Systems and methods for secure transaction management and electronic rights protection

US 8,533,851 B2
Filed: 04/12/2006
Issued: 09/10/2013
Est. Priority Date: 08/30/1996
Status: Expired due to Fees

First Claim

Patent Images

1. An electronic appliance comprising:

a central processing unit;

a secure processing unit; and

a computer readable medium storing;

protected electronic materials comprising protected digital content and an embedded signature; and

computer readable instructions that, when executed by the secure processing unit, are operable to;

validate the embedded signature against a current signature of the electronic appliance, the current signature being derived at least in part from information unique to the electronic appliance, the information being hidden by being placed in a secret location, wherein validating the embedded signature comprises matching the embedded signature with the current signature, and wherein the secret location comprises one of;

disk storage marked as damaged, disk storage that is otherwise reserved as an alternate for sectors marked as damaged, or unused storage in a file maintained by an operating system; and

deny use of the protected digital content when the embedded signature fails to validate against the current signature of the electronic appliance, wherein the computer readable instructions comprise a plurality of instruction blocks whose execution flow is customized to a layout order of the instruction blocks particular to the electronic appliance.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Secure distributed and other operating system environments and architectures, employing, for example, secure semiconductor processing arrangements that may establish secure, protected environments at each node. These techniques may be used to support an end-to-end electronic information distribution capability that may be used, for example, utilizing the “electronic highway.”

Citations

34 Claims

1. An electronic appliance comprising:
- a central processing unit;
  
  a secure processing unit; and
  
  a computer readable medium storing;
  
  protected electronic materials comprising protected digital content and an embedded signature; and
  
  computer readable instructions that, when executed by the secure processing unit, are operable to;
  
  validate the embedded signature against a current signature of the electronic appliance, the current signature being derived at least in part from information unique to the electronic appliance, the information being hidden by being placed in a secret location, wherein validating the embedded signature comprises matching the embedded signature with the current signature, and wherein the secret location comprises one of;
  
  disk storage marked as damaged, disk storage that is otherwise reserved as an alternate for sectors marked as damaged, or unused storage in a file maintained by an operating system; and
  
  deny use of the protected digital content when the embedded signature fails to validate against the current signature of the electronic appliance, wherein the computer readable instructions comprise a plurality of instruction blocks whose execution flow is customized to a layout order of the instruction blocks particular to the electronic appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The electronic appliance of claim 1, in which the protected electronic materials further comprise software.
  - 3. The electronic appliance of claim 1, in which the protected electronic materials further comprise rights management software for applying electronic permission information to govern use of the protected digital content.
  - 4. The electronic appliance of claim 3, in which the current signature is derived, at least in part, from one or more of:
    - firmware, a hash of ROM BIOS, a hash of a disk defect map, a network adapter address of the electronic appliance, information stored in non-volatile memory of the electronic appliance, and information stored in a root directory of a disk drive of the electronic appliance.
  - 5. The electronic appliance of claim 1, further comprising firmware, and in which the current signature is derived, at least in part, from the firmware.
  - 6. The electronic appliance of claim 1, further comprising a Read-Only Memory Basic Input/Output System (ROM BIOS), and in which the current signature is derived, at least in part, from the ROM BIOS.
  - 7. The electronic appliance of claim 1, further comprising firmware, and in which the current signature is derived, at least in part, from a hash of the firmware.
  - 8. The electronic appliance of claim 1, in which the current signature is derived, at least in part, from a hash of a disk defect map.
  - 9. The electronic appliance of claim 1, in which the current signature is derived, at least in part, from a network adapter address of the electronic appliance.
  - 10. The electronic appliance of claim 1, in which the current signature is derived, at least in part, from information stored in memory of the electronic appliance.
  - 11. The electronic appliance of claim 1, in which the current signature is derived, at least in part, from information stored in a root directory of a disk drive of the electronic appliance.
  - 12. The electronic appliance of claim 1, in which the protected electronic materials are encrypted, at least in part.
  - 13. The electronic appliance of claim 1, in which the secure processing unit comprises a tamper-resistant housing, internal memory, and a processor.

