Systems and methods for integrity certification and verification of content consumption environments

US 6,931,545 B1
Filed: 08/28/2000
Issued: 08/16/2005
Est. Priority Date: 08/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing integrity certification and verification within content consumption or computing environments, said system comprising:

an identification and integrity certification and verification device, including;

a component registration database storing authentication information about one or more applications, systems or system components;

an integrity profile database storing at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;

a profile creation device coupled to the integrity profile database and the component registration database and which maintains the integrity profile and creates the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database;

a profile verification device coupled to the integrity profile database and which verifies authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment;

a component registration device coupled to the component registration database and which obtains the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and provides the authentication information to the component registration database; and

a profile distribution device coupled to the integrity profile database and which receives an identification of the integrity profile and determines if the integrity profile corresponding to the integrity profile identification is available;

wherein the component registration device receives a component identification associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider;

the component registration device registers the one or more applications, systems or system components of the content consumption or computing application, system or system component provider; and

the component registration device returns the component identification of the registered applications, systems or system components to the content consumption or computing application, system or system component provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content provider, such as a document publisher or distributor, provides, for example, protected content to a user, for consumption within a trusted user environment. By providing integrity certification and verification services, the authenticity of the content consumption environments can be verified. The content provider forwards to the user a protected version of the digital content which includes, for example, a license agreement and an integrity profile identification. The profile includes, for example, the applications and system components that are allowed to be used in conjunction with the protected content. Additionally, the content provider initiates a request for an integrity profile. This request for the integrity profile is forwarded to an integrity certification and verification device. The integrity certification and verification device can, for example, if an integrity profile does not already exist for the requested applications and/or systems components, query a content consumption system/application provider, who, for example, has supplied the system components to the user. The content consumption system/application provider returns to the integrity certification and verification device authentication information about the particular applications or system components. The authentication information allows a comparison, or integrity verification, to be made between an application and/or system component on a user'"'"'s system, and the original application or system component as distributed by the content consumption system/application provider.

289 Citations

136 Claims

1. A system for providing integrity certification and verification within content consumption or computing environments, said system comprising:
- an identification and integrity certification and verification device, including;
  
  a component registration database storing authentication information about one or more applications, systems or system components;
  
  an integrity profile database storing at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;
  
  a profile creation device coupled to the integrity profile database and the component registration database and which maintains the integrity profile and creates the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database;
  
  a profile verification device coupled to the integrity profile database and which verifies authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment;
  
  a component registration device coupled to the component registration database and which obtains the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and provides the authentication information to the component registration database; and
  
  a profile distribution device coupled to the integrity profile database and which receives an identification of the integrity profile and determines if the integrity profile corresponding to the integrity profile identification is available;
  
  wherein the component registration device receives a component identification associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider;
  
  the component registration device registers the one or more applications, systems or system components of the content consumption or computing application, system or system component provider; and
  
