Isolated computing environment anchored into CPU and motherboard
First Claim
Patent Images
1. A computer that is adapted for pay-for-use operation, the computer comprising:
- a first unsecure memory;
a display;
a processor operatively coupled to the first unsecure memory and the display;
an isolated computing environment that is adapted to communicate with the processor and allow the computer to be used in pay-for-use operations, the isolated computing environment including;
a second memory that is different than the first unsecure memory, is operably coupled to the processor, and is inaccessible by unauthorized execution environments on the first unsecure memory, the unauthorized execution environments including at least an operating system of the computer,a verification program stored in the second memory that is coded to monitor the computer, including the operating system, for any of a set of non-compliant conditions, the set of non-compliant conditions relating to pay-for-use operation of the computer, the set of non-compliant conditions comprising presence of a prohibited alternative boot device,a logic circuit that causes execution of the verification program,a clock that;
provides the verification program with ensured processor cycles on the processor to monitor the computer; and
triggers the logic circuit to force execution of the verification program via an interrupt that causes the processor to execute the verification program using the ensured processor cycles, andan enforcement program stored in the second memory that is coded to, when the verification program determines the presence of an individual non-compliant condition from the set of non-compliant conditions on the computer, initiate a sanction against a user of the computer by maintaining operation of the computer at a reduced function level until the user corrects the individual non-compliant condition of the computer;
wherein the isolated computing environment is further designed to support changes of state of the computer related to functions associated with provisioning resources for the pay-for-use operation;
wherein the isolated computing environment is further designed so that the clock provides timing intervals for metering programs and expiration dates related to the pay-for-use operation of the computer; and
wherein the isolated computing environment, including the second memory, is disposed on a motherboard that forms a part of the computer and is protected from tampering by unauthorized users of the computer by means of a tamper resistant mechanism.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer is adapted for pay-for-use operation by adding a isolated computing environment to a standard computer. The isolated computing environment may include a trusted non-volatile memory, a digital signature verification capability, a clock or timer and a logic circuit for triggering execution of a validation program responsive to the clock or timer. The isolated computing environment may be protected from tampering by physical or cryptographic mechanisms, or both. The validation program measures or monitors for non-compliant states of the computer and may enforce sanctions when non-compliant states of the computer are detected.
322 Citations
8 Claims
-
1. A computer that is adapted for pay-for-use operation, the computer comprising:
-
a first unsecure memory; a display; a processor operatively coupled to the first unsecure memory and the display; an isolated computing environment that is adapted to communicate with the processor and allow the computer to be used in pay-for-use operations, the isolated computing environment including; a second memory that is different than the first unsecure memory, is operably coupled to the processor, and is inaccessible by unauthorized execution environments on the first unsecure memory, the unauthorized execution environments including at least an operating system of the computer, a verification program stored in the second memory that is coded to monitor the computer, including the operating system, for any of a set of non-compliant conditions, the set of non-compliant conditions relating to pay-for-use operation of the computer, the set of non-compliant conditions comprising presence of a prohibited alternative boot device, a logic circuit that causes execution of the verification program, a clock that; provides the verification program with ensured processor cycles on the processor to monitor the computer; and triggers the logic circuit to force execution of the verification program via an interrupt that causes the processor to execute the verification program using the ensured processor cycles, and an enforcement program stored in the second memory that is coded to, when the verification program determines the presence of an individual non-compliant condition from the set of non-compliant conditions on the computer, initiate a sanction against a user of the computer by maintaining operation of the computer at a reduced function level until the user corrects the individual non-compliant condition of the computer; wherein the isolated computing environment is further designed to support changes of state of the computer related to functions associated with provisioning resources for the pay-for-use operation; wherein the isolated computing environment is further designed so that the clock provides timing intervals for metering programs and expiration dates related to the pay-for-use operation of the computer; and wherein the isolated computing environment, including the second memory, is disposed on a motherboard that forms a part of the computer and is protected from tampering by unauthorized users of the computer by means of a tamper resistant mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsFrank, Alexander, Hall, Martin H., Phillips, Thomas G.
-
Primary Examiner(s)Davis, Zachary A
-
Application NumberUS11/022,493Publication NumberTime in Patent Office3,093 DaysField of Search713/189, 713/194, 713/176, 713/164, 726/26, 726/34, 710/200, 711/163US Class Current726/26CPC Class CodesG06F 21/10 Protecting distributed prog...G06F 21/123 by using dedicated hardware...G06F 21/50 Monitoring users, programs ...G06F 21/725 operating on a secure refer...G06F 2221/2135 MeteringG06F 2221/2137 Time limited access, e.g. t...G06F 2221/2153 Using hardware token as a s...G06Q 20/145 Payments according to the d...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/3552 Downloading or loading of p...G07F 7/082 Features insuring the integ...G07F 7/1008 Active credit-cards provide...G07F 7/1016 Devices or methods for secu...H04L 2209/12 Details relating to cryptog...H04L 2209/56 Financial cryptography, e.g...H04L 63/0823 using certificates cryptogr...H04L 67/125 involving control of end-de...H04L 67/34 involving the movement of s...H04L 9/3247 involving digital signatures
