actions will not be taken with digital signature(s) it receives fromsupplier 330. - Additionally,
supplier 330 may optionally provide a sum of money 334 (or alternatively other compensation) to anOEM 336 based on the receipt ofmoney 328.Supplier 330 may do so, for example, to provide an additional incentive toOEM 336 to market/advertise products for whichsupplier 330 providesdigital signatures 332. - By distributing digital signatures in the manner illustrated in
FIG. 8 ,supplier 330 maintains control over who is able to purchase and use its applications and/or device drivers. This control is maintained regardless of which vendor or OEM a user purchases the application and/or device drivers from. -
FIG. 9 is another exemplary flow diagram illustrating the distribution of digital signatures to add software applications and/or device drivers to a computer. Such applications or drivers can be new applications or drivers that the consumer has not previously installed, or alternatively can be updates or upgrades for previously installed applications. In the case of upgrades or updates, new digital signatures can be obtained for the files that are updated/upgraded. The discussion ofFIG. 9 is made with additional reference to elements inFIG. 3 . A consumer 352 (using aclient computer 102 ofFIGS. 1 and 3 ) requests the ability to use a particular software application or device driver that is not already available to him or her oncomputer 102. This request is transmitted toOEM 354 either directly fromconsumer 352 or alternatively viavendor 356. -
Consumer 352 provides an agreed upon sum of money 358 (or alternatively other compensation) to OEM in exchange for a digital signature that can be added to digestcatalog 210. The digital signature can be provided directly toconsumer 352 from OEM 354 (illustrated as digital signature 360), or alternatively via vendor 356 (illustrated as digital signature 362). - The digital signature that
OEM 354 can provide toconsumer 352 is received fromsupplier 364.Supplier 364 generates a digital signature (e.g., a digitally signed hash value) 366 for the application or device driver file(s) that correspond to the request ofconsumer 352. Thisdigital signature 366 may be provided toconsumer 352 asdigital signature OEM 354 may also digitally signdigital signature 366 and provide the resultant digital signature toconsumer 352 assignature supplier 364 may digitally sign files in different manners for different OEMs, thereby alleviatingOEM 354 from having to re-sign the signatures it receives but still tying the digital signature toOEM 354. -
OEM 354 also provides an agreed upon sum of money 368 (or alternatively other compensation) tosupplier 364 in exchange for thedigital signature 366.OEM 354 may also provide an agreed upon sum of money 370 (or alternatively other compensation) to vendor 356 (e.g., if the request for the ability to use the particular software application or device driver came fromvendor 356, or if the digital signature is provided toconsumer 352 via vendor 356). - Distributing digital signatures in the manner illustrated in
FIG. 9 allowsOEM 354 to maintain control over which applications and device drivers are executed on a computer. For example, ifOEM 354 is the manufacturer ofcomputer 102,OEM 354 can include digital signatures for only certain applications and device drivers indigest catalog 210 during the manufacturing process.Access control list 214 is also limited to includeonly OEM 354, thereby allowingonly OEM 354 to alter the contents of digestcatalog 210. These limitations oncomputer 102 limit the consumer to executing additional applications or device drivers only by obtaining the appropriate digital signatures for such, and the digital signatures can only come from OEM 354 (otherwise, they would not be added to digest catalog 210). -
Consumer 352 can receive significant benefit from such a distribution method, as the cost of theinitial computer 102 can be reduced; additional costs would be incurred only if and whenconsumer 352 wants the ability to execute the additional software applications or device drivers. - Furthermore, by obtaining subsequent software applications and device drivers directly from the same OEM as manufactured the computer, an additional level of assurance can be provided to the consumer that the requested applications/drivers will execute properly on
computer 102. For example, a computer as described herein that cost the same amount—or more—would be advantageous to people because the OEM would allow only “high quality” (e.g., tested and verified) drivers and/or applications to be run on the computer, resulting in a more reliable experience for the end user. -
Digest catalog 210 can be located locally atcomputer 102, or alternatively can be located at a remote location or separated amongcomputer 102 and one or more remote locations. -