  the component registration device returns the component identification of the registered applications, systems or system components to the content consumption or computing application, system or system component provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 2. The system of claim 1, wherein the integrity profile includes an identification of registered applications, systems or system components having authentication information stored in the component registration device.
  - 3. The system of claim 1, wherein the integrity profile comprises an identification of the one or more applications, systems or system components of the content consumption or computing environment.
  - 4. The system of claim 1, further comprising a content provider system coupled to the content consumption or computing environment.
  - 5. The system of claim 1, further comprising a content consumption or computing application, system or system component provider system coupled to the content consumption or computing environment.
  - 6. The system of claim 1, wherein, if a request for access is received, the profile verification device determines the authenticity of the one or more applications, systems or system components of the content consumption or computing environment and, if the one or more applications, systems or system components are not authentic, denies access to one or more documents in the content consumption or computing environment.
  - 7. The system of claim 1, wherein the identification and integrity certification and verification device is configured for certifying the integrity profile by comparing the integrity profile with the authentication information stored in a component registration database.
  - 8. The system of claim 1, further comprising access rights for at least one of enabling or disabling access to content associated with the content consumption or computing environment.
  - 9. The system of claim 1, wherein the identification and integrity certification and verification device is configured for digitally signing the integrity profile.
  - 10. The system of claim 9, wherein the identification and integrity certification and verification device is configured for forwarding the digitally signed integrity profile to the content consumption or computing environment.
  - 11. The system of claim 1, wherein the identification and integrity certification and verification device is configured for establishing a tamper resistant environment.
  - 12. The system of claim 1, wherein the profile verification device is configured for verifying the integrity profile.
  - 13. The system of claim 1, wherein the identification and integrity certification and verification device is configured for establishing that the one or more applications, systems, or system components of the content consumption environment is not being at least one of monitored, controlled or recorded by an unauthorized device.
  - 14. The system of claim 1, wherein the content consumption or computing application, system or system component provider communicates with the identification and integrity certification and verification device to request registration of the one or more applications, systems or system components.
  - 15. The system of claim 1, wherein the identification and integrity certification and verification device communicates with the content consumption or computing application, system or system component provider to secure the authentication information.
  - 16. The system of claim 15, wherein the authentication information includes one of a provider name, a component identification, a serial number, a version number, and a build number associated with the one or more applications, systems or system components.
  - 17. The system of claim 1, wherein the identification and integrity certification and verification device acquires the one or more applications, systems or system components of the content consumption or computing environment from the content consumption or computing application, system or system component provider.
  - 18. The system of claim 1, wherein the component registration device computes a hash value as an identification for authenticating the one or more applications, systems or system components of the content consumption or computing environment.
  - 19. The system of claim 18, wherein the component registration device stores the hash value in the component registration database.
  - 25. The system of claim 1, wherein the profile creation device builds the integrity profile for the one or more applications, systems or system components of the content consumption or computing environment.
  - 26. The system of claim 25, wherein the profile creation device retrieves an integrity value, including a hash value for each the one or more applications, systems or system components of the content consumption or computing environment from the component registration database.
  - 27. The system of claim 1, wherein the integrity profile includes an interaction relationship among the one or more applications, systems or system components of the content consumption or computing environment.
  - 28. The system of claim 27, wherein the interaction relationship is used to identify a calling and returning sequence of the one or more applications, systems or system components of the content consumption or computing environment in order to prevent unintended interaction with other components.
  - 29. The system of claim 28, wherein the integrity profile is digitally signed and the resulting signature is appended to the integrity profile.
  - 30. The system of claim 29, wherein a unique identification is associated with the integrity profile.
  - 31. The system of claim 1, wherein the component registration device receives meta information associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 32. The system of claim 1, wherein the registration by the component registration device includes characteristics, purposes, and behaviors associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 33. The system of claim 1, wherein the component registration device makes the component identification available to a content provider associated with the content consumption or computing application, system or system component provider.
  - 34. The system of claim 1, wherein the profile creation device receives the component identification of registered components of the registered applications, systems or system components.
  - 35. The system of claim 34, wherein the profile creation device generates the integrity profile by digitally signing and storing the component identification of the registered components of the registered applications, systems or system components in the integrity profile database.
  - 36. The system of claim 35, wherein the profile creation device combines the component identification of the registered components of the registered applications, systems or system components with information associated therewith.
  - 37. The system of claim 34, wherein the profile creation device returns the integrity profile identification associated with the integrity profile in response to the receipt of the component identification.
  - 38. The system of claim 37, wherein the profile distribution device receives the integrity profile identification.
  - 39. The system of claim 38, wherein the profile distribution device queries the integrity profile database to determine if an integrity profile corresponding to the integrity profile identification is available.
  - 40. The system of claim 39, wherein, if an integrity profile corresponding to the integrity profile identification is available, the profile distribution device returns the integrity profile corresponding to the integrity profile identification.
  - 41. The system of claim 39, wherein, if an integrity profile corresponding to the integrity profile identification is not available, the profile distribution device determines an integrity profile with aid from the profile creation device.
  - 42. The system of claim 1, wherein the profile verification device receives a component identification of the one or more applications, systems or system components of the content consumption or computing environment and the integrity profile identification.
  - 43. The system of claim 42, wherein the profile verification device compares the component identification, the integrity profile identification, and the corresponding integrity profile to determine verification data.
  - 44. The system of claim 43, wherein, if the component identification and the integrity profile match, the profile verification device verifies the integrity of the one or more applications, systems or system components of the content consumption or computing environment.
  - 45. The system of claim 43, wherein, if the component identification and the integrity profile do not match, the profile verification device determines that the one or more applications, systems or system components of the content consumption or computing environment are not specified in the integrity profile or the one or more applications, systems or system components of the content consumption or computing environment have been altered.

20. A system for providing integrity certification and verification within content consumption or computing environments, said system comprising:
- an identification and integrity certification and verification device, including;
  
  a component registration database storing authentication information about one or more applications, systems or system components;
  
  an integrity profile database storing at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;
  
  a profile creation device coupled to the integrity profile database and the component registration database and which maintains the integrity profile and creates the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database;
  
  a profile verification device coupled to the integrity profile database and which verifies authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment;
  
  a component registration device coupled to the component registration database and which obtains the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and provides the authentication information to the component registration database; and
  
  a profile distribution device coupled to the integrity profile database and which receives an identification of the integrity profile and determines if the integrity profile corresponding to the integrity profile identification is available;
  
  wherein the content consumption or computing application, system or system component provider connects to the component registration device to download a software application.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The system of claim 20, wherein the software application comprises a registration application that is executed locally by the content consumption or computing application, system or system component provider.
  - 22. The system of claim 21, wherein the registration application examines one or more applications, systems or system components of the content consumption or computing application, system or system component provider and sends authentication information pertaining thereto to the component registration device.
  - 23. The system of claim 22, wherein the authentication information includes an integrity value, including a hash value associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 24. The system of claim 22, wherein the component registration device stores the authentication information in the component registration database.

46. A device for providing identification and integrity certification and verification within content consumption or computing environments, said device comprising:
- a component registration database storing authentication information about one or more applications, systems or system components;
  
  an integrity profile database storing at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;
  
  a profile creation device coupled to the integrity profile database and the component registration database and which maintains the integrity profile and creates the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database;
  
  a profile verification device coupled to the integrity profile database and which verifies authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment;
  
  a component registration device coupled to the component registration database and which obtains the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and provides the authentication information to the component registration database; and
  
  a profile distribution device coupled to the integrity profile database and which receives an identification of the integrity profile and determines if the integrity profile corresponding to the integrity profile identification is available;
  
  wherein the component registration device receives a component identification associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider;
  
  the component registration device registers the one or more applications, systems or system components of the content consumption or computing application, system or system component provider; and
  
