公开(公告)号：US07496769B2

公开(公告)日：2009-02-24

申请号：US11018065

申请日：2004-12-20

申请人： Butler W. Lampson ,  Paul England

发明人： Butler W. Lampson ,  Paul England

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： G06Q10/10 ,  G06F21/57

摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

摘要翻译： 在非安全计算机环境中保护优质内容的架构仅在安全存储器中执行少量代码模块。 这些模块被布置在信任层级中，其中模块命名它愿意信任的其他模块，而这些模块又命名他们愿意信任的其他模块。 安全加载器加载一个安全管理器，该管理器负责监视用于操纵内容的多个内容提供模块。 内存管理员将权限分配给安全内存的各个页面。 内存具有不同安全性的环。 安全模型可以扩展到计算机总线上的程序模块和其他设备，如DMA控制器和外设。

公开(公告)号：US06651171B1

公开(公告)日：2003-11-18

申请号：US09287393

申请日：1999-04-06

申请人： Paul England ,  Butler W. Lampson

发明人： Paul England ,  Butler W. Lampson

IPC分类号： G06F1208

CPC分类号： G06F21/53 ,  G06F12/1491

摘要： Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.

摘要翻译： 窗帘操作提供可信赖的代码执行和安全存储器中数据的保密性。 窗帘代码只能从窗帘内存区域的特定地址范围内执行，以防止无区域的代码访问。 代码入口点受到限制，原子执行得到保证。 存储器被组织成多个分层帘式环，并且对等子被拒绝彼此访问以及更安全的环。

公开(公告)号：US07457412B2

公开(公告)日：2008-11-25

申请号：US11615266

申请日：2006-12-22

申请人： Paul England ,  Butler W. Lampson ,  John D. DeTreville

发明人： Paul England ,  Butler W. Lampson ,  John D. DeTreville

IPC分类号： H04L9/00

CPC分类号： G06F21/10 ,  G06F9/4406 ,  G06F9/468 ,  G06F21/445 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/0704 ,  G06F2221/2103 ,  G06F2221/2113 ,  G06F2221/2129

摘要： In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.

摘要翻译： 根据某些方面，计算机系统具有中央处理单元（CPU）和操作系统（OS），所述CPU具有一对专用和公共密钥以及保存操作系统的身份的软件身份寄存器。 创建一个OS证书，包括软件身份登记器的身份，描述操作系统的信息和CPU公钥。 创建的OS证书使用CPU私钥进行签名。

公开(公告)号：US07174457B1

公开(公告)日：2007-02-06

申请号：US09266207

申请日：1999-03-10

申请人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

发明人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

IPC分类号： H04L9/00

CPC分类号： G06F21/10 ,  G06F9/4406 ,  G06F9/468 ,  G06F21/445 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/0704 ,  G06F2221/2103 ,  G06F2221/2113 ,  G06F2221/2129

摘要： A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.

摘要翻译： 通用处理器（CPU）配置有一种新的机制，便于经过身份验证的引导顺序，该系统在系统联机时为客户端权限管理提供构建块，并且即使在系统脱机时也提供持续数据的持续保护 重新启动 CPU包括加密密钥对和制造商证书，证明制造商根据已知规格构建CPU。 操作系统（OS）包括一个唯一的代码块或“引导块”，可以通过从数字签名的引导块中提取或通过计算引导块的散列摘要来建立OS标识。 在引导期间，CPU执行单个操作码，后跟引导块，作为将操作系统的身份设置为软件身份寄存器的原子操作。 订户单元然后可以建立到内容提供商的信任链。

公开(公告)号：US06976175B2

公开(公告)日：2005-12-13

申请号：US11011457

申请日：2004-12-13

申请人： Paul England ,  Butler W. Lampson

发明人： Paul England ,  Butler W. Lampson

IPC分类号： G06F21/00 ,  G06Q10/10 ,  H04L9/00 ,  G06F17/60

CPC分类号： G06Q10/10 ,  G06F21/57

摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

公开(公告)号：US06330670B1

公开(公告)日：2001-12-11

申请号：US09227561

申请日：1999-01-08

申请人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

发明人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

IPC分类号： G06F944

CPC分类号： G06F9/468 ,  G06F9/4406 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2113

摘要： A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file. The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock.

