[Am-info] United States Patent: 6,330,670
Martin Sandberg
msandberg@Sigma4.com
Mon, 1 Apr 2002 07:22:06 -0700
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Re: [Am-info] United States Patent:
6,330,670</title></head><body>
<div>Well, I'll TRY to post this with styles to the list - hardware
mods in bold, but if it doesn't make it thru - the 3rd solution is
what they're proposing and its definitely hardware.</div>
<div><br></div>
<blockquote type="cite" cite>From what I've read of this, it would
seem to be a software solution, not hardware. It all talks of an
OS, not a CPU.<br>
<blockquote type="cite" cite><br>
There appear to be three solutions to this problem. One solution is to
do away with general-purpose computing devices and use special-purpose
tamper-resistant boxes for delivery, storage, and display of secure
content. This is the approach adopted by the cable industry and their
set-top boxes, and looks set to be the model for DVD-video
presentation. The second solution is to use secret, proprietary data
formats and applications software, or to use tamper-resistant software
containers, in the hope that the resulting complexity will
substantially impede piracy.<b> The third solution is to modify the
general-purpose computer to support a general model of client-side
content security and digital rights management.</b><br>
<br>
This invention is directed to a system and methodology that falls
generally into the third category of solutions.<br>
</blockquote>
<blockquote type="cite" cite>A fundamental building block for
client-side content security is a secure operating system. If a
computer can be booted only into an operating system that itself
honors content rights, and allows only compliant applications to
access rights-restricted data, then data integrity within the machine
can be assured. This stepping-stone to a secure operating system is
sometimes called "Secure Boot." If secure boot cannot be
assured, then whatever rights management system the secure OS
provides, the computer can always be booted into an insecure operating
system as a step to compromise it.<br>
</blockquote>
<blockquote type="cite" cite>Secure boot of an operating system is
usually a multi-stage process. A securely booted computer runs a
trusted program at startup. The trusted program loads an initial layer
of the operating system and checks its integrity (by using a code
signature or by other means) before allowing it to run. This layer
will in turn load and check the succeeding layers. This proceeds all
the way to loading trusted (signed) device drivers, and finally the
trusted application(s).</blockquote>
<blockquote type="cite" cite><br>
<br>
</blockquote>
<blockquote type="cite" cite><br>
<b>In one aspect of the invention, the digital rights management
operating system also provides a trusted clock mechanism so that a
user cannot reset the computer's clock to circumvent time restrictions
placed on trusted components.</b> In other aspects of the invention,
the digital rights management operating system limits the functions
the user can perform on the rights-managed data and the trusted
application.<br>
</blockquote>
<blockquote type="cite" cite>Thus, the digital rights management
system of the present invention protects content downloaded to a
general-purpose personal computer and does so within the framework of
a standard operating system, alleviating the need for additional and
specialized hardware.</blockquote>
<blockquote type="cite" cite><br></blockquote>
</blockquote>
<div><br></div>
<div><br></div>
<div><br></div>
<blockquote type="cite" cite>
<blockquote type="cite" cite><br></blockquote>
<blockquote type="cite" cite>The CPU manufacturer equips the CPU 140
with a pair of public and private keys 164 that is unique to the CPU.
For discussion purpose, the CPU's public key is referred to as
"K.sub.CPU " and the corresponding private key is referred
to as "K.sub.CPU.sup.-1 ". Other physical implementations
may include storing the key on an external device to which the main
CPU has privileged access (where the stored secrets are inaccessible
to arbitrary application or operating systems code). The private key
is never revealed and is used only for the specific purpose of signing
stylized statements, such as when responding to challenges from a
content provider, as is discussed below.<br>
<br>
The manufacturer also issues a signed certificate 166 testifying that
it produced the CPU according to a known specification. Generally, the
certificate testifies that the manufacturer created the key pair 164,
placed the key pair onto the CPU 140, and then destroyed its own
knowledge of the private key "K.sub.CPU.sup.-1 ". In this
way, only the CPU knows the CPU private key K.sub.CPU.sup.-1 ; the
same key is not issued to other CPUs and the manufacturer keeps no
record of it. The certificate can in principle be stored on a separate
physical device associated with the processor but still logically
belongs to the processor with the corresponding key.</blockquote>
<blockquote type="cite" cite><br>
The manufacturer has a pair of public and private signing keys,
K.sub.MFR and K.sub.MFR.sup.-1. The private key K.sub.MFR.sup.-1 is
known only to the manufacturer, while the public key K.sub.MFR is made
available to the public. The manufacturer certificate 166 contains the
manufacturer's public key K.sub.MFR, the CPU's public key K.sub.CPU,
and the above testimony. The manufacture signs the certificate using
its private signing key, K.sub.MFR.sup.-1, as follows:<br>
<br>
Mfr. Certificate=(K.sub.MFR, Certifies-for-Boot, K.sub.CPU), signed by
K.sub.MFR.sup.-1<br>
<br>
The predicate "certifies-for-boot" is a pledge by the
manufacturer that it created the CPU and the CPU key pair according to
a known specification. The pledge further states that the CPU can
correctly perform authenticated boot procedures, as are described
below in more detail. The manufacturer certificate 166 is publicly
accessible, yet it cannot be forged without knowledge of the
manufacturer's private key K.sub.MFR.sup.-1.<br>
</blockquote>
<blockquote type="cite" cite><b>The CPU 140 has an internal software
identity register (SIR) 168, which contains the identity of an
authenticated operating system 180 or a predetermined false value
(e.g., zero) if the CPU determines that the operating system 180
cannot be authenticated. The operating system (OS) 180 is stored in
the memory 142 and executed on the CPU 140. The operating system 180
has a block of code 182 that is used to authenticate the operating
system to the CPU during the boot operation. The boot block 182
uniquely determines the operating system, or class of operating
systems (e.g. those signed by the same manufacturer). The boot block
182 can also be signed by the OS manufacturer.</b><br>
</blockquote>
</blockquote>
<blockquote type="cite" cite><br>
--<br>
Until later: Geoffrey<x-tab>
</x-tab><x-tab>
</x-tab>esoteric@3times25.net<br>
<br>
I didn't have to buy my radio from a specific company to listen<br>
to FM, why doesn't that apply to the Internet
(anymore...)?</blockquote>
<div><br></div>
<div><br></div>
<x-sigsep><pre>--
</pre></x-sigsep>
</body>
</html>