  the component registration device returns the component identification of the registered applications, systems or system components to the content consumption or computing application, system or system component provider.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
- - 47. The device of claim 46, wherein the integrity profile includes an identification of registered applications, systems or system components having authentication information stored in the component registration device.
  - 48. The device of claim 47, wherein the integrity profile comprises an identification of the one or more applications, systems or system components of the content consumption or computing environment.
  - 49. The device of claim 47, wherein a content provider system can be coupled to the content consumption or computing environment.
  - 50. The device of claim 47, wherein a content consumption or computing application, system or system component provider system can be coupled to the content consumption or computing environment.
  - 51. The device of claim 47, wherein, if a request for access is received, the profile verification device determines the authenticity of the one or more applications, systems or system components of the content consumption or computing environment and, if the one or more applications, systems or system components are not authentic, denies access to one or more documents in the content consumption or computing environment.
  - 52. The device of claim 47, wherein the device is configured for certifying the integrity profile by comparing the integrity profile with the authentication information stored in a component registration database.
  - 53. The device of claim 47, further comprising access rights for at least one of enabling or disabling access to content associated with the content consumption or computing environment.
  - 54. The device of claim 47, wherein the device is configured for digitally signing the integrity profile.
  - 55. The device of claim 54, wherein the device is configured for forwarding the digitally signed integrity profile to the content consumption or computing environment.
  - 56. The device of claim 47, wherein the device is configured for establishing a tamper resistant environment.
  - 57. The device of claim 47, wherein the profile verification device is configured for verifying the integrity profile.
  - 58. The device of claim 47, wherein the device is configured for establishing that the one or more applications, systems, or system components of the content consumption environment is not being at least one of monitored, controlled or recorded by an unauthorized device.
  - 59. The device of claim 47, wherein the content consumption or computing application, system or system component provider communicates with the identification and integrity certification and verification device to request registration of the one or more applications, systems or system components.
  - 60. The device of claim 47, wherein the device communicates with the content consumption or computing application, system or system component provider to secure the authentication information.
  - 61. The device of claim 60, wherein the authentication information includes one of a provider name, a component identification, a serial number, a version number, and a build number associated with the one or more applications, systems or system components.
  - 62. The device of claim 47, wherein the device acquires the one or more applications, systems or system components of the content consumption or computing environment from the content consumption or computing application, system or system component provider.
  - 63. The device of claim 47, wherein the component registration device computes a hash value as an identification for authenticating the one or more applications, systems or system components of the content consumption or computing environment.
  - 64. The device of claim 63, wherein the component registration device stores the hash value in the component registration database.
  - 70. The device of claim 47, wherein the profile creation device builds the integrity profile for the one or more applications, systems or system components of the content consumption or computing environment.
  - 71. The device of claim 70, wherein the profile creation device retrieves an integrity value, including a hash value for each the one or more applications, systems or system components of the content consumption or computing environment from the component registration database.
  - 72. The device of claim 47, wherein the integrity profile includes an interaction relationship among the one or more applications, systems or system components of the content consumption or computing environment.
  - 73. The device of claim 72, wherein the interaction relationship is used to identify a calling and returning sequence of the one or more applications, systems or system components of the content consumption or computing environment in order to prevent unintended interaction with other components.
  - 74. The device of claim 73, wherein the integrity profile is digitally signed and the resulting signature is appended to the integrity profile.
  - 75. The device of claim 74, wherein a unique identification is associated with the integrity profile.
  - 76. The device of claim 46, wherein the component registration device receives meta information associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 77. The device of claim 46, wherein the registration by the component registration device includes characteristics, purposes, and behaviors associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 78. The device of claim 46, wherein the component registration device makes the component identification available to a content provider associated with the content consumption or computing application, system or system component provider.
  - 79. The device of claim 46, wherein the profile creation device receives the component identification of registered components of the registered applications, systems or system components.
  - 80. The device of claim 79, wherein the profile creation device generates the integrity profile by digitally signing and storing the component identification of the registered components of the registered applications, systems or system components in the integrity profile database.
  - 81. The device of claim 80, wherein the profile creation device combines the component identification of the registered components of the registered applications, systems or system components with information associated therewith.
  - 82. The device of claim 79, wherein the profile creation device returns the integrity profile identification associated with the integrity profile in response to the receipt of the component identification.
  - 83. The device of claim 82, wherein the profile distribution device receives the integrity profile identification.
  - 84. The device of claim 83, wherein the profile distribution device queries the integrity profile database to determine if an integrity profile corresponding to the integrity profile identification is available.
  - 85. The device of claim 84, wherein, if an integrity profile corresponding to the integrity profile identification is available, the profile distribution device returns the integrity profile corresponding to the integrity profile identification.
  - 86. The device of claim 84, wherein, if an integrity profile corresponding to the integrity profile identification is not available, the profile distribution device determines an integrity profile with aid from the profile creation device.
  - 87. The device of claim 47, wherein the profile verification device receives a component identification of the one or more applications, systems or system components of the content consumption or computing environment and the integrity profile identification.
  - 88. The device of claim 87, wherein the profile verification device compares the component identification, the integrity profile identification, and the corresponding integrity profile to determine verification data.
  - 89. The device of claim 88, wherein, if the component identification and the integrity profile match, the profile verification device verifies the integrity of the one or more applications, systems or system components of the content consumption or computing environment.
  - 90. The device of claim 89, wherein, if the component identification and the integrity profile do not match, the profile verification device determines that the one or more applications, systems or system components of the content consumption or computing environment are not specified in the integrity profile or the one or more applications, systems or system components of the content consumption or computing environment have been altered.

65. A device for providing identification and integrity certification and verification within content consumption or computing environments, said device comprising:
- a component registration database storing authentication information about one or more applications, systems or system components;
  
  an integrity profile database storing at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;
  
  a profile creation device coupled to the integrity profile database and the component registration database and which maintains the integrity profile and creates the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database;
  
  a profile verification device coupled to the integrity profile database and which verifies authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment;
  
  a component registration device coupled to the component registration database and which obtains the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and provides the authentication information to the component registration database; and
  
  a profile distribution device coupled to the integrity profile database and which receives an identification of the integrity profile and determines if the integrity profile corresponding to the integrity profile identification is available;
  
  wherein the content consumption or computing application, system or system component provider connects to the component registration device to download a software application.
- View Dependent Claims (66, 67, 68, 69)
- - 66. The device of claim 65, wherein the software application comprises a registration application that is executed locally by the content consumption or computing application, system or system component provider.
  - 67. The device of claim 66, wherein the registration application examines one or more applications, systems or system components of the content consumption or computing application, system or system component provider and sends authentication information pertaining thereto to the component registration device.
  - 68. The device of claim 67, wherein the authentication information includes an integrity value, including a hash value associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 69. The device of claim 68, wherein the component registration device stores the authentication information in the component registration database.

