Systems and methods for secure transaction management and electronic rights protection
First Claim
1. A secure processing unit comprising a processor and security-relevant components, the security-relevant components including:
- an encryption/decryption engine;
a random number generator;
secure memory comprising a plurality of domains, wherein the processor is associated with a particular domain while executing a process;
secure processor mode-enabling hardware or software configured to cause the processor to enter a secure processor mode, the secure processor mode-enabling hardware or software including;
component-accessing hardware or software configured to provide the processor with access to at least a portion of the secure memory and the security-relevant components while the processor operates in the secure processor mode;
component-accessing hardware or software configured to prevent the processor from accessing memory other than the secure memory while the processor operates in the secure processor mode;
secure code execution hardware or software configured to cause the processor to fetch and execute instructions from the secure memory while the processor operates in the secure processor mode and the processor to fetch and execute instructions from other than the secure memory while the processor does not operate in the secure processor mode;
secure code execution hardware or software configured to prevent the processor, while executing the process, from directly accessing at least the portion of the secure memory outside the particular domain and to allow the processor to indirectly access the portion of the secure memory outside the particular domain by interfacing with an operating system function;
secure code execution hardware or software configured to prevent the processor from fetching and executing instructions from memory other than the secure memory while the processor operates in the secure processor mode and from the secure memory while the processor does not operate in the secure processor mode;
external access blocking hardware or software configured to block attempts to access at least the portion of the secure memory that originate from outside the secure processing unit; and
secure processor mode-disabling hardware or software configured to cause the processor to exit the secure processor mode, the secure processor mode-disabling hardware or software including hardware or software configured to block access to at least the portion of the secure memory and the security-relevant components and to provide access to at least the portion of memory other than the secure memory while the processor does not operate in the secure processor mode.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for electronic commerce including secure transaction management and electronic rights protection. Electronic appliances such as computers employed in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Secure subsystems used with such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Secure distributed and other operating system environments and architectures, employing, for example, secure semiconductor processing arrangements that may establish secure, protected environments at each node. These techniques may be used to support an end-to-end electronic information distribution capability that may be used, for example, utilizing the “electronic highway.”
338 Citations
42 Claims
-
1. A secure processing unit comprising a processor and security-relevant components, the security-relevant components including:
-
an encryption/decryption engine; a random number generator; secure memory comprising a plurality of domains, wherein the processor is associated with a particular domain while executing a process; secure processor mode-enabling hardware or software configured to cause the processor to enter a secure processor mode, the secure processor mode-enabling hardware or software including; component-accessing hardware or software configured to provide the processor with access to at least a portion of the secure memory and the security-relevant components while the processor operates in the secure processor mode; component-accessing hardware or software configured to prevent the processor from accessing memory other than the secure memory while the processor operates in the secure processor mode; secure code execution hardware or software configured to cause the processor to fetch and execute instructions from the secure memory while the processor operates in the secure processor mode and the processor to fetch and execute instructions from other than the secure memory while the processor does not operate in the secure processor mode; secure code execution hardware or software configured to prevent the processor, while executing the process, from directly accessing at least the portion of the secure memory outside the particular domain and to allow the processor to indirectly access the portion of the secure memory outside the particular domain by interfacing with an operating system function; secure code execution hardware or software configured to prevent the processor from fetching and executing instructions from memory other than the secure memory while the processor operates in the secure processor mode and from the secure memory while the processor does not operate in the secure processor mode; external access blocking hardware or software configured to block attempts to access at least the portion of the secure memory that originate from outside the secure processing unit; and secure processor mode-disabling hardware or software configured to cause the processor to exit the secure processor mode, the secure processor mode-disabling hardware or software including hardware or software configured to block access to at least the portion of the secure memory and the security-relevant components and to provide access to at least the portion of memory other than the secure memory while the processor does not operate in the secure processor mode. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic appliance, the electronic appliance comprising:
-
a secure processing unit, the secure processing unit comprising; a processor; internal memory comprising a plurality of domains, wherein the processor is associated with a particular domain while executing a process; secure processor mode-enabling hardware or software configured to cause the processor to enter a secure processor mode, the secure processor mode-enabling hardware or software including; accessing hardware or software configured to provide the processor with access to at least a portion of the internal memory while the processor operates in the secure processor mode; accessing hardware or software configured to prevent the processor from accessing memory other than the internal memory while the processor operates in the secure processor mode; secure code execution hardware or software configured to cause the processor to fetch and execute instructions from the internal memory while the processor operates in the secure processor mode and from other than the internal memory while the processor does not operate in the secure processor mode; secure code execution hardware or software configured to prevent the processor, while executing the process, from directly accessing at least a portion of the internal memory outside the particular domain and to allow the processor to indirectly access the portion of the internal memory outside the particular domain by interfacing with an operating system function; secure code execution hardware or software configured to prevent the processor from fetching and executing instructions from memory other than the internal memory while the processor operates in the secure processor mode and the processor to fetch and execute instructions from the internal memory while the processor does not operate in the secure processor mode; external access blocking hardware or software configured to block attempts to access at least the portion of the internal memory that originate from outside the secure processing unit; and secure processor mode-disabling hardware or software configured to cause the processor to exit the secure processor mode, the secure processor mode-disabling hardware or software including hardware or software configured to block access to at least the portion of the internal memory and provide access to at least the portion of memory other than the secure memory while the processor does not operate in the secure processor mode. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A processing unit comprising:
-
a processor; internal memory comprising a plurality of domains, wherein the processor is associated with a particular domain while executing a process; secure processor mode-enabling hardware or software configured to cause the processor to enter a secure processor mode, the secure processor mode-enabling hardware or software including; accessing hardware or software configured to provide the processor with access to at least a portion of the internal memory while the processor operates in the secure processor mode; accessing hardware or software configured to prevent the processor from accessing memory other than the internal memory while the processor operates in the secure processor mode; secure code execution hardware or software configured to cause the processor to fetch and execute instructions from the internal memory while the processor operates in the secure processor mode and the processor to fetch and execute instructions from other than the internal memory while the processor does not operate in the secure processor mode; secure code execution hardware or software configured to prevent the processor, while executing the process, from directly accessing at least a portion of the internal memory outside the particular domain and to allow the processor to indirectly access the portion of the internal memory outside the particular domain by interfacing with an operating system function; secure code execution hardware or software configured to prevent the processor from fetching and executing instructions from memory other than the internal memory while the processor operates in the secure processor mode and from the internal memory while the processor does not operate in secure processor mode; external access blocking hardware or software configured to block attempts to access at least the portion of the internal memory that originate from outside the secure processing unit; and secure processor mode-disabling hardware or software configured to cause the processor to exit the secure processor mode, the secure processor mode-disabling hardware or software including hardware or software configured to block access to at least the portion of the internal memory and to provide access to at least the portion of memory other than the secure memory while the processor does not operate in the secure processor mode. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A processing unit comprising:
-
a processor; internal memory comprising a plurality of domains, wherein the processor is associated with a particular domain while executing a process; secure processor mode-enabling means for causing the processor to enter a secure processor mode, the secure processor mode-enabling means including; means for providing the processor with access to at least a portion of the internal memory while the processor operates in the secure processor mode; means for preventing the processor from accessing memory other than the internal memory while the processor operates in the secure processor mode; means for causing the processor to fetch and execute instructions from the internal memory while the processor operates in the secure processor mode and the processor to fetch and execute instructions from other than the internal memory while the processor does not operate in the secure processor mode; means for preventing the processor, while executing the process, from directly accessing at least a portion of the secure memory outside the particular domain and for allowing the processor to indirectly access the portion of the secure memory outside the particular domain by interfacing with an operating system function; means for preventing the processor from fetching and executing instructions from memory other than the internal memory while the processor operates in the secure processor mode and from the internal memory while the processor does not operate in the secure processor mode; secure processor external access blocking means for blocking attempts to access at least the portion of the internal memory that originate from outside the secure processor; and secure processor mode-disabling means for causing the processor to exit the secure processor mode, the secure processor mode-disabling means including means for blocking access to at least the portion of the internal memory and for allowing access to memory other than the internal memory while the processor does not operate in the secure processor mode. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
-
33. A system comprising:
-
a processor; internal memory; secure processor mode-enabling hardware or software configured to cause the processor to enter a secure processor mode, the secure processor mode-enabling hardware or software including; hardware or software configured to provide the processor with access to at least a portion of a domain within the internal memory without interfacing with an operating system function while the processor operates in the secure processor mode, wherein the domain is associated with a process being executed by the processor; hardware or software configured to provide the processor with access to at least a portion of the domain not associated with the process being executed by the secure processor, within the secure memory, by interfacing with an operating system function; hardware or software configured to prevent the processor from accessing memory other than the internal memory while the processor operates in the secure processor mode; secure processor mode-disabling hardware or software configured to cause the processor to exit the secure processor mode, the secure processor mode-disabling hardware or software including hardware or software configured to block access to at least a portion of the internal memory and to provide access to memory other than the internal memory while the processor is not operating in the secure processor mode; and a computer-readable medium containing instructions that, when executed, perform the following steps; entering a secure processor mode; accessing, by the processor, through an operating system interface, at least the portion of the domain not associated with the process being executed by the processor, within the internal memory, while the processor is operating in the secure processor mode; accessing, by the processor, at least the portion of the domain within the internal memory associated with the process being executed by the processor while the processor is operating in the secure processor mode; blocking access, by the processor, to memory other than the internal memory while the processor is operating in the secure processor mode; exiting the secure processor mode; accessing, by the processor, at least the portion of memory other than the internal memory while the processor is not operating in the secure processor mode; blocking access, by the processor, to the internal memory while the processor is not operating in the secure processor mode; and blocking attempts to access at least the portion of the internal memory that originate from outside the processing unit. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification