Hierarchical trusted code for content protection in computers
First Claim
1. A system for handling digital content in a secure manner, comprising:
- a first module trusted by a content distributor for handling the digital content;
at least one other module specified by the first module as trusted for handling the digital content;
a secure memory for holding code and secret data for executing the modules, where the secure memory is divided into multiple pages; and
a table for storing a number of permissions for the modules for each of the pages.
2 Assignments
0 Petitions
Accused Products
Abstract
An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer'"'"'s bus, such as DMA controllers and peripherals.
-
Citations
59 Claims
-
1. A system for handling digital content in a secure manner, comprising:
-
a first module trusted by a content distributor for handling the digital content;
at least one other module specified by the first module as trusted for handling the digital content;
a secure memory for holding code and secret data for executing the modules, where the secure memory is divided into multiple pages; and
a table for storing a number of permissions for the modules for each of the pages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for handling digital content in a secure manner, comprising:
-
a first module trusted by a content distributor for handling the digital content;
at least one other module specified by the first module as trusted for handling the digital content;
a secure memory for holding code and secret data for executing the modules, where the secure memory is divided into multiple pages and where the memory is divided into a plurality of rings; and
a table for storing a number of permissions for the modules for each of the pages.
-
-
29. A system for handling digital content in a secure manner, comprising:
-
a secure loader for manipulating secret data;
a security manager named by the secure loader as trusted for handling secret premium data comprising the digital content;
a number of content providers named by the security manager as trusted for performing operations upon the premium data;
a secure memory, where the security manager specifies at least one entry point for multiple code modules executing in the secure memory. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A system for handling digital content in a secure manner, comprising:
-
a secure loader for manipulating secret data;
a security manager named by the secure loader as trusted for handling secret premium data comprising the digital content;
a number of content providers named by the security manager as trusted for performing operations upon the premium data; and
a secure memory, where the secure loader programs permissions for other code modules operating in the secure memory.
-
-
36. A system for handling digital content in a secure manner, comprising:
-
a secure loader for manipulating secret data;
a security manager named by the secure loader as trusted for handling secret premium data comprising the digital content;
a number of content providers named by the security manager as trusted for performing operations upon the premium data; and
a secure memory, and further comprising a memory manager for holding permissions for multiple pages in the secure memory. - View Dependent Claims (37)
-
-
38. A method implemented on a programmed digital computer for handling premium content, comprising:
-
executing a first code module;
calling a second code module from the first module;
determining that the second module is a trusted module;
setting pages in a secure memory for the use of the second module;
executing the second module from the secure memory. - View Dependent Claims (39, 40, 41, 42)
-
-
43. A method implemented on a programmed digital computer for handling premium content, comprising:
-
executing a first code module;
calling a second code module from the first module;
determining that the second module is a trusted module, where determining that the second module is trusted comprises determining that a previously trusted code module names the second module as trusted;
setting pages in a secure memory for the use of the second module;
executing the second module from the secure memory;
initiating a trusted interrupt handler for trapping interrupts during execution of the second module. - View Dependent Claims (44)
-
-
45. A method implemented on a programmed digital computer for handling premium content, comprising:
-
starting a secure loader in the digital computer;
initiating a secure session with the secure loader;
receiving a trusted security manager during the secure session;
storing the security manager to a nonvolatile storage;
thereafter, handling the premium content with the security manager;
storing the security manager in a secure memory, where handling the premium content comprises;
calling a code module for handling the premium content via an entry point in the security manager;
determining that the code module is named in the security manager as a trusted module;
designating one or more pages in the secure memory for the code module;
executing the code module from the designated pages. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. A medium bearing instructions and data for performing a method for handling premium content, the method comprising:
-
executing a first code module;
calling a second code module from the first module;
determining that the second module is a trusted module;
setting pages in a secure memory for the use of the second module;
executing the second module from the secure memory. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59)
-
Specification