91. A method for providing identification and integrity certification and verification within content consumption or computing environments, said method comprising:
- storing, in a component registration database, authentication information about one or more applications, systems or system components;
  
  storing, in an integrity profile database, at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;
  
  maintaining the integrity profile and creating the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database, via a profile creation device coupled to the integrity profile database and the component registration database;
  
  verifying authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment, via a profile verification device coupled to the integrity profile database;
  
  obtaining the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and providing the authentication information to the component registration database, via a component registration device coupled to the component registration database;
  
  receiving an identification of the integrity profile and determining if the integrity profile corresponding to the integrity profile identification is available, via a profile distribution device coupled to the integrity profile database;
  
  receiving, via the component registration device, a component identification associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider;
  
  registering, via the component registration device, the one or more applications, systems or system components of the content consumption or computing application, system or system component provider; and
  
  returning, via the component registration device, the component identification of the registered applications, systems or system components to the content consumption or computing application, system or system component provider.
- View Dependent Claims (92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136)
- - 92. The method of claim 91, wherein the integrity profile includes an identification of registered applications, systems or system components having authentication information stored in the component registration device.
  - 93. The method of claim 91, wherein the integrity profile comprises an identification of the one or more applications, systems or system components of the content consumption or computing environment.
  - 94. The method of claim 91, wherein a content provider system can be coupled to the content consumption or computing environment.
  - 95. The method of claim 91, wherein a content consumption or computing application, system or system component provider system can be coupled to the content consumption or computing environment.
  - 96. The method of claim 91, wherein, if a request for access is received, the method further comprises determining, via the profile verification device, the authenticity of the one or more applications, systems or system components of the content consumption or computing environment and, if the one or more applications, systems or system components are not authentic, denying access to one or more documents in the content consumption or computing environment.
  - 97. The method of claim 91, further comprising certifying the integrity profile by comparing the integrity profile with the authentication information stored in a component registration database.
  - 98. The method of claim 91, further comprising at least one of enabling or disabling, via access rights, access to content associated with the content consumption or computing environment.
  - 99. The method of claim 91, further comprising digitally signing the integrity profile.
  - 100. The method of claim 91, further comprising forwarding the digitally signed integrity profile to the content consumption or computing environment.
  - 101. The method of claim 91, further comprising establishing a tamper resistant environment.
  - 102. The method of claim 91, further comprising verifying, via the profile verification device, the integrity profile.
  - 103. The method of claim 91, further comprising establishing that the one or more applications, systems, or system components of the content consumption environment is not being at least one of monitored, controlled or recorded by an unauthorized device.
  - 104. The method of claim 91, wherein the content consumption or computing application, system or system component provider requests registration of the one or more applications, systems or system components.
  - 105. The method of claim 91, further comprising communicating with the content consumption or computing application, system or system component provider to secure the authentication information.
  - 106. The method of claim 105, wherein the authentication information includes one of a provider name, a component identification, a serial number, a version number, and a build number associated with the one or more applications, systems or system components.
  - 107. The method of claim 91, further comprising acquiring the one or more applications, systems or system components of the content consumption or computing environment from the content consumption or computing application, system or system component provider.
  - 108. The method of claim 91, further comprising computing, via the component registration device, a hash value as an identification for authenticating the one or more applications, systems or system components of the content consumption or computing environment.
  - 109. The method claim 108, further comprising storing, via the component registration device, the hash value in the component registration database.
  - 115. The method of claim 91, further comprising building, via the profile creation device, the integrity profile for the one or more applications, systems or system components of the content consumption or computing environment.
  - 116. The method of claim 115, further comprising retrieving, via the profile creation device, an integrity value, including a hash value for each the one or more applications, systems or system components of the content consumption or computing environment from the component registration database.
  - 117. The method of claim 91, wherein the integrity profile includes an interaction relationship among the one or more applications, systems or system components of the content consumption or computing environment.
  - 118. The method of claim 117, further comprising using the interaction relationship to identify a calling and returning sequence of the one or more applications, systems or system components of the content consumption or computing environment in order to prevent unintended interaction with other components.
  - 119. The method of claim 118, further comprising digitally signing the integrity profile, and appending the resulting signature to the integrity profile.
  - 120. The method of claim 119, further comprising associating a unique identification with the integrity profile.
  - 121. The method of claim 91, further comprising receiving, via the component registration device, meta information associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 122. The method of claim 91, wherein the registration by the component registration device includes characteristics, purposes, and behaviors associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 123. The method of claim 91, further comprising making, via the component registration device, the component identification available to a content provider associated with the content consumption or computing application, system or system component provider.
  - 124. The method of claim 91, further comprising receiving, via the profile creation device, the component identification of registered components of the registered applications, systems or system components.
  - 125. The method of claim 124, further comprising generating, via the profile creation device, the integrity profile by digitally signing and storing the component identification of the registered components of the registered applications, systems or system components in the integrity profile database.
  - 126. The method of claim 125, further comprising combining, via the profile creation device, the component identification of the registered components of the registered applications, systems or system components with information associated therewith.
  - 127. The method of claim 124, further comprising returning, via the profile creation device, the integrity profile identification associated with the integrity profile in response to the receipt of the component identification.
  - 128. The method of claim 127, further comprising receiving, via the profile distribution device, the integrity profile identification.
  - 129. The method of claim 128, further comprising querying, via the profile distribution device, the integrity profile database to determine if an integrity profile corresponding to the integrity profile identification is available.
  - 130. The method of claim 129, wherein, if an integrity profile corresponding to the integrity profile identification is available, the method further comprises returning, via the profile distribution device, the integrity profile corresponding to the integrity profile identification.
  - 131. The method of claim 129, wherein, if an integrity profile corresponding to the integrity profile identification is not available, the method further comprises determining, via the profile distribution device, an integrity profile with aid from the profile creation device.
  - 132. The method of claim 91, further comprising receiving, via the profile verification device, a component identification of the one or more applications, systems or system components of the content consumption or computing environment and the integrity profile identification.
  - 133. The method of claim 132, further comprising comparing, via the profile verification device, the component identification, the integrity profile identification, and the corresponding integrity profile to determine verification data.
  - 134. The method of claim 133, wherein, if the component identification and the integrity profile match, the method further comprises verifying, via the profile verification device, the integrity of the one or more applications, systems or system components of the content consumption or computing environment.
  - 135. The method of claim 134, wherein, if the component identification and the integrity profile do not match, the method further comprises determining, via the profile verification device, that the one or more applications, systems or system components of the content consumption or computing environment are not specified in the integrity profile or the one or more applications, systems or system components of the content consumption or computing environment have been altered.
  - 136. A computer program product including one or more computer readable instructions configured to cause one or more computer processors to perform the step recited in claim 91.

