[go: nahoru, domu]

US20050262086A1 - Systems and methods for integrity certification and verification - Google Patents

Systems and methods for integrity certification and verification Download PDF

Info

Publication number
US20050262086A1
US20050262086A1 US11/117,444 US11744405A US2005262086A1 US 20050262086 A1 US20050262086 A1 US 20050262086A1 US 11744405 A US11744405 A US 11744405A US 2005262086 A1 US2005262086 A1 US 2005262086A1
Authority
US
United States
Prior art keywords
applications
systems
bip
integrity
system components
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/117,444
Inventor
Thanh Ta
Xin Wang
Vincent Tieu
Joseph Zhung Fung
Duc Tran
Venugopal Venkatraman
Jose Romero-Lobo
Eddie Chen
Charles Gilliam
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Contentguard Holdings Inc
Original Assignee
Contentguard Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=24606431&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=US20050262086(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Contentguard Holdings Inc filed Critical Contentguard Holdings Inc
Priority to US11/117,444 priority Critical patent/US20050262086A1/en
Assigned to CONTENT GUARD HOLDINGS, INC. reassignment CONTENT GUARD HOLDINGS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: VENKATRAMAN, VENUGOPAL, CHEN, EDDIE J., TIEU, VINCENT HSIANG, FUNG, JOSEPH ZHUNG YEE, WANG, XIN, ROMERO-LOBO, JOSE, TA, THANH, TRAN, DUC, GILLIAM, CHARLES P.
Publication of US20050262086A1 publication Critical patent/US20050262086A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • This invention relates to integrity certification and verification.
  • this invention relates to use of profiles including application integrity profiles (AIP) and behavior integrity profiles (BIP).
  • AIP application integrity profiles
  • BIP behavior integrity profiles
  • IPRM Intellectual Property Rights Management
  • DPRM Digital Property Rights Management
  • IPM Intellectual Property Management
  • DRM Digital Rights Management
  • RM Rights Management
  • ECM Electronic Copyright Management
  • PKI public key infrastructure
  • a method and system for integrity certification and verification in a computer environment based on characteristics and behaviors of one or more applications, systems or system components as compared with a profile of characteristics and behaviors are provided.
  • the exemplary method and system can include determining a behavior integrity profile (BIP) specifying characteristics and behaviors of one or more applications, systems or system components; determining based on the BIP whether or not characteristics and behaviors of one or more applications, systems or system components are compliant with characteristics and behaviors defined in a behavior integrity profile specification; and determining access rights to the one or more applications, systems or system components based on the step of determining the compliance.
  • BIP behavior integrity profile
  • FIG. 1A is a functional overview illustrating an exemplary embodiment of the integrity certification and verification system according to this invention
  • FIG. 1B is a functional overview illustrating an exemplary embodiment of an integrity certification and verification system that uses BIP(s) in conjunction with an AIP according to this invention
  • FIG. 1C is a functional overview illustrating an exemplary embodiment of an integrity certification and verification system that uses BIP(s) according to this invention
  • FIG. 2 is a functional block diagram illustrating an exemplary embodiment of the integrity certification and verification system according to this invention
  • FIG. 3 is a workflow diagram of an exemplary integrity certification and verification device according to this invention.
  • FIG. 4A illustrates an exemplary structure of an integrity profile according to this invention
  • FIG. 4B illustrates an exemplary structure of a BIP according to this invention
  • FIG. 5 illustrates an exemplary environment stack according to this invention
  • FIG. 6 illustrates another exemplary environment stack according to this invention
  • FIG. 7 illustrates an exemplary workflow of the exemplary environment stack according to this invention
  • FIG. 8 another exemplary workflow of the exemplary environment stack according to this invention.
  • FIG. 9 illustrates an exemplary method of manipulating the environment stack according to this invention.
  • FIG. 10 illustrates an exemplary method of preventing dynamic tampering through the use of debugging according to this invention
  • FIG. 11A is a flowchart outlining an exemplary embodiment of a method for integrity certification and verification according to this invention.
  • FIG. 11B is a flowchart outlining an exemplary embodiment of a method for integrity certification and verification that uses BIP(s) in conjunction with an AIP according to this invention
  • FIG. 11C is a flowchart outlining an exemplary embodiment of a method for integrity certification and verification that uses BIP(s) according to this invention.
  • FIG. 12 is a flowchart outlining an exemplary embodiment of a method for registering applications and/or systems according to this invention.
  • FIG. 13 is a flowchart outlining an exemplary embodiment of a method for determining an integrity profile according to this invention.
  • FIG. 14 is a flowchart outlining an exemplary embodiment of a method for verifying the integrity of an integrity authenticator according to this invention.
  • the present invention includes recognition that providers often want to have their content and services consumed by certified applications and systems that have desired characteristics and behaviors.
  • the content provider for example, can restrict usage, such as copying, printing, embedding, distribution, and the like.
  • a content or service provider may want to protect content against misuse by demanding that the system that consumes it be of a certain level of security and rights management capability.
  • the content provider may also want to assure that no “alien” application, e.g., a debugger, virus, interception routine, and the like, interacts with the content consumption application on the user system and which may confiscate or otherwise “steal” content or other sensitive information.
  • alien application e.g., a debugger, virus, interception routine, and the like
  • U.S. patent application Ser. No. 09/649,841 of Raley entitled “Document Distribution Management Method and Apparatus Using a Standard Rendering Engine and a Method and Apparatus for Controlling a Standard Rendering Engine” filed on Aug.
  • a verification of all suitable applications and system components needed to consume content, access a service or in any other suitable way interact with other systems, applications and components need be confirmed by a verification application.
  • the verification application verifies the application and system components using one or more integrity profiles that can be of the same or different types. Furthermore, two or more integrity profiles of the same or of different types can be used conjunctively or disjunctively.
  • An integrity profile can be of various types.
  • integrity profiles can include an application integrity profile (AIP), a behavior integrity profile (BIP), and the like.
  • An application integrity profile can include verifiable information and characteristics specific to an application.
  • AIP can be tied to a specific application.
  • a behavior integrity profile can include information indicating whether or not an application's behaviors are compliant with those specified in a BIP specification.
  • a BIP can include a BIP identification that designates a BIP specification that specifies a set of behaviors and/or consumption terms and conditions by which all suitable compliant applications abide.
  • a BIP specification can specify that all suitable applications compliant with the BIP are play-only applications that are permitted to play, but not to perform other actions.
  • further exemplary embodiments provide other types of BIPs, for example, based on geography, locale, time, performance, service level, other suitable criteria, and the like, to verify applications, systems, devices, components, and the like.
  • the exemplary embodiments include systems and methods that provide certification and verification services for computer environments.
  • an integrity certification and verification device that provides these services can be introduced between a content or service provider and a system, application, and the like, provider.
  • This certification device can register individual applications and/or systems from their respective providers, and can certify the integrity of these applications and/or systems according to a predetermined selection.
  • a user can “trust” an integrity certification and verification device. With this trust, the provider establishes a profile of a set of applications and systems that are allowed to consume its content and services, and verifies on the user system(s), according to the profile, that the user's set of applications and systems are authentic.
  • the exemplary embodiments include provisioning of certification and verification services for the integrity of content, such as documents, other content, and the like, consumption environments.
  • an integrity certification and verification device that provides these services is introduced between content providers and content consumption system and application providers who may distribute, for example, personal computers, handheld computers, PDAs, multimedia display devices, DVD players, distributed network enabled phones, and applications, such as word processors, content viewers, multimedia players, and the like.
  • the integrity certification and verification device registers individual applications and/or systems from the content consumption system/application providers, and certifies sets of these applications and systems to content providers.
  • a content provider can select or trust, the integrity certification and verification device, establish a profile of a set of applications and systems that are allowed to consume its content, and verify on a user system, according to the profile, that the set of applications and systems on the user system are authentic. In this manner, the extent of access to or control over, the content requested or submitted, by the user can be controlled and determined.
  • the exemplary embodiments include certification and verification services using BIP(s).
  • the integrity certification and verification device registers and certifies individual applications and/or systems from the content and services consumption system/application providers, verifies that the applications' behaviors comply with a BIP specification, and provides proof of compliance status.
  • the consumer can use any suitable content or service consumption system or application to consume the content or service that complies with some BIP mandated by the provider. In this manner, use of the content or service can be controlled without limiting consumption to a particular application or system.
  • the consumer can use any suitable computing system or application to interact with another system or application that complies with some BIP.
  • an integrity certification and verification device registers and certifies individual applications and/or systems from the content and service consumption system/application providers, verifies that the applications are authentic according to the integrity profile associated with the applications and system components, verifies that the applications' behaviors comply with a BIP specification, and provides proof of such compliance.
  • a document can include any suitable unit of information subject to distribution or transfer, including, correspondence, books, magazines, journals, newspapers, other papers, software, plug-ins, photographs and other images, audio and video clips, multimedia presentations, and the like.
  • a document can be embodied in printed form on paper, as digital data on a storage medium or in any suitable other known or later developed variety of media or software, including compact discs (CDs), digital video discs (DVD), laser discs, magneto and magneto-optic media, and the like.
  • Consumption and consume can encompass any suitable form of action, including usage of content and services or accessing or otherwise interacting with computer systems, including accessing, rendering, editing, manipulating, executing, copying, storing, transferring, issuing, obtaining, distributing, and the like.
  • Content can encompass any suitable thing that can be referred to by a noun, such as an entity, a resource, a quality, an event, a state, a concept, a substance, and the like.
  • Exemplary resources can include documents, multimedia files, web or other services, names, email addresses, and the like.
  • the systems and methods of the exemplary embodiments provide for integrity certification and verification services.
  • the exemplary embodiments can separately provide systems and methods for integrity certification and verification services for content consumption system environments.
  • the exemplary embodiments also can provide systems and methods for certification and verification of standardized behaviors of systems and applications.
  • the exemplary embodiments also separately can provide a system and method for determining an integrity profile.
  • the exemplary embodiments additionally can provide a system and method for verifying the integrity of one or more system environments.
  • the exemplary embodiments also can provide a system and method for managing integrity profiles, system and system component information.
  • the exemplary embodiments additionally can provide a system and method that performs an integrity check on a user system through the use of an integrity profile.
  • the exemplary embodiments additionally can provide a system and method that performs a compliance check on a user system through the use of a BIP.
  • a content provider such as a content publisher or distributor, and the like, for providing content, such as for consumption by a user, system, device, and the like, can initiate a request for an integrity profile.
  • This request for the integrity profile is forwarded to an integrity certification and verification device.
  • the integrity certification and verification device can, if an integrity profile does not already exist for the requested applications and systems components, query a content consumption system/application provider that has supplied various system components and/or applications to users.
  • the content consumption system/application provider returns to the integrity certification and verification device authentication information about the particular applications or system components.
  • the integrity certification and verification device having access to authentication information can make a comparison or integrity verification between an application or system component on a user's system, and the original application or system component as distributed by the content consumption system/application provider.
  • the authentication information for system applications and components can be stored in a component database.
  • the profiles for content providers can be stored in a profile database.
  • the content consumption system/application provider can maintain a database of authentication information that can be forwarded directly to the respective database of the integrity certification and verification device, without the need for the integrity verification and certification device to determine the integrity profile.
  • An integrity profile identification, corresponding to the determined integrity profile, is then returned to the content provider.
  • a content provider such as a content distributor, and the like, provides, for example, protected content to a user.
  • the content provider forwards to the user a protected version of the digital content that includes, for example, a license agreement and an integrity profile identification.
  • the integrity profile identification includes, for example, the applications and system components that are allowed to be used in conjunction with the protected content, and the identification of the integrity profile for those systems, applications, and the like.
  • the integrity certification and verification device forwards, for example, at the request of the user system, an integrity profile to the user system. With this integrity profile, an integrity verification of the user's system can be performed. If it is determined that the components/applications of the user's system are authentic, the digital content provided by the content provider can then be accessed by the user's applications and systems in accordance with, for example, the additional profile information.
  • the content provider can associate one or more BIP identifications with the digital content.
  • a music content provider who wants its music content consumed by play-only and copy-once-only devices can associate both play-only and copy-once-only BIP identifications with the content.
  • An AIP identification is not associated with the protected content, but can be embedded into or associated with the applications and system components by the system/application provider. For example, where the content provider is providing a service, it may want a customer to be able to consume the service only if a secure browser is being used.
  • the integrity certification and verification device retrieves proof of BIP compliance from its profile verification device.
  • the integrity certification and verification device retrieves the integrity profile and forwards it to the user system. With this integrity profile, an integrity verification of the user's system can be performed to ensure that the components/applications of the user's system have not been tampered with. If it is determined that the components/applications of the user's system are authentic and proof of BIP compliance exists, the digital content provided by the content provider can be consumed by the user's applications and systems. Similarly, a service can be consumed or an application or computing resource accessed, if it is determined that components/applications are authentic and proof of BIP compliance exists.
  • the request for an integrity certification need not originate with the content provider.
  • the certification request can be initiated by a software application embedded in the profile identification information that is forwarded with the protected content from the content provider to the user's system.
  • the content provider can also serve as the integrity verification and certification system.
  • the content provider can conduct the integrity certification and verification service itself by gathering the appropriate authentication information and determining an integrity profile for the content provider's own use.
  • the content or service consumption application/system provider can also act as the integrity certification and verification device.
  • the content or service consumption application/system provider can also supply an integrity profile together with the associated application and/or system component.
  • the systems and methods of the exemplary embodiments provide certification and verification services to determine the integrity of an environment for the consumption of digital content and services and use or other interaction with computing systems.
  • an exemplary system is provided for consumption of content and services, including consumer media, such as audio, video, on-line services, and the like.
  • the exemplary system for consumption of content can include an integrity certification and verification device introduced between one or more content providers, and one or more content consumption systems and application providers.
  • the integrity certification and verification device obtains authentication information from the content consumption application and/or system providers. This authentication information allows a content provider to trust the environment to which content will be provided.
  • an integrity profile is established. This profile is then forwarded to the user system to confirm that the user has not altered, modified or does not potentially interfere in an unauthorized manner with the digital content provided by the content provider.
  • the integrity certification and verification system 100 can include an integrity certification and verification device 200 , a content provider and/or distributor 300 , a user system 400 , a content consumption system/application provider 500 , a component database 260 , a profile database 270 , and the like.
  • the content consumption system/application provider 500 provides applications, systems and/or software/hardware components to a user.
  • the user system 400 allows consumption of digital content, such as documents, that are supplied by the content provider and distributor 300 .
  • the integrity certification and verification device 200 collects and registers authentication information about the individual applications, systems and/or software/hardware components from the content consumption system/application provider 500 . With this authentication information, the integrity certification and verification device 200 determines and certifies an integrity profile of one or more applications, systems and/or system components based on a service request 20 from the content provider 300 . This determined integrity profile 50 is then forwarded to the user system 400 so that the integrity of the user system 400 can be determined.
  • a content provider and distributor 300 provides digital content, such as a document, and the like, to a user system 400 .
  • the user system 400 can include one or more system components, such as hardware components and/or various software applications, and the like. These applications and hardware/software components are usually obtained by the user from one or more content consumption system/application providers, such as a computer supplier, a software warehouse, an application provider, and the like. These applications and hardware and software components are then assembled, if not already done so or installed, as appropriate, by the user in order to allow the user to consume content, such as documents, and the like.
  • the user 400 may want to view protected content, such as a document.
  • the user 400 can request from the content provider 300 one or more pieces of content, such as an electronic book, a multimedia file, a presentation, a form template, and the like.
  • the content provider and distributor 300 can provide the requested content in protected form with a profile identification 10 to the end user 400 .
  • This profile identification 10 includes, for example, specifics as to in which applications the protected content can be viewed, and for example, the extent to which the provided content can be manipulated within the particular software/hardware environment.
  • the content provider 300 can forward a service request 20 to an integrity certification and verification device 200 .
  • the service request 20 includes, for example, a list of components and/or software applications on which the content provider 300 wishes to allow the user system 400 to consume the distributed protected content.
  • the integrity certification and verification device 200 determines if the components and applications/software identified in the service request have corresponding authentication information stored in the component database 260 and/or the profile database 270 . If the integrity certification and verification device does not have access to the authentication information specified in the service request 20 , the integrity certification and verification device 200 can request from one or more content consumption system/application providers 500 , authentication information about a particular application, system, hardware/software component, and the like.
  • the integrity certification and verification device 200 stores information pertaining to the application and system components in the component database 260 .
  • the integrity certification and verification device 200 can develop an integrity profile for one or more applications. With this information, which confirms the authenticity of applications, systems and system components, the integrity certification and verification device 200 forwards an integrity profile 50 to the user system 400 .
  • This integrity profile 50 is used to confirm the authenticity of systems, system components and/or applications of the user system 400 . If it is determined if the user's system components and/or applications are authentic, the protected content 10 is made to be unprotected so that the user system 400 can view or otherwise manipulate, and the like, the protected content in accordance with the integrity profile.
  • FIG. 1B illustrates another exemplary system for performing integrity certification and verification that employs BIP verification in conjunction with AIP verification.
  • the user system 400 receives from the content provider 300 one or more pieces of content, such as an electronic book, a multimedia file, a presentation, a form template, and the like.
  • the content provider and distributor 300 can provide the content in protected form with one or more BIP identifications, an optional BIP conjunctive verification flag, and optionally a usage license to the end user system 400 .
  • the BIP identification designates a specific BIP specification that specifies a well known set of behaviors or terms and conditions to which the user system 400 complies with in order to consume the protected content.
  • the BIP conjunctive verification flag indicates whether or not to verify BIP compliance conjunctively when multiple BIP identifications are specified. If a BIP conjunctive verification flag is not explicitly specified, the integrity certification and verification device can default its verification to verify non-conjunctively. For example, if the content provider and distributor 300 specified both a play-only BIP identification and a transfer-once-only BIP identification with the protected content and the BIP conjunctive verification flag is specified, then only systems, applications, and the like, that are compliant with both play-only BIP and transfer-once-only BIP can consume the protected content.
  • the user system 400 receives from the content provider 300 one or more BIP identifications, an optional BIP conjunctive verification flag, and an optional usage license, without receiving content directly from the content provider 300 .
