Method and system for enforcing access to a computing resource using a licensing attribute certificate
First Claim
1. A method for enforcing access by a computer application to a computing resource controlled by a trusted computing base, comprising the steps of:
- generating enforcement data identifying usage of said computing resource;
embedding said enforcement data in a licensing attribute certificate;
cryptographically binding said licensing attribute certificate to said computing resource using a private key;
associating said licensing attribute certificate with said computer application; and
authenticating in said trusted computing base the use of said computing resource by said computer application using a public key corresponding to said private key.
2 Assignments
0 Petitions
Accused Products
Abstract
A licensing attribute certificate enables a trusted computing base to enforce access to a computing resource by a computer application. The licensing attribute certificate can contain enforcement data which limits the use of the computing resource. The licensing attribute certificate can also contain information allowing for the tracking of licensing data about the use of the computing resource. The use of a licensing attribute certificate to enforce access to a computing resource can allow products to be fielded which have their capability limited to a specific subset of functions. The enforcement data, the licensing data, and the data limiting the application to a specific subset of functions are cryptographically bound to the computing resource using a licensing attribute certificate according to the invention. Prior to allowing access to the computing resource by the computer application, a trusted computing base strongly authenticates that usage via the licensing attribute certificate.
-
Citations
47 Claims
-
1. A method for enforcing access by a computer application to a computing resource controlled by a trusted computing base, comprising the steps of:
-
generating enforcement data identifying usage of said computing resource;
embedding said enforcement data in a licensing attribute certificate;
cryptographically binding said licensing attribute certificate to said computing resource using a private key;
associating said licensing attribute certificate with said computer application; and
authenticating in said trusted computing base the use of said computing resource by said computer application using a public key corresponding to said private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for allowing a trusted computing base to use a licensing attribute certificate to track usage of a computing resource by a computer application, comprising the steps of:
-
generating usage data;
embedding said usage data in said licensing attribute certificate;
cryptographically binding said licensing attribute certificate to said computing resource using a private key;
associating said licensing attribute certificate with said computer application;
updating a usage database within said trusted computing base in accordance with the usage of said computing resource;
authenticating in said trusted computing base the use of said computing resource by said computer application;
validating said usage database against said usage data for permitted usage of said computing resource; and
disallowing usage of said computing resource if said validating step fails. - View Dependent Claims (23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40)
-
-
28. A system for enforcing access by a computer application to a computing resource controlled by a trusted computing base, comprising:
-
means for generating enforcement data;
means for embedding said enforcement data in a licensing attribute certificate;
means for cryptographically binding said licensing attribute certificate to said computing resource using a private key;
means for associating said licensing attribute certificate with said computer application; and
a trusted computing base for authenticating the use of said computing resource by a computer application using a public key corresponding to said private key.
-
-
34. A method for creating a licensing attribute certificate for enforcing access by a computer application to a computing resource controlled by a trusted computing base, comprising the steps of:
-
generating enforcement data identifying usage of said computing resource;
embedding said enforcement data in said licensing attribute certificate;
cryptographically binding said licensing attribute certificate to said computing resource using a private key; and
associating said licensing attribute certificate with said computer application.
-
-
41. A system for creating a licensing attribute certificate for enforcing access by a computer application to a computing resource controlled by a trusted computing base, comprising:
-
means for generating enforcement data identifying usage of said computing resource;
means for embedding said enforcement data in said licensing attribute certificate;
means for cryptographically binding said licensing attribute certificate to said computing resource using a private key; and
means for associating said licensing attribute certificate with said computer application. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
Specification