FIG. 10 is a block diagram illustrating the remote storage of a digest catalog in accordance with one embodiment of the invention. Acomputer 102 is coupled to communicate with aserver 382 via adata communications network 110.Server 382 can be any of a wide variety of conventional computing devices, such ascomputer 142 ofFIG. 2 .Server 382 further includes digestcatalog 384. - In order to execute a particular software application or device driver, the
appropriate loader network 110 withserver 382. The digitally signed hash value(s) for the files of the requested application or driver are compared to those indigest catalog 384 and loaded only if a match is found. This comparison can be performed locally at client 102 (e.g., byloaders 206 and 208) or alternatively remotely atserver 382 and an indication returned tocomputer 102 fromserver 382 of the result of the comparison. - A consumer may provide monetary or other compensation to the owner of server 382 (e.g.,
OEM 354 ofFIG. 9 ) in exchange for access to digestcatalog 384. Such access may be for a limited time, such as monthly or annually. Such scenarios allow a user to obtain the ability to execute whatever applications/drivers are identified indigest catalog 384, which may be, for example, all of the software applications and drivers that are distributed byOEM 354. Such applications and drivers could be continually updated byOEM 354, thereby continually providing the consumer with the latest upgrades and versions of the applications and drivers. - The distribution models discussed above provide various techniques for expanding and/or contracting user rights. After distribution of a computer to a user, the user's rights can be expanded and/or contracted by, for example, a
supplier 104 orOEM 108. The computer will not execute applications and/or drivers for which the user does not have appropriate rights, thereby limiting the user's ability to use the computer beyond the agreed upon rights. - Although the description above uses language that is specific to structural features and/or methodological acts, it is to be understood that the invention defined in the appended claims is not limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the invention.
Claims (6)
1. An apparatus comprising:
a storage device to store a plurality of files; and
a processor, coupled to the storage device, to execute an operating system that includes a loader to load a file of the plurality of files into a memory device for execution by the processor only if the file has been properly digitally signed,
wherein the plurality of files includes a first set of files containing instructions corresponding to one or more software applications and a second set of files containing instructions corresponding to one or more device drivers.
2. An apparatus as recited in claim 1 , wherein the processor is further to determine whether the file has been properly digitally signed by generating a first hash value based on the file, accessing a second hash value stored in a digest catalog, and checking whether the first hash value and the second hash value are the same value.
3. An apparatus as recited in claim 2 , wherein the processor is to access the second hash value by decrypting a digitally signed value in the digest catalog.
4. One or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to perform acts including:
receiving a request to execute a series of instructions;
accessing a file including at least a subset of the series of instructions;
using a hash function to generate a hash value for the file;
checking whether the hash value is included in a record of hash values; and
loading the file into a memory device for execution by the one or more processors if the hash value is included in the record of hash values, and otherwise not loading the file into the memory device.
5. One or more computer-readable media as recited in claim 4 , wherein the checking comprises accessing the record of hash values stored in a remote storage device.
6. One or more computer-readable media as recited in claim 4 , wherein the checking comprises decrypting each of a plurality of digitally signed hash values in the record of hash values and comparing the hash value for the file to the decrypted digitally signed hash values.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/265,834 US20060059352A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US56809500A | 2000-05-09 | 2000-05-09 | |
US11/265,834 US20060059352A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US56809500A Division | 2000-05-09 | 2000-05-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060059352A1 true US20060059352A1 (en) | 2006-03-16 |
Family
ID=35997515
