×

Enabling bits sealed to an enforceably-isolated environment

  • US 7,529,946 B2
  • Filed: 06/16/2005
  • Issued: 05/05/2009
  • Est. Priority Date: 06/16/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method of enforcing rules on the use of first data, the method comprising:

  • establishing a first trust in a first component that said first component will unseal data only for an entity to which the data is sealed;

    establishing a second trust in a second component that said second component will provide mutually isolated environments operating within a machine, such that data within each of the environments on the machine is isolated from acts arising in other environments on the machine, and such that data within each of the environments is not visible to other environments on the machine;

    establishing a third trust in one of the environments operating within the machine, the first data being sealed to said one of the environments, said one of the environments being configured to enforce a rule as to the first data, or to execute software that enforces said rule as to the use of the first data, said third trust representing an expectation that said one of the environments will not use the first data in a manner contrary to said rule;

    providing the first data in a secure form, and said rule, to said one of the environments, the first data being stored within said one of the environments, and the first data comprises a key;

    using said second component to isolate said first data within said one of the environments from acts of the other environments;

    using said second component to prevent said first data from being visible to environments other than the environment containing said first data;

    using said first component to unseal the first data for only said one of the environments; and

    using, by said one of the environments, the first data only in a manner permitted by said rule.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×