Enabling bits sealed to an enforceably-isolated environment

US 7,529,946 B2
Filed: 06/16/2005
Issued: 05/05/2009
Est. Priority Date: 06/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing rules on the use of first data, the method comprising:

establishing a first trust in a first component that said first component will unseal data only for an entity to which the data is sealed;

establishing a second trust in a second component that said second component will provide mutually isolated environments operating within a machine, such that data within each of the environments on the machine is isolated from acts arising in other environments on the machine, and such that data within each of the environments is not visible to other environments on the machine;

establishing a third trust in one of the environments operating within the machine, the first data being sealed to said one of the environments, said one of the environments being configured to enforce a rule as to the first data, or to execute software that enforces said rule as to the use of the first data, said third trust representing an expectation that said one of the environments will not use the first data in a manner contrary to said rule;

providing the first data in a secure form, and said rule, to said one of the environments, the first data being stored within said one of the environments, and the first data comprises a key;

using said second component to isolate said first data within said one of the environments from acts of the other environments;

using said second component to prevent said first data from being visible to environments other than the environment containing said first data;

using said first component to unseal the first data for only said one of the environments; and

using, by said one of the environments, the first data only in a manner permitted by said rule.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.

Citations

20 Claims

1. A method of enforcing rules on the use of first data, the method comprising:
- establishing a first trust in a first component that said first component will unseal data only for an entity to which the data is sealed;
  
  establishing a second trust in a second component that said second component will provide mutually isolated environments operating within a machine, such that data within each of the environments on the machine is isolated from acts arising in other environments on the machine, and such that data within each of the environments is not visible to other environments on the machine;
  
  establishing a third trust in one of the environments operating within the machine, the first data being sealed to said one of the environments, said one of the environments being configured to enforce a rule as to the first data, or to execute software that enforces said rule as to the use of the first data, said third trust representing an expectation that said one of the environments will not use the first data in a manner contrary to said rule;
  
  providing the first data in a secure form, and said rule, to said one of the environments, the first data being stored within said one of the environments, and the first data comprises a key;
  
  using said second component to isolate said first data within said one of the environments from acts of the other environments;
  
  using said second component to prevent said first data from being visible to environments other than the environment containing said first data;
  
  using said first component to unseal the first data for only said one of the environments; and
  
  using, by said one of the environments, the first data only in a manner permitted by said rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said first data comprises a key that decrypts a content item, wherein said rule specifies a manner in which said content item is permitted to be used, and wherein using the first data only in a manner permitted by said rule comprises decrypting said content item with said key and enforcing a limit on usage of the content item.
  - 3. The method of claim 1, wherein said first data enables the use of information, wherein a party has an economic, proprietary, or secrecy interest in said information, and wherein said first trust, said second trust, and said third trust are established to the satisfaction of, or to a standard established by, said party.
  - 4. The method of claim 3, wherein said party need not trust said environment'"'"'s ability to resist having said environment'"'"'s behavior influenced by events that arise outside of said environment.
  - 5. The method of claim 1, wherein there are a plurality of entities that trust said environment, and wherein trust of said environment by said plurality of entities is established prior to delivery of said first data to said machine.
  - 6. The method of claim 1, wherein said first data comprises source code that is subject to a first set of license terms, and wherein said rule comprises a requirement that any software derived from said source code is to be provided with a second set of license terms, said second set of license terms being either the same as, or different from, said first set of license terms.
  - 7. The method of claim 1, further comprising:
    - establishing fourth trust in said machine;
      
      wherein said first data is sealed to said environment in such a manner that said first data is only unsealable when said environment is executing on said machine, and not when said environment is executing on any device other than said machine.

8. A computer-readable medium encoded with sets of computer-executable instructions, the sets of instructions comprising:
- a first set of instructions that performs acts comprising;
  
  instantiating plural environments on a computing device; and
  
  maintaining a level of isolation between said plural environments, wherein the level of isolation prevents data within each of the environments from being visible to the other environments, and isolates acts on each of the environments from the other environments, wherein the data comprises a key; and
  
  a second set of instructions distinct from said first set of instructions that, when instantiated, constitutes one of said plurality of environments, and that performs acts comprising;
  
  issuing a request to unseal first data that has been sealed to said second set of instructions;
  
  receiving a set of rules associated with said first data; and
  
  enforcing said set of rules such that said first data is not used in a manner contrary to said set of rules;
  