14. A method performed by an electronic appliance comprising a central processing unit and a secure processing unit, the method comprising:
- transferring program control, by the central processing unit, to the secure processing unit;
  
  executing, by the secure processing unit, instructions from a plurality of instruction blocks whose execution flow is customized to a layout order of the instruction blocks particular to the electronic appliance;
  
  retrieving, by the secure processing unit, an embedded electronic appliance signature from a protected electronic item, wherein the signature is retrieved from one of;
  
  disk storage marked as damaged, disk storage that is otherwise reserved as an alternate for sectors marked as damaged, or unused storage in a file maintained by an operating system;
  
  comparing, by the secure processing unit, the embedded electronic appliance signature with a current signature of the electronic appliance, the current signature being derived at least in part from information unique to the electronic appliance; and
  
  denying, by the secure processing unit, use of protected digital content included in the protected electronic item upon determining that the embedded electronic appliance signature does not match the current signature.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method of claim 14, in which the protected electronic item further comprises a piece of software.
  - 16. The method of claim 14, in which the protected electronic item further comprises rights management software for applying electronic permission information to govern use of the protected digital content.
  - 17. The method of claim 16, in which the current signature is derived, at least in part, from one or more of:
    - firmware, a hash of ROM BIOS, a hash of a disk defect map, a network adapter address of the electronic appliance, information stored in non-volatile memory of the electronic appliance, and information stored in a root directory of a disk drive of the electronic appliance.
  - 18. The method of claim 14, in which the current signature is derived, at least in part, from firmware of the electronic appliance.
  - 19. The method of claim 14, in which the current signature is derived, at least in part, from a hash of ROM BIOS of the electronic appliance.
  - 20. The method of claim 14, in which the current signature is derived, at least in part, from a hash of an electronic appliance disk defect map.
  - 21. The method of claim 14, in which the current signature is derived, at least in part, from a network adapter address of the electronic appliance.
  - 22. The method of claim 14, in which the current signature is derived, at least in part, from information stored in memory of the electronic appliance.
  - 23. The method of claim 14, in which the current signature is derived, at least in part, from information stored in a root directory of a disk drive of the electronic appliance.
  - 24. The method of claim 14, in which the protected electronic item is encrypted, at least in part.

25. An electronic appliance comprising:
- a central processing unit;
  
  a secure processing unit comprising;
  
  a tamper-resistant housing;
  
  internal memory; and
  
  a processor;
  
  a computer readable medium storing;
  
  protected electronic materials;
  
  protected digital content;
  
  a previously determined signature; and
  
  computer readable instructions that, when executed by the secure processing unit, are operable to;
  
  validate the previously determined signature against a current signature of the electronic appliance, the current signature being derived at least in part from information unique to the electronic appliance, the information being hidden by being placed in a secret location, wherein validating the previously determined signature against the current signature comprises matching the previously determined signature with the current signature, and wherein the secret location comprises one of;
  
  disk storage marked as damaged, disk storage that is otherwise reserved as an alternate for sectors marked as damaged, or unused storage in a file maintained by an operating system; and
  
  deny use of the protected digital content when the previously determined signature fails to validate against the current signature of the electronic appliance, wherein the computer readable instructions comprise a plurality of instruction blocks whose execution flow is customized to a layout order of the instruction blocks particular to the electronic appliance.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The electronic appliance of claim 25, further comprising firmware, and in which the current signature is derived, at least in part, from the firmware.
  - 27. The electronic appliance of claim 25, further comprising ROM BIOS, and in which the current signature is derived, at least in part, from the ROM BIOS.
  - 28. The electronic appliance of claim 25, in which the current signature is derived, at least in part, from a network adapter address of the electronic appliance.
  - 29. The electronic appliance of claim 25, in which the current signature is derived, at least in part, from one or more of:
    - a hash of firmware, a hash of ROM BIOS, a hash of a disk defect map, a network adapter address of the electronic appliance, information stored in memory of the electronic appliance, and information stored in a root directory of a disk drive of the electronic appliance.

