License tracking system

US 7,516,491 B1
Filed: 04/02/2003
Issued: 04/07/2009
Est. Priority Date: 10/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method for maintaining remote data, the method comprising the following steps, in any suitable order:

running an authenticated program on a trusted platform;

binding a first register and a second register on said trusted platform to said authenticated program;

storing a random secret in said first register, and insuring that only said authenticated program can read said random secret while said binding is in effect;

storing a unique integer value in a second register on said platform, and insuring that only said authenticated program can write to said second register while said binding is in effect;

deriving cipher keys from said first register and said second register;

maintaining exclusive access to a persistent data structure;

protecting said persistent data structure with said cipher keys;

parsing said persistent data structure into a list of controlled values, and modifying said controlled values based on commands from remote owners;

accepting a command from an authenticated server;

changing one of said controlled values, pursuant to said command;

changing said unique value in said second register to a distinct value;

loading said persistent data structure, and extracting a previously-saved second register value;

comparing said previously-saved second register value against the current value of said second register; and

refusing to decrypt if the values do not match.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for remotely maintaining data that is critical for license enforcement. The data consists of named values, is kept on a user'"'"'s trusted platform, and encrypted with the use of keys that are stored in two special registers. One register is exclusively readable by a trusted program, and holds a long-term secret. Another register is exclusively writable, and changed often, so that old backups of the named values can only be read if suitable permissions are obtained. It uses a hierarchy of servers that act as vendors and have contractual obligations. Vendor certificates specify that certain named values are stored on users'"'"' trusted platforms, but owned and controlled by servers (with the cooperation of the users).

Citations

11 Claims

1. A method for maintaining remote data, the method comprising the following steps, in any suitable order:
- running an authenticated program on a trusted platform;
  
  binding a first register and a second register on said trusted platform to said authenticated program;
  
  storing a random secret in said first register, and insuring that only said authenticated program can read said random secret while said binding is in effect;
  
  storing a unique integer value in a second register on said platform, and insuring that only said authenticated program can write to said second register while said binding is in effect;
  
  deriving cipher keys from said first register and said second register;
  
  maintaining exclusive access to a persistent data structure;
  
  protecting said persistent data structure with said cipher keys;
  
  parsing said persistent data structure into a list of controlled values, and modifying said controlled values based on commands from remote owners;
  
  accepting a command from an authenticated server;
  
  changing one of said controlled values, pursuant to said command;
  
  changing said unique value in said second register to a distinct value;
  
  loading said persistent data structure, and extracting a previously-saved second register value;
  
  comparing said previously-saved second register value against the current value of said second register; and
  
  refusing to decrypt if the values do not match.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - loading an encrypted copy of said persistent data structure;
      
      recovering a previous value of said second register;
      
      obtaining permission to write said previous value into said second register;
      
      locking said controlled values; and
      
      requesting permission to unlock said controlled values.
  - 3. The method of claim 1, further comprising:
    - accessing an authenticated time value; and
      
      storing said time value as one of said controlled values.
  - 4. The method of claim 1, further comprising:
    - accessing a database of certificates;
      
      validating said certificates against a root certificate; and
      
      associating each of said controlled values to one or more of said certificates.
  - 5. The method of claim 1, further comprising:
    - making a license privilege contingent on one of said controlled values.
  - 6. The method of claim 1, further comprising:
    - using a form to securely obtain user input and acknowledgement.
  - 7. The method of claim 1, further comprising:
    - upgrading said authenticated program to a modified program;
      
      authenticating said modified program;
      
      transferring contents of said first register and said second register; and
      
      moving said controlled values to be under control of said modified program.
  - 8. The method of claim 4, further comprising:
    - sharing said controlled values, based on scopes defined in said certificates.
  - 9. The method of claim 1, further comprising:
    - using a plurality of certificates to alleviate privacy concerns, where each said certificate corresponds to a key on said trusted platform.
  - 10. A computer-readable medium storing a computer program implementing the method of claim 1.

11. A system for maintaining remotely-controlled data, comprising:
- a processor;
  
  a trusted platform running an authenticated program;
  
  a first register in said trusted platform, holding a random secret that only said authenticated program can read;
  
  a second register in said trusted platform, holding a unique value that only said authenticated program can write and that is readable by other programs;
  
  a cipher key derived from said first register and said second register;
  
  a persistent data structure protected with said cipher key;
  
  a list of controlled values, parsed from said persistent data structure, and modified based on commands from remote owners;
  
  means to accept a command from an authenticated server;
  
  means to change one of said controlled values, pursuant to said command;
  
  means to a change said unique value in said second register to a distinct value;
  
  means to load said persistent data structure, and extracting a previously-saved second register value;
  
  means to compare said previously-saved second register value against the current value of said second register; and
  
  means to refuse to decrypt if the values do not match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Roger Schlafly
Original Assignee
Roger Schlafly
Inventors
Schlafly, Roger
Primary Examiner(s)
Brown; Christopher J

Application Number

US10/405,153
Time in Patent Office

2,197 Days
Field of Search

380/282, 713/155, 705/64
US Class Current

726/26
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

License tracking system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

License tracking system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links