Computer platforms and their methods of operation
First Claim
1. A computer platform comprising:
- a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;
means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, wherein the license-related code includes, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data;
means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and
means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
wherein;
the software executor (or at least one of the software executors) contains a public key of the trusted module and a licensing model for the respective particular data;
the platform includes an operating system that is configured to request the software executor that its respective particular data be used;
in response to such a request, that software executor is configured to request the secure executor to license-check, using its licensing model, whether the computer platform or a user thereof is licensed to use that particular data;
in response to such latter request, the secure executor is configured to perform the requested license-check, to sign the result of the license check using a private key of the trusted module, and to respond to that software executor with the signed result; and
in response to such a response, that software executor is configured;
to check the integrity of the signed result using the public key of the trusted module; and
upon a successful integrity check of a successful license-check result, to request the operating system to use that particular data.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.
304 Citations
24 Claims
-
1. A computer platform comprising:
-
a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate; means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, wherein the license-related code includes, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data; means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
wherein;the software executor (or at least one of the software executors) contains a public key of the trusted module and a licensing model for the respective particular data; the platform includes an operating system that is configured to request the software executor that its respective particular data be used; in response to such a request, that software executor is configured to request the secure executor to license-check, using its licensing model, whether the computer platform or a user thereof is licensed to use that particular data; in response to such latter request, the secure executor is configured to perform the requested license-check, to sign the result of the license check using a private key of the trusted module, and to respond to that software executor with the signed result; and in response to such a response, that software executor is configured; to check the integrity of the signed result using the public key of the trusted module; and upon a successful integrity check of a successful license-check result, to request the operating system to use that particular data. - View Dependent Claims (2, 3, 4)
-
-
5. A computer platform comprising:
-
a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate; means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, wherein the license-related code includes, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data; means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
wherein;the software executor (or at least one of the software executors) contains a public key of the trusted module and a licensing model for the respective particular data; the platform includes an operating system that is configured to request the software executor that its respective particular data be used; in response to such a request, the secure executor is configured to send to the respective software executor a request, signed using a private key of the trusted module, for a licensing model for the particular data; in response to such latter request, that software executor is configured; to check the integrity of the request using the public key of the trusted module; and upon a successful integrity check, to send the licensing model to the secure executor; and upon receipt of the licensing model, the secure executor is configured; to perform a license-check using that licensing model; and upon a successful license-check result, to request the operating system to use that particular data. - View Dependent Claims (6, 7, 8, 10)
-
-
9. A computer platform comprising:
-
a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate; means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, the license-related code including secure key-transfer code for enabling a license key to be transferred between the trusted module and a further trusted module of another computer platform; means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
whereinthe secure executor contains at least one licensing model; the operating system is configured to request the secure executor that particular data be used; and in response to such a request, the secure executor is configured; to perform a license-check using the, or one of the, licensing models; and upon a successful license-check, to request the operating system to use that particular data. - View Dependent Claims (11)
-
-
12. A computer platform comprising:
-
a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate; means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, the secure executor containing at least one licensing model; means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails;
whereinthe computer platform includes an operating system that is configured to request the software executor that its respective particular data be used; and in response to such a request, the secure executor is configured; to perform a license-check using the, or one of the, licensing models; and upon a successful license-check, to request the operating system to use that particular data; the computer platform further including a further, removable, trusted module containing a user identity; wherein the computer platform is configured to perform an authentication check between the first-mentioned trusted module and the removable trusted module; and wherein, upon license license-checking, the secure executor or software executor is configured to perform the license-check with reference to the user identity.
-
-
13. A computer platform having:
-
a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate; means for storing license-related code comprising, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data, the license-related code further comprising at least one of; a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the data and/or for monitoring its usage; a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation; and means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; wherein the computer platform is programmed so that, upon booting of the computer platform; the license-related code is integrity checked with reference to the signed version and the public key certificate; and if the integrity check fails, the license-related code is prevented from being loaded; and wherein the means for storing the license-related code and/or the means storing the hashed version of the license-related code are provided, at least in part, by the trusted module; and
further whereinthe software executor (or at least one of the software executors) is configured to request the trusted module to install particular data; in response to such a request, the secure loader within the trusted module is configured to license-check whether the computer platform or a user thereof is licensed to install that particular data and/or to check the integrity of that data and to respond to the operating system with the result of the check; and in dependence upon the response, the operating system is configured to install or not to install the particular data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification