公开(公告)号：US20070061535A1

公开(公告)日：2007-03-15

申请号：US11224418

申请日：2005-09-12

申请人： Zhangwei Xu ,  Thomas Phillips ,  Alexander Frank ,  Curt Steeb ,  Isaac Ahdout ,  Martin Hall ,  James Duffus

发明人： Zhangwei Xu ,  Thomas Phillips ,  Alexander Frank ,  Curt Steeb ,  Isaac Ahdout ,  Martin Hall ,  James Duffus

IPC分类号： G06F12/14

CPC分类号： G06F21/79 ,  G06F21/10 ,  G06F21/57 ,  G06F21/71 ,  G06F21/73 ,  G06F21/86 ,  G06F2221/2135

摘要： A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.

摘要翻译： 用于电子设备的处理单元包括标准指令处理和通信接口，并且还包括在操作系统中发现的或替代操作系统中的功能能力。 处理单元内的安全存储器可以包含硬件标识符，策略数据和诸如安全时钟，策略管理和策略实施之类的子系统功能。 安全存储器内的功能中的数据不能从处理单元外部访问。

公开(公告)号：US20060107329A1

公开(公告)日：2006-05-18

申请号：US11152214

申请日：2005-06-14

申请人： Alexander Frank ,  Curt Steeb ,  Isaac Ahdout ,  James Duffus ,  Martin Hall ,  Nicholas Temple ,  Rajagopal Venkatachalam ,  Thomas Phillips ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt Steeb ,  Isaac Ahdout ,  James Duffus ,  Martin Hall ,  Nicholas Temple ,  Rajagopal Venkatachalam ,  Thomas Phillips ,  Zhangwei Xu

IPC分类号： H04N7/16

CPC分类号： G06F21/575 ,  G06F21/72 ,  G06F21/74 ,  G06F21/87

摘要： A system and method for monitoring a computer, particularly a pay-per-use computer, uses an isolated computing environment or supervisor. The isolated computing environment boots prior to any boot device associated with an operating system, runs concurrently with the operating system and monitors and measures the computer in operation. Once the isolated computing environment determines the computer is not in compliance with the required policies, the isolated computing environment may either impose an impediment to use such as slowing clock speed or completely disable the operating system. The user may have to return the computer to a service provider to restore it from the offending condition and reset the computer to an operational state.

摘要翻译： 用于监视计算机的系统和方法，特别是按使用付费的计算机，使用隔离的计算环境或主管。 隔离的计算环境在与操作系统相关联的任何引导设备之前启动，与操作系统并发运行，并监视和测量运行中的计算机。 一旦隔离的计算环境确定计算机不符合所需的策略，孤立的计算环境可能会施加障碍，例如减慢时钟速度或完全禁用操作系统。 用户可能必须将计算机返回给服务提供商以将其从违规状态恢复，并将计算机重置为操作状态。

公开(公告)号：US20070192825A1

公开(公告)日：2007-08-16

申请号：US11353675

申请日：2006-02-14

申请人： Alexander Frank ,  Curt Steeb ,  Isaac Ahdout ,  Richard Thompson ,  Thomas Phillips ,  William Westerinen ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt Steeb ,  Isaac Ahdout ,  Richard Thompson ,  Thomas Phillips ,  William Westerinen ,  Zhangwei Xu

IPC分类号： H04L9/00

CPC分类号： H04L9/00 ,  G06F21/55 ,  G06F21/554 ,  G06F2221/2135

摘要： An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.

摘要翻译： 诸如计算机的电子设备可以适于自我监视以符合操作策略。 操作策略可以指定按使用付费或订阅业务模式以及与合规使用相关联的测量。 安全执行环境可以根据业务模式来测量使用情况，并监视和实施对操作策略的遵守。 为了增加攻击或以其他方式禁用安全执行环境的难度，可以分发安全执行环境的元素。 分发点可以包括计算机的其他功能元件，例如接口电路，或者甚至可以远程位于网络上。 还公开了用于分解安全执行环境的实现方法。

公开(公告)号：US07610631B2

公开(公告)日：2009-10-27

申请号：US10989122

申请日：2004-11-15

申请人： Alexander Frank ,  Curt Steeb ,  James Duffus ,  Mark C. Light ,  Martin Holladay ,  Paul Sutton ,  Thomas Phillips ,  Zeyong Xu ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt Steeb ,  James Duffus ,  Mark C. Light ,  Martin Holladay ,  Paul Sutton ,  Thomas Phillips ,  Zeyong Xu ,  Zhangwei Xu

IPC分类号： G06F21/00

CPC分类号： G07F7/1008 ,  G06F21/10 ,  G06F21/725 ,  G06Q20/3552 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L67/125 ,  H04L67/34 ,  H04L2209/56

摘要： A dynamic software provisioning system allows provisioning software on a number of different computing devices based upon a desired business process. The dynamic software provisioning system allows a user to request usage of the operating system for a specific period of time, for a specific amount of usage, or in any other desired manner from an operating system provisioning service or from a third party. The provisioning service processes the request from the user or from the third party to provision the use of the operating system and in response to the request provisions use of the operating system for a specific device specified by the request. The dynamic software activation system also includes a local provisioning module located on the device using the operating system, wherein the local provisioning module activates and deactivates the operating system based on instructions received from the provisioning service.

摘要翻译： 动态软件供应系统允许基于期望的业务过程在许多不同的计算设备上配置软件。 动态软件供应系统允许用户在特定时间段，特定的使用量或以任何其它期望的方式从操作系统供应服务或第三方请求操作系统的使用。 供应服务处理来自用户或来自第三方的请求以提供操作系统的使用，并响应于请求规定对由请求指定的特定设备使用操作系统。 动态软件激活系统还包括使用操作系统位于设备上的本地供应模块，其中本地供应模块基于从供应服务接收到的指令来激活和停用操作系统。

公开(公告)号：US20060107335A1

公开(公告)日：2006-05-18

申请号：US10989122

申请日：2004-11-15

申请人： Alexander Frank ,  Curt Steeb ,  James Duffus ,  Mark Light ,  Martin Holladay ,  Paul Sutton ,  Thomas Phillips ,  Zeyong Xu ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt Steeb ,  James Duffus ,  Mark Light ,  Martin Holladay ,  Paul Sutton ,  Thomas Phillips ,  Zeyong Xu ,  Zhangwei Xu

IPC分类号： H04L9/32

CPC分类号： G07F7/1008 ,  G06F21/10 ,  G06F21/725 ,  G06Q20/3552 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L67/125 ,  H04L67/34 ,  H04L2209/56

摘要： A dynamic software provisioning system allows provisioning software on a number of different computing devices based upon a desired business process. The dynamic software provisioning system allows a user to request usage of the operating system for a specific period of time, for a specific amount of usage, or in any other desired manner from an operating system provisioning service or from a third party. The provisioning service processes the request from the user or from the third party to provision the use of the operating system and in response to the request provisions use of the operating system for a specific device specified by the request. The dynamic software activation system also includes a local provisioning module located on the device using the operating system, wherein the local provisioning module activates and deactivates the operating system based on instructions received from the provisioning service.

公开(公告)号：US20070061268A1

公开(公告)日：2007-03-15

申请号：US11224651

申请日：2005-09-12

申请人： Jeffrey Herold ,  Munisamy Prabu ,  Thomas Phillips ,  James Duffus ,  Curt Steeb ,  Paul Sutton ,  Zeyong Xu ,  Zhangwei Xu ,  Alexander Frank

发明人： Jeffrey Herold ,  Munisamy Prabu ,  Thomas Phillips ,  James Duffus ,  Curt Steeb ,  Paul Sutton ,  Zeyong Xu ,  Zhangwei Xu ,  Alexander Frank

IPC分类号： G06Q99/00

CPC分类号： G06Q30/04

摘要： A computer participates in a system for licensing use in a metered fashion using individual licenses cryptographically linked to the computer and a particular service provider or underwriter. The computer may have a cryptographic unit, secure memory, sanction and metering functions as part of a secure execution environment for enabling metered operation and conformance to a security policy. Payment for licenses may be made through a payment system with licenses generated at a server with access to cryptographic functions for verification of requests, certificate/key pair generation, and signing licenses.

摘要翻译： 计算机使用与计算机和特定服务提供商或承销商密码相关联的个人许可来参与用于以计量方式许可使用的系统。 计算机可以具有加密单元，安全存储器，制裁和计量功能，作为用于实现计量操作和符合安全策略的安全执行环境的一部分。 许可证的支付可以通过支付系统进行，该系统具有在具有用于验证请求，证书/密钥对生成和签名许可证的加密功能的服务器上生成的许可证。

公开(公告)号：US20060165005A1

公开(公告)日：2006-07-27

申请号：US11006837

申请日：2004-12-08

申请人： Alexander Frank ,  Curt Steeb ,  David Edelstein ,  James Duffus ,  Mark Light ,  Paul Sutton ,  Thomas Phillips

发明人： Alexander Frank ,  Curt Steeb ,  David Edelstein ,  James Duffus ,  Mark Light ,  Paul Sutton ,  Thomas Phillips

IPC分类号： H04J1/16 ,  H04J3/14

CPC分类号： G06Q30/06 ,  G06Q30/0284

摘要： A system for supplying computers with little or no upfront payment has a service provider, a computer, and an optional funding account. The computer is adapted to render itself substantially useless unless provisioned by the service provider. The service provider has a capability to collect funds from the user and to provide the data necessary for continued operation of the computer. Cryptographic means may be employed to generate and receive the data necessary for continued operation of the computer. The computer's self-imposed sanctions may include slowed operation, reduced graphics capability, limited communication, and limited access to peripherals.

