Computer platforms and their methods of operation

US 7,461,249 B1
Filed: 08/11/2000
Issued: 12/02/2008
Est. Priority Date: 08/13/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computer platform comprising:

a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;

means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, wherein the license-related code includes, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data;

means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and

means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and

wherein;

the software executor (or at least one of the software executors) contains a public key of the trusted module and a licensing model for the respective particular data;

the platform includes an operating system that is configured to request the software executor that its respective particular data be used;

in response to such a request, that software executor is configured to request the secure executor to license-check, using its licensing model, whether the computer platform or a user thereof is licensed to use that particular data;

in response to such latter request, the secure executor is configured to perform the requested license-check, to sign the result of the license check using a private key of the trusted module, and to respond to that software executor with the signed result; and

in response to such a response, that software executor is configured;

to check the integrity of the signed result using the public key of the trusted module; and

upon a successful integrity check of a successful license-check result, to request the operating system to use that particular data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.

304 Citations

24 Claims

1. A computer platform comprising:
- a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;
  
  means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, wherein the license-related code includes, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data;
  
  means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and
  
  means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
  
  wherein;
  
  the software executor (or at least one of the software executors) contains a public key of the trusted module and a licensing model for the respective particular data;
  
  the platform includes an operating system that is configured to request the software executor that its respective particular data be used;
  
  in response to such a request, that software executor is configured to request the secure executor to license-check, using its licensing model, whether the computer platform or a user thereof is licensed to use that particular data;
  
  in response to such latter request, the secure executor is configured to perform the requested license-check, to sign the result of the license check using a private key of the trusted module, and to respond to that software executor with the signed result; and
  
  in response to such a response, that software executor is configured;
  
  to check the integrity of the signed result using the public key of the trusted module; and
  
  upon a successful integrity check of a successful license-check result, to request the operating system to use that particular data.
- View Dependent Claims (2, 3, 4)
- - 2. A computer platform as claimed in claim 1, wherein the operating system is programmed to use the particular data only in response to the secure executor or the software executor.
  - 3. A computer platform as claimed in claim 1, wherein the trusted module is configured to log the request to the operating system to use the data.
  - 4. A computer platform as claimed in claim 1;
    - further including a further, removable, trusted module containing a user identity;
      
      wherein the platform is configured to perform an authentication check between the first-mentioned trusted module and the removable trusted module; and
      
      wherein, upon license-checking, the secure executor or software executor is configured to perform the license-check with reference to the user identity.

5. A computer platform comprising:
- a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;
  
  means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, wherein the license-related code includes, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data;
  
  means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and
  
  means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
  
  wherein;
  
  the software executor (or at least one of the software executors) contains a public key of the trusted module and a licensing model for the respective particular data;
  
  the platform includes an operating system that is configured to request the software executor that its respective particular data be used;
  
  in response to such a request, the secure executor is configured to send to the respective software executor a request, signed using a private key of the trusted module, for a licensing model for the particular data;
  
  in response to such latter request, that software executor is configured;
  
  to check the integrity of the request using the public key of the trusted module; and
  
  upon a successful integrity check, to send the licensing model to the secure executor; and
  
  upon receipt of the licensing model, the secure executor is configured;
  
  to perform a license-check using that licensing model; and
  
  upon a successful license-check result, to request the operating system to use that particular data.
- View Dependent Claims (6, 7, 8, 10)
- - 6. A computer platform as claimed in claim 5, wherein the operating system is programmed to use the particular data only in response to the secure executor or the software executor.
  - 7. A computer platform as claimed in claim 5, wherein the trusted module is configured to log the request to the operating system to use the data.
  - 8. A computer platform as claimed in claim 5;
    - further including a further, removable, trusted module containing a user identity;
      
      wherein the platform is configured to perform an authentication check between the first-mentioned trusted module and the removable trusted module; and
      
      wherein, upon license-checking, the secure executor or software executor is configured to perform the license-check with reference to the user identity.
  - 10. A computer platform as claimed in claim 8, wherein the operating system is programmed to use the particular data only in response to the secure executor or the software executor.

9. A computer platform comprising:
- a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;
  
  means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, the license-related code including secure key-transfer code for enabling a license key to be transferred between the trusted module and a further trusted module of another computer platform;
  
  means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and
  
  means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails; and
  
  whereinthe secure executor contains at least one licensing model;
  
  the operating system is configured to request the secure executor that particular data be used; and
  
  in response to such a request, the secure executor is configured;
  
  to perform a license-check using the, or one of the, licensing models; and
  
  upon a successful license-check, to request the operating system to use that particular data.
- View Dependent Claims (11)
- - 11. A computer platform as claimed in claim 9, wherein the trusted module is configured to log the request to the operating system to use the particular data.