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/266,450 Expired - Lifetime US7603721B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,451 Expired - Fee Related US7536726B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/265,834 Abandoned US20060059352A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/265,938 Expired - Fee Related US7577853B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/265,899 Abandoned US20060059338A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,529 Abandoned US20060064596A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,468 Abandoned US20060053284A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,503 Abandoned US20060064595A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,465 Expired - Lifetime US7584512B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/266,450 Expired - Lifetime US7603721B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,451 Expired - Fee Related US7536726B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
Family Applications After (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/265,938 Expired - Fee Related US7577853B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/265,899 Abandoned US20060059338A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,529 Abandoned US20060064596A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,468 Abandoned US20060053284A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,503 Abandoned US20060064595A1 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
US11/266,465 Expired - Lifetime US7584512B2 (en) | 2000-05-09 | 2005-11-03 | Restricted software and hardware usage on a computer |
Country Status (1)
Country | Link |
---|---|
US (9) | US7603721B2 (en) |
Families Citing this family (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7603452B1 (en) | 2002-03-26 | 2009-10-13 | Symantec Corporation | Networked computer environment assurance system and method |
US20040049560A1 (en) * | 2002-09-09 | 2004-03-11 | Shudong Zhou | Method and apparatus for configuring a computer system to operate with perhiperal devices |
US8266215B2 (en) * | 2003-02-20 | 2012-09-11 | Sonicwall, Inc. | Using distinguishing properties to classify messages |
US7529754B2 (en) | 2003-03-14 | 2009-05-05 | Websense, Inc. | System and method of monitoring and controlling application files |
US7185015B2 (en) | 2003-03-14 | 2007-02-27 | Websense, Inc. | System and method of monitoring and controlling application files |
AU2004302108C1 (en) | 2003-08-08 | 2010-09-16 | Keiko Ogawa | Communication system, communication device, communication method, and communication program for realizing the same |
US7860239B2 (en) * | 2004-07-07 | 2010-12-28 | International Business Machines Corporation | Method and apparatus for metering usage of software products using multiple signatures |
US8453243B2 (en) * | 2005-12-28 | 2013-05-28 | Websense, Inc. | Real time lockdown |
US8010947B2 (en) | 2006-05-23 | 2011-08-30 | International Business Machines Corporation | Discovering multi-component software products based on weighted scores |
WO2008116346A1 (en) * | 2007-03-26 | 2008-10-02 | Intel Corporation | Enhanced digital right management framework |
US8239878B2 (en) * | 2007-05-31 | 2012-08-07 | Red Hat, Inc. | Verification of loadable objects |
US20090024805A1 (en) * | 2007-07-16 | 2009-01-22 | Harold Lee Peterson | System, method and computer-readable medium for enabling access to additional memory capacity |
US20090282212A1 (en) * | 2007-07-16 | 2009-11-12 | Digital Delivery Networks, Inc. | System for enabling access to additional memory and storage capacity |
US7962737B2 (en) * | 2007-11-21 | 2011-06-14 | Dell Products L.P. | Methods, media and apparatus for booting diskless systems |
US20090238365A1 (en) * | 2008-03-20 | 2009-09-24 | Kinamik Data Integrity, S.L. | Method and system to provide fine granular integrity to digital data |
FR2938950B1 (en) * | 2008-11-24 | 2011-01-14 | Peugeot Citroen Automobiles Sa | METHOD OF PROTECTING AGAINST THE INOPPORTUN TRIPPING OF A FUNCTIONAL ORGAN FUNCTIONING FUNCTION OF A MOTOR VEHICLE |
US8984296B1 (en) * | 2009-03-29 | 2015-03-17 | Cypress Semiconductor Corporation | Device driver self authentication method and system |
FR2945367B1 (en) * | 2009-05-11 | 2012-06-22 | Regie Autonome Transports | METHOD FOR CONTROLLING THE ACTIVATION OF AN APPLICATION ON A SECURE PLATFORM BY AN ACTOR EXTERIOR TO THE LOADING CHAIN |
JP5644194B2 (en) * | 2010-06-10 | 2014-12-24 | 株式会社リコー | Information protection device and information protection program |
US8949964B2 (en) | 2010-08-25 | 2015-02-03 | Gary Stephen Shuster | Security key entry using ancillary input device |
US9027102B2 (en) | 2012-05-11 | 2015-05-05 | Sprint Communications Company L.P. | Web server bypass of backend process on near field communications and secure element chips |
US9317689B2 (en) | 2012-06-15 | 2016-04-19 | Visa International Service Association | Method and apparatus for secure application execution |
US9282898B2 (en) | 2012-06-25 | 2016-03-15 | Sprint Communications Company L.P. | End-to-end trusted communications infrastructure |
US9183412B2 (en) | 2012-08-10 | 2015-11-10 | Sprint Communications Company L.P. | Systems and methods for provisioning and using multiple trusted security zones on an electronic device |
US10348821B2 (en) * | 2012-12-21 | 2019-07-09 | Dropbox, Inc. | Prioritizing structural operations and distributing changes in a synced online content management system |
US9578664B1 (en) | 2013-02-07 | 2017-02-21 | Sprint Communications Company L.P. | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system |
US9613208B1 (en) * | 2013-03-13 | 2017-04-04 | Sprint Communications Company L.P. | Trusted security zone enhanced with trusted hardware drivers |
US9324016B1 (en) | 2013-04-04 | 2016-04-26 | Sprint Communications Company L.P. | Digest of biographical information for an electronic device with static and dynamic portions |
US9838869B1 (en) | 2013-04-10 | 2017-12-05 | Sprint Communications Company L.P. | Delivering digital content to a mobile device via a digital rights clearing house |
US9560519B1 (en) | 2013-06-06 | 2017-01-31 | Sprint Communications Company L.P. | Mobile communication device profound identity brokering framework |
US9507814B2 (en) * | 2013-12-10 | 2016-11-29 | Vertafore, Inc. | Bit level comparator systems and methods |
US9747556B2 (en) | 2014-08-20 | 2017-08-29 | Vertafore, Inc. | Automated customized web portal template generation systems and methods |
US9779232B1 (en) | 2015-01-14 | 2017-10-03 | Sprint Communications Company L.P. | Trusted code generation and verification to prevent fraud from maleficent external devices that capture data |
US9838868B1 (en) | 2015-01-26 | 2017-12-05 | Sprint Communications Company L.P. | Mated universal serial bus (USB) wireless dongles configured with destination addresses |
US9819679B1 (en) | 2015-09-14 | 2017-11-14 | Sprint Communications Company L.P. | Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers |
US9600400B1 (en) | 2015-10-29 | 2017-03-21 | Vertafore, Inc. | Performance testing of web application components using image differentiation |
US10282719B1 (en) | 2015-11-12 | 2019-05-07 | Sprint Communications Company L.P. | Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit |
US9817992B1 (en) | 2015-11-20 | 2017-11-14 | Sprint Communications Company Lp. | System and method for secure USIM wireless network access |
US10499249B1 (en) | 2017-07-11 | 2019-12-03 | Sprint Communications Company L.P. | Data link layer trust signaling in communication network |
US11443018B2 (en) * | 2019-03-12 | 2022-09-13 | Xilinx, Inc. | Locking execution of cores to licensed programmable devices in a data center |
US11294992B2 (en) * | 2019-03-12 | 2022-04-05 | Xilinx, Inc. | Locking execution of cores to licensed programmable devices in a data center |
JP7262269B2 (en) * | 2019-03-27 | 2023-04-21 | キヤノン株式会社 | Information processing device, control method for information processing device, and program |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5293422A (en) * | 1992-09-23 | 1994-03-08 | Dynatek, Inc. | Usage control system for computer software |
US5365587A (en) * | 1993-03-11 | 1994-11-15 | International Business Machines Corporation | Self modifying access code for altering capabilities |
US5448641A (en) * | 1993-10-08 | 1995-09-05 | Pitney Bowes Inc. | Postal rating system with verifiable integrity |
US5748960A (en) * | 1993-08-10 | 1998-05-05 | Fischer; Addison M. | Method and apparatus for validating travelling object-oriented programs with digital signatures |
US5944821A (en) * | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US5966691A (en) * | 1997-04-29 | 1999-10-12 | Matsushita Electric Industrial Co., Ltd. | Message assembler using pseudo randomly chosen words in finite state slots |
US5968136A (en) * | 1997-06-05 | 1999-10-19 | Sun Microsystems, Inc. | Apparatus and method for secure device addressing |
US6175924B1 (en) * | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
US6298025B1 (en) * | 1997-05-05 | 2001-10-02 | Warner Music Group Inc. | Recording and playback of multi-channel digital audio having different resolutions for different channels |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US529422A (en) * | 1894-11-20 | James w | ||
US5005200A (en) * | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US4868877A (en) * | 1988-02-12 | 1989-09-19 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US5001752A (en) * | 1989-10-13 | 1991-03-19 | Fischer Addison M | Public/key date-time notary facility |
US5208853A (en) | 1991-09-09 | 1993-05-04 | Motorola, Inc. | Method and apparatus for usage protection of data files using split key and unique variable |