摘要翻译： 数字版权管理操作系统由于执行访问存储器的可信应用程序而将数据加载到存储器或页面文件中时，保护诸如下载的内容之类的权利管理的数据免受不可信程序的访问。 为了保护驻留在内存中的权限管理数据，数字版权管理操作系统拒绝在可信应用程序正在执行之前加载不受信任的程序，或者在加载不受信任的程序之前从内存中删除数据。 如果不可信程序在操作系统级别（例如调试器）上执行，则数字版权管理操作系统在计算机引导时放弃由计算机处理器为其创建的可信标识。 为了保护页面文件上的权限管理数据，数字版权管理操作系统禁止原始访问页面文件，或者在允许访问页面之前从页面文件中删除数据。 或者，数字权限管理操作系统可以在将权限管理的数据写入页面文件之前加密。 数字版权管理操作系统还限制用户可以在权限管理的数据和可信应用上执行的功能，并且可以提供用于代替标准计算机时钟的可信时钟。

公开(公告)号：US07529919B2

公开(公告)日：2009-05-05

申请号：US10431012

申请日：2003-05-07

申请人： Butler W. Lampson ,  John D. DeTreville ,  Paul England

发明人： Butler W. Lampson ,  John D. DeTreville ,  Paul England

IPC分类号： G06F21/22

CPC分类号： G06F9/468 ,  G06F9/4406 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2113 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/166

摘要： In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.

摘要翻译： 根据用于软件的引导块的一个方面，在具有中央处理单元和软件标识寄存器的计算机系统中，执行原子操作以将软件的身份设置为软件身份寄存器。 如果原子操作正确完成，则软件身份寄存器包含该软件的身份; 否则，软件身份寄存器包含除该软件的身份之外的值。

公开(公告)号：US07424606B2

公开(公告)日：2008-09-09

申请号：US10430999

申请日：2003-05-07

申请人： Butler W. Lampson ,  John D. DeTreville ,  Paul England

发明人： Butler W. Lampson ,  John D. DeTreville ,  Paul England

IPC分类号： H04L9/00 ,  G06F7/04

CPC分类号： G06F9/468 ,  G06F9/4406 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2113 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/166

摘要： A system and method for authenticating an operating system includes, in accordance with one aspect, a method in a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key. The method comprises forming an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key. In accordance with another aspect, the signed identity is submitted to a recipient to prove an identity of the operating system to the recipient.

摘要翻译： 根据一个方面，用于认证操作系统的系统和方法包括具有处理器，操作系统（OS）和保存操作系统的身份的软件身份寄存器的计算机系统中的方法，所述处理器 有私钥。 该方法包括从软件身份寄存器形成包含身份的OS证书，并使用私钥对OS证书进行签名。 根据另一方面，将签名的身份提交给接收者以向接收者证明操作系统的身份。

公开(公告)号：US07194092B1

公开(公告)日：2007-03-20

申请号：US09227568

申请日：1999-01-08

申请人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

发明人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

IPC分类号： H04L9/00

CPC分类号： G06F9/468 ,  G06F9/4406 ,  G06F21/10 ,  G06F21/575 ,  G06F2221/2113 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/166

摘要： Secure storage for downloaded content on a subscriber computer is keyed to a trusted digital rights management operating system, a trusted application, a trusted user or a combination thereof. A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.

摘要翻译： 用户计算机上的下载内容的安全存储被锁定到可信赖的数字版权管理操作系统，可信应用程序，可信用户或其组合。 单向散列函数应用于由应用程序提供的种子以产生用于生成应用程序存储密钥的散列种子。 单向散列函数被应用于由用户提供的种子以产生第一散列种子，该第一散列种子被传递给键入的哈希函数，其被键入用户的身份，以产生第二散列种子。 第二个散列种子用于生成用户存储密钥。 从未分解的种子生成操作系统存储密钥。 其中一个存储密钥用于加密下载的内容。 在下载时附加到内容的访问谓词与存储密钥相关联，以对内容的访问执行某些限制。

公开(公告)号：US06820063B1

公开(公告)日：2004-11-16

申请号：US09227559

申请日：1999-01-08

申请人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

发明人： Paul England ,  John D. DeTreville ,  Butler W. Lampson

IPC分类号： G06F1760

CPC分类号： G06F21/57 ,  G06F21/10 ,  G06F2221/2101

摘要： Digital rights for content downloaded to a subscriber computer from a provider are specified in an access predicate. The access predicate is compared with a rights manager certificate associated with an entity, such as an application, that wants access to the content. If the rights manager certificate satisfies the access predicate, the entity is allowed access to the content. A license that specifies limitations on the use of the content can also be associated with the content and provided to the entity. The use the entity makes of the content is monitored and terminated if the entity violates the license limitations. In one aspect of the invention, the access predicate and the license are protected from tampering through cryptographic techniques.

摘要翻译： 在访问谓词中指定了从提供者下载到用户计算机的内容的数字权限。 访问谓词与与想要访问内容的实体（例如应用）相关联的权限管理器证书进行比较。 如果权限管理器证书满足访问谓词，则允许实体访问内容。 指定对使用内容的限制的许可证也可以与内容相关联并提供给实体。 如果实体违反许可证限制，使用实体使内容受到监控和终止。 在本发明的一个方面，访问谓词和许可证被保护免受通过加密技术的篡改。