Isolated computing environment anchored into CPU and motherboard

US 20060107328A1
Filed: 12/22/2004
Published: 05/18/2006
Est. Priority Date: 11/15/2004
Status: Active Grant

First Claim

Patent Images

1. A computer adapted to execute a program code in an isolated computing environment, the computer comprising:

an isolated computing environment for executing a program code, a secure memory, the secure memory accessible only to the program code and inaccessible to a second program code executed by an other execution environment;

a logic circuit for causing the processor to execute from the secure memory; and

a clock for timing events, the clock coupled to logic circuit, wherein the program code is invoked responsive to a signal from the clock.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer is adapted for pay-for-use operation by adding a isolated computing environment to a standard computer. The isolated computing environment may include a trusted non-volatile memory, a digital signature verification capability, a clock or timer and a logic circuit for triggering execution of a validation program responsive to the clock or timer. The isolated computing environment may be protected from tampering by physical or cryptographic mechanisms, or both. The validation program measures or monitors for non-compliant states of the computer and may enforce sanctions when non-compliant states of the computer are detected.

Citations

20 Claims

1. A computer adapted to execute a program code in an isolated computing environment, the computer comprising:
- an isolated computing environment for executing a program code, a secure memory, the secure memory accessible only to the program code and inaccessible to a second program code executed by an other execution environment;
  
  a logic circuit for causing the processor to execute from the secure memory; and
  
  a clock for timing events, the clock coupled to logic circuit, wherein the program code is invoked responsive to a signal from the clock.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer of claim 1, wherein the other execution environment comprises one of an operating system, a basic input/output structure (BIOS) and a kernel.
  - 3. The computer of claim 1, wherein the program code is one of a service and an application.
  - 4. The computer of claim 1, wherein the program code monitors a state of the computer.
  - 5. The computer of claim 4, wherein the computer further comprises a processor and the state of the computer is one of a state of a resource used by an operating system, a state of an application program, a state of a BIOS extension, and a state of the processor.
  - 6. The computer of claim 5, wherein the processor comprises the isolated computing environment.
  - 7. The computer of claim 4, wherein the program code enforces a policy related to the state of the computer.
  - 8. The computer of claim 7, wherein the policy related to the state of the computer comprises one of reducing a processing speed of the computer and reducing a functional operation of the computer.
  - 9. The computer of claim 1, further comprising a motherboard, the isolated computing environment disposed on the motherboard, the isolated computing environment comprising the secure memory and the clock.

10. An isolated computing environment for use in a computer, the isolated computing environment comprising:
- a memory secure from access by unauthorized execution environments;
  
  a program stored in the memory and coded to measure a condition of the computer, the condition corresponding to a predetermined desired state of operation of the computer;
  
  a logic circuit for causing execution of the program; and
  
  a clock for timing an interval, wherein the clock triggers the logic circuit to execute the program corresponding to the interval.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The isolated computing environment of claim 10, wherein access to the memory requires cryptographic identification of an authorized execution environment.
  - 12. The isolated computing environment of claim 10, wherein the isolated computing environment is permanently disposed in the computer.
  - 13. The isolated computing environment of claim 10, further comprising a digital signature verification circuit for determining a hash of a memory range.
  - 14. The isolated computing environment of claim 10, further comprising a digital signature verification circuit for validating a digital signature of a message to change the program.
  - 15. The isolated computing environment of claim 10, further comprising a digital signature verification circuit for validating a digital signature of an application program executed by the computer.
  - 16. The isolated computing environment of claim 10, wherein the isolated computing environment has access to computation resources used by one of an operating system and an application program.

17. A method of manufacturing a computer adapted for pay-per-use operation comprising:
- providing a computer motherboard;
  
  disposing an isolated computing environment on the motherboard, the isolated computing environment comprising;
  
  a secure memory;
  
  a clock for timing an interval; and
  
  a logic circuit for causing execution of code stored in the secure memory;
  
  protecting the isolated computing environment from tampering; and
  
  disposing a program code in the secure memory, the program code, when executed, for determining a state of the computer and for enforcing a policy when the state of the computer meets a condition.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein disposing the isolated computing environment on the motherboard further comprises:
    - disposing the isolated computing environment in a processor; and
      
      disposing the processor on the motherboard.
  - 19. The method of claim 17, wherein disposing the isolated computing environment on the motherboard further comprises:
    - disposing the isolated computing environment on the motherboard; and
      
      securing the isolated computing environment to the motherboard using a destructive coating.
  - 20. The method of claim 17, further comprising:
    - altering a state of the computer, the state of the computer comprising one of attaching an unauthorized peripheral, executing an unauthorized code, and operating the computer past an expiration date; and
      
      testing that the isolated computing environment enforces the policy corresponding to the state of the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Frank, Alexander, Phillips, Thomas G., Hall, Martin H.

Granted Patent

US 8,464,348 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/123   by using dedicated hardware...

G06F 21/50   Monitoring users, programs ...

G06F 21/725   operating on a secure refer...

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/145   Payments according to the d...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G07F 7/082   Features insuring the integ...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/12   Details relating to cryptog...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 67/125   involving control of end-de...

H04L 67/34   involving the movement of s...

H04L 9/3247   involving digital signatures

Isolated computing environment anchored into CPU and motherboard

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Isolated computing environment anchored into CPU and motherboard

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links