US5349643A (en) | 1993-05-10 | 1994-09-20 | International Business Machines Corporation | System and method for secure initial program load for diskless workstations |
JP3647907B2 (en) * | 1994-09-09 | 2005-05-18 | 富士通株式会社 | Encryption software decompression system |
US6067575A (en) * | 1995-12-08 | 2000-05-23 | Sun Microsystems, Inc. | System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs |
GB9626200D0 (en) | 1996-12-18 | 1997-02-05 | Ncr Int Inc | Secure data processing method and system |
US6230267B1 (en) * | 1997-05-15 | 2001-05-08 | Mondex International Limited | IC card transportation key set |
US6085321A (en) * | 1998-08-14 | 2000-07-04 | Omnipoint Corporation | Unique digital signature |
US6697948B1 (en) * | 1999-05-05 | 2004-02-24 | Michael O. Rabin | Methods and apparatus for protecting information |
-
2005
- 2005-11-03 US US11/266,450 patent/US7603721B2/en not_active Expired - Lifetime
- 2005-11-03 US US11/266,451 patent/US7536726B2/en not_active Expired - Fee Related
- 2005-11-03 US US11/265,834 patent/US20060059352A1/en not_active Abandoned
- 2005-11-03 US US11/265,938 patent/US7577853B2/en not_active Expired - Fee Related
- 2005-11-03 US US11/265,899 patent/US20060059338A1/en not_active Abandoned
- 2005-11-03 US US11/266,529 patent/US20060064596A1/en not_active Abandoned
- 2005-11-03 US US11/266,468 patent/US20060053284A1/en not_active Abandoned
- 2005-11-03 US US11/266,503 patent/US20060064595A1/en not_active Abandoned
- 2005-11-03 US US11/266,465 patent/US7584512B2/en not_active Expired - Lifetime
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5293422A (en) * | 1992-09-23 | 1994-03-08 | Dynatek, Inc. | Usage control system for computer software |
US5365587A (en) * | 1993-03-11 | 1994-11-15 | International Business Machines Corporation | Self modifying access code for altering capabilities |
US5748960A (en) * | 1993-08-10 | 1998-05-05 | Fischer; Addison M. | Method and apparatus for validating travelling object-oriented programs with digital signatures |
US5448641A (en) * | 1993-10-08 | 1995-09-05 | Pitney Bowes Inc. | Postal rating system with verifiable integrity |
US5944821A (en) * | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US5966691A (en) * | 1997-04-29 | 1999-10-12 | Matsushita Electric Industrial Co., Ltd. | Message assembler using pseudo randomly chosen words in finite state slots |
US6298025B1 (en) * | 1997-05-05 | 2001-10-02 | Warner Music Group Inc. | Recording and playback of multi-channel digital audio having different resolutions for different channels |
US5968136A (en) * | 1997-06-05 | 1999-10-19 | Sun Microsystems, Inc. | Apparatus and method for secure device addressing |
US6175924B1 (en) * | 1997-06-20 | 2001-01-16 | International Business Machines Corp. | Method and apparatus for protecting application data in secure storage areas |
Also Published As
Publication number | Publication date |
---|---|
US7536726B2 (en) | 2009-05-19 |
US20060059338A1 (en) | 2006-03-16 |
US20060053284A1 (en) | 2006-03-09 |
US7603721B2 (en) | 2009-10-13 |
US20060053283A1 (en) | 2006-03-09 |
US20060064596A1 (en) | 2006-03-23 |
US20060059366A1 (en) | 2006-03-16 |
US20060064595A1 (en) | 2006-03-23 |
US7584512B2 (en) | 2009-09-01 |
US20060059355A1 (en) | 2006-03-16 |
US20060064585A1 (en) | 2006-03-23 |
US7577853B2 (en) | 2009-08-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7603721B2 (en) | Restricted software and hardware usage on a computer | |
US7356682B2 (en) | Attesting to a value of a register and/or memory region | |
US7424606B2 (en) | System and method for authenticating an operating system | |
US6108420A (en) | Method and system for networked installation of uniquely customized, authenticable, and traceable software application | |
US6327652B1 (en) | Loading and identifying a digital rights management operating system | |
US6330670B1 (en) | Digital rights management operating system | |
US7516491B1 (en) | License tracking system | |
US6820063B1 (en) | Controlling access to content based on certificates and access predicates | |
US6411941B1 (en) | Method of restricting software operation within a license limitation | |
US9246916B2 (en) | Specifying rights in a digital rights license according to events | |
US8065521B2 (en) | Secure processor architecture for use with a digital rights management (DRM) system on a computing device | |
US7055040B2 (en) | Method and apparatus for uniquely and securely loading software to an individual computer | |
US20050060549A1 (en) | Controlling access to content based on certificates and access predicates | |
US7080249B1 (en) | Code integrity verification that includes one or more cycles | |
US7197144B1 (en) | Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users | |
JP3289656B2 (en) | Program execution control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034766/0001 Effective date: 20141014 |