Processing unit enclosed operating system

US 20070061535A1
Filed: 09/12/2005
Published: 03/15/2007
Est. Priority Date: 09/12/2005
Status: Abandoned Application

First Claim

Patent Images

1. A processing unit for use in an electronic device comprising:

an instruction processing unit;

a communication interface;

an identification indicia;

a policy management circuit;

an enforcement circuit;

a clock circuit providing a monotonically increasing time base; and

a tamper-resistant memory storing data corresponding to a usage policy that regulates operation of the electronic device in compliance with the usage policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.

Citations

20 Claims

1. A processing unit for use in an electronic device comprising:
- an instruction processing unit;
  
  a communication interface;
  
  an identification indicia;
  
  a policy management circuit;
  
  an enforcement circuit;
  
  a clock circuit providing a monotonically increasing time base; and
  
  a tamper-resistant memory storing data corresponding to a usage policy that regulates operation of the electronic device in compliance with the usage policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The processing unit of claim 1, wherein the usage policy specifies a system setting corresponding to resource usage in the electronic device.
  - 3. The processing unit of claim 1, wherein the usage policy comprises an operational value corresponding to at least one of metering by time and metering by usage.
  - 4. The processing unit of claim 1, further comprising software code stored in the tamper-resistant memory implementing a privacy function, the privacy function for securing information corresponding to user data.
  - 5. The processing unit of claim 1, wherein the communication interface provides data to an application program interface for communicating policy updates.
  - 6. The processing unit of claim 1, wherein the policy management circuit determines when to meter usage of the electronic device.
  - 7. The processing unit of claim 1, wherein the enforcement circuit limits the operation of the electronic device when the policy management circuit determines operation is not in compliance with the policy.
  - 8. The processing unit of claim 1, further comprising software code stored in the tamper-resistant memory for implementing a biometric authentication function.
  - 9. The processing unit of claim 1, further comprising software code stored in the tamper-resistant memory for implementing a cryptographic function, whereby a policy update is cryptographically verified before installation.
  - 10. The processing unit of claim 9, wherein the cryptographic function is operable to establish a trusted relationship with another component of the electronic device.
  - 11. The processing unit of claim 1, wherein the policy defines a hardware configuration.
  - 12. The processing unit of claim 1, wherein the policy defines a memory configuration that excludes external system memory from general use by allocating the external system memory to the tamper-resistant memory.
  - 13. The processing unit of claim 1, further comprising software code stored in the tamper-resistant memory for implementing a stored value function.

14. A computer adapted for use in compliance with a policy corresponding to at least one of a memory configuration, a processing capacity, a metering requirement, and authorization for a peripheral, the computer comprising:
- a volatile memory;
  
  a non-volatile memory;
  
  an input interface;
  
  a communication interface; and
  
  a processing unit coupled to the volatile memory, the non-volatile memory, the input interface, and the output interface, the processing unit comprising;
  
  an instruction processing unit;
  
  a data bus interface;
  
  a policy management function;
  
  an enforcement function;
  
  a tamper-resistant clock; and
  
  a secure memory storing the policy;
  
  wherein the computer operates in accordance with the policy stored in the secure memory.
- View Dependent Claims (15, 16)
- - 15. The computer of claim 14, wherein data corresponding to the policy is received via one of the input interface and the communication interface.
  - 16. The computer of claim 14, wherein the processing unit further comprises a cryptographic function.

17. A method of operating a computer having a processing unit with a tamper-resistant memory, the method comprising:
- executing computer instructions to boot the computer;
  
  executing computer instructions to read a policy from the tamper-resistant memory, the policy corresponding to at least one of a memory configuration, a processing capacity, a metering requirement, and authorization for a peripheral; and
  
  executing computer instructions to operate the computer according to the policy.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - placing the computer in a restricted usage mode;
      
      receiving a restoration code including a time indication; and
      
      comparing the time indication to an internal clock function.
  - 19. The method of claim 17, further comprising:
    - determining when the policy requires metered usage of the computer;
      
      metering the usage according to the policy.
  - 20. The method of claim 17, wherein executing computer instructions to operate the computer according to the policy further comprises executing computer instructions to reallocate system memory to the tamper-resistant memory making it unavailable for general use by the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hall, Martin, Phillips, Thomas, Xu, Zhangwei, Frank, Alexander, Duffus, James, Ahdout, Isaac, Steeb, Curt

Application Number

US11/224,418
Publication Number

US 20070061535A1
Time in Patent Office

Days
Field of Search
US Class Current

711/167
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/57   Certifying or maintaining t...

G06F 21/71   to assure secure computing ...

G06F 21/73   by creating or determining ...

G06F 21/79   in semiconductor storage me...

G06F 21/86   Secure or tamper-resistant ...

G06F 2221/2135   Metering

Processing unit enclosed operating system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Processing unit enclosed operating system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links