  wherein said first data comprises a hash of said second set of instructions and wherein said request to unseal said first data is received by a module that will not unseal said first data unless said request to unseal has been received from said first set of instructions, or from software that operates within the environment constituted by said first set of instructions.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-readable medium of claim 8, wherein said first data comprises a key that decrypts a content item, wherein said set of rules specifies a manner in which said content item is permitted to be used, and wherein said enforcing act comprises decrypting said content item with said key and enforcing a limit on usage of the content item.
  - 10. The computer-readable medium of claim 8, where said first data is used to decrypt information in which a party has an economic, proprietary, or secrecy interest, and wherein said party has trust comprising:
    - a first trust that said first set of instructions will maintain said level of isolation between said plurality of environments, said level meeting a standard established or imposed by said party;
      
      a second trust that said second set of instructions will not use said first data in a manner contrary to said set of rules; and
      
      a third trust that said module will not unseal said first data unless the request to unseal said first data has been received from said environment or from software operating under said environment.
  - 11. The computer-readable medium of claim 10, wherein said party need not trust said second set of instructions'"'"' ability to resist being influenced by behavior arising outside of said environment, which behavior, in the absence of said level of isolation maintained by said first set of instructions, would cause said second set of instructions to use said first data, or said information decrypted by said first data, in a manner contrary to said set of rules.
  - 12. The computer readable medium of claim 8, wherein there are a plurality of entities that trust said second set of instructions, and wherein trust of said second set of instructions by said plurality of entities is established prior to delivery of said first data to said computing device.
  - 13. The computer-readable medium of claim 8, further comprising:
    - establishing trust in said computing device;
      
      wherein said first data is sealed to said environment in such a manner that said first data is only unsealable when said second set of instructions is executing on said computing device, and not when said environment is executing on any machine other than said computing device.

14. In system that comprises:
- an isolation mechanism that enables a plurality of environments to be instantiated on a computing device and that maintains a level of isolation among said plurality of environments, wherein the isolation mechanism prevents data within each of the environments from being visible to the other environments, and wherein the isolation mechanism isolates acts on each of the environments from the other environments, wherein the data comprises a key; and
  
  an unsealing mechanism that receives a request to unseal data and that unseals the data only if the request has been received from an entity to which the data is sealed;
  
  the improvement comprising;
  
  an environment that can be on the computing device and that can be isolated from other environments on said computing device by said isolation mechanism, said environment issuing a request to said unsealing mechanism to unseal first data, said environment enforcing a set of rules governing the use of said first data, said environment,wherein an owner of said first data, or a party having an interest in said first data, has established first trust in said isolation mechanism and second trust in said unsealing mechanism, and relies on said environment preventing said first data from being used contrary to said set of rules based on said first trust and on said second trust, without establishing trust that said environment will resist attempts from outside of said environment to misuse said first data.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein said first data comprises a key that decrypts a content item, wherein said set of rules specifies a manner in which said content item is permitted to be used, and wherein enforcing said set of rules comprises decrypting said content item with said key and enforcing a limit on usage of the content item.
  - 16. The system of claim 14, wherein said first data enables the use of information, wherein said owner or said party has an economic, proprietary, or secrecy interest in said information, and wherein said first trust and said second trust are established to a standard established or imposed by said owner or said party.
  - 17. The system of claim 16, wherein said owner or said party need not trust said environment'"'"'s ability to resist having said environment'"'"'s behavior influenced by events that arise outside of said environment which, in the absence of said isolation mechanism, would cause said environment to use said first data, or said information that is enabled by the use of said first data, in a manner contrary to said set of rules.
  - 18. The system of claim 14, wherein said owner or said party has established a third trust that said environment will not, in the absence of influence from outside of said environment, use said first data in a manner that is contrary to said set of rules.
  - 19. The system of claim 14, wherein there are a plurality of entities that trust said environment, and wherein trust of said environment by said plurality of entities is established prior to delivery of said first data to said computing device.
  - 20. The system of claim 14, further comprising:
    - establishing third trust in said computing device;
      
      wherein said first data is sealed to said environment in such a manner that said first data is only unsealable when said environment is executing on said computing device, and not when said environment is executing on any machine other than said computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Biddle, Peter Nicholas, England, Paul, Ray, Kenneth D.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Sanders; Stephen

Application Number

US11/155,071
Publication Number

US 20060288238A1
Time in Patent Office

1,419 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/53   by executing in a restricte...

G06F 2221/2149   Restricted operating enviro...

Enabling bits sealed to an enforceably-isolated environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling bits sealed to an enforceably-isolated environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links