30. A method performed by an electronic appliance comprising a central processing unit and a secure processing unit, the method comprising:
- transferring program control, by the central processing unit, to the secure processing unit;
  
  executing, by the secure processing unit, instructions from a plurality of instruction blocks whose execution flow is customized to a layout order of the instruction blocks particular to the electronic appliance;
  
  retrieving, by the secure processing unit, a previously determined electronic appliance signature associated with a protected electronic item;
  
  comparing, by the secure processing unit, the previously determined electronic appliance signature with a current signature of the electronic appliance, the current signature being derived at least in part from information unique to the electronic appliance, wherein the information is stored in one of;
  
  disk storage marked as damaged, disk storage that is otherwise reserved as an alternate for sectors marked as damaged, or unused storage in a file maintained by an operating system; and
  
  denying, by the secure processing unit, use of protected digital content included in the protected electronic item upon determining that the previously determined signature does not match the current signature.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The method of claim 30, in which the protected electronic item further comprises rights management software for applying electronic permission information to govern use of the protected digital content.
  - 32. The method of claim 31, in which the current signature is derived, at least in part, from firmware of the electronic appliance.
  - 33. The method of claim 31, in which the current signature is derived, at least in part, from a network adapter address of the electronic appliance.
  - 34. The method of claim 30, in which the current signature is derived, at least in part, from one or more of:
    - firmware, a hash of ROM BIOS, a hash of a disk defect map, a network adapter address of the electronic appliance, information stored in non-volatile memory of the electronic appliance, and information stored in a root directory of a disk drive of the electronic appliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Shear, Victor H., Sibert, W. Olin, Spahn, Francis J., Van Wie, David M.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US11/403,536
Publication Number

US 20070226807A1
Time in Patent Office

2,708 Days
Field of Search

726/2, 726 16- 20, 726 26- 30, 713164-167, 713/189, 713/193
US Class Current

726/27
CPC Class Codes

G06F 21/1078   Logging; Metering

G06F 21/1082   Backup or restore

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/42   using separate channels for...

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/608   Secure printing

G06F 21/71   to assure secure computing ...

G06F 21/725   operating on a secure refer...

G06F 21/73   by creating or determining ...

G06F 21/74   operating in dual or compar...

G06F 21/78   to assure secure storage of...

G06F 21/86   Secure or tamper-resistant ...

G06F 21/87   by means of encapsulation, ...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2135   Metering

G06F 2221/2137 : Time limited access, e.g. t...

G06F 2221/2141 : Access rights, e.g. capabil...

G06F 2221/2143 : Clearing memory, e.g. to pr...

G06F 2221/2147 : Locking files

G06F 2221/2149 : Restricted operating enviro...

G06F 2221/2151 : Time stamp

G06Q 10/10 : Office automation; Time man...

G06Q 20/02 : involving a neutral party, ...

G06Q 20/06 : Private payment circuits, e...

G06Q 20/12 : specially adapted for elect...

G06Q 20/1235 : with control of digital rig...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/382 : insuring higher security of...

G06Q 30/06 : Buying, selling or leasing ...

G07F 9/026 : for alarm, monitoring and a...

H04L 2463/101 : applying security measures ...

H04L 2463/102 : applying security measure f...

H04L 63/00 : Network architectures or ne...

H04L 63/04 : for providing a confidentia...

H04L 63/104 : Grouping of entities

H04L 63/20 : for managing network securi...

H04N 21/2347 : involving video stream encr...

H04N 21/2541 : Rights Management protectin...

H04N 21/26613 : for generating or managing ...

H04N 21/4405 : involving video stream decr...

H04N 21/4623 : Processing of entitlement m...

H04N 21/4627 : Rights management associate...

H04N 21/8355 : involving usage data, e.g. ...

View All

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links