12. A computer platform comprising:
- a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;
  
  means for storing license-related code comprising at least one of a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the particular data and/or for monitoring its usage, and a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation, the secure executor containing at least one licensing model;
  
  means for storing a hashed version of the license-related code signed with the third party'"'"'s private key; and
  
  means for integrity checking the license-related code with reference to the signed version and the public key certificate and preventing the license-related code from being loaded if the integrity check fails;
  
  whereinthe computer platform includes an operating system that is configured to request the software executor that its respective particular data be used; and
  
  in response to such a request, the secure executor is configured;
  
  to perform a license-check using the, or one of the, licensing models; and
  
  upon a successful license-check, to request the operating system to use that particular data;
  
  the computer platform further including a further, removable, trusted module containing a user identity;
  
  wherein the computer platform is configured to perform an authentication check between the first-mentioned trusted module and the removable trusted module; and
  
  wherein, upon license license-checking, the secure executor or software executor is configured to perform the license-check with reference to the user identity.

13. A computer platform having:
- a trusted module which is resistant to internal tampering and which stores a third party'"'"'s public key certificate;
  
  means for storing license-related code comprising, for at least one group of particular data, a (or a respective) software executor which specifies the respective group of particular data and which is configured to act as an interface to that group of particular data, the license-related code further comprising at least one of;
  
  a secure executor for checking whether the computer platform or a user thereof is licensed to use particular data and for providing an interface for using the data and/or for monitoring its usage;
  
  a secure loader for checking whether the computer platform or a user thereof is licensed to install particular data and/or for checking for data integrity before installation; and
  
  means for storing a hashed version of the license-related code signed with the third party'"'"'s private key;
  
  wherein the computer platform is programmed so that, upon booting of the computer platform;
  
  the license-related code is integrity checked with reference to the signed version and the public key certificate; and
  
  if the integrity check fails, the license-related code is prevented from being loaded; and
  
  wherein the means for storing the license-related code and/or the means storing the hashed version of the license-related code are provided, at least in part, by the trusted module; and
  
  further whereinthe software executor (or at least one of the software executors) is configured to request the trusted module to install particular data;
  
  in response to such a request, the secure loader within the trusted module is configured to license-check whether the computer platform or a user thereof is licensed to install that particular data and/or to check the integrity of that data and to respond to the operating system with the result of the check; and
  
  in dependence upon the response, the operating system is configured to install or not to install the particular data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. A computer platform as claimed in claim 13, wherein the platform includes an operating system programmed to install the particular data only in response to the trusted module.
  - 15. A computer platform as claimed in claim 13, wherein the trusted module and an operating system of the platform have a dedicated communications path therebetween which is inaccessible to other parts of the computer platform, and wherein the response from the trusted module to the operating system is supplied via the dedicated communications path.
  - 16. A computer platform as claimed in claim 13, wherein, if the check succeeds, the trusted module is configured to generate a log for auditing the particular data.
  - 17. A computer platform as claimed in claim 13, wherein, if the check succeeds, the secure loader is configured to perform a virus check on the particular data.
  - 18. A computer platform as claimed in claim 13, wherein, upon installation, the particular data is installed into the trusted module.
  - 19. A computer platform as claimed in claim 13:
    - further including a further, removable, trusted module;
      
      wherein the platform is configured to perform an authentication check between the first-mentioned trusted module and the removable trusted module; and
      
      wherein, upon installation, the particular data is installed into the further trusted module.
  - 20. A computer platform as claimed in claim 13, wherein:
    - the secure executor contains at least one licensing model;
      
      the software executor (or at least one of the software executors) is configured to request the trusted module that its respective data be used;
      
      in response to such a request, the secure executor within the trusted module is configured;
      
      to perform a license-check using the, or one of the, licensing models; and
      
      upon a successful license-check, to request the operating system to use that data.
  - 21. A computer platform as claimed in claim 20, wherein the operating system is programmed to use the particular data only in response to the trusted module.
  - 22. A computer platform as claimed in claim 20, wherein the trusted module and an operating system of the platform have a dedicated communications path therebetween which is inaccessible to other parts of the computer platform, and wherein the request from the secure executor to the operating system to use the data is supplied via the dedicated communications path.
  - 23. A computer platform as claimed in claim 20, wherein the trusted module is configured to log the request to the operating system to use the data.
  - 24. A computer platform as claimed in claim 20;
    - further including a further, removable, trusted module containing a user identity;
      
      wherein the platform is configured to perform an authentication check between the first-mentioned trusted module and the removable trusted module; and
      
      wherein, upon license-checking, the secure executor or software executor is configured to perform the license-check with reference to the user identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Chan, David, Pearson, Siani Lynne
Primary Examiner(s)
Revak; Christopher A

Application Number

US10/049,211
Time in Patent Office

3,035 Days
Field of Search

726/26
US Class Current

713/156
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/123   by using dedicated hardware...

G06F 21/445   by mutual authentication, e...

G06F 21/57   Certifying or maintaining t...

G06F 2211/009   Trust

G06F 2221/2105   Dual mode as a secondary as...

Computer platforms and their methods of operation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

304 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Computer platforms and their methods of operation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

304 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others