110. A method for providing identification and integrity certification and verification within content consumption or computing environments, said method comprising:
- storing, in a component registration database, authentication information about one or more applications, systems or system components;
  
  storing, in an integrity profile database, at least one integrity profile including verifiable information defining an authentic environment that is used to determine the authenticity of a collection of the one or more applications, systems or system components of a content consumption or computing environment and the authenticity of an interrelationship or dependency among the collection of the one or more applications, systems or system components;
  
  maintaining the integrity profile and creating the integrity profile based on the authentication information about the one or more applications, systems or system components stored in the component registration database, via a profile creation device coupled to the integrity profile database and the component registration database;
  
  verifying authenticity by comparing one or more of application, system or system component identifications, specified in the integrity profile with one or more applications, systems or system components of the content consumption or computing environment, via a profile verification device coupled to the integrity profile database;
  
  obtaining the authentication information about the one or more applications, systems or system components from a content consumption or computing application, system or system component provider and providing the authentication information to the component registration database, via a component registration device coupled to the component registration database;
  
  receiving an identification of the integrity profile and determining if the integrity profile corresponding to the integrity profile identification is available, via a profile distribution device coupled to the integrity profile database;
  
  wherein the content consumption or computing application, system or system component provider connects to the component registration device to download a software application.
- View Dependent Claims (111, 112, 113, 114)
- - 111. The method of claim 110, wherein the software application comprises a registration application that is executed locally by the content consumption or computing application, system or system component provider.
  - 112. The method of claim 111, further comprising examining, via the registration application, one or more applications, systems or system components of the content consumption or computing application, system or system component provider, and sending, via the registration application, authentication information pertaining thereto to the component registration device.
  - 113. The method of claim 112, wherein the authentication information includes an integrity value, including a hash value associated with the one or more applications, systems or system components of the content consumption or computing application, system or system component provider.
  - 114. The method of claim 113, further comprising storing, via the component registration device, the authentication information in the component registration database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Original Assignee
ContentGuard Holdings, Inc. (Pendrell Corporation)
Inventors
Wang, Xin, Ta, Thanh
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
Kim, Jung W

Application Number

US09/649,838
Time in Patent Office

1,814 Days
Field of Search

713/200, 713/156, 713/187
US Class Current

726/10
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

Systems and methods for integrity certification and verification of content consumption environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

289 Citations

136 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for integrity certification and verification of content consumption environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

289 Citations

136 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links