  • the content may exist in the user system 400 , referenced by the optional usage licenses or implied or referenced by other means.
  • “content” can include any suitable content, service, computing environment, and the like, accessible by the user system 300 .
  • the integrity certification and verification device 200 verifies the integrity of the applications/systems to make sure that they are authentic and their behaviors comply with the BIP specification(s). If it is determined that the user's system components and/or applications satisfy both criteria, the protected content 10 is made to be unprotected so that the user system 400 can consume the protected content in accordance with the BIP specification(s).
  • the same protected content can be consumed by existing certified applications and systems, as well as by applications and systems that have yet to be developed and certified or by existing applications and systems when they are certified in the future.
  • the integrity certification and verification device 200 collects and registers authentication information about the individual applications, systems, and/or software/hardware components from the content consumption system/application provider 500 . With this authentication information, the integrity certification and verification device 200 determines and certifies an integrity profile of one or more applications, systems, and/or system components. Then, the AIP 50 is forwarded to the user system 400 so that the integrity of the user system 400 can be determined.
  • the integrity certification and verification device 200 ensures that the applications are compliant with the BIP specification(s) by verifying that proof exists that the applications are indeed compliant with the BIP specification(s) identified by the BIP identifier(s).
  • the integrity certification and verification device 200 obtains the BIP identifier(s) specified in the protected content 10 , constructs the application identification information based on information from the AIP, and uses this information to obtain proof of BIP compliance.
  • the integrity certification and verification device 200 can dynamically obtain proof of BIP compliance by invoking its profile verification device to retrieve the compliance status associated with the BIP identifier and application identification information.
  • FIG. 1C illustrates yet another exemplary system for performing integrity certification and verification that need only employ BIP verification.
  • the integrity certification and verification device 200 verifies the integrity of the applications/systems to make sure that their behaviors comply with the BIP specification(s). If it is determined that the user's system components and/or applications comply with the BIP specification(s), the protected content 10 is made to be unprotected so that the user system 400 can consume the protected content in accordance with the BIP specification(s).
  • the advantage of this approach is faster performance, because AIP verification steps need not be performed.
  • proof(s) of BIP compliance exist for user system 400 there is no guarantee that user system 400 has been free from tampering. For certain applications, such as in a closed system, application integrity verification need not be employed.
  • the integrity certification and verification device 200 ensures that the applications are compliant with the BIP specification(s) by verifying that proof exists that the applications are indeed compliant with the BIP specification(s) identified by the BIP identifier(s).
  • the integrity certification and verification device 200 obtains the BIP identifier(s) specified in the protected content 10 , constructs the application identification information based on information from the user system 400 , and uses this information to obtain proof of BIP compliance.
  • the integrity certification and verification device 200 can dynamically obtain proof of BIP compliance by invoking its profile verification device to retrieve compliance status associating with the BIP identifier and application identification information. When the behaviors of the application have been verified successfully using the BIP(s), the user system 400 is allowed to access or otherwise consume the protected content.
  • the integrity certification and verification device 200 can perform rigorous verification at the functional and/or system levels to verify that the behaviors of the applications/systems are compliant with the specification(s) in the BIP.
  • the verification process can ensure that all suitable functions provided by the applications/systems operate within the boundary defined by the BIP specification.
  • the verification process at the functional level can utilize automated and/or manual tests aimed at exercising the features. For example, given a play-only BIP, the verification processes can make sure that the applications/systems provide play-only features, such as displaying content to the user, and the like. Accordingly, features provided by applications/systems that violate the play-only behavior, such as editing, copying, and the like, would result in the applications/systems being deemed non-compliant.
  • the verification process can ensure that the applications/systems do not have intended or unintended effects that violate the BIP.
  • an application/system may have unintended effects by using temporary files to cache content in the clear, by writing large amounts of clear content to memory and then transferring it to a swap file, by writing clear content information to the registry or to an environment variable, and the like.
  • verification processes at the system level can utilize low level monitoring software to detect file I/O, network I/O, memory tracking and other effects for determining BIP compliance.
  • Functional and system verifications can be performed when the system/application provider 500 registers its application/system for certification. Verifications can be, but need be, carried out by the component registration device sub-component of the integrity certification and verification device.
  • the component registration device determines the compliance status of the applications/systems in association with the BIP
  • the component registration device records the status along with detailed identification information about the applications/systems to a component database. Examples of the type of identification information needed to accurately identify an application/system can include the application/system product name or unique identification number and/or the full version number, and the like.
  • the profile verification device can retrieve the compliance status in response to a verification request from the integrity certification and verification device.
  • the above-described exemplary BIP certification model can be varied as needed.
  • the exemplary verification model can be varied as needed for other than a content consumption environment.
  • a BIP specification can be created by organizations, such as standards bodies, trade groups, government bodies, and the like, and can be adopted by vendors in the industry, and the like.
  • Each BIP specification describes a set of application behaviors or features, security requirements, and detailed information about what vendors can do to make their systems, applications, and the like, comply with the profile.
  • each BIP specification can have a unique BIP identification associated with it.
  • FIG. 2 illustrates an exemplary overview of the components of an integrity certification and verification environment 100 .
  • the integrity certification and verification environment 100 can include one or more content providers 300 , one or more user systems 400 , one or more integrity certification and verification devices 200 , one or more content consumption system/application providers 500 , and the like.
  • the content provider 300 can include a controller 310 , a memory 320 , an I/O controller 330 , a content database 340 , and the like.
  • the content provider 300 can also distribute content in a more traditional manner.
  • the content provider 300 can distribute a compact disk, and the like, including the content.
  • the compact disk can be delivered, for example, through a postal service, and the like, to a user.
  • any suitable type of distribution and dissemination process can be employed equally well with the systems and methods of the exemplary embodiments.
  • the integrity certification and verification device 200 can include a controller 210 , a memory 220 , an I/O controller 230 , a digital signature device 240 , a component registration device 250 , a component database 260 , a profile database 270 , a profile creation device 280 , a profile distribution device 290 , a profile verification device 295 , and the like.
  • the integrity certification and verification device 200 can provide a component registration service, a behavior integrity profile (BIP) certification service, an integrity profile service, and the like.
  • the registration service allows registration of applications, systems, and/or software/hardware components from their respective providers as authentic ones, with intended characteristics, purposes and/or behaviors.
  • a BIP certification service is provided to certify that the systems, applications, and the like, are compliant with a BIP and to provide proof of BIP compliance status.
  • the integrity certification and verification device 200 uses the component registration device 250 to execute system monitoring processes and verification test cases stored in the profile database 270 to determine the BIP compliance status of the system/application registered in the component database 260 .
  • the BIP certification service creates, issues, and associates a BIP with the system/application being certified.
  • the compliance status along with the applications/systems identification information are recorded and stored in the component database 260 .
  • the profile verification device 295 provides proof of compliance by retrieving compliance status associated with some applications/systems identification information.
  • the BIP certification service can be implemented using components of the integrity certification and verification device 200 .
  • the BIP certification service can be implemented as a separate BIP certification service provider.
  • the content consumption system/application provider 500 can register its applications for BIP certification directly with the BIP certification service provider.
  • the integrity certification and verification device 200 can dynamically obtain proof of BIP compliance by sending the BIP identifier and application information to an online BIP certification service provider.
  • An integrity profile service can be provided to a user to build and retrieve integrity profiles.
  • An integrity profile can be in the form of a document, and the like, which is optionally digitally signed, and that can include verifiable information and a set of registered system components that are to consume the contents of protected documents. Once the integrity profile is created, the integrity profile's identification is returned to the user.
  • the content provider can include the integrity profile identification and advantageously can optionally provide a usage license with the protected documents. When the content of the protected document is consumed and there is a need to conduct a local integrity verification of the system and environment of the user, the integrity profile can be retrieved from the integrity certification and verification device 200 for the user system.
  • the user system 400 can include a controller 410 , a memory 420 , an I/O controller 430 , a storage device 440 , an integrity authentication device 450 , a profile storage device 460 , and the like. Accordingly, it is to be appreciated that such exemplary user system is based on a model of a computer. However, it is to be further appreciated that the components of the exemplary user system can be changed depending on, for example, the type of content or service being consumed, the type of computing environment being accessed, the type of activity being engaged in, and the like, according to further exemplary embodiments. In general, any suitable user system having one or more portions thereof whose integrity can be verified can be employed equally well with the systems and methods of the exemplary embodiments.
  • the system/application provider 500 can include a controller 510 , a memory 520 , an I/O controller 530 , a registration application device 540 , an application database 550 , a system database 560 , and the like.
  • the system/application provider can have several different forms depending on the type of system and/or application the system/application provider supplies, according to further exemplary embodiments. For example, if the system/application provider 500 supplies a specific hardware component, the system/application provider 500 need not maintain application and system databases.
  • the system/device component supplier can send, for example, on a disk, and the like, authentication information directly to the integrity certification and verification device 200 .
  • system/application provider 500 can coordinate efforts with the content provider 300 to facilitate determination of an integrity profile.
  • system/application provider can include any suitable entity that is capable of supplying hardware or software and authentication information about the same.
  • the system/application provider 500 can include various system components. However, it is to be appreciated that the system/application provider 500 can include a computer distributor, a software developer, a software provider, a software distributor, and the like, according to further exemplary embodiments. Thus, the system/application provider 500 is capable of supplying devices and/or software that allows for the consumption of content that is provided by the content provider 300 .
  • the various components of the integrity certification and verification environment 100 are capable of communication there between, via link 5 , which can be a wired or wireless link or any other suitable known or later-developed element(s) that is capable of supplying electronic data to and from the connected elements.
  • the link 5 can include one or more distributed networks, which can in turn be connected to one or more additional integrity certification and verification environments 100 or alternatively to multiple instances of any one or more of the content providers 300 , user systems 400 , content consumption system/application providers 500 , integrity certification and verification devices 200 , and the like.
  • the content consumption system/application provider 500 supplies applications, software and/or hardware to a user. These applications, software and/or hardware are used by a user to consume content, such as viewing documents, and the like.
  • the content provider 300 for example, at the request of a user located at the user system 400 , distributes content, such as a document, and the like, to the user system 400 .
  • a request can be received by the content provider 300 from the user system 400 .
  • This request which can be received through the I/O controller 330 , is processed by the controller 310 in cooperation with memory 320 to retrieve the requested content from the content database 340 .
  • the content provider 300 can include an on-line content provider, a book store, a software provider, any other suitable content provider, and the like, that wishes to provide content, such as a document, and the like, to a user, and the like.
  • the content provider 300 Upon receiving a content request from the user system 400 , the content provider 300 returns to the user system the requested content, as well as additional information, such as a profile identification, and the like, associated with the protected content.
  • additional information can include information instructing the user system to request a profile, and hence an integrity certification, and the like, before enabling of the content.
  • the additional information also can include information to identify which system components and/or hardware/software can be running and/or used on the user's machine when viewing or interacting with the requested content.
  • one or more of the requested content, additional information, profile identification, and the like are received by the user system 400 , via the I/O controller 430 , and at the direction of controller 410 , stored in one or more of the memory 420 and the storage device 440 .
  • the content provider 300 can initiate a service request 20 , such as a request for an integrity profile, from the integrity certification and verification device 260 .
  • the integrity certification and verification device 260 receives, via the I/O controller 230 , and in cooperation with the controller 210 and memory 220 the service request from the content provider 300 .
  • the integrity certification and verification device 200 can include a component database 260 and a profile database 270 .
  • the component database 260 provides access to authentication information pertaining to systems and system components that can be distributed by one or more content consumption system/application providers 500 .
  • the profile database 270 stores verifiable information and a set of registered system components that are to consume the contents of protected documents for one or more individual content providers 300 .
  • the verifiable information can include verification test cases used in the certification of compliance with a BIP for registered systems and applications
  • the integrity certification and verification device 200 upon receipt of the request for an integrity profile from the content provider 300 , the integrity certification and verification device 200 , at the direction of the controller 210 and with the aid of memory 220 , searches the component database 260 and the profile database 270 to determine if authentication information already exists that corresponds to the information in the service request.
  • the integrity certification and verification device 200 can perform an on-line verification service.
  • the on-line verification service is provided to perform the integrity verification on-line, for example, in real-time or near real-time within the integrity certification and verification device 200 .
  • a piece of software called an integrity authenticator, can be forwarded to the user system 400 .
  • the integrity authenticator allows the collection of information of local software and/or hardware components.
  • the integrity authenticator can be a dedicated device, such as the integrity authentication device 450 illustrated in FIG. 2 , and the like.
  • the information gathered about the local software and/or hardware components is returned along with the integrity profile identification to the integrity certification and verification device 200 so that the on-line integrity verification can be performed.
  • the component registration device 250 examines software/hardware components from their respective providers and stores identification information in the component database 260 .
  • the information pertaining to the software/hardware component can be, for example, hashed and the hash value can be used as the authentic software/hardware identification.
  • the information to identify each software/hardware component can be any suitable known or later-developed scheme that allows for identification of an authentic piece of hardware and/or software, according to further exemplary embodiments.
  • the registration of a particular software and/or hardware component can be accomplished by the content consumption system/application provider 500 communicating with the identification and certification verification device 200 to request a registration service.
  • the identification and certification verification device 200 can communicate with content consumption system/application provider 500 in order to secure the authentication information.
  • the registration application device 540 in cooperation with the controller 510 , the memory 520 and the I/O controller 530 , then searches one or more of the application database 550 and the system database 560 to secure information about the particular software and/or hardware, including the provider name, a component identification, such as a serial number, version number, build number, and the like, the application itself, and the like.
  • the integrity certification and verification device 200 can request a particular application, such as a software program, and the like, directly from the content consumption system/application provider 500 . In this way, the integrity certification and verification device 200 need not employ authentication information, since the integrity certification and verification device 200 can secure the particular software application directly from the content consumption system/application provider 500 .
  • the component registration device 250 verifies the information of the component, and optionally computes, for example, a hash value that can be used, for example, as the authentic software and/or hardware identification.
  • the component registration device 250 then stores the component information and, for example, the hash value, in the component database 260 .
  • the component registration device 250 In the case where a system/application provider registers the application/system for BIP certification, the component registration device 250 also performs functional and system verifications to determine the compliance status of the application/system in association with the BIP. The component registration device 250 then records the compliance status along with detailed identification information about the application/system in the component database 260 .
  • the content consumption system/application provider 500 can also connect to the component registration device 250 to download a small software application, such as a registration application, plug-in, applet, and the like, and have it execute locally.
  • This registration application can examine the target software/hardware component and send information pertaining to this software/hardware component, possibly along with an integrity value, such as a hash value, and the like, back to the component registration device 250 , which then can store the authentication information about the component in the component database 260 .
  • the profile creation device 280 builds integrity profiles for software. For example, an integrity value, such as a hash value, and the like, of each software application can be retrieved from the component database and stored. An optional interaction relationship among the components also can be included in the profile. This relationship is used to identify the calling and returning sequence of the components in order to prevent unintended interaction with other components. The content of the integrity profile is then, for example, digitally signed and the resulting signature is appended to the integrity profile. Each integrity profile is associated with a unique identification.
  • an integrity value such as a hash value, and the like
  • the profile creation device 280 can also build BIPs for systems and applications that registered for and successfully passed the BIP certification.
  • the profile creation device 280 can retrieve the BIP compliance status of each application from the component database 260 and if the compliance status indicates successful compliance certification create a BIP for an application.
  • the profile creation device can optionally record the compliance status in the BIP.
  • Each BIP also can include a unique BIP identification associated with the BIP specification and the application/system identification information. The content of the integrity profile is then, for example, digitally signed and the resulting signature is appended to the BIP.
  • FIG. 3 illustrates an exemplary workflow of input, output and services and operations provided by the integrity certification and verification device 200 .
  • a component identification and optionally, meta information about the particular component, is forwarded to the component registration device 250 .
  • the component registration device 250 registers the component, for example, with intended characteristics, purposes, and behaviors in the component database. Then, the component registration device 250 returns the identification of the registered component to, for example, the content consumption system/application provider, and makes the identification available to, for example, the content provider 300 .
  • the profile creation device 280 receives the identifications of registered components.
  • the identifications of the registered components when combined with the information about the associated components, if any, are then digitally signed and stored in the profile database. An integrity profile identification then is returned to the requestor.
  • the profile creation device 280 can also create a separate BIP for each pair, including a BIP specification and system/application, which registered for and successfully passed the BIP certification.
  • the BIP can include the unique BIP identification associated with the BIP specification.
  • the identifications of the registered components, when combined with the information about the associated components, such as their compliance status with the BIP specification, are recorded in the BIP, digitally signed and stored in the profile database.
  • the unique BIP identification and the application/system identification information serve as the primary key to uniquely identify a particular BIP within the profile database.
  • the profile distribution device 290 receives an integrity profile identification.
  • the profile database 270 is then queried to determine if an integrity profile corresponding to the integrity profile identification is available. If the integrity profile is available, the integrity profile is returned to the requester. Otherwise, the integrity profile can be determined with the aid of the profile creation device 280 .
  • the profile verification device 295 receives information identifying one or more components and an integrity profile identification.
  • the profile verification device 295 compares the component identifications, integrity profile identification and corresponding integrity profile to determine verification data. If the profiles and components and identifications match, the integrity of the system is verified. Otherwise, it is determined that the system is not the one specified in the integrity profile or it has been altered in some way.
  • the profile verification device 295 receives information identifying one or more components and some unique BIP identification. Using such identifications, the profile verification device 295 retrieves the appropriate BIP from the profile database 270 . The verification device 295 then checks the compliance status of the component to determine proof of BIP compliance. The compliance status indicates whether or not the behaviors of the applications/systems are compliant with the specifications in the BIP.
  • FIG. 4A illustrates an exemplary integrity profile.
  • the exemplary integrity profile can be created by the profile creation device 280 .
  • a request for creating an integrity profile is initiated.
  • the provider can contact the integrity certification and verification device 200 and request the creation of an integrity profile.
  • the provider sends a list of names of software and/or hardware components to the integrity certification and verification device 200 .
  • the profile creation device 280 retrieves the identification, such as an integrity value, a hash value, and the like, of each of the components from the component database 260 .
  • the profile creation device 280 determines an integrity profile, which can include the authentication information, such as the integrity value, hash value, and the like, of each of the components, together with other information, such as the integrity profile identification, version number, creation date, build date, content provider name, and the like, and optionally, the interaction relationship between any of the software and/or hardware components.
  • authentication information such as the integrity value, hash value, and the like
  • other information such as the integrity profile identification, version number, creation date, build date, content provider name, and the like, and optionally, the interaction relationship between any of the software and/or hardware components.
  • the profile creation device 280 forwards the determined integrity profile to a digital signer 240 , which can then sign the content of the profile.
  • the profile creation device 280 then stores the signed profile in the profile database 270 and returns the profile identification to the content provider 300 .
  • FIG. 4B illustrates an exemplary BIP.
  • the profile creation device 280 creates a BIP when a system/application provider registers its system/application and passes the certification of compliance with a BIP specification.
  • the profile creation device builds the BIP by retrieving the compliance status and application identification information corresponding to a system/application from the component database 260 .
  • the exemplary BIP can include the BIP identification(s), the version number of BIP, the creation date of BIP, the name of the organization that created the BIP, the URL(s) of the specification associated with the BIP identification(s), the application identification information of the registered system/application, the digital signature of the BIP, and the like, and optionally the compliance status of the registered system, application, and the like.
  • the system/application must comply with all suitable BIP specifications associated with the specified BIP identifications.
  • the content provider 300 can optionally include the integrity profile identification in the usage license.
  • the integrity profile can be used to verify all of the suitable software/hardware components in an environment call stack. This assures that the sensitive information can only be consumed by authorized software/hardware components or any combination thereof.
  • the content provider 300 optionally can include an integrity profile identification that corresponds to a BIP specification. In this case, similar to the process described, the integrity profile associated with the specific application is used first in the user system 400 to verify all of the software/hardware components in an environment call stack. Once the integrity of the system/application is confirmed, the BIP is used to prove that the behaviors of the system/application are in compliance with the BIP specification identified by the BIP identification.
  • the profile distribution device 290 accepts requests for obtaining integrity profiles and retrieves them from the profile database 270 and returns the integrity profiles to the respective requestor.
  • the profile verification device 295 accepts requests for verifying user systems for one or more system environments.
  • the profile verification device 295 gathers the information about the software/hardware components according to integrity profiles, verifies the information against the profiles, and returns the verification results back to the requesters.
  • the profile verification device 295 also derives compliance status from a BIP in response to a BIP verification request.
  • the user system 400 can include an integrity authentication device 450 .
  • the integrity authentication device 450 for example, runs on top of any suitable content consumption application.
  • FIG. 5 illustrates an exemplary system environment stack on user device 400 for verifying system integrity.
  • the user system environment stack can include an integrity authenticator, one or more system components, and the like.
  • FIG. 6 illustrates an example of an environment stack, which includes an integrity authenticator, a plug-in, a rendering application, an operating system, an operating system (OS) boot strap, respective hardware, and the like.
  • the integrity authentication device 450 can include its own encryption/decryption key pair and a verification key of an identification certification and verification device. These keys can be hidden and/or embedded within the integrity authentication device 400 for providing tamper-resistance. For those applications that require the use of a user's private information or involve sensitive documents and data, the integrity authentication device 450 can use an associated integrity profile to verify the software/hardware components on the call stack in the user system environment.
  • the integrity authentication device 450 can verify the signature of the profile using the integrity certification and verification device verification key. As illustrated in FIGS. 7-9 , once the signature is verified, the integrity authentication device 450 examines the current call stack and starts to authenticate each software/hardware component on the call stack using the information provided in the integrity profile.
  • the call stack can be configured as a continuous block of memory, which can include memory images, the involved functions or procedures, and the like.
  • the stack can operate on a last-in-first-out basis and the stacks operations can include stack “push” and stack “pop.” Push can be used to store the images onto the stack and advance to the top of the stack to a position. Pop can be used to remove the data from the stack and restore the top of the stack to a previous position.
  • the image of the currently executed function is at the top of the stack.
  • the memory image of the next function is pushed on the top of the call stack and the top of the call stack points to the image of the next function.
  • Each portion of the stacked images can include the addresses or return instruction after the called function finishes its execution.
  • FIG. 10 illustrates how the execution environment is protected.
  • the execution of the IA is monitored by a trusted application, which is part of the IA.
  • the monitoring process such an application, and the like, can include a debugger, a special process, and the like, that can prevent the IA from being monitored by any other suitable process or application in the system.
  • the trusted monitoring program can be implemented as a debugger, and the like. Since the monitoring program is a trusted application, the monitoring program's integrity can be included in the current integrity profile. Accordingly, the IA will verify the integrity of the trusted application before loading and execution.
  • the function of the trusted monitoring application is to prevent the IA from being monitored and controlled and captured by other processes. Another function of the trusted monitoring application is to monitor the current environment and determine if the change in environment is valid. However, like the IA, the trusted monitoring application can also be protected, and the IA can act as the monitor to protect the trusted monitoring application from being monitored, captured and/or controlled by other applications. This dual protection mechanism creates a closed system that can prevent other applications from monitoring the execution of the integrity authenticator.
  • FIG. 11A illustrates an exemplary method of operation of the integrity certification and verification device.
  • control begins in step S 100 and continues to step S 110 .
  • step S 110 an integrity profile is determined.
  • step S 120 the integrity profile is certified.
  • step S 130 the integrity profile is forwarded to the user. Control then continues to step S 140 .
  • step S 140 the integrity of the user system is verified.
  • step S 150 a determination is made whether or not the user system is authentic. If the user system is authentic, control continues to step S 160 , where the user is allowed access to the selected content. Otherwise, control jumps to step S 170 , where the content access is denied or disabled. Control then continues to step S 180 , where the control sequence ends.
  • FIG. 11B illustrates an exemplary method of operation of the integrity certification and verification device using BIP(s) in conjunction with an AIP.
  • control begins in step S 800 and continues to step S 810 .
  • step S 810 an AIP is determined.
  • step S 820 the AIP is certified.
  • step S 830 the AIP is forwarded to the user. Control then continues to step S 840 .
  • step S 840 the integrity of the user system is verified.
  • step S 850 a determination is made whether or not the user system is authentic. If the user system is not authentic, control jumps to step S 930 , where the content access is denied or disabled. Control then continues to step S 940 , where the control sequence ends. However, if in step S 850 the user system is authentic, control continues to step S 860 to determine if the BIP conjunctive verification flag is explicitly specified.
  • control goes to S 870 , where the user system is verified for compliance with the specified BIP specification(s).
  • step S 880 a determination is made whether or not the user system has proof(s) that it complies with the BIP(s). If the user system has proof(s) of compliance, control continues to step S 890 , where the user is allowed access to the selected content. Otherwise, control jumps to step S 930 , where the content access is denied or disabled. Control then continues to step S 940 , where the control sequence ends.
  • step S 860 if in step S 860 the BIP conjunctive verification flag is not specified, control goes to S 910 , where the user system is verified for compliance with any one of the specified BIP specification(s).
  • step S 920 a determination is made whether or not the user system has proof that it complies with the one of the BIP(s). If the user system has proof of compliance, control continues to step S 890 , where the user is allowed access to the selected content. Otherwise, control jumps to step S 930 , where the content access is denied or disabled. Control then continues to step S 940 , where the control sequence ends.
  • FIG. 11C illustrates an exemplary method of operation of the integrity certification and verification device using BIP(s).
  • control begins in step S 1000 and continues to step S 1010 .
  • step S 1010 the BIP conjunctive verification flag is checked to determine if it is explicitly specified. If the BIP conjunctive verification flag is specified, then control goes to S 1020 , where the user system is verified for compliance with the specified BIP specification(s).
  • step S 1030 a determination is made whether or not the user system has proof(s) that it complies with the BIP(s). If the user system has proof(s) of compliance, control continues to step S 1080 , where the user is allowed access to the selected content. Otherwise, control jumps to step S 1040 , where the content access is denied or disabled. Control then continues to step S 1050 , where the control sequence ends.
  • step S 1010 determines whether or not the user system has proof that it complies with one of the BIP(s). If the user system has proof of compliance, control continues to step S 1080 , where the user is allowed access to the selected content. Otherwise, control jumps to step S 1090 , where the content access is denied or disabled. Control then continues to step S 1050 , where the control sequence ends.
  • FIG. 12 illustrates an exemplary method of registering components/hardware and/or software.
  • control begins in step S 200 and continues to step S 210 .
  • step S 210 the registration service is initiated.
  • step S 220 the component supplier provides authentication information about particular components/hardware and/or software.
  • step S 230 information about the particular components/hardware and/or software is verified. Control then continues to step S 240 .
  • step S 240 a determination whether or not an integrity value should be determined. If an integrity value is to be determined, control continues to step S 250 , where an integrity value is determined. Otherwise, control jumps to step S 260 , where authentication information about the component/hardware and/or software is stored.
  • step S 270 a determination is made whether or not to store an integrity value. If an integrity value is to be stored, control continues to step S 280 , where the integrity value is stored. Otherwise, if an integrity value is not to be stored, control jumps to step S 290 , where the control sequence ends.
  • FIG. 13 illustrates an exemplary method of determining a profile.
  • control begins in step S 300 and continues to step S 310 .
  • step S 310 the integrity profile determination is initiated.
  • step S 320 the name, such as an identification, and the like, of the component and/or hardware or software is obtained.
  • step S 330 the identification for the component/hardware or software is retrieved. Control then continues to step S 340 .
  • step S 340 the integrity profile is determined.
  • step S 350 the integrity profile is digitally signed.
  • step S 360 the digitally signed integrity profile is stored. Control then continues to step S 370 .
  • step S 370 the signed integrity profile is then forwarded to the requestor, such as the content consumption system/application provider, and the like. Control then continues to step S 380 , where the control sequence ends.
  • FIG. 14 illustrates an exemplary method of verifying the integrity of the integrity authenticator.
  • control begins in step S 400 and continues to step S 410 .
  • step S 410 the integrity of the integrity authenticator is verified.
  • step S 420 a determination is made whether or not the integrity authenticator is valid. If the integrity authenticator is valid, control continues to step S 430 . Otherwise control jumps to step S 540 .
  • step S 430 a tamper-resistant environment is established.
  • step S 440 the integrity profile is verified.
  • step S 450 a determination is made whether or not the integrity profile is valid. If the integrity profile is valid, control continues to step S 460 . Otherwise, control jumps to step S 540 .
  • step S 460 the integrity profile is loaded.
  • step S 470 the call stack of the current execution environment, as illustrated in relation to FIG. 6 , is constructed. At the bottom of the call stack is a set of hardware and/or devices, with the software components towards the top of the stack. The relationship of the components in the stack is that the lower component calls the component just above it. Once the call stack is constructed, the top of the call stack, which includes the execution image of the last executed component, is located. Thus, the execution image of each component on the stack helps identify the calling component. Then, in step S 480 , the identification calling component is retrieved. Control then continues to step S 490 .
  • step S 490 the integrity of the component is verified against the integrity profile.
  • step S 500 a determination is made whether or not the component is valid. If the component is valid, control continues to step S 510 . Otherwise, control jumps to step S 540 .
  • step S 510 a determination is made whether or not the stack is empty. If the stack is empty, control jumps to step S 520 . Otherwise, control jumps to step S 530 . In step S 520 , the next component in the stack is located and this next component is set as the current stack frame. Control then returns to step S 480 for verification.
  • step S 530 the integrity is verified and control continues to step S 550 , where the control sequence ends.
  • step S 540 the integrity check fails and control continues to step S 550 , where the control sequence ends.
  • a content provider such as a document publisher or distributor, provides, for example, protected content to a user, for consumption within a trusted user environment.
  • the content provider forwards to the user a protected version of the digital content which includes, for example, a license agreement and an integrity profile identification.
  • the profile includes, for example, the applications and system components that are allowed to be used in conjunction with the protected content.
  • the content provider initiates a request for an integrity profile. This request for the integrity profile is forwarded to an integrity certification and verification device.
  • the integrity certification and verification device can, for example, if an integrity profile does not already exist for the requested applications and/or systems components, query a content consumption system/application provider, who, for example, has supplied the system components to the user.
  • the content consumption system/application provider returns to the integrity certification and verification device authentication information about the particular applications or system components.
  • the authentication information allows a comparison or integrity verification, to be made between an application and/or system component on a user's system, and the original application or system component as distributed by the content consumption system/application provider.
  • the content provider forwards to the user a protected version of the digital content, which includes, for example, a license agreement and a BIP identification.
  • An application integrity profile identification is not associated with the protected content, but is embedded into the applications and system components by the content consumption system/application provider.
  • a BIP is tied to a standard specification that specifies a set of behaviors and/or consumption terms and conditions by which all compliant applications abide.
  • the integrity certification and verification services first verify the authenticity of the content consumption system, application, and the like.
  • the integrity certification and verification device ensures that the content consumption system/application is compliant with the BIP by verifying that proof exists that the applications are indeed compliant with the BIP specification. Then, the integrity certification and verification device enables the content consumption system/application to consume the protected content.
  • the consumer can use any suitable content consumption system or application that complies with some BIP specification mandated by the content provider to consume the protected content. In this manner, use of the content can be controlled without limiting consumption to a particular application or system.
  • the integrity certification and verification method and system of the exemplary embodiments of FIGS. 1-14 can be implemented on a single programmed general purpose computer or separate programmed general purpose computers.
  • the exemplary embodiments of FIGS. 1-14 can also be implemented on a special purpose computer, a programmed microprocessor or microcontroller and peripheral integrated circuit element, an ASIC or other integrated circuit, a digital signal processor, a hard-wired electronic or logic circuit, such as a discrete element circuit, a programmable logic device, such as a PLA, PLD, FPGA, PAL, and the like.
  • any suitable system, device, software, combination thereof, and the like, capable of implementing the processes of the exemplary embodiments of FIGS. 1-14 can be employed.
  • FIGS. 1-14 can be readily implemented with software using object or object-oriented software development techniques in environments that provide portable source code that can be used in a variety of computer or workstation hardware platforms.
  • the exemplary embodiments of FIGS. 1-14 also can be implemented partially or fully in hardware using standard logic circuits or a VLSI design. Whether or not software and/or hardware is used to implement the exemplary systems and methods is dependent on the speed and/or efficiency requirements of the system, the particular function, and particular hardware or software systems or microprocessor or microcomputer system being utilized.
  • the methods and systems of the exemplary embodiments can be implemented as a routine embedded on a personal computer or server, such as a JAVA or CGI script, as a resource residing on a server or graphics work station, as a routine embedded in a dedicated integrity certification and verification device, a web browser, a web TV interface, a PDA interface, a multimedia presentation device, and the like.
  • the integrity certification and verification device can also be implemented by physically incorporating the systems and methods into a software and/or hardware system, such as the hardware and software systems of a graphics workstation or dedicated integrity certification and verification device.
  • the above-described devices and subsystems of the exemplary embodiments of FIGS. 1-14 can include, for example, any suitable servers, workstations, PCs, laptop computers, PDAs, Internet appliances, handheld devices, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments of FIGS. 1-14 .
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can communicate with each other using any suitable protocol and can be implemented using one or more programmed computer systems or devices.
  • One or more interface mechanisms can be used with the exemplary embodiments of FIGS. 1-14 , including, for example, Internet access, telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, and the like.
  • employed communications networks or links can include one or more wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like.
  • PSTNs Public Switched Telephone Network
  • PDNs Packet Data Networks
  • the Internet intranets, a combination thereof, and the like.
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-14 are for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s).
  • the functionality of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be implemented via one or more programmed computer systems or devices.
  • a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 .
  • two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 .
  • principles and advantages of distributed processing such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 .
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 .
  • One or more databases of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can store the information used to implement the exemplary embodiments of the present invention.
  • the databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage devices listed herein.
  • the processes described with respect to the exemplary embodiments of FIGS. 1-14 can include appropriate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 in one or more databases thereof.
  • All or a portion of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments of the present invention, as will be appreciated by those skilled in the computer and software arts. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be appreciated by those skilled in the software art. Further, the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be implemented on the World Wide Web. In addition, the devices and subsystems of the exemplary embodiments of FIGS.
  • the exemplary embodiments of the present invention can include software for controlling the devices and subsystems of the exemplary embodiments of FIGS. 1-14 , for driving the devices and subsystems of the exemplary embodiments of FIGS. 1-14 , for enabling the devices and subsystems of the exemplary embodiments of FIGS. 1-14 to interact with a human user, and the like.
  • Such software can include, but is not limited to, device drivers, firmware, operating systems, development tools, applications software, and the like.
  • Such computer readable media further can include the computer program product of an embodiment of the present invention for performing all or a portion (if processing is distributed) of the processing performed in implementing the invention.
  • Computer code devices of the exemplary embodiments of the present invention can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present invention can be distributed for better performance, reliability, cost, and the like.
  • interpretable programs including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like.
  • CORBA Common Object Request Broker Architecture
  • the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can include computer readable medium or memories for holding instructions programmed according to the teachings of the present invention and for holding data structures, tables, records, and/or other data described herein.
  • Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, transmission media, and the like.
  • Non-volatile media can include, for example, optical or magnetic disks, magneto-optical disks, and the like.
  • Volatile media can include dynamic memories, and the like.
  • Transmission media can include coaxial cables, copper wire, fiber optics, and the like.
  • Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data communications, and the like.
  • RF radio frequency
  • IR infrared
  • Common forms of computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with patterns of holes or other optically recognizable indicia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave or any other suitable medium from which a computer can read.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Supply And Distribution Of Alternating Current (AREA)

Abstract

A method and system for integrity certification and verification in a computer environment based on characteristics and behaviors of one or more applications, systems or system components as compared with a profile of characteristics and behaviors, including determining a behavior integrity profile (BIP) specifying characteristics and behaviors of one or more applications, systems or system components; determining based on the BIP whether or not characteristics and behaviors of one or more applications, systems or system components are compliant with characteristics and behaviors defined in a behavior integrity profile specification; and determining access rights to the one or more applications, systems or system components based on the step of determining the compliance.

Description

    RELATED DOCUMENT INFORMATION
  • This application is a continuation-in-part application of co-pending U.S. patent application Ser. No. 09/649,838 of TA et al., entitled “Systems and Methods for Integrity Certification and Verification of Content Consumption Environments” filed on Aug. 28, 2000, now allowed, the entire disclosure of which is hereby incorporated by reference herein.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • This invention relates to integrity certification and verification. In particular, this invention relates to use of profiles including application integrity profiles (AIP) and behavior integrity profiles (BIP).
  • 2. Discussion of the Background
  • One of the most important issues to enable the widespread distribution and other use of digital documents and electronic services via electronic commerce is the need for protection of the intellectual property rights of content owners and providers. Efforts to address this issue have been termed Intellectual Property Rights Management (IPRM), Digital Property Rights Management (DPRM), Intellectual Property Management (IPM), Digital Rights Management (DRM), Rights Management (RM) and Electronic Copyright Management (ECM).
  • However, there is a need by content providers to have their content be consumed by certified applications and systems that have a desired characteristic and/or behavior. There also is a need by providers of applications, services and computing systems to have their applications, services and systems be accessed or used only by applications and systems that have a desired characteristic and/or behavior.
  • The direct use of a public key infrastructure (PKI) makes it possible for application and system providers to certify their own products and makes it possible for providers of content and services to verify the integrity of the applications and systems that are used to consume their content and services. However, the direct use of PKI creates a many-to-many relationship between the vendors and the providers, which among other problems does not scale well. Accordingly, there is a need for a method and system for managing such relationships and for conducting efficient and real-time or near real-time integrity verification.
    • SUMMARY OF THE INVENTION
  • Therefore, there is a need for a method and system that addresses the above and other needs and problems. The above and other needs and problems are addressed by the exemplary embodiments of the present invention, which provide a method and system for integrity certification and verification.
  • Accordingly, in exemplary aspects of the present invention, a method and system for integrity certification and verification in a computer environment based on characteristics and behaviors of one or more applications, systems or system components as compared with a profile of characteristics and behaviors are provided. The exemplary method and system can include determining a behavior integrity profile (BIP) specifying characteristics and behaviors of one or more applications, systems or system components; determining based on the BIP whether or not characteristics and behaviors of one or more applications, systems or system components are compliant with characteristics and behaviors defined in a behavior integrity profile specification; and determining access rights to the one or more applications, systems or system components based on the step of determining the compliance.
  • Still other aspects, features, and advantages of the present invention are readily apparent from the following detailed description, simply by illustrating a number of exemplary embodiments and implementations, including the best mode contemplated for carrying out the present invention. The present invention also is capable of other and different embodiments, and its several details can be modified in various respects, all without departing from the spirit and scope of the present invention. Accordingly, the drawings and descriptions are to be regarded as illustrative in nature, and not as restrictive.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
  • FIG. 1A is a functional overview illustrating an exemplary embodiment of the integrity certification and verification system according to this invention;
  • FIG. 1B is a functional overview illustrating an exemplary embodiment of an integrity certification and verification system that uses BIP(s) in conjunction with an AIP according to this invention;
  • FIG. 1C is a functional overview illustrating an exemplary embodiment of an integrity certification and verification system that uses BIP(s) according to this invention;
  • FIG. 2 is a functional block diagram illustrating an exemplary embodiment of the integrity certification and verification system according to this invention;
  • FIG. 3 is a workflow diagram of an exemplary integrity certification and verification device according to this invention;
  • FIG. 4A illustrates an exemplary structure of an integrity profile according to this invention;
  • FIG. 4B illustrates an exemplary structure of a BIP according to this invention;
  • FIG. 5 illustrates an exemplary environment stack according to this invention;
  • FIG. 6 illustrates another exemplary environment stack according to this invention;
  • FIG. 7 illustrates an exemplary workflow of the exemplary environment stack according to this invention;
  • FIG. 8 another exemplary workflow of the exemplary environment stack according to this invention;
  • FIG. 9 illustrates an exemplary method of manipulating the environment stack according to this invention;
  • FIG. 10 illustrates an exemplary method of preventing dynamic tampering through the use of debugging according to this invention;
  • FIG. 11A is a flowchart outlining an exemplary embodiment of a method for integrity certification and verification according to this invention;
  • FIG. 11B is a flowchart outlining an exemplary embodiment of a method for integrity certification and verification that uses BIP(s) in conjunction with an AIP according to this invention;
  • FIG. 11C is a flowchart outlining an exemplary embodiment of a method for integrity certification and verification that uses BIP(s) according to this invention;
  • FIG. 12 is a flowchart outlining an exemplary embodiment of a method for registering applications and/or systems according to this invention;
  • FIG. 13 is a flowchart outlining an exemplary embodiment of a method for determining an integrity profile according to this invention; and
  • FIG. 14 is a flowchart outlining an exemplary embodiment of a method for verifying the integrity of an integrity authenticator according to this invention.
    • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The present invention includes recognition that providers often want to have their content and services consumed by certified applications and systems that have desired characteristics and behaviors. By controlling these aspects of the consumption environment, the content provider, for example, can restrict usage, such as copying, printing, embedding, distribution, and the like.
  • For example, a content or service provider may want to protect content against misuse by demanding that the system that consumes it be of a certain level of security and rights management capability. The content provider may also want to assure that no “alien” application, e.g., a debugger, virus, interception routine, and the like, interacts with the content consumption application on the user system and which may confiscate or otherwise “steal” content or other sensitive information. For example, U.S. patent application Ser. No. 09/649,841 of Raley, entitled “Document Distribution Management Method and Apparatus Using a Standard Rendering Engine and a Method and Apparatus for Controlling a Standard Rendering Engine” filed on Aug. 28, 2000, incorporated herein by reference in its entirety, allows the management of the functionality of a user system to restrict a user's access to and over a document. These considerations similarly apply for providers of applications, services and computing systems and for whom the content being consumed is their service, application or system.
  • In order to certify that given applications and systems have desired characteristics and behaviors, a verification of all suitable applications and system components needed to consume content, access a service or in any other suitable way interact with other systems, applications and components need be confirmed by a verification application. The verification application verifies the application and system components using one or more integrity profiles that can be of the same or different types. Furthermore, two or more integrity profiles of the same or of different types can be used conjunctively or disjunctively.
  • An integrity profile can be of various types. In an exemplary embodiment, integrity profiles can include an application integrity profile (AIP), a behavior integrity profile (BIP), and the like. An application integrity profile can include verifiable information and characteristics specific to an application. Thus, an AIP can be tied to a specific application. A behavior integrity profile can include information indicating whether or not an application's behaviors are compliant with those specified in a BIP specification. Advantageously, a BIP can include a BIP identification that designates a BIP specification that specifies a set of behaviors and/or consumption terms and conditions by which all suitable compliant applications abide. For example, a BIP specification can specify that all suitable applications compliant with the BIP are play-only applications that are permitted to play, but not to perform other actions. In addition to a function or action, further exemplary embodiments provide other types of BIPs, for example, based on geography, locale, time, performance, service level, other suitable criteria, and the like, to verify applications, systems, devices, components, and the like.
  • The exemplary embodiments include systems and methods that provide certification and verification services for computer environments. Within such an exemplary system, an integrity certification and verification device that provides these services can be introduced between a content or service provider and a system, application, and the like, provider. This certification device can register individual applications and/or systems from their respective providers, and can certify the integrity of these applications and/or systems according to a predetermined selection. Through the use of this service, a user can “trust” an integrity certification and verification device. With this trust, the provider establishes a profile of a set of applications and systems that are allowed to consume its content and services, and verifies on the user system(s), according to the profile, that the user's set of applications and systems are authentic.
  • Advantageously, the exemplary embodiments include provisioning of certification and verification services for the integrity of content, such as documents, other content, and the like, consumption environments. Within such an exemplary system, an integrity certification and verification device that provides these services is introduced between content providers and content consumption system and application providers who may distribute, for example, personal computers, handheld computers, PDAs, multimedia display devices, DVD players, distributed network enabled phones, and applications, such as word processors, content viewers, multimedia players, and the like. The integrity certification and verification device registers individual applications and/or systems from the content consumption system/application providers, and certifies sets of these applications and systems to content providers. By using this service, a content provider can select or trust, the integrity certification and verification device, establish a profile of a set of applications and systems that are allowed to consume its content, and verify on a user system, according to the profile, that the set of applications and systems on the user system are authentic. In this manner, the extent of access to or control over, the content requested or submitted, by the user can be controlled and determined.
  • The exemplary embodiments include certification and verification services using BIP(s). In one exemplary embodiment, the integrity certification and verification device registers and certifies individual applications and/or systems from the content and services consumption system/application providers, verifies that the applications' behaviors comply with a BIP specification, and provides proof of compliance status. The consumer can use any suitable content or service consumption system or application to consume the content or service that complies with some BIP mandated by the provider. In this manner, use of the content or service can be controlled without limiting consumption to a particular application or system. Similarly, the consumer can use any suitable computing system or application to interact with another system or application that complies with some BIP.
  • For added security, the verification of the application, system, and the like, can be performed using a BIP in conjunction with an AIP. In an exemplary embodiment, an integrity certification and verification device registers and certifies individual applications and/or systems from the content and service consumption system/application providers, verifies that the applications are authentic according to the integrity profile associated with the applications and system components, verifies that the applications' behaviors comply with a BIP specification, and provides proof of such compliance.
  • A document, as the term is used herein, can include any suitable unit of information subject to distribution or transfer, including, correspondence, books, magazines, journals, newspapers, other papers, software, plug-ins, photographs and other images, audio and video clips, multimedia presentations, and the like. A document can be embodied in printed form on paper, as digital data on a storage medium or in any suitable other known or later developed variety of media or software, including compact discs (CDs), digital video discs (DVD), laser discs, magneto and magneto-optic media, and the like. Consumption and consume, as the terms are used herein, can encompass any suitable form of action, including usage of content and services or accessing or otherwise interacting with computer systems, including accessing, rendering, editing, manipulating, executing, copying, storing, transferring, issuing, obtaining, distributing, and the like. Content, as the term is used herein, can encompass any suitable thing that can be referred to by a noun, such as an entity, a resource, a quality, an event, a state, a concept, a substance, and the like. Exemplary resources can include documents, multimedia files, web or other services, names, email addresses, and the like.
  • The systems and methods of the exemplary embodiments provide for integrity certification and verification services. The exemplary embodiments can separately provide systems and methods for integrity certification and verification services for content consumption system environments. The exemplary embodiments also can provide systems and methods for certification and verification of standardized behaviors of systems and applications. The exemplary embodiments also separately can provide a system and method for determining an integrity profile. The exemplary embodiments additionally can provide a system and method for verifying the integrity of one or more system environments. The exemplary embodiments also can provide a system and method for managing integrity profiles, system and system component information. The exemplary embodiments additionally can provide a system and method that performs an integrity check on a user system through the use of an integrity profile. The exemplary embodiments additionally can provide a system and method that performs a compliance check on a user system through the use of a BIP.
  • In an exemplary embodiment, a content provider, such as a content publisher or distributor, and the like, for providing content, such as for consumption by a user, system, device, and the like, can initiate a request for an integrity profile. This request for the integrity profile is forwarded to an integrity certification and verification device. The integrity certification and verification device can, if an integrity profile does not already exist for the requested applications and systems components, query a content consumption system/application provider that has supplied various system components and/or applications to users. The content consumption system/application provider returns to the integrity certification and verification device authentication information about the particular applications or system components. The integrity certification and verification device having access to authentication information can make a comparison or integrity verification between an application or system component on a user's system, and the original application or system component as distributed by the content consumption system/application provider.
  • The authentication information for system applications and components can be stored in a component database. The profiles for content providers can be stored in a profile database. Alternatively, the content consumption system/application provider can maintain a database of authentication information that can be forwarded directly to the respective database of the integrity certification and verification device, without the need for the integrity verification and certification device to determine the integrity profile. An integrity profile identification, corresponding to the determined integrity profile, is then returned to the content provider.
  • A content provider, such as a content distributor, and the like, provides, for example, protected content to a user. The content provider forwards to the user a protected version of the digital content that includes, for example, a license agreement and an integrity profile identification. The integrity profile identification includes, for example, the applications and system components that are allowed to be used in conjunction with the protected content, and the identification of the integrity profile for those systems, applications, and the like.
  • Having the authentication information from the content consumption system/application provider, the integrity certification and verification device forwards, for example, at the request of the user system, an integrity profile to the user system. With this integrity profile, an integrity verification of the user's system can be performed. If it is determined that the components/applications of the user's system are authentic, the digital content provided by the content provider can then be accessed by the user's applications and systems in accordance with, for example, the additional profile information.
  • Advantageously, the content provider can associate one or more BIP identifications with the digital content. For example, a music content provider who wants its music content consumed by play-only and copy-once-only devices can associate both play-only and copy-once-only BIP identifications with the content. An AIP identification is not associated with the protected content, but can be embedded into or associated with the applications and system components by the system/application provider. For example, where the content provider is providing a service, it may want a customer to be able to consume the service only if a secure browser is being used.
  • Using the BIP identification, the integrity certification and verification device retrieves proof of BIP compliance from its profile verification device. Using the AIP identification, the integrity certification and verification device retrieves the integrity profile and forwards it to the user system. With this integrity profile, an integrity verification of the user's system can be performed to ensure that the components/applications of the user's system have not been tampered with. If it is determined that the components/applications of the user's system are authentic and proof of BIP compliance exists, the digital content provided by the content provider can be consumed by the user's applications and systems. Similarly, a service can be consumed or an application or computing resource accessed, if it is determined that components/applications are authentic and proof of BIP compliance exists.
  • However, it is to be appreciated that the request for an integrity certification need not originate with the content provider. For example, the certification request can be initiated by a software application embedded in the profile identification information that is forwarded with the protected content from the content provider to the user's system.
  • In further exemplary embodiments, the content provider can also serve as the integrity verification and certification system. For example, the content provider can conduct the integrity certification and verification service itself by gathering the appropriate authentication information and determining an integrity profile for the content provider's own use.
  • In further exemplary embodiments, the content or service consumption application/system provider can also act as the integrity certification and verification device. For example, the content or service consumption application/system provider can also supply an integrity profile together with the associated application and/or system component.
  • The systems and methods of the exemplary embodiments provide certification and verification services to determine the integrity of an environment for the consumption of digital content and services and use or other interaction with computing systems. For example, an exemplary system is provided for consumption of content and services, including consumer media, such as audio, video, on-line services, and the like. The exemplary system for consumption of content can include an integrity certification and verification device introduced between one or more content providers, and one or more content consumption systems and application providers. The integrity certification and verification device obtains authentication information from the content consumption application and/or system providers. This authentication information allows a content provider to trust the environment to which content will be provided. Thus, based on the authentication information received from the content consumption application and system provider, an integrity profile is established. This profile is then forwarded to the user system to confirm that the user has not altered, modified or does not potentially interfere in an unauthorized manner with the digital content provided by the content provider.
  • Referring now to the drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views and more particularly to FIG. 1A thereof, there is illustrated an exemplary system 100 for performing integrity certification and verification. In an exemplary embodiment, the integrity certification and verification system 100 can include an integrity certification and verification device 200, a content provider and/or distributor 300, a user system 400, a content consumption system/application provider 500, a component database 260, a profile database 270, and the like.
  • In an exemplary operating environment, the content consumption system/application provider 500 provides applications, systems and/or software/hardware components to a user. The user system 400 allows consumption of digital content, such as documents, that are supplied by the content provider and distributor 300. In order to verify the integrity of the user system 400, the integrity certification and verification device 200 collects and registers authentication information about the individual applications, systems and/or software/hardware components from the content consumption system/application provider 500. With this authentication information, the integrity certification and verification device 200 determines and certifies an integrity profile of one or more applications, systems and/or system components based on a service request 20 from the content provider 300. This determined integrity profile 50 is then forwarded to the user system 400 so that the integrity of the user system 400 can be determined.
  • In operation, a content provider and distributor 300 provides digital content, such as a document, and the like, to a user system 400. The user system 400 can include one or more system components, such as hardware components and/or various software applications, and the like. These applications and hardware/software components are usually obtained by the user from one or more content consumption system/application providers, such as a computer supplier, a software warehouse, an application provider, and the like. These applications and hardware and software components are then assembled, if not already done so or installed, as appropriate, by the user in order to allow the user to consume content, such as documents, and the like.
  • Accordingly, during the course of use of the applications and hardware/software of the user environment, the user may want to view protected content, such as a document. Thus, the user 400 can request from the content provider 300 one or more pieces of content, such as an electronic book, a multimedia file, a presentation, a form template, and the like. Upon receiving this request, the content provider and distributor 300 can provide the requested content in protected form with a profile identification 10 to the end user 400. This profile identification 10 includes, for example, specifics as to in which applications the protected content can be viewed, and for example, the extent to which the provided content can be manipulated within the particular software/hardware environment.
  • Additionally, the content provider 300 can forward a service request 20 to an integrity certification and verification device 200. The service request 20 includes, for example, a list of components and/or software applications on which the content provider 300 wishes to allow the user system 400 to consume the distributed protected content. The integrity certification and verification device 200 determines if the components and applications/software identified in the service request have corresponding authentication information stored in the component database 260 and/or the profile database 270. If the integrity certification and verification device does not have access to the authentication information specified in the service request 20, the integrity certification and verification device 200 can request from one or more content consumption system/application providers 500, authentication information about a particular application, system, hardware/software component, and the like. Having access to this authentication information, the integrity certification and verification device 200 stores information pertaining to the application and system components in the component database 260. In a further exemplary embodiment, the integrity certification and verification device 200 can develop an integrity profile for one or more applications. With this information, which confirms the authenticity of applications, systems and system components, the integrity certification and verification device 200 forwards an integrity profile 50 to the user system 400. This integrity profile 50 is used to confirm the authenticity of systems, system components and/or applications of the user system 400. If it is determined if the user's system components and/or applications are authentic, the protected content 10 is made to be unprotected so that the user system 400 can view or otherwise manipulate, and the like, the protected content in accordance with the integrity profile.
  • FIG. 1B illustrates another exemplary system for performing integrity certification and verification that employs BIP verification in conjunction with AIP verification. Similar to the exemplary system depicted by FIG. 1A, the user system 400 receives from the content provider 300 one or more pieces of content, such as an electronic book, a multimedia file, a presentation, a form template, and the like. The content provider and distributor 300 can provide the content in protected form with one or more BIP identifications, an optional BIP conjunctive verification flag, and optionally a usage license to the end user system 400. The BIP identification designates a specific BIP specification that specifies a well known set of behaviors or terms and conditions to which the user system 400 complies with in order to consume the protected content. The BIP conjunctive verification flag indicates whether or not to verify BIP compliance conjunctively when multiple BIP identifications are specified. If a BIP conjunctive verification flag is not explicitly specified, the integrity certification and verification device can default its verification to verify non-conjunctively. For example, if the content provider and distributor 300 specified both a play-only BIP identification and a transfer-once-only BIP identification with the protected content and the BIP conjunctive verification flag is specified, then only systems, applications, and the like, that are compliant with both play-only BIP and transfer-once-only BIP can consume the protected content. On the other hand, if the BIP conjunctive verification flag is not specified, then systems, applications, and the like, that are compliant with either play-only BIP or transfer-once-only BIP or with both BIPs can consume the protected content. In another exemplary system, the user system 400 receives from the content provider 300 one or more BIP identifications, an optional BIP conjunctive verification flag, and an optional usage license, without receiving content directly from the content provider 300. Under this scenario, the content may exist in the user system 400, referenced by the optional usage licenses or implied or referenced by other means. In yet another example, “content” can include any suitable content, service, computing environment, and the like, accessible by the user system 300.
  • Before the user system 400 can consume the protected content, the integrity certification and verification device 200 verifies the integrity of the applications/systems to make sure that they are authentic and their behaviors comply with the BIP specification(s). If it is determined that the user's system components and/or applications satisfy both criteria, the protected content 10 is made to be unprotected so that the user system 400 can consume the protected content in accordance with the BIP specification(s). Advantageously, by certifying applications and systems based on their desired characteristics and behaviors, the same protected content can be consumed by existing certified applications and systems, as well as by applications and systems that have yet to be developed and certified or by existing applications and systems when they are certified in the future.
  • In order to verify the integrity of the user system 400, the integrity certification and verification device 200 collects and registers authentication information about the individual applications, systems, and/or software/hardware components from the content consumption system/application provider 500. With this authentication information, the integrity certification and verification device 200 determines and certifies an integrity profile of one or more applications, systems, and/or system components. Then, the AIP 50 is forwarded to the user system 400 so that the integrity of the user system 400 can be determined. Once the integrity of the system has been confirmed and it has been determined that the system hasn't been tampered with, the integrity certification and verification device 200 ensures that the applications are compliant with the BIP specification(s) by verifying that proof exists that the applications are indeed compliant with the BIP specification(s) identified by the BIP identifier(s). The integrity certification and verification device 200 obtains the BIP identifier(s) specified in the protected content 10, constructs the application identification information based on information from the AIP, and uses this information to obtain proof of BIP compliance. The integrity certification and verification device 200 can dynamically obtain proof of BIP compliance by invoking its profile verification device to retrieve the compliance status associated with the BIP identifier and application identification information. When both the integrity of the system and the behaviors of the system have been verified successfully using the corresponding AIP and BIP(s), the user system 400 is allowed to consume the protected content.
  • FIG. 1C illustrates yet another exemplary system for performing integrity certification and verification that need only employ BIP verification. In this embodiment, before the user system 400 can consume the protected content, the integrity certification and verification device 200 verifies the integrity of the applications/systems to make sure that their behaviors comply with the BIP specification(s). If it is determined that the user's system components and/or applications comply with the BIP specification(s), the protected content 10 is made to be unprotected so that the user system 400 can consume the protected content in accordance with the BIP specification(s). The advantage of this approach is faster performance, because AIP verification steps need not be performed. However, even when proof(s) of BIP compliance exist for user system 400, there is no guarantee that user system 400 has been free from tampering. For certain applications, such as in a closed system, application integrity verification need not be employed.
  • According to FIG. 1C, the integrity certification and verification device 200 ensures that the applications are compliant with the BIP specification(s) by verifying that proof exists that the applications are indeed compliant with the BIP specification(s) identified by the BIP identifier(s). The integrity certification and verification device 200 obtains the BIP identifier(s) specified in the protected content 10, constructs the application identification information based on information from the user system 400, and uses this information to obtain proof of BIP compliance. The integrity certification and verification device 200 can dynamically obtain proof of BIP compliance by invoking its profile verification device to retrieve compliance status associating with the BIP identifier and application identification information. When the behaviors of the application have been verified successfully using the BIP(s), the user system 400 is allowed to access or otherwise consume the protected content.
  • To ensure that the applications, systems, and/or software/hardware components comply with the BIP, the integrity certification and verification device 200 can perform rigorous verification at the functional and/or system levels to verify that the behaviors of the applications/systems are compliant with the specification(s) in the BIP.
  • At the functional level, the verification process can ensure that all suitable functions provided by the applications/systems operate within the boundary defined by the BIP specification. The verification process at the functional level can utilize automated and/or manual tests aimed at exercising the features. For example, given a play-only BIP, the verification processes can make sure that the applications/systems provide play-only features, such as displaying content to the user, and the like. Accordingly, features provided by applications/systems that violate the play-only behavior, such as editing, copying, and the like, would result in the applications/systems being deemed non-compliant.
  • At the system level, the verification process can ensure that the applications/systems do not have intended or unintended effects that violate the BIP. For example, an application/system may have unintended effects by using temporary files to cache content in the clear, by writing large amounts of clear content to memory and then transferring it to a swap file, by writing clear content information to the registry or to an environment variable, and the like. Accordingly, verification processes at the system level can utilize low level monitoring software to detect file I/O, network I/O, memory tracking and other effects for determining BIP compliance.
  • Functional and system verifications can be performed when the system/application provider 500 registers its application/system for certification. Verifications can be, but need be, carried out by the component registration device sub-component of the integrity certification and verification device. Once the component registration device determines the compliance status of the applications/systems in association with the BIP, the component registration device records the status along with detailed identification information about the applications/systems to a component database. Examples of the type of identification information needed to accurately identify an application/system can include the application/system product name or unique identification number and/or the full version number, and the like. Using the identification information of the applications/systems and the BIP identification, the profile verification device can retrieve the compliance status in response to a verification request from the integrity certification and verification device. As will be appreciated, the above-described exemplary BIP certification model can be varied as needed. As will be further appreciated, the exemplary verification model can be varied as needed for other than a content consumption environment.
  • In general, a BIP specification can be created by organizations, such as standards bodies, trade groups, government bodies, and the like, and can be adopted by vendors in the industry, and the like. Each BIP specification describes a set of application behaviors or features, security requirements, and detailed information about what vendors can do to make their systems, applications, and the like, comply with the profile. Advantageously, each BIP specification can have a unique BIP identification associated with it.
  • FIG. 2 illustrates an exemplary overview of the components of an integrity certification and verification environment 100. In FIG. 2, the integrity certification and verification environment 100 can include one or more content providers 300, one or more user systems 400, one or more integrity certification and verification devices 200, one or more content consumption system/application providers 500, and the like.
  • The content provider 300 can include a controller 310, a memory 320, an I/O controller 330, a content database 340, and the like. In a further exemplary embodiment, the content provider 300 can also distribute content in a more traditional manner. For example, the content provider 300 can distribute a compact disk, and the like, including the content. The compact disk can be delivered, for example, through a postal service, and the like, to a user. In general, any suitable type of distribution and dissemination process can be employed equally well with the systems and methods of the exemplary embodiments.
  • The integrity certification and verification device 200 can include a controller 210, a memory 220, an I/O controller 230, a digital signature device 240, a component registration device 250, a component database 260, a profile database 270, a profile creation device 280, a profile distribution device 290, a profile verification device 295, and the like. The integrity certification and verification device 200 can provide a component registration service, a behavior integrity profile (BIP) certification service, an integrity profile service, and the like. The registration service allows registration of applications, systems, and/or software/hardware components from their respective providers as authentic ones, with intended characteristics, purposes and/or behaviors.
  • A BIP certification service is provided to certify that the systems, applications, and the like, are compliant with a BIP and to provide proof of BIP compliance status. During registration of the system/application, the integrity certification and verification device 200 uses the component registration device 250 to execute system monitoring processes and verification test cases stored in the profile database 270 to determine the BIP compliance status of the system/application registered in the component database 260. Upon successfully certifying the system/application, the BIP certification service creates, issues, and associates a BIP with the system/application being certified. The compliance status along with the applications/systems identification information are recorded and stored in the component database 260. As part of BIP certification service, the profile verification device 295 provides proof of compliance by retrieving compliance status associated with some applications/systems identification information.
  • In an exemplary embodiment, the BIP certification service can be implemented using components of the integrity certification and verification device 200. Alternatively, the BIP certification service can be implemented as a separate BIP certification service provider. In such a case, the content consumption system/application provider 500 can register its applications for BIP certification directly with the BIP certification service provider. Subsequently, during verification of the application, the integrity certification and verification device 200 can dynamically obtain proof of BIP compliance by sending the BIP identifier and application information to an online BIP certification service provider.
  • An integrity profile service can be provided to a user to build and retrieve integrity profiles. An integrity profile can be in the form of a document, and the like, which is optionally digitally signed, and that can include verifiable information and a set of registered system components that are to consume the contents of protected documents. Once the integrity profile is created, the integrity profile's identification is returned to the user. The content provider can include the integrity profile identification and advantageously can optionally provide a usage license with the protected documents. When the content of the protected document is consumed and there is a need to conduct a local integrity verification of the system and environment of the user, the integrity profile can be retrieved from the integrity certification and verification device 200 for the user system.
  • The user system 400 can include a controller 410, a memory 420, an I/O controller 430, a storage device 440, an integrity authentication device 450, a profile storage device 460, and the like. Accordingly, it is to be appreciated that such exemplary user system is based on a model of a computer. However, it is to be further appreciated that the components of the exemplary user system can be changed depending on, for example, the type of content or service being consumed, the type of computing environment being accessed, the type of activity being engaged in, and the like, according to further exemplary embodiments. In general, any suitable user system having one or more portions thereof whose integrity can be verified can be employed equally well with the systems and methods of the exemplary embodiments.
  • The system/application provider 500 can include a controller 510, a memory 520, an I/O controller 530, a registration application device 540, an application database 550, a system database 560, and the like. However, similar to the content provider 300, the system/application provider can have several different forms depending on the type of system and/or application the system/application provider supplies, according to further exemplary embodiments. For example, if the system/application provider 500 supplies a specific hardware component, the system/application provider 500 need not maintain application and system databases. In a further exemplary embodiment, the system/device component supplier can send, for example, on a disk, and the like, authentication information directly to the integrity certification and verification device 200.
  • In another exemplary embodiment, the system/application provider 500 can coordinate efforts with the content provider 300 to facilitate determination of an integrity profile. In general, the system/application provider can include any suitable entity that is capable of supplying hardware or software and authentication information about the same.
  • In the exemplary embodiments, the system/application provider 500 can include various system components. However, it is to be appreciated that the system/application provider 500 can include a computer distributor, a software developer, a software provider, a software distributor, and the like, according to further exemplary embodiments. Thus, the system/application provider 500 is capable of supplying devices and/or software that allows for the consumption of content that is provided by the content provider 300.
  • The various components of the integrity certification and verification environment 100 are capable of communication there between, via link 5, which can be a wired or wireless link or any other suitable known or later-developed element(s) that is capable of supplying electronic data to and from the connected elements. For example, the link 5 can include one or more distributed networks, which can in turn be connected to one or more additional integrity certification and verification environments 100 or alternatively to multiple instances of any one or more of the content providers 300, user systems 400, content consumption system/application providers 500, integrity certification and verification devices 200, and the like.
  • In an exemplary operating environment, the content consumption system/application provider 500 supplies applications, software and/or hardware to a user. These applications, software and/or hardware are used by a user to consume content, such as viewing documents, and the like.
  • The content provider 300, for example, at the request of a user located at the user system 400, distributes content, such as a document, and the like, to the user system 400. In an exemplary embodiment, a request can be received by the content provider 300 from the user system 400. This request, which can be received through the I/O controller 330, is processed by the controller 310 in cooperation with memory 320 to retrieve the requested content from the content database 340. In an exemplary embodiment, the content provider 300 can include an on-line content provider, a book store, a software provider, any other suitable content provider, and the like, that wishes to provide content, such as a document, and the like, to a user, and the like.
  • Upon receiving a content request from the user system 400, the content provider 300 returns to the user system the requested content, as well as additional information, such as a profile identification, and the like, associated with the protected content. In a further exemplary embodiment, the additional information can include information instructing the user system to request a profile, and hence an integrity certification, and the like, before enabling of the content. The additional information also can include information to identify which system components and/or hardware/software can be running and/or used on the user's machine when viewing or interacting with the requested content. Thus, one or more of the requested content, additional information, profile identification, and the like, are received by the user system 400, via the I/O controller 430, and at the direction of controller 410, stored in one or more of the memory 420 and the storage device 440.
  • In an exemplary embodiment, the content provider 300 can initiate a service request 20, such as a request for an integrity profile, from the integrity certification and verification device 260. The integrity certification and verification device 260, receives, via the I/O controller 230, and in cooperation with the controller 210 and memory 220 the service request from the content provider 300.
  • As previously discussed, the integrity certification and verification device 200 can include a component database 260 and a profile database 270. The component database 260 provides access to authentication information pertaining to systems and system components that can be distributed by one or more content consumption system/application providers 500. Similarly, the profile database 270 stores verifiable information and a set of registered system components that are to consume the contents of protected documents for one or more individual content providers 300. The verifiable information can include verification test cases used in the certification of compliance with a BIP for registered systems and applications
  • Thus, upon receipt of the request for an integrity profile from the content provider 300, the integrity certification and verification device 200, at the direction of the controller 210 and with the aid of memory 220, searches the component database 260 and the profile database 270 to determine if authentication information already exists that corresponds to the information in the service request.
  • In a further exemplary embodiment, the integrity certification and verification device 200 can perform an on-line verification service. The on-line verification service is provided to perform the integrity verification on-line, for example, in real-time or near real-time within the integrity certification and verification device 200. In order to initiate this service, a piece of software, called an integrity authenticator, can be forwarded to the user system 400. The integrity authenticator allows the collection of information of local software and/or hardware components.
  • In another exemplary embodiment, the integrity authenticator can be a dedicated device, such as the integrity authentication device 450 illustrated in FIG. 2, and the like. The information gathered about the local software and/or hardware components is returned along with the integrity profile identification to the integrity certification and verification device 200 so that the on-line integrity verification can be performed. The component registration device 250 examines software/hardware components from their respective providers and stores identification information in the component database 260. The information pertaining to the software/hardware component can be, for example, hashed and the hash value can be used as the authentic software/hardware identification. However, it is to be appreciated that the information to identify each software/hardware component can be any suitable known or later-developed scheme that allows for identification of an authentic piece of hardware and/or software, according to further exemplary embodiments.
  • In an exemplary embedment, the registration of a particular software and/or hardware component can be accomplished by the content consumption system/application provider 500 communicating with the identification and certification verification device 200 to request a registration service. In a further exemplary embodiment, the identification and certification verification device 200 can communicate with content consumption system/application provider 500 in order to secure the authentication information. The registration application device 540, in cooperation with the controller 510, the memory 520 and the I/O controller 530, then searches one or more of the application database 550 and the system database 560 to secure information about the particular software and/or hardware, including the provider name, a component identification, such as a serial number, version number, build number, and the like, the application itself, and the like.
  • In an exemplary operating scenario, instead of acquiring authentication information from a particular content consumption system/application provider 500, the integrity certification and verification device 200 can request a particular application, such as a software program, and the like, directly from the content consumption system/application provider 500. In this way, the integrity certification and verification device 200 need not employ authentication information, since the integrity certification and verification device 200 can secure the particular software application directly from the content consumption system/application provider 500.
  • The component registration device 250 verifies the information of the component, and optionally computes, for example, a hash value that can be used, for example, as the authentic software and/or hardware identification. The component registration device 250 then stores the component information and, for example, the hash value, in the component database 260.
  • In the case where a system/application provider registers the application/system for BIP certification, the component registration device 250 also performs functional and system verifications to determine the compliance status of the application/system in association with the BIP. The component registration device 250 then records the compliance status along with detailed identification information about the application/system in the component database 260.
  • In a further exemplary embodiment, instead of sending the software and/or hardware component to the registration application device 540, the content consumption system/application provider 500 can also connect to the component registration device 250 to download a small software application, such as a registration application, plug-in, applet, and the like, and have it execute locally. This registration application can examine the target software/hardware component and send information pertaining to this software/hardware component, possibly along with an integrity value, such as a hash value, and the like, back to the component registration device 250, which then can store the authentication information about the component in the component database 260.
  • In another exemplary embodiment, the profile creation device 280 builds integrity profiles for software. For example, an integrity value, such as a hash value, and the like, of each software application can be retrieved from the component database and stored. An optional interaction relationship among the components also can be included in the profile. This relationship is used to identify the calling and returning sequence of the components in order to prevent unintended interaction with other components. The content of the integrity profile is then, for example, digitally signed and the resulting signature is appended to the integrity profile. Each integrity profile is associated with a unique identification.
  • The profile creation device 280 can also build BIPs for systems and applications that registered for and successfully passed the BIP certification. The profile creation device 280 can retrieve the BIP compliance status of each application from the component database 260 and if the compliance status indicates successful compliance certification create a BIP for an application. The profile creation device can optionally record the compliance status in the BIP. Each BIP also can include a unique BIP identification associated with the BIP specification and the application/system identification information. The content of the integrity profile is then, for example, digitally signed and the resulting signature is appended to the BIP.
  • FIG. 3 illustrates an exemplary workflow of input, output and services and operations provided by the integrity certification and verification device 200. In an exemplary embodiment, for the component registration service, a component identification, and optionally, meta information about the particular component, is forwarded to the component registration device 250. The component registration device 250 registers the component, for example, with intended characteristics, purposes, and behaviors in the component database. Then, the component registration device 250 returns the identification of the registered component to, for example, the content consumption system/application provider, and makes the identification available to, for example, the content provider 300.
  • For profile creation, the profile creation device 280 receives the identifications of registered components. The identifications of the registered components, when combined with the information about the associated components, if any, are then digitally signed and stored in the profile database. An integrity profile identification then is returned to the requestor.
  • The profile creation device 280 can also create a separate BIP for each pair, including a BIP specification and system/application, which registered for and successfully passed the BIP certification. The BIP can include the unique BIP identification associated with the BIP specification. The identifications of the registered components, when combined with the information about the associated components, such as their compliance status with the BIP specification, are recorded in the BIP, digitally signed and stored in the profile database. The unique BIP identification and the application/system identification information serve as the primary key to uniquely identify a particular BIP within the profile database.
  • Similarly, the profile distribution device 290 receives an integrity profile identification. The profile database 270 is then queried to determine if an integrity profile corresponding to the integrity profile identification is available. If the integrity profile is available, the integrity profile is returned to the requester. Otherwise, the integrity profile can be determined with the aid of the profile creation device 280.
  • The profile verification device 295 receives information identifying one or more components and an integrity profile identification. The profile verification device 295 compares the component identifications, integrity profile identification and corresponding integrity profile to determine verification data. If the profiles and components and identifications match, the integrity of the system is verified. Otherwise, it is determined that the system is not the one specified in the integrity profile or it has been altered in some way.
  • In the case of BIP verification, the profile verification device 295 receives information identifying one or more components and some unique BIP identification. Using such identifications, the profile verification device 295 retrieves the appropriate BIP from the profile database 270. The verification device 295 then checks the compliance status of the component to determine proof of BIP compliance. The compliance status indicates whether or not the behaviors of the applications/systems are compliant with the specifications in the BIP.
  • FIG. 4A illustrates an exemplary integrity profile. The exemplary integrity profile can be created by the profile creation device 280. To build an integrity profile for an authenticated content provider, a request for creating an integrity profile is initiated. For example, the provider can contact the integrity certification and verification device 200 and request the creation of an integrity profile. Then, the provider sends a list of names of software and/or hardware components to the integrity certification and verification device 200. The profile creation device 280 then retrieves the identification, such as an integrity value, a hash value, and the like, of each of the components from the component database 260. The profile creation device 280 then determines an integrity profile, which can include the authentication information, such as the integrity value, hash value, and the like, of each of the components, together with other information, such as the integrity profile identification, version number, creation date, build date, content provider name, and the like, and optionally, the interaction relationship between any of the software and/or hardware components.
  • The profile creation device 280 forwards the determined integrity profile to a digital signer 240, which can then sign the content of the profile. The profile creation device 280 then stores the signed profile in the profile database 270 and returns the profile identification to the content provider 300.
  • FIG. 4B illustrates an exemplary BIP. The profile creation device 280 creates a BIP when a system/application provider registers its system/application and passes the certification of compliance with a BIP specification. The profile creation device builds the BIP by retrieving the compliance status and application identification information corresponding to a system/application from the component database 260. The exemplary BIP can include the BIP identification(s), the version number of BIP, the creation date of BIP, the name of the organization that created the BIP, the URL(s) of the specification associated with the BIP identification(s), the application identification information of the registered system/application, the digital signature of the BIP, and the like, and optionally the compliance status of the registered system, application, and the like. When a BIP includes multiple BIP identifications, the system/application must comply with all suitable BIP specifications associated with the specified BIP identifications.
  • When creating, for example, a usage license for the content of a protected document, the content provider 300 can optionally include the integrity profile identification in the usage license. On the user system 400, the integrity profile can be used to verify all of the suitable software/hardware components in an environment call stack. This assures that the sensitive information can only be consumed by authorized software/hardware components or any combination thereof. In a further exemplary embodiment, the content provider 300 optionally can include an integrity profile identification that corresponds to a BIP specification. In this case, similar to the process described, the integrity profile associated with the specific application is used first in the user system 400 to verify all of the software/hardware components in an environment call stack. Once the integrity of the system/application is confirmed, the BIP is used to prove that the behaviors of the system/application are in compliance with the BIP specification identified by the BIP identification.
  • The profile distribution device 290 accepts requests for obtaining integrity profiles and retrieves them from the profile database 270 and returns the integrity profiles to the respective requestor. Similarly, the profile verification device 295 accepts requests for verifying user systems for one or more system environments. The profile verification device 295 gathers the information about the software/hardware components according to integrity profiles, verifies the information against the profiles, and returns the verification results back to the requesters. The profile verification device 295 also derives compliance status from a BIP in response to a BIP verification request.
  • The user system 400 can include an integrity authentication device 450. The integrity authentication device 450, for example, runs on top of any suitable content consumption application.
  • Thus, FIG. 5 illustrates an exemplary system environment stack on user device 400 for verifying system integrity. In an exemplary embodiment, the user system environment stack can include an integrity authenticator, one or more system components, and the like.
  • FIG. 6 illustrates an example of an environment stack, which includes an integrity authenticator, a plug-in, a rendering application, an operating system, an operating system (OS) boot strap, respective hardware, and the like.
  • In an exemplary operating environment, the integrity authentication device 450 can include its own encryption/decryption key pair and a verification key of an identification certification and verification device. These keys can be hidden and/or embedded within the integrity authentication device 400 for providing tamper-resistance. For those applications that require the use of a user's private information or involve sensitive documents and data, the integrity authentication device 450 can use an associated integrity profile to verify the software/hardware components on the call stack in the user system environment.
  • The integrity authentication device 450 can verify the signature of the profile using the integrity certification and verification device verification key. As illustrated in FIGS. 7-9, once the signature is verified, the integrity authentication device 450 examines the current call stack and starts to authenticate each software/hardware component on the call stack using the information provided in the integrity profile. The call stack can be configured as a continuous block of memory, which can include memory images, the involved functions or procedures, and the like. The stack can operate on a last-in-first-out basis and the stacks operations can include stack “push” and stack “pop.” Push can be used to store the images onto the stack and advance to the top of the stack to a position. Pop can be used to remove the data from the stack and restore the top of the stack to a previous position.
  • With the call stack, the image of the currently executed function is at the top of the stack. When the currently executed function invokes or calls the next function, the memory image of the next function is pushed on the top of the call stack and the top of the call stack points to the image of the next function. Each portion of the stacked images can include the addresses or return instruction after the called function finishes its execution.
  • FIG. 10 illustrates how the execution environment is protected. In an exemplary embodiment, to protect the Integrity Authenticator (IA), the execution of the IA is monitored by a trusted application, which is part of the IA. The monitoring process, such an application, and the like, can include a debugger, a special process, and the like, that can prevent the IA from being monitored by any other suitable process or application in the system. In an environment where a process can only be debugged by only one process, the trusted monitoring program can be implemented as a debugger, and the like. Since the monitoring program is a trusted application, the monitoring program's integrity can be included in the current integrity profile. Accordingly, the IA will verify the integrity of the trusted application before loading and execution. The function of the trusted monitoring application is to prevent the IA from being monitored and controlled and captured by other processes. Another function of the trusted monitoring application is to monitor the current environment and determine if the change in environment is valid. However, like the IA, the trusted monitoring application can also be protected, and the IA can act as the monitor to protect the trusted monitoring application from being monitored, captured and/or controlled by other applications. This dual protection mechanism creates a closed system that can prevent other applications from monitoring the execution of the integrity authenticator.
  • FIG. 11A illustrates an exemplary method of operation of the integrity certification and verification device. In an exemplary embodiment, control begins in step S100 and continues to step S110. In step S110, an integrity profile is determined. Next, in step S120, the integrity profile is certified. Then, in step S130, the integrity profile is forwarded to the user. Control then continues to step S140.
  • In step S140, the integrity of the user system is verified. Next, in step S150, a determination is made whether or not the user system is authentic. If the user system is authentic, control continues to step S160, where the user is allowed access to the selected content. Otherwise, control jumps to step S170, where the content access is denied or disabled. Control then continues to step S180, where the control sequence ends.
  • FIG. 11B illustrates an exemplary method of operation of the integrity certification and verification device using BIP(s) in conjunction with an AIP. In an exemplary embodiment, control begins in step S800 and continues to step S810. In step S810, an AIP is determined. Next, in step S820, the AIP is certified. Then, in step S830, the AIP is forwarded to the user. Control then continues to step S840.
  • In step S840, the integrity of the user system is verified. Next, in step S850, a determination is made whether or not the user system is authentic. If the user system is not authentic, control jumps to step S930, where the content access is denied or disabled. Control then continues to step S940, where the control sequence ends. However, if in step S850 the user system is authentic, control continues to step S860 to determine if the BIP conjunctive verification flag is explicitly specified.
  • If the BIP conjunctive verification flag is specified, control goes to S870, where the user system is verified for compliance with the specified BIP specification(s). In step S880, a determination is made whether or not the user system has proof(s) that it complies with the BIP(s). If the user system has proof(s) of compliance, control continues to step S890, where the user is allowed access to the selected content. Otherwise, control jumps to step S930, where the content access is denied or disabled. Control then continues to step S940, where the control sequence ends.
  • However, if in step S860 the BIP conjunctive verification flag is not specified, control goes to S910, where the user system is verified for compliance with any one of the specified BIP specification(s). In step S920, a determination is made whether or not the user system has proof that it complies with the one of the BIP(s). If the user system has proof of compliance, control continues to step S890, where the user is allowed access to the selected content. Otherwise, control jumps to step S930, where the content access is denied or disabled. Control then continues to step S940, where the control sequence ends.
  • FIG. 11C illustrates an exemplary method of operation of the integrity certification and verification device using BIP(s). In particular, control begins in step S1000 and continues to step S1010. In step S1010, the BIP conjunctive verification flag is checked to determine if it is explicitly specified. If the BIP conjunctive verification flag is specified, then control goes to S1020, where the user system is verified for compliance with the specified BIP specification(s). In step S1030, a determination is made whether or not the user system has proof(s) that it complies with the BIP(s). If the user system has proof(s) of compliance, control continues to step S1080, where the user is allowed access to the selected content. Otherwise, control jumps to step S1040, where the content access is denied or disabled. Control then continues to step S1050, where the control sequence ends.
  • However, if in step S1010 the BIP conjunctive verification flag is not specified, control goes to S1060, where the user system is verified for compliance with any one of the specified BIP specification(s). In step S1070, a determination is made whether or not the user system has proof that it complies with one of the BIP(s). If the user system has proof of compliance, control continues to step S1080, where the user is allowed access to the selected content. Otherwise, control jumps to step S1090, where the content access is denied or disabled. Control then continues to step S1050, where the control sequence ends.
  • FIG. 12 illustrates an exemplary method of registering components/hardware and/or software. In an exemplary embodiment, control begins in step S200 and continues to step S210. In step S210, the registration service is initiated. Next, in step S220, the component supplier provides authentication information about particular components/hardware and/or software. Then, in step S230, information about the particular components/hardware and/or software is verified. Control then continues to step S240.
  • In step S240, a determination whether or not an integrity value should be determined. If an integrity value is to be determined, control continues to step S250, where an integrity value is determined. Otherwise, control jumps to step S260, where authentication information about the component/hardware and/or software is stored.
  • Next, in step S270, a determination is made whether or not to store an integrity value. If an integrity value is to be stored, control continues to step S280, where the integrity value is stored. Otherwise, if an integrity value is not to be stored, control jumps to step S290, where the control sequence ends.
  • FIG. 13 illustrates an exemplary method of determining a profile. In an exemplary embodiment, control begins in step S300 and continues to step S310. In step S310, the integrity profile determination is initiated. Next, in step S320, the name, such as an identification, and the like, of the component and/or hardware or software is obtained. Then, in step S330, the identification for the component/hardware or software is retrieved. Control then continues to step S340.
  • In step S340, the integrity profile is determined. Next, in step S350, the integrity profile is digitally signed. Then, in step S360, the digitally signed integrity profile is stored. Control then continues to step S370.
  • In step S370, the signed integrity profile is then forwarded to the requestor, such as the content consumption system/application provider, and the like. Control then continues to step S380, where the control sequence ends.
  • FIG. 14 illustrates an exemplary method of verifying the integrity of the integrity authenticator. In an exemplary embodiment, control begins in step S400 and continues to step S410. In step S410, the integrity of the integrity authenticator is verified. Next, in step S420, a determination is made whether or not the integrity authenticator is valid. If the integrity authenticator is valid, control continues to step S430. Otherwise control jumps to step S540.
  • In step S430, a tamper-resistant environment is established. Next, in step S440, the integrity profile is verified. Then, in step S450, a determination is made whether or not the integrity profile is valid. If the integrity profile is valid, control continues to step S460. Otherwise, control jumps to step S540.
  • In step S460, the integrity profile is loaded. Next, in step S470, the call stack of the current execution environment, as illustrated in relation to FIG. 6, is constructed. At the bottom of the call stack is a set of hardware and/or devices, with the software components towards the top of the stack. The relationship of the components in the stack is that the lower component calls the component just above it. Once the call stack is constructed, the top of the call stack, which includes the execution image of the last executed component, is located. Thus, the execution image of each component on the stack helps identify the calling component. Then, in step S480, the identification calling component is retrieved. Control then continues to step S490.
  • In step S490, the integrity of the component is verified against the integrity profile. Next, in step S500, a determination is made whether or not the component is valid. If the component is valid, control continues to step S510. Otherwise, control jumps to step S540.
  • In step S510, a determination is made whether or not the stack is empty. If the stack is empty, control jumps to step S520. Otherwise, control jumps to step S530. In step S520, the next component in the stack is located and this next component is set as the current stack frame. Control then returns to step S480 for verification.
  • In step S530, the integrity is verified and control continues to step S550, where the control sequence ends. In step S540, the integrity check fails and control continues to step S550, where the control sequence ends.
  • Thus, a content provider, such as a document publisher or distributor, provides, for example, protected content to a user, for consumption within a trusted user environment. By providing integrity certification and verification services, the authenticity of the content consumption environments can be verified. The content provider forwards to the user a protected version of the digital content which includes, for example, a license agreement and an integrity profile identification. The profile includes, for example, the applications and system components that are allowed to be used in conjunction with the protected content. Additionally, the content provider initiates a request for an integrity profile. This request for the integrity profile is forwarded to an integrity certification and verification device. The integrity certification and verification device can, for example, if an integrity profile does not already exist for the requested applications and/or systems components, query a content consumption system/application provider, who, for example, has supplied the system components to the user. The content consumption system/application provider returns to the integrity certification and verification device authentication information about the particular applications or system components. The authentication information allows a comparison or integrity verification, to be made between an application and/or system component on a user's system, and the original application or system component as distributed by the content consumption system/application provider.
  • In a further exemplary embodiment, the content provider forwards to the user a protected version of the digital content, which includes, for example, a license agreement and a BIP identification. An application integrity profile identification is not associated with the protected content, but is embedded into the applications and system components by the content consumption system/application provider. Unlike an application integrity profile, which is tied to a specific application, a BIP is tied to a standard specification that specifies a set of behaviors and/or consumption terms and conditions by which all compliant applications abide. Using the application integrity profile identification, the integrity certification and verification services first verify the authenticity of the content consumption system, application, and the like. Once the integrity of the content consumption system/application has been confirmed and it has been determined that it hasn't been tampered with, the integrity certification and verification device ensures that the content consumption system/application is compliant with the BIP by verifying that proof exists that the applications are indeed compliant with the BIP specification. Then, the integrity certification and verification device enables the content consumption system/application to consume the protected content. By certifying applications and systems based on a BIP identification, the consumer can use any suitable content consumption system or application that complies with some BIP specification mandated by the content provider to consume the protected content. In this manner, use of the content can be controlled without limiting consumption to a particular application or system.
  • The integrity certification and verification method and system of the exemplary embodiments of FIGS. 1-14 can be implemented on a single programmed general purpose computer or separate programmed general purpose computers. The exemplary embodiments of FIGS. 1-14 can also be implemented on a special purpose computer, a programmed microprocessor or microcontroller and peripheral integrated circuit element, an ASIC or other integrated circuit, a digital signal processor, a hard-wired electronic or logic circuit, such as a discrete element circuit, a programmable logic device, such as a PLA, PLD, FPGA, PAL, and the like. In general, any suitable system, device, software, combination thereof, and the like, capable of implementing the processes of the exemplary embodiments of FIGS. 1-14 (e.g., via a finite state machine, and the like) can be employed.
  • The exemplary embodiments of FIGS. 1-14 can be readily implemented with software using object or object-oriented software development techniques in environments that provide portable source code that can be used in a variety of computer or workstation hardware platforms. The exemplary embodiments of FIGS. 1-14 also can be implemented partially or fully in hardware using standard logic circuits or a VLSI design. Whether or not software and/or hardware is used to implement the exemplary systems and methods is dependent on the speed and/or efficiency requirements of the system, the particular function, and particular hardware or software systems or microprocessor or microcomputer system being utilized. The integrity certification and verification devices and methods described above, however, can be readily implemented in hardware or software, using any known or later-developed systems or structures, devices, and/or software by those skilled in the applicable art without undue experimentation from the functional description provided herein, together with a general knowledge of the computer arts. Moreover, the disclosed methods can be readily implemented as software executed on a programmed general purpose computer, a special purpose computer, a microprocessor, a server, and the like. In this case, the methods and systems of the exemplary embodiments can be implemented as a routine embedded on a personal computer or server, such as a JAVA or CGI script, as a resource residing on a server or graphics work station, as a routine embedded in a dedicated integrity certification and verification device, a web browser, a web TV interface, a PDA interface, a multimedia presentation device, and the like. The integrity certification and verification device can also be implemented by physically incorporating the systems and methods into a software and/or hardware system, such as the hardware and software systems of a graphics workstation or dedicated integrity certification and verification device.
  • Accordingly, the above-described devices and subsystems of the exemplary embodiments of FIGS. 1-14 can include, for example, any suitable servers, workstations, PCs, laptop computers, PDAs, Internet appliances, handheld devices, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments of FIGS. 1-14. The devices and subsystems of the exemplary embodiments of FIGS. 1-14 can communicate with each other using any suitable protocol and can be implemented using one or more programmed computer systems or devices.
  • One or more interface mechanisms can be used with the exemplary embodiments of FIGS. 1-14, including, for example, Internet access, telecommunications in any suitable form (e.g., voice, modem, and the like), wireless communications media, and the like. For example, employed communications networks or links can include one or more wireless communications networks, cellular communications networks, G3 communications networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, a combination thereof, and the like.
  • It is to be understood that the devices and subsystems of the exemplary embodiments of FIGS. 1-14 are for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible, as will be appreciated by those skilled in the relevant art(s). For example, the functionality of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be implemented via one or more programmed computer systems or devices.
  • To implement such variations as well as other variations, a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the exemplary embodiments of FIGS. 1-14. On the other hand, two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the exemplary embodiments of FIGS. 1-14. Accordingly, principles and advantages of distributed processing, such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the devices and subsystems of the exemplary embodiments of FIGS. 1-14.
  • The devices and subsystems of the exemplary embodiments of FIGS. 1-14 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and subsystems of the exemplary embodiments of FIGS. 1-14. One or more databases of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can store the information used to implement the exemplary embodiments of the present invention. The databases can be organized using data structures (e.g., records, tables, arrays, fields, graphs, trees, lists, and the like) included in one or more memories or storage devices listed herein. The processes described with respect to the exemplary embodiments of FIGS. 1-14 can include appropriate data structures for storing data collected and/or generated by the processes of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 in one or more databases thereof.
  • All or a portion of the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments of the present invention, as will be appreciated by those skilled in the computer and software arts. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments, as will be appreciated by those skilled in the software art. Further, the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be implemented on the World Wide Web. In addition, the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be appreciated by those skilled in the electrical art(s). Thus, the exemplary embodiments are not limited to any specific combination of hardware circuitry and/or software.
  • Stored on any one or on a combination of computer readable media, the exemplary embodiments of the present invention can include software for controlling the devices and subsystems of the exemplary embodiments of FIGS. 1-14, for driving the devices and subsystems of the exemplary embodiments of FIGS. 1-14, for enabling the devices and subsystems of the exemplary embodiments of FIGS. 1-14 to interact with a human user, and the like. Such software can include, but is not limited to, device drivers, firmware, operating systems, development tools, applications software, and the like. Such computer readable media further can include the computer program product of an embodiment of the present invention for performing all or a portion (if processing is distributed) of the processing performed in implementing the invention. Computer code devices of the exemplary embodiments of the present invention can include any suitable interpretable or executable code mechanism, including but not limited to scripts, interpretable programs, dynamic link libraries (DLLs), Java classes and applets, complete executable programs, Common Object Request Broker Architecture (CORBA) objects, and the like. Moreover, parts of the processing of the exemplary embodiments of the present invention can be distributed for better performance, reliability, cost, and the like.
  • As stated above, the devices and subsystems of the exemplary embodiments of FIGS. 1-14 can include computer readable medium or memories for holding instructions programmed according to the teachings of the present invention and for holding data structures, tables, records, and/or other data described herein. Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution. Such a medium can take many forms, including but not limited to, non-volatile media, volatile media, transmission media, and the like. Non-volatile media can include, for example, optical or magnetic disks, magneto-optical disks, and the like. Volatile media can include dynamic memories, and the like. Transmission media can include coaxial cables, copper wire, fiber optics, and the like. Transmission media also can take the form of acoustic, optical, electromagnetic waves, and the like, such as those generated during radio frequency (RF) communications, infrared (IR) data communications, and the like. Common forms of computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards, paper tape, optical mark sheets, any other suitable physical medium with patterns of holes or other optically recognizable indicia, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge, a carrier wave or any other suitable medium from which a computer can read.
  • While the present invention have been described in connection with a number of exemplary embodiments, and implementations, the present invention is not so limited, but rather covers various modifications, and equivalent arrangements, which fall within the purview of the appended claims.

