Trusted computing platform for restricting use of data

US 7,526,785 B1
Filed: 09/25/2000
Issued: 04/28/2009
Est. Priority Date: 09/25/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A server adapted to provide data to a client platform for restricted use by the client platform, comprising:

a memory containing image sending code for providing an image of data executed on the server;

secure communications means for secure communication of images to a client platform; and

means to authenticate a trusted component of a client platform, the trusted component having a display controller such that display of the data from the server is controlled from within the client trusted component;

whereby the server is adapted to authenticate the trusted component of a client platform to determine that said client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client/server system has a client platform adapted to provide restricted use of data provided by a serve. The client platform comprises a display, secure communications means, and a memory containing image receiving code for receiving data from a server by the secure communication means and for display of such data. The client platform is adapted such that the data received from a server is used for display of the data and not for an unauthorised purpose. A server adapted to provide data to a client platform for restricted use by the client platform comprises a memory containing image sending code for providing an image of data executed on the server, and secure communications means for secure communication of images of data to a client platform. The server is adapted to determine that a client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.

143 Citations

View as Search Results

20 Claims

1. A server adapted to provide data to a client platform for restricted use by the client platform, comprising:
- a memory containing image sending code for providing an image of data executed on the server;
  
  secure communications means for secure communication of images to a client platform; and
  
  means to authenticate a trusted component of a client platform, the trusted component having a display controller such that display of the data from the server is controlled from within the client trusted component;
  
  whereby the server is adapted to authenticate the trusted component of a client platform to determine that said client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.
- View Dependent Claims (2)
- - 2. A server as claimed in claim 1, containing a server trusted component physically and logically protected from modification, wherein said server trusted component contains the means to authenticate a trusted component.

3. A system for providing image data securely to a user for restricted use, comprising:
- a client platform comprising a display, a processor adapted to allow secure communication with remote parties, a client trusted component physically and logically protected from unauthorised modification to provide verification of the integrity of the platform to a user upon user request, the client trusted component having an associated memory containing image receiving code for receiving data securely from a server and for display of such data and further having a display controller such that the display is controlled from within the client trusted component; and
  
  a server comprising a memory containing image sending code for providing an image of data executed on the server, a processor adapted to allow secure communication of images to the client platform and to authenticate a trusted component of the client platform;
  
  wherein the server is adapted to authenticate the trusted component of a client platform to determine that said client platform is adapted to ensure restricted use of the data before it is sent by the image sending code, the client platform is adapted such that the data received from the server is used for display of the data and not for an unauthorised purpose, and the system is adapted for a user on the client platform to request image data from the server to view at the client platform.
- View Dependent Claims (4, 5)
- - 4. A system as claimed in claim 3, adapted for a user to request execution of code on the client platform to provide image data to be viewed at the client platform.
  - 5. A system as claimed in claim 3, wherein the client platform comprises a smart card reader for receiving a smart card comprising a user'"'"'s secure token, further comprising a user smart card wherein the server is adapted to determine that the user smart card is such as to allow the image data to be sent to the client platform.

6. A method of providing image data to a client platform for restricted use, comprising:
- a client platform requesting image data from a server;
  
  the server determining that the client platform both has permission to receive image data, and has a client trusted component physically and logically protected from unauthorised modification adapted to use the image data only for the restricted use and to control display of the image data from within the client trusted component; and
  
  provision of the image data over a secure communication channel.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. A method as claimed in claim 6, further comprising updating of a usage log after image data or modified image data is provided to the client platform.
  - 8. A method as claimed in claim 6, wherein the step of determining permission comprises determining whether a smart card containing a user permission is in session with the client platform.
  - 9. A method as claimed in claim 6, wherein a part of the image data is determined by the server independent of any request from the client platform.
  - 10. A method as claimed in claim 9, wherein said part of the imaging data comprises advertising content.
  - 11. A method as claimed in claim 6, further comprising provision of request data from the client platform to the server, and provision of modified image data based on the request data.
  - 12. A method as claimed in claim 11, wherein the provision of request data and the provision of modified image data are repeated as often as required.

13. A client platform adapted to provide restricted use of data provided by a server, the client platform comprising:
- a display;
  
  a secure communication means;
  
  a client trusted component physically and logically protected from unauthorised modification to provide verification of the integrity of the platform to a user upon user request, the client trusted component having an associated memory containing image receiving code for receiving data from a server by the secure communications means and for display of such data, and further having a display controller such that the display is controlled from within the client trusted component;
  
  wherein the client platform is adapted such that the data received from the server is used for display of the data and not for an unauthorised purpose.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. A client platform as claimed in claim 13, wherein the client trusted component contains an integrity monitor adapted to provide a measure of the integrity of code operating on the client platform, and the integrity monitor is adapted to monitor the integrity of the image receiving code.
  - 15. A client platform as claimed in claim 13, wherein the client platform further comprises a secure user interface for providing user input directly to the client trusted component, and wherein the image receiving code is adapted to provide user input received from the secure user interface to a server.
  - 16. A client platform as claimed in claim 13, wherein the client trusted component is adapted to authenticate other trusted components or secure tokens.
  - 17. A client platform as claimed in claim 13, wherein the client trusted component is adapted to determine a trusted status of other platforms.
  - 18. A client platform as claimed in claim 13, also comprising a smart card reader for receiving a Smart card comprising a user'"'"'s secure token.
  - 19. A client platform as claimed in claim 13, wherein a part of the display is reserved for display of data determined by the server independent of any request by the client platform.
  - 20. A system as claimed in claim 13, adapted for a user to request execution of code, and for code then to be executed partly on the client platform and partly on the server to provide image data to be viewed at the client platform, wherein the image data is viewed at the client platform in association with the results of code executed on the client platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Chen, Liqun, Pearson, Siani Lynne
Primary Examiner(s)
Lipman; Jacob

Application Number

US10/088,258
Time in Patent Office

3,137 Days
Field of Search

725/31
US Class Current

725/31
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/84   output devices, e.g. displa...

G06F 21/85   interconnection devices, e....

G06F 2211/009   Trust

G06F 2221/2103   Challenge-response

G06F 2221/2153   Using hardware token as a s...

Trusted computing platform for restricting use of data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted computing platform for restricting use of data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links