摘要翻译： 用于提供几乎没有或没有预付款的计算机的系统具有服务提供商，计算机和可选的资金账户。 除非由服务提供商提供，否则该计算机适于使其本身基本上无用。 服务提供商有能力从用户那里收集资金并提供计算机持续运行所需的数据。 可以使用加密手段来生成和接收计算机的继续操作所需的数据。 计算机的自制制裁可能包括操作速度减慢，图形能力下降，通信有限以及对外设的访问受限。

公开(公告)号：US20060106845A1

公开(公告)日：2006-05-18

申请号：US11007089

申请日：2004-12-08

申请人： Alexander Frank ,  Curt Steeb ,  David Edelstein ,  James Duffus ,  Mark Light ,  Paul Sutton ,  Thomas Phillips

发明人： Alexander Frank ,  Curt Steeb ,  David Edelstein ,  James Duffus ,  Mark Light ,  Paul Sutton ,  Thomas Phillips

IPC分类号： G06F17/00 ,  G06F7/00

CPC分类号： G06F9/5005 ,  G06F21/126 ,  G06F21/335 ,  G06F21/6218 ,  G06F21/6281 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2137 ,  G06F2221/2141 ,  G06F2221/2151 ,  G06Q20/04 ,  G06Q20/22

摘要： A computer is configured for pay-per-use or prepaid operation using internally stored value that may be directed to various aspects of the computer's operation, for example, printing or use of a particular application program. The value used may be logged and that information may be transferred to a host where individual service providers may be compensated for purchases made on the computer according to usage. The user may be presented with payment options such as single use or subscription for a given local purchase decision. A method of operation is also disclosed.

摘要翻译： 计算机被配置为使用内部存储的值进行按需付费或预付操作，该值可以针对计算机操作的各个方面，例如打印或使用特定的应用程序。 可以记录所使用的值，并且该信息可以被传送到主机，其中可以根据使用在个人服务提供商对在计算机上进行的购买进行补偿。 可以向用户呈现诸如用于给定的本地购买决定的单次使用或订阅的支付选项。 还公开了一种操作方法。

公开(公告)号：US20070136570A1

公开(公告)日：2007-06-14

申请号：US11515410

申请日：2006-08-31

申请人： Alexander Frank ,  William Westerinen ,  Curt Steeb ,  Zhangwei Xu

发明人： Alexander Frank ,  William Westerinen ,  Curt Steeb ,  Zhangwei Xu

IPC分类号： G06F15/177 ,  G06F9/00

CPC分类号： G06F21/575 ,  G06F21/572 ,  G06F2221/2105 ,  G06Q20/085 ,  G06Q30/0283 ,  G06Q30/0284

摘要： Described is a technology by which a computing device is booted into a normal mode of operation or a limited mode of operation, depending on whether the computing device was operating correctly (e.g., with respect to policy) prior to a reboot. The reboot may be forced. Examples of incorrect state include an overdue payment on a leased computer, or improper execution of certain important software. A metering mechanism evaluates the state of the computing device, and when an incorrect state is detected, configures the computing device for operation in the limited mode, by setting the computing device to boot via one boot path (e.g., a limited-mode BIOS) instead of another boot path (e.g., a normal-mode BIOS). A BIOS selector switches to the limited BIOS on the next reboot, wherein the computing device is restricted to the limited mode of operation (regardless of subsequent reboots) until the correct state is restored.

摘要翻译： 描述了根据计算设备在重新启动之前是否正确地操作（例如，关于策略）是否将计算设备引导到正常操作模式或有限操作模式的技术。 重启可能会被强制。 错误状态的示例包括租用计算机上的逾期付款或某些重要软件的不当执行。 计量机构评估计算装置的状态，并且当检测到不正确的状态时，通过将计算装置通过一个引导路径（例如，限制模式BIOS）来设置计算装置来配置在限制模式中操作的计算装置， 而不是另一个引导路径（例如，普通模式BIOS）。 BIOS选择器在下一次重新启动时切换到有限的BIOS，其中计算设备被限制到有限的操作模式（不管后续重新启动），直到恢复正确的状态。

公开(公告)号：US20070107056A1

公开(公告)日：2007-05-10

申请号：US11418710

申请日：2006-05-05

申请人： Alexander Frank ,  Curt Steeb ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt Steeb ,  Zhangwei Xu

IPC分类号： G06F12/14

CPC分类号： G06F11/0751 ,  G06F11/0706

摘要： Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code's being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.

摘要翻译： 描述了内置在计算机系统的一个或多个硬件组件中的独立计算环境，其中独立计算环境承载测量在存储器中执行的其他软件代码的健康状况的逻辑。 衡量健康的方法的示例包括执行诸如在存储器中的软件代码上计算散列/数字签名的数学计算，和/或评估与代码的执行相关的统计信息和/或被加载到存储器中的代码 。 通过在独立的计算环境中执行逻辑，可以根据防篡改或防篡改环境中的策略/元数据来衡量软件代码的健康状况。 当软件代码测量不符合该策略时，可采取一些行动来惩罚计算机系统。