Claims (87)

1. A method for integrity certification and verification in a computer environment based on characteristics and behaviors of one or more applications, systems or system components as compared with a profile of characteristics and behaviors, the method comprising:
determining a behavior integrity profile (BIP) specifying characteristics and behaviors of one or more applications, systems or system components;
determining based on the BIP whether or not characteristics and behaviors of one or more applications, systems or system components are compliant with characteristics and behaviors defined in a behavior integrity profile specification; and
determining access rights to the one or more applications, systems or system components based on the step of determining the compliance.
2. The method of claim 1, further comprising:
determining an application integrity profile (AIP);
determining, based on the AIP, authenticity of the one or more applications, systems or system components; and
determining the access rights based on the authenticity determination.
3. The method of claim 2, further comprising utilizing one or more application integrity profiles and one or more behavior integrity profiles in a conjunctive manor.
4. The method of claim 2, further comprising providing an integrity certification and verification device, the integrity certification and verification device having access to the application integrity profile for determining the authentication information about one or more applications, systems or system components.
5. The method of claim 1, further comprising determining via a component registration device BIP compliance status by verifying the characteristics and behaviors of the one or more applications, systems or system components against the BIP specification.
6. The method of claim 2, wherein the BIP includes at least one of a BIP identification, identification of registered applications, systems or system components, and compliance status.
7. The method of claim 6, further comprising maintaining via a profile database a BIP with a BIP identification, and an identification of registered applications, systems or system components.
8. The method of claim 1, further comprising verifying via a profile verification device proof of BIP compliance by checking compliance status of the applications, systems or system components to which the BIP has been issued.
9. The method of claim 1, further comprising obtaining via a registration application device the authentication information about the one or more applications, systems or system components from an application, system or system component provider.
10. The method of claim 6, further comprising using the BIP identification in conjunction with distributed information.
11. The method of claim 1, further comprising distributing via a content provider content information associated with the BIP.
12. The method of claim 1, further comprising providing an application, system or system component provider.
13. The method of claim 10, wherein when the BIP identification is used in conjunction with the distributed information, if a profile verification device determines that the one or more applications, systems or system components are not authentic or are not compliant with the BIP specification, access to content associated with the one or more applications, systems or system components is denied.
14. The method of claim 1, further comprising building via a BIP creation device the BIP by deriving compliance status and application identification information corresponding to the one or more applications, systems or system components from a component database.
15. The method of claim 1, further comprising:
assessing the BIP for allowing the determination of whether or not the characteristics and behaviors of the one or more applications, systems or system components are compliant with the characteristics defined in the BIP specification; and
determining the access rights based on the assessment step.
16. The method of claim 15, further comprising verifying the BIP compliance status of the one or more applications, systems or system components.
17. The method of claim 15, wherein the access rights include rights for at least one of allowing or denying access to content associated with the one or more applications, systems or system components.
18. The method of claim 15, further comprising obtaining authentication information about at least one of the one or more applications, systems or system components.
19. The method of claim 1, further comprising digitally signing the BIP.
20. The method of claim 19, further comprising forwarding the digitally signed BIP to a system of a consumer.
21. The method of claim 1, further comprising verifying the integrity of an integrity authenticator associated with the one or more applications, systems or system components.
22. The method of claim 2, further comprising:
providing an integrity certification and verification device having access to authentication information about the one or more applications, systems or system components; and
providing the AIP used to determine the authenticity of the one or more applications, systems or system components.
23. The method of claim 22, further comprising determining via a component registration device the AIP from the authentication information, the AIP including at least one of verifiable information and an identification of registered applications, systems or system components.
24. The method of claim 22, further comprising maintaining via a profile database the AIP and an identification of registered applications, systems or system components.
25. The method of claim 22, further comprising verifying via a profile verification device authenticity by comparing one or more of application, system or system component identifications, the one or more applications, systems or system components, the AIP, and/or an AIP identification.
26. The method of claim 22, further comprising obtaining via a registration application device the authentication information about the one or more applications, systems or system components from an application, system or system component provider.
27. The method of claim 22, wherein the AIP comprises an identification of the one or more applications, systems or system components that can be used in conjunction with distributed information.
28. The method of claim 22, further comprising distributing via a content provider content information associated with the one or more applications, systems or system components.
29. The method of claim 22, further comprising providing an application, system or system component provider.
30. The method of claim 22, wherein if a profile verification device determines that the one or more applications, systems or system components are not authentic, access to one or more documents associated with the one or more applications, systems or system components is denied.
31. The method of claim 22, further comprising determining via a profile creation device the AIP based on verifiable information about the one or more applications, systems or system components.
32. The method of claim 2, further comprising certifying the AIP.
33. The method of claim 2, further comprising verifying the authenticity of one or more applications, systems or system components.
34. The method of claim 2, wherein the access rights include rights for at least one of allowing or denying access to content associated with the one or more applications, systems or system components.
35. The method of claim 2, further comprising obtaining authentication information about the at least one application, system or system component.
36. The method of claim 2, further comprising digitally signing the AIP.
37. The method of claim 36, further comprising forwarding the digitally signed integrity profile to a system of a consumer.
38. The method of claim 2, further comprising verifying the integrity of an integrity authenticator associated with the AIP.
39. The method of claim 1, further comprising establishing a tamper resistant environment associated with the one or more applications, systems or system components.
40. The method of claim 2, further comprising verifying the AIP.
41. The method of claim 2, further comprising loading a valid AIP.
42. The method of claim 38, wherein the verifying step comprises establishing that the integrity authenticator is not being at least one of monitored, controlled or recorded.
43. The method of claim 1, wherein said method is implemented as one or more computer readable instructions embedded on a computer readable medium and configured to cause one or more computer processors to perform the steps recited in the method.
44. The method of claim 1, wherein said method is implemented as one or more computer software and/or hardware devices configured to perform the steps recited in the method.
45. A system for integrity certification and verification in a computer environment based on characteristics and behaviors of one or more applications, systems or system components as compared with a profile of characteristics and behaviors, the system comprising:
means for determining a behavior integrity profile (BIP) specifying characteristics and behaviors of one or more applications, systems or system components;
means for determining based on the BIP whether or not characteristics and behaviors of one or more applications, systems or system components are compliant with characteristics and behaviors defined in a behavior integrity profile specification; and
means for determining access rights to the one or more applications, systems or system components based on the determining of the compliance.
46. The system of claim 45, further comprising:
means for determining an application integrity profile (AIP);
means for determining, based on the AIP, authenticity of the one or more applications, systems or system components; and
means for determining the access rights based on the authenticity determination.
47. The system of claim 46, further comprising means for utilizing one or more application integrity profiles and one or more behavior integrity profiles in a conjunctive manor.
48. The system of claim 46, further comprising an integrity certification and verification device, the integrity certification and verification device having access to the application integrity profile for determining the authentication information about one or more applications, systems or system components.
49. The system of claim 45, further comprising a component registration device for determining BIP compliance status by verifying the characteristics and behaviors of the one or more applications, systems or system components against the BIP specification.
50. The system of claim 46, wherein the BIP includes at least one of a BIP identification, identification of registered applications, systems or system components, and compliance status.
51. The system of claim 6, further comprising a profile database for maintaining a BIP with a BIP identification, and an identification of registered applications, systems or system components.
52. The system of claim 45, further comprising a profile verification device for verifying proof of BIP compliance by checking compliance status of the applications, systems or system components to which the BIP has been issued.
53. The system of claim 45, further comprising a registration application device for obtaining the authentication information about the one or more applications, systems or system components from an application, system or system component provider.
54. The system of claim 50, further comprising means for using the BIP identification in conjunction with distributed information.
55. The system of claim 45, further comprising a content provider for distributing content information associated with the BIP.
56. The system of claim 45, further comprising an application, system or system component provider.
57. The system of claim 54, further comprising a profile verification device, wherein when the BIP identification is used in conjunction with the distributed information, if the profile verification device determines that the one or more applications, systems or system components are not authentic or are not compliant with the BIP specification, access to content associated with the one or more applications, systems or system components is denied.
58. The system of claim 45, further comprising a BIP creation device for building the BIP by deriving compliance status and application identification information corresponding to the one or more applications, systems or system components from a component database.
59. The system of claim 45, further comprising:
means for assessing the BIP for allowing the determination of whether or not the characteristics and behaviors of the one or more applications, systems or system components are compliant with the characteristics defined in the BIP specification; and
means for determining the access rights based on the assessment.
60. The system of claim 59, further comprising means for verifying the BIP compliance status of the one or more applications, systems or system components.
61. The system of claim 59, wherein the access rights include rights for at least one of allowing or denying access to content associated with the one or more applications, systems or system components.
62. The system of claim 59, further comprising means for obtaining authentication information about at least one of the one or more applications, systems or system components.
63. The system of claim 45, further comprising means for digitally signing the BIP.
64. The system of claim 63, further comprising means for forwarding the digitally signed BIP to a system of a consumer.
65. The system of claim 45, further comprising means for verifying the integrity of an integrity authenticator associated with the one or more applications, systems or system components.
66. The system of claim 46, further comprising:
an integrity certification and verification device having access to authentication information about the one or more applications, systems or system components; and
means for providing the AIP used to determine the authenticity of the one or more applications, systems or system components.
67. The system of claim 66, further comprising a component registration device for determining the AIP from the authentication information, the AIP including at least one of verifiable information and an identification of registered applications, systems or system components.
68. The system of claim 66, further comprising a profile database for maintaining the AIP and an identification of registered applications, systems or system components.
69. The system of claim 66, further comprising a profile verification device for verifying authenticity by comparing one or more of application, system or system component identifications, the one or more applications, systems or system components, the AIP, and/or an AIP identification.
70. The system of claim 66, further comprising a registration application device for obtaining the authentication information about the one or more applications, systems or system components from an application, system or system component provider.
71. The system of claim 66, wherein the AIP comprises an identification of the one or more applications, systems or system components that can be used in conjunction with distributed information.
72. The system of claim 66, further comprising a content provider for distributing content information associated with the one or more applications, systems or system components.
73. The system of claim 66, further comprising an application, system or system component provider.
74. The system of claim 66, further comprising a profile verification device, wherein if the profile verification device determines that the one or more applications, systems or system components are not authentic, access to one or more documents associated with the one or more applications, systems or system components is denied.
75. The system of claim 66, further comprising a profile creation device for determining the AIP based on verifiable information about the one or more applications, systems or system components.
76. The system of claim 46, further comprising means for certifying the AIP.
77. The system of claim 46, further comprising means for verifying the authenticity of one or more applications, systems or system components.
78. The system of claim 46, wherein the access rights include rights for at least one of allowing or denying access to content associated with the one or more applications, systems or system components.
79. The system of claim 46, further comprising means for obtaining authentication information about the at least one application, system or system component.
80. The system of claim 46, further comprising means for digitally signing the AIP.
81. The system of claim 80, further comprising means for forwarding the digitally signed integrity profile to a system of a consumer.
82. The system of claim 46, further comprising means for verifying the integrity of an integrity authenticator associated with the AIP.
83. The system of claim 45, further comprising means for establishing a tamper resistant environment associated with the one or more applications, systems or system components.
84. The system of claim 46, further comprising means for verifying the AIP.
85. The system of claim 46, further comprising means for loading a valid AIP.
86. The system of claim 82, wherein the means for verifying comprises means for establishing that the integrity authenticator is not being at least one of monitored, controlled or recorded.
87. The system of claim 45, wherein said system is implemented as one or more computer software and/or hardware devices.
US11/117,444 2000-08-28 2005-04-29 Systems and methods for integrity certification and verification Abandoned US20050262086A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/117,444 US20050262086A1 (en) 2000-08-28 2005-04-29 Systems and methods for integrity certification and verification

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/649,838 US6931545B1 (en) 2000-08-28 2000-08-28 Systems and methods for integrity certification and verification of content consumption environments
US11/117,444 US20050262086A1 (en) 2000-08-28 2005-04-29 Systems and methods for integrity certification and verification

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/649,838 Continuation-In-Part US6931545B1 (en) 2000-08-28 2000-08-28 Systems and methods for integrity certification and verification of content consumption environments

Publications (1)

Publication Number Publication Date
US20050262086A1 true US20050262086A1 (en) 2005-11-24

Family

ID=24606431

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/649,838 Expired - Lifetime US6931545B1 (en) 2000-08-28 2000-08-28 Systems and methods for integrity certification and verification of content consumption environments
US11/117,444 Abandoned US20050262086A1 (en) 2000-08-28 2005-04-29 Systems and methods for integrity certification and verification

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/649,838 Expired - Lifetime US6931545B1 (en) 2000-08-28 2000-08-28 Systems and methods for integrity certification and verification of content consumption environments

Country Status (12)

Country Link
US (2) US6931545B1 (en)
EP (1) EP1301863B1 (en)
JP (1) JP3671178B2 (en)
KR (1) KR100402071B1 (en)
CN (2) CN1291326C (en)
AT (1) ATE325384T1 (en)
AU (2) AU8529801A (en)
BR (1) BR0113572A (en)
CA (1) CA2419863C (en)
DE (1) DE60119326T2 (en)
MX (1) MXPA03001761A (en)
WO (1) WO2002019598A2 (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030079029A1 (en) * 2001-10-18 2003-04-24 Sandilya Garimella Single system user identity
US20050022034A1 (en) * 2003-07-25 2005-01-27 International Business Machines Corporation Method and system for user authentication and identification using behavioral and emotional association consistency
US20060075140A1 (en) * 2002-11-27 2006-04-06 Sobel William E Client compliancy in a NAT environment
US20060130139A1 (en) * 2002-11-27 2006-06-15 Sobel William E Client compliancy with self-policing clients
US20070107043A1 (en) * 2005-11-09 2007-05-10 Keith Newstadt Dynamic endpoint compliance policy configuration
US20080086458A1 (en) * 2006-09-15 2008-04-10 Icebreaker, Inc. Social interaction tagging
US20080091978A1 (en) * 2006-10-13 2008-04-17 Stephen Andrew Brodsky Apparatus, system, and method for database management extensions
US20080319959A1 (en) * 2007-06-22 2008-12-25 International Business Machines Corporation Generating information on database queries in source code into object code compiled from the source code
US20090144837A1 (en) * 2007-11-30 2009-06-04 Huff David P Systems and methods for software application certification service
US20090319998A1 (en) * 2008-06-18 2009-12-24 Sobel William E Software reputation establishment and monitoring system and method
US20100287547A1 (en) * 2009-05-08 2010-11-11 Samsung Electronics Co., Ltd. System and method for verifying integrity of software package in mobile terminal
US20130055391A1 (en) * 2007-03-30 2013-02-28 Ravi Sahita Method and apparatus for adaptive integrity measurement of computer software
US20140115689A1 (en) * 2012-10-19 2014-04-24 The Aerospace Corporation Execution stack securing process
US20140122897A1 (en) * 2011-12-31 2014-05-01 Rakesh Dodeja Securing device environment for trust provisioning
US8763076B1 (en) 2006-06-30 2014-06-24 Symantec Corporation Endpoint management using trust rating data
WO2014116769A1 (en) * 2013-01-23 2014-07-31 Mcafee Inc. System and method for an endpoint hardware assisted network firewall in a security environment
US20140325047A1 (en) * 2012-09-12 2014-10-30 Empire Technology Development Llc Compound certifications for assurance without revealing infrastructure
US20150121072A1 (en) * 2013-10-30 2015-04-30 Electronics And Telecommunications Research Institute Object verification apparatus and its integrity authentication method
TWI502342B (en) * 2013-03-08 2015-10-01 Chunghwa Telecom Co Ltd Method and system for automatic synchronization of dual - track test
WO2016001814A1 (en) * 2014-07-02 2016-01-07 Indian Institute Of Technology Madras System and method for determining the behavioral integrity of an application
US20160191486A1 (en) * 2008-10-16 2016-06-30 Verisign, Inc. Transparent client authentication
US20170034245A1 (en) * 2015-07-29 2017-02-02 Yahoo Japan Corporation Transferring device and transferring system
US20170230420A1 (en) * 2014-06-26 2017-08-10 Olivier Joffray Method for protecting intangible assets in telecommunications networks
US10149166B2 (en) 2016-01-14 2018-12-04 Blackberry Limited Verifying a certificate
US11240044B2 (en) 2018-11-22 2022-02-01 International Business Machines Corporation Verifying purpose of data usage at sub-application granularity
US11586777B2 (en) * 2019-10-28 2023-02-21 Robert Bosch Gmbh Device, system and method for verifying an integrity status of a device

Families Citing this family (106)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1085396A1 (en) 1999-09-17 2001-03-21 Hewlett-Packard Company Operation of trusted state in computing platform
US8095508B2 (en) * 2000-04-07 2012-01-10 Washington University Intelligent data storage and processing using FPGA devices
US6965881B1 (en) * 2000-04-24 2005-11-15 Intel Corporation Digital credential usage reporting
US7395246B2 (en) * 2000-06-30 2008-07-01 Intel Corporation Delegating digital credentials
GB0020441D0 (en) 2000-08-18 2000-10-04 Hewlett Packard Co Performance of a service on a computing platform
US7457950B1 (en) * 2000-09-29 2008-11-25 Intel Corporation Managed authentication service
GB2376763B (en) * 2001-06-19 2004-12-15 Hewlett Packard Co Demonstrating integrity of a compartment of a compartmented operating system
GB2371636A (en) * 2000-12-21 2002-07-31 Nokia Oyj Content Distribution System
GB0102516D0 (en) * 2001-01-31 2001-03-21 Hewlett Packard Co Trusted gateway system
US20020111911A1 (en) * 2001-02-13 2002-08-15 Kennedy Kelli Hodge Document distribution system and method with consolidated document services management
GB2372345A (en) * 2001-02-17 2002-08-21 Hewlett Packard Co Secure email handling using a compartmented operating system
GB2372595A (en) 2001-02-23 2002-08-28 Hewlett Packard Co Method of and apparatus for ascertaining the status of a data processing environment.
GB2372592B (en) 2001-02-23 2005-03-30 Hewlett Packard Co Information system
GB2372593B (en) * 2001-02-23 2005-05-18 Hewlett Packard Co Electronic communication
AU2002305490B2 (en) * 2001-05-09 2008-11-06 Sca Ipla Holdings, Inc. Systems and methods for the prevention of unauthorized use and manipulation of digital content
US7099663B2 (en) 2001-05-31 2006-08-29 Qualcomm Inc. Safe application distribution and execution in a wireless environment
GB2376765B (en) 2001-06-19 2004-12-29 Hewlett Packard Co Multiple trusted computing environments with verifiable environment identities
GB2376761A (en) * 2001-06-19 2002-12-24 Hewlett Packard Co An arrangement in which a process is run on a host operating system but may be switched to a guest system if it poses a security risk
GB2376762A (en) * 2001-06-19 2002-12-24 Hewlett Packard Co Renting a computing environment on a trusted computing platform
GB0114898D0 (en) * 2001-06-19 2001-08-08 Hewlett Packard Co Interaction with electronic services and markets
GB2376764B (en) * 2001-06-19 2004-12-29 Hewlett Packard Co Multiple trusted computing environments
US20090006659A1 (en) * 2001-10-19 2009-01-01 Collins Jack M Advanced mezzanine card for digital network data inspection
US7137004B2 (en) * 2001-11-16 2006-11-14 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
GB2382419B (en) * 2001-11-22 2005-12-14 Hewlett Packard Co Apparatus and method for creating a trusted environment
JP4145118B2 (en) * 2001-11-26 2008-09-03 松下電器産業株式会社 Application authentication system
GB0129596D0 (en) * 2001-12-11 2002-01-30 Nokia Corp Risk detection
US7680743B2 (en) 2002-05-15 2010-03-16 Microsoft Corporation Software application protection by way of a digital rights management (DRM) system
US7296154B2 (en) * 2002-06-24 2007-11-13 Microsoft Corporation Secure media path methods, systems, and architectures
US20040139312A1 (en) 2003-01-14 2004-07-15 General Instrument Corporation Categorization of host security levels based on functionality implemented inside secure hardware
US7290149B2 (en) * 2003-03-03 2007-10-30 Microsoft Corporation Verbose hardware identification for binding a software package to a computer system having tolerance for hardware changes
US7137002B2 (en) * 2003-03-24 2006-11-14 Lucent Technologies Inc. Differential authentication entity validation scheme for international emergency telephone service
US8041957B2 (en) * 2003-04-08 2011-10-18 Qualcomm Incorporated Associating software with hardware using cryptography
CA2836758C (en) 2003-05-23 2017-06-27 Roger D. Chamberlain Intelligent data processing system and method using fpga devices
US10572824B2 (en) 2003-05-23 2020-02-25 Ip Reservoir, Llc System and method for low latency multi-functional pipeline with correlation logic and selectively activated/deactivated pipelined data processing engines
GB2404536B (en) * 2003-07-31 2007-02-28 Hewlett Packard Development Co Protection of data
GB2404537B (en) * 2003-07-31 2007-03-14 Hewlett Packard Development Co Controlling access to data
US8037515B2 (en) 2003-10-29 2011-10-11 Qualcomm Incorporated Methods and apparatus for providing application credentials
KR100982515B1 (en) 2004-01-08 2010-09-16 삼성전자주식회사 Apparatus and method for constraining the count of access to digital contents using a hash chain
US20050154921A1 (en) * 2004-01-09 2005-07-14 General Instruments Corporation Method and apparatus for providing a security profile
KR20050094273A (en) * 2004-03-22 2005-09-27 삼성전자주식회사 Digital rights management structure, handheld storage deive and contents managing method using handheld storage device
US20050235357A1 (en) * 2004-04-19 2005-10-20 Securemedia International Preventing cloning of high value software using embedded hardware and software functionality
US20060242406A1 (en) 2005-04-22 2006-10-26 Microsoft Corporation Protected computing environment
US8074287B2 (en) 2004-04-30 2011-12-06 Microsoft Corporation Renewable and individualizable elements of a protected environment
FR2872979A1 (en) * 2004-07-09 2006-01-13 France Telecom ACCESS SYSTEM CONTROLLING INFORMATION CONTAINED IN A TERMINAL
US8243925B2 (en) * 2004-10-18 2012-08-14 Syphermedia International, Inc. Method and apparatus for supporting multiple broadcasters independently using a single conditional access system
US10477151B2 (en) 2004-10-18 2019-11-12 Inside Secure Method and apparatus for supporting multiple broadcasters independently using a single conditional access system
US8347078B2 (en) 2004-10-18 2013-01-01 Microsoft Corporation Device certificate individualization
US8336085B2 (en) 2004-11-15 2012-12-18 Microsoft Corporation Tuning product policy using observed evidence of customer behavior
CN1633065B (en) * 2004-12-28 2010-05-12 华中师范大学 Method and system for secure distribution of network digital books with content monitoring
JP2008532177A (en) 2005-03-03 2008-08-14 ワシントン ユニヴァーシティー Method and apparatus for performing biological sequence similarity searches
JP4464297B2 (en) 2005-03-10 2010-05-19 パナソニック株式会社 Playback apparatus, playback method, and playback program
EP1866825A1 (en) 2005-03-22 2007-12-19 Hewlett-Packard Development Company, L.P. Methods, devices and data structures for trusted data
US9436804B2 (en) * 2005-04-22 2016-09-06 Microsoft Technology Licensing, Llc Establishing a unique session key using a hardware functionality scan
US9363481B2 (en) 2005-04-22 2016-06-07 Microsoft Technology Licensing, Llc Protected media pipeline
EP1884052A4 (en) * 2005-04-29 2011-03-23 Contentguard Holdings Inc Systems and methods for integrity certification and verification
US7921303B2 (en) 2005-11-18 2011-04-05 Qualcomm Incorporated Mobile security system and method
CN101341710B (en) * 2005-12-16 2013-06-05 诺基亚公司 Supporting for integrated WLAN hot customer terminal
WO2007076484A2 (en) * 2005-12-22 2007-07-05 Flory Clive F Method, system, and apparatus for the management of the electronic files
EP1826695A1 (en) * 2006-02-28 2007-08-29 Microsoft Corporation Secure content descriptions
EP1801720A1 (en) * 2005-12-22 2007-06-27 Microsoft Corporation Authorisation and authentication
JP4960023B2 (en) 2006-01-18 2012-06-27 株式会社Pfu Image reading apparatus, authentication method, evaluation system, evaluation method, and program
US7954114B2 (en) 2006-01-26 2011-05-31 Exegy Incorporated Firmware socket module for FPGA-based pipeline processing
GB0603781D0 (en) 2006-02-24 2006-04-05 Nokia Corp Application verification
US8379841B2 (en) 2006-03-23 2013-02-19 Exegy Incorporated Method and system for high throughput blockwise independent encryption/decryption
CN102982257B (en) * 2006-05-05 2016-06-22 交互数字技术公司 The method performing completeness of platform and DRM software integrity checking between RE and TE
US7970138B2 (en) * 2006-05-26 2011-06-28 Syphermedia International Method and apparatus for supporting broadcast efficiency and security enhancements
EP1873668A1 (en) * 2006-06-28 2008-01-02 Nokia Siemens Networks Gmbh & Co. Kg Integration of device integrity attestation into user authentication
US20080008321A1 (en) * 2006-07-10 2008-01-10 Syphermedia International, Inc. Conditional access enhancements using an always-on satellite backchannel link
US20080080711A1 (en) * 2006-09-28 2008-04-03 Syphermedia International, Inc. Dual conditional access module architecture and method and apparatus for controlling same
KR100823738B1 (en) * 2006-09-29 2008-04-21 한국전자통신연구원 Method for integrity attestation of a computing platform hiding its configuration information
US8296569B2 (en) * 2006-10-09 2012-10-23 Microsoft Corporation Content protection interoperability infrastructure
US8761393B2 (en) * 2006-10-13 2014-06-24 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services
US9277259B2 (en) 2006-10-13 2016-03-01 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services
GB0622149D0 (en) * 2006-11-07 2006-12-20 Singlepoint Holdings Ltd System and method to validate and authenticate digital data
US20080148253A1 (en) * 2006-12-15 2008-06-19 Microsoft Corporation Automatic software license reconciliation
US8639627B2 (en) * 2007-07-06 2014-01-28 Microsoft Corporation Portable digital rights for multiple devices
US8887298B2 (en) * 2007-07-13 2014-11-11 Microsoft Corporation Updating and validating documents secured cryptographically
WO2009029842A1 (en) 2007-08-31 2009-03-05 Exegy Incorporated Method and apparatus for hardware-accelerated encryption/decryption
CN100454324C (en) * 2007-09-21 2009-01-21 武汉大学 Embed type platform guiding of credible mechanism
CA2706888C (en) 2007-12-04 2018-01-16 Robert Evans Wetmore System for distributing digital media to exhibitors
US10229453B2 (en) 2008-01-11 2019-03-12 Ip Reservoir, Llc Method and system for low latency basket calculation
US8374986B2 (en) 2008-05-15 2013-02-12 Exegy Incorporated Method and system for accelerated stream processing
US9946848B2 (en) 2009-02-26 2018-04-17 International Business Machines Corporation Software protection using an installation product having an entitlement file
US8800057B2 (en) 2009-09-24 2014-08-05 Samsung Information Systems America, Inc. Secure content delivery system and method
KR20110045960A (en) * 2009-10-28 2011-05-04 엘지이노텍 주식회사 Electronic book termimal and system for downloading electronic document
US8521778B2 (en) * 2010-05-28 2013-08-27 Adobe Systems Incorporated Systems and methods for permissions-based profile repository service
US8515241B2 (en) 2011-07-07 2013-08-20 Gannaway Web Holdings, Llc Real-time video editing
US9047243B2 (en) 2011-12-14 2015-06-02 Ip Reservoir, Llc Method and apparatus for low latency data distribution
KR101311287B1 (en) * 2012-02-21 2013-09-25 주식회사 파수닷컴 Apparatus and method for generating e-book, and apparatus and method for verifying e-book integrity
US10121196B2 (en) 2012-03-27 2018-11-06 Ip Reservoir, Llc Offload processing of data packets containing financial market data
US11436672B2 (en) 2012-03-27 2022-09-06 Exegy Incorporated Intelligent switch for processing financial market data
US10650452B2 (en) 2012-03-27 2020-05-12 Ip Reservoir, Llc Offload processing of data packets
US9990393B2 (en) 2012-03-27 2018-06-05 Ip Reservoir, Llc Intelligent feed switch
US9633093B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US9633097B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for record pivoting to accelerate processing of data fields
WO2014066416A2 (en) 2012-10-23 2014-05-01 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
US9940446B2 (en) 2013-07-25 2018-04-10 Siemens Healthcare Diagnostics Inc. Anti-piracy protection for software
CN103685277B (en) * 2013-12-17 2016-08-17 南京大学 A kind of browser access safe web page guard method
GB2541577A (en) 2014-04-23 2017-02-22 Ip Reservoir Llc Method and apparatus for accelerated data translation
US10942943B2 (en) 2015-10-29 2021-03-09 Ip Reservoir, Llc Dynamic field data translation to support high performance stream data processing
US10496814B2 (en) * 2016-03-07 2019-12-03 Intertrust Technologies Corporation Software integrity checking systems and methods
CN105930721B (en) 2016-04-28 2018-11-23 北京小米移动软件有限公司 A kind of method and apparatus managing application program
EP3560135A4 (en) 2016-12-22 2020-08-05 IP Reservoir, LLC Pipelines for hardware-accelerated machine learning
US10733178B2 (en) 2018-08-01 2020-08-04 Saudi Arabian Oil Company Electronic document workflow
US10924933B2 (en) 2018-08-23 2021-02-16 Motorola Solutions, Inc. System and method for monitoring the integrity of a virtual assistant
CN111737657B (en) * 2020-06-16 2024-03-12 湖南省星岳天璇科技有限公司 Method for realizing authorization control on JAVA software based on license file

Citations (88)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3263158A (en) * 1963-08-15 1966-07-26 Motorola Inc Saturable reactor voltage control circuit
US3790700A (en) * 1971-12-17 1974-02-05 Hughes Aircraft Co Catv program control system
US3798605A (en) * 1971-06-30 1974-03-19 Ibm Centralized verification system
US4159468A (en) * 1977-11-17 1979-06-26 Burroughs Corporation Communications line authentication device
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4323921A (en) * 1979-02-06 1982-04-06 Etablissement Public De Diffusion Dit "Telediffusion De France" System for transmitting information provided with means for controlling access to the information transmitted
US4442486A (en) * 1981-11-25 1984-04-10 U.S. Philips Corporation Protected programmable apparatus
US4529870A (en) * 1980-03-10 1985-07-16 David Chaum Cryptographic identification, financial transaction, and credential device
US4593376A (en) * 1983-04-21 1986-06-03 Volk Larry N System for vending program cartridges which have circuitry for inhibiting program usage after preset time interval expires
US4644493A (en) * 1984-09-14 1987-02-17 International Business Machines Corporation Implementing a shared higher level of privilege on personal computers for copy protection of software
US4658093A (en) * 1983-07-11 1987-04-14 Hellman Martin E Software distribution system
US4796220A (en) * 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4817140A (en) * 1986-11-05 1989-03-28 International Business Machines Corp. Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
US4891838A (en) * 1985-11-04 1990-01-02 Dental Data Service, Inc. Computer accessing system
US4924378A (en) * 1988-06-13 1990-05-08 Prime Computer, Inc. License mangagement system and license storage key
US4932054A (en) * 1988-09-16 1990-06-05 Chou Wayne W Method and apparatus for protecting computer software utilizing coded filter network in conjunction with an active coded hardware device
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US4949187A (en) * 1988-12-16 1990-08-14 Cohen Jason M Video communications system having a remotely controlled central source of video and audio data
US4953209A (en) * 1988-10-31 1990-08-28 International Business Machines Corp. Self-verifying receipt and acceptance system for electronically delivered data objects
US4999806A (en) * 1987-09-04 1991-03-12 Fred Chernow Software distribution system
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US5023907A (en) * 1988-09-30 1991-06-11 Apollo Computer, Inc. Network license server
US5103476A (en) * 1990-11-07 1992-04-07 Waite David P Secure system for activating personal computer software at remote locations
US5113519A (en) * 1989-05-15 1992-05-12 International Business Machines Corporation Maintenance of file attributes in a distributed data processing system
US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5183404A (en) * 1992-04-08 1993-02-02 Megahertz Corporation Systems for connection of physical/electrical media connectors to computer communications cards
US5191193A (en) * 1989-10-13 1993-03-02 Gemplus Card International System of payment or information transfