Systems and methods for secure transaction management and electronic rights protection

US 8,639,625 B1
Filed: 07/30/2007
Issued: 01/28/2014
Est. Priority Date: 02/13/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising:

a host processing system comprising a central processing unit;

mass storage operatively connected to said central processing unita clock, wherein the value of the clock comprises high-order bits and low-order bits and the high-order bits change on time intervals of at least one hour;

a storage location containing an encrypted form of an expected execution time duration for a predetermined sequence of instructions; and

main memory operatively, connected to said central processing unit, wherein the main memory comprises instructions that, when executed by the central processing unit perform the following steps;

reading a first value of the clock prior to executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the storage location;

executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the storage location;

reading a second value of the clock subsequent to executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the storage location;

calculating the actual execution time duration of the predetermined sequence of instructions by determining a difference between the first value of the clock and the second value of the clock;

separating the high-order bits of the second value of the clock from the low-order bits of the second value of the clock to form a first portion of the second value of the clock;

decrypting the encrypted form of the expected execution time duration of the predetermined sequence of instructions stored in the storage location with a decryption key comprising at least in part the first portion of the second value of the clock;

generating an unencrypted form of the expected execution time duration of the predetermined sequence of instructions and generating both the unencrypted form of the expected execution time duration and the actual execution time duration each at least in part from the second value of the clock; and

indicating whether the unencrypted form of the expected execution time duration of the predetermined sequence of instructions matches the actual execution time duration of the predetermined sequence of instructions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Secure distributed and other operating system environments and architectures, employing, for example, secure semiconductor processing arrangements that may establish secure, protected environments at each node. These techniques may be used to support an end-to-end electronic information distribution capability that may be used, for example, utilizing the “electronic highway.”

Citations

18 Claims

1. A system comprising:
- a host processing system comprising a central processing unit;
  
  mass storage operatively connected to said central processing unita clock, wherein the value of the clock comprises high-order bits and low-order bits and the high-order bits change on time intervals of at least one hour;
  
  a storage location containing an encrypted form of an expected execution time duration for a predetermined sequence of instructions; and
  
  main memory operatively, connected to said central processing unit, wherein the main memory comprises instructions that, when executed by the central processing unit perform the following steps;
  
  reading a first value of the clock prior to executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the storage location;
  
  executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the storage location;
  
  reading a second value of the clock subsequent to executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the storage location;
  
  calculating the actual execution time duration of the predetermined sequence of instructions by determining a difference between the first value of the clock and the second value of the clock;
  
  separating the high-order bits of the second value of the clock from the low-order bits of the second value of the clock to form a first portion of the second value of the clock;
  
  decrypting the encrypted form of the expected execution time duration of the predetermined sequence of instructions stored in the storage location with a decryption key comprising at least in part the first portion of the second value of the clock;
  
  generating an unencrypted form of the expected execution time duration of the predetermined sequence of instructions and generating both the unencrypted form of the expected execution time duration and the actual execution time duration each at least in part from the second value of the clock; and
  
  indicating whether the unencrypted form of the expected execution time duration of the predetermined sequence of instructions matches the actual execution time duration of the predetermined sequence of instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A system as in claim 1, wherein the main memory further comprises instructions that, when executed by the central processing unit, perform the following steps:
    - encrypting the actual execution time duration with an encryption key formed at least in part from the first portion of the second value of the clock value thereby generating an encrypted form of the actual execution time duration; and
      
      storing the encrypted form of the actual execution time duration in the storage location.
  - 3. A system as in claim 2, said storage location further comprising:
    - a disk sector marked as damaged.
  - 4. A system as in claim 2, said storage location further comprising:
    - a disk sector designated as an alternative disk sector to be used to replace disk sectors marked as damaged.
  - 5. A system as in claim 2, wherein said storage location further comprises:
    - a disk sector normally reserved for non-general purpose use.
  - 6. A system as in claim 5, wherein said disk sector further comprises:
    - a disk sector reserved for firmware storage.
  - 7. A system as in claim 5, wherein said disk sector further comprises:
    - a disk sector reserved for storage of information generated during testing.
  - 8. A system as in claim 2, wherein said storage location further comprises:
    - a storage location on a writeable, non-volatile semiconductor memory device, said storage location normally allocated for configuration data.
  - 9. A system as in claim 2, wherein said storage location further comprises:
    - a storage location on a writeable, non-volatile semiconductor memory device, said storage location normally allocated for firmware.
  - 10. A system as in claim 2, wherein said storage location further comprises:
    - a storage location on a writeable, non-volatile semiconductor memory device, said storage location normally allocated for BIOS.
  - 11. A system as in claim 2, wherein said storage location further comprises:
    - one or more memory locations allocated by an operating system to a file, but not used by such file.
  - 12. A system as in claim 2, wherein said storage location further comprises an unused storage location allocated to a file allocation map.
  - 13. A system as in claim 2, wherein said storage location further comprises an unused storage location allocated to a directory.
  - 14. A system as in claim 1, further comprising:
    - one or more secure containers comprising secure contents and one or more rules or controls governing the use of said secure contents.

15. A processing apparatus includinga central processing unit;
- main memory;
  
  a clock, wherein the value of the clock comprises high-order bits and low-order bits and the high-order bits change on time intervals of at least one hour;
  
  mass storage storing an encrypted form of an expected execution time duration for a predetermined sequence of instructions and tamper-resistant software designed to be loaded into said main memory and executed by said central processing unit, said tamper-resistant software including instructions that when executed cause the central processing unit to perform the steps of;
  
  generating values required for correct operation of at least certain functions of said processing apparatus, said values being generated pursuant to an algorithm which operates so as to render said values at least somewhat resistant to discovery by an unauthorized observer;
  
  using values from said clock to compare the duration of execution of said value generation programming to an expected value or range and set an indication depending on the result of said comparison by executing the following steps;
  
  reading a first value of the clock prior to executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the mass storage;
  
  executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the mass storage;
  
  reading a second value of the clock subsequent to executing the predetermined sequence of instructions whose expected execution time duration is stored in encrypted form in the mass storage and calculating the actual execution time duration of the predetermined sequence of instructions by determining a difference between the first value of the clock and the second value of the clock;
  
  separating the high-order bits of the second value of the clock from the low-order bits of the second value of the clock to form a first portion of the second value of the, clockdecrypting the encrypted form of the expected execution time duration of the predetermined sequence of instructions stored in the mass storage with a decryption key comprising at least in part the first portion of the second value of the clock;
  
  generating an unencrypted form of the expected execution time duration of the predetermined sequence of instructions, and generating both the unencrypted form of the expected execution time duration and the actual execution time duration each at least in part from the second value of the clock; and
  
  indicating whether the unencrypted form of the expected execution time duration of the predetermined sequence of instructions matches the actual execution time duration ofthe predetermined sequence of instructions; and
  
  checking said indication and undertaking one or more security-related actions dependent on the state of said indication.
- View Dependent Claims (16, 17, 18)
- - 16. A processing apparatus as in claim 15, in which said one or more actions include at least temporarily halting further processing if said indicator is set.
  - 17. A processing apparatus as in claim 15, in which said one or more actions include at least temporarily disabling certain functions if said indicator is set.
  - 18. A processing apparatus as in claim 15, in which said one or more action include at least initiating communication with a second processing apparatus if said indicator is set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Ginter, Karl L., Shear, Victor H., Sibert, W. Olin, Spahn, Francis J., Van Wie, David M.
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Winter, John M

Application Number

US11/888,123
Time in Patent Office

2,374 Days
Field of Search

705/51
US Class Current

705/51
CPC Class Codes

G06F 21/1078   Logging; Metering

G06F 21/1082   Backup or restore

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/42   using separate channels for...

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/608   Secure printing

G06F 21/71   to assure secure computing ...

G06F 21/725   operating on a secure refer...

G06F 21/73   by creating or determining ...

G06F 21/74   operating in dual or compar...

G06F 21/78   to assure secure storage of...

G06F 21/86   Secure or tamper-resistant ...

G06F 21/87   by means of encapsulation, ...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2135   Metering

G06F 2221/2137 : Time limited access, e.g. t...

G06F 2221/2141 : Access rights, e.g. capabil...

G06F 2221/2143 : Clearing memory, e.g. to pr...

G06F 2221/2147 : Locking files

G06F 2221/2149 : Restricted operating enviro...

G06F 2221/2151 : Time stamp

G06Q 10/10 : Office automation; Time man...

G06Q 20/02 : involving a neutral party, ...

G06Q 20/06 : Private payment circuits, e...

G06Q 20/10 : specially adapted for elect...

G06Q 20/12 : specially adapted for elect...

G06Q 20/1235 : with control of digital rig...

G06Q 20/24 : Credit schemes, i.e. "pay a...

G06Q 20/382 : insuring higher security of...

G06Q 30/06 : Buying, selling or leasing ...

G07F 9/026 : for alarm, monitoring and a...

H04L 63/00 : Network architectures or ne...

H04L 63/101 : Access control lists [ACL]

H04N 21/2347 : involving video stream encr...

H04N 21/2541 : Rights Management protectin...

H04N 21/26613 : for generating or managing ...

H04N 21/4405 : involving video stream decr...

H04N 21/4623 : Processing of entitlement m...

H04N 21/4627 : Rights management associate...

H04N 21/8355 : involving usage data, e.g. ...

View All

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure transaction management and electronic rights protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links