Enabling bits sealed to an enforceably-isolated environment
First Claim
1. A method of enforcing rules on the use of first data, the method comprising:
- establishing a first trust in a first component that said first component will unseal data only for an entity to which the data is sealed;
establishing a second trust in a second component that said second component will provide mutually isolated environments operating within a machine, such that data within each of the environments on the machine is isolated from acts arising in other environments on the machine, and such that data within each of the environments is not visible to other environments on the machine;
establishing a third trust in one of the environments operating within the machine, the first data being sealed to said one of the environments, said one of the environments being configured to enforce a rule as to the first data, or to execute software that enforces said rule as to the use of the first data, said third trust representing an expectation that said one of the environments will not use the first data in a manner contrary to said rule;
providing the first data in a secure form, and said rule, to said one of the environments, the first data being stored within said one of the environments, and the first data comprises a key;
using said second component to isolate said first data within said one of the environments from acts of the other environments;
using said second component to prevent said first data from being visible to environments other than the environment containing said first data;
using said first component to unseal the first data for only said one of the environments; and
using, by said one of the environments, the first data only in a manner permitted by said rule.
2 Assignments
0 Petitions
Accused Products
Abstract
Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.
-
Citations
20 Claims
-
1. A method of enforcing rules on the use of first data, the method comprising:
-
establishing a first trust in a first component that said first component will unseal data only for an entity to which the data is sealed; establishing a second trust in a second component that said second component will provide mutually isolated environments operating within a machine, such that data within each of the environments on the machine is isolated from acts arising in other environments on the machine, and such that data within each of the environments is not visible to other environments on the machine; establishing a third trust in one of the environments operating within the machine, the first data being sealed to said one of the environments, said one of the environments being configured to enforce a rule as to the first data, or to execute software that enforces said rule as to the use of the first data, said third trust representing an expectation that said one of the environments will not use the first data in a manner contrary to said rule; providing the first data in a secure form, and said rule, to said one of the environments, the first data being stored within said one of the environments, and the first data comprises a key; using said second component to isolate said first data within said one of the environments from acts of the other environments; using said second component to prevent said first data from being visible to environments other than the environment containing said first data; using said first component to unseal the first data for only said one of the environments; and using, by said one of the environments, the first data only in a manner permitted by said rule. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium encoded with sets of computer-executable instructions, the sets of instructions comprising:
-
a first set of instructions that performs acts comprising; instantiating plural environments on a computing device; and maintaining a level of isolation between said plural environments, wherein the level of isolation prevents data within each of the environments from being visible to the other environments, and isolates acts on each of the environments from the other environments, wherein the data comprises a key; and a second set of instructions distinct from said first set of instructions that, when instantiated, constitutes one of said plurality of environments, and that performs acts comprising; issuing a request to unseal first data that has been sealed to said second set of instructions; receiving a set of rules associated with said first data; and enforcing said set of rules such that said first data is not used in a manner contrary to said set of rules; wherein said first data comprises a hash of said second set of instructions and wherein said request to unseal said first data is received by a module that will not unseal said first data unless said request to unseal has been received from said first set of instructions, or from software that operates within the environment constituted by said first set of instructions. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. In system that comprises:
-
an isolation mechanism that enables a plurality of environments to be instantiated on a computing device and that maintains a level of isolation among said plurality of environments, wherein the isolation mechanism prevents data within each of the environments from being visible to the other environments, and wherein the isolation mechanism isolates acts on each of the environments from the other environments, wherein the data comprises a key; and an unsealing mechanism that receives a request to unseal data and that unseals the data only if the request has been received from an entity to which the data is sealed; the improvement comprising; an environment that can be on the computing device and that can be isolated from other environments on said computing device by said isolation mechanism, said environment issuing a request to said unsealing mechanism to unseal first data, said environment enforcing a set of rules governing the use of said first data, said environment, wherein an owner of said first data, or a party having an interest in said first data, has established first trust in said isolation mechanism and second trust in said unsealing mechanism, and relies on said environment preventing said first data from being used contrary to said set of rules based on said first trust and on said second trust, without establishing trust that said environment will resist attempts from outside of said environment to misuse said first data. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification