Electrical computers and digital processing systems: support – Data processing protection using cryptography – By stored data protection
Reexamination Certificate
1999-04-06
2003-11-18
Darrow, Justin T. (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
By stored data protection
C713S194000, C711S163000, C711S164000
Reexamination Certificate
active
06651171
ABSTRACT:
TECHNICAL FIELD
The present invention relates to electronic data processing, and more particularly concerns computer hardware and software for manipulating keys and other secure data so as to prevent their disclosure, even to persons having physical control of the hardware and software.
COPYRIGHT DISCLAIMER
A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. The following notice applies to the software and data as described below and in the drawing hereto: Copyright © 1998, Microsoft Corporation, All Rights Reserved.
BACKGROUND
More and more digital content is being delivered online over public networks, such as the Internet. For a client, online delivery improves timeliness, convenience, and allows more sophisticated content. For a publisher, online delivery provides mechanisms for enhanced content and reduces delivery costs. Unfortunately, these worthwhile attributes are often outweighed by the disadvantage that online information delivery makes it relatively easy to access pristine digital content and to pirate the content at the expense and harm of the publisher.
Piracy of online digital content is not yet a great problem. Most premium content that is available on the Web is of low value and therefore casual and organized pirates do not yet see an attractive business stealing and reselling content. Increasingly, higher-value content is becoming available. Audio recordings are available now, and as bandwidths increase, video content will start to appear. With the increase in value of online digital content, the attractiveness of organized and casual theft increases.
The unusual property of digital content is that the publisher or reseller transmits the content to a client, but continues to restrict rights to use the content even after the content is under the sole physical control of the client. For instance, a publisher will often retain copyright to a work so that the client cannot reproduce or publish the work without permission. A publisher could also adjust pricing according to whether the client is allowed to make a persistent copy, or is just allowed to view the content online as it is delivered. These scenarios reveal a peculiar arrangement. The user that possesses the digital bits often does not have full rights to their use; instead, the provider retains at least some of the rights. In a very real sense, the legitimate user of a computer can be an adversary of the data or content provider.
“Digital rights management” is fast becoming a central theme as online commerce continues its rapid growth. Content providers and the computer industry must quickly address technologies and protocols for ensuring that digital data is properly handled in accordance with the rights granted by the publisher. If measures are not taken, traditional content providers may be put out of business by widespread theft or, more likely, will refuse to deliver content online.
Traditional security systems ill serve this problem. There are highly secure schemes for encrypting data on networks, authenticating users, revoking users, and storing data securely. Unfortunately, none of these systems address the assurance of content security after it has been delivered to a client's machine. Traditional uses of smart cards offer little help. Smart cards merely provide authentication, storage, and encryption capabilities. Ultimately, useful content must be delivered to the host machine for display, and again, at this point the bits are subject to theft. Cryptographic coprocessors provide higher-performance smart-card services, and are usually programmable; but again, any operating system or process, trusted or not, can use the services of the cryptographic processor.
There appear to be three solutions to this problem. One solution is to do away with general-purpose computing devices and use special-purpose tamper-resistant boxes for delivery, storage, and display of secure content. This is the approach adopted by the cable industry and their set-top boxes, and appears to be the model for DVD-video presentation. The second solution is to use proprietary data formats and applications software, or to use tamper-resistant software containers. The third solution is to modify the general-purpose computer to support a general model of client-side content security and digital rights management.
This invention is directed to a system and methodology that employs the third category of solutions.
The fundamental building block for client-side content security is a secure operating systems. If a computer can be booted into an operating system that is trusted to honor content rights, and only allows authorized applications to access rights-restricted data, then data integrity within the machine can be assured. The stepping-stone to a secure operating system is sometimes called “Secure Boot” If secure boot cannot be assured, whatever rights management system the OS provides can always be subverted by booting into an insecure operating system.
Secure boot of an operating system is usually a multi-stage process. A securely booted computer runs a trusted program at startup. The trusted program loads another program and checks its integrity, e.g., by using a code signature, before allowing it to run. This program in turn loads and checks subsequent layers. This proceeds all the way to loading trusted device drivers, and finally a trusted application. Related patent application Serial No. 60/105,891 describes an overall method of securely booting an operating system, and also notes related technology.
Booting an operating system or other program securely requires some way to execute code such that the code cannot be tampered with as it is being executed, even by one who is in physical possession of the computer that executes the code. In the scenarios discussed above, digital content is loaded from a network or from a medium into a personal computer at a remote location. The PCs' owners have full freedom to run arbitrary programs for compromising any safeguards, to replace ROM containing trusted BIOS code, to bypass dongles, to introduce rogue hardware, even to analyze signals on buses. Today's low-end computers are open systems, both logically and physically. Indeed, most computers of all kinds are open, at least to those having supervisory privileges and physical possession.
At the same time, conventional techniques for restricting subversion in this environment impose either unacceptable burdens upon legitimate users or they are unacceptably expensive. S. T. Kent's Ph.D. thesis, “Protecting Externally Supplied Software in Small Computers”, MIT Laboratory for Computer Science 1980, is an early proposal for tamper-resistant modules. S. R. White, “ABYSS: A Trusted Architecture for Software Protection”, Proceedings, 1987 IEEE Symposium on Security and Privacy, pp. 38-51, presents a trusted architecture having a secure processor in a tamper-resistant package such as a chip, for enforcing limitations to execute application code. This system, however, would require major changes to existing processor architectures, and would still be limited to the small instruction set of a primitive security coprocessor. Also, it is limited to on-board, physically inaccessible memory dedicated to security functions.
The practicality of trusted operating systems still requires an inexpensive way to execute code that cannot be easily modified or subverted, a way that does not necessitate new or highly customized processors and a way that performs as much as possible of the secure execution in software.
SUMMARY OF THE INVENTION
The present invention provides a more general-purpose microprocessor and memory-system architecture that can support authenticated operation, including authenticated booting of an operating
England Paul
Lampson Butler W.
Darrow Justin T.
Lee & Hayes PLLC
Microsoft Corporation
LandOfFree
Secure execution of program code does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure execution of program code, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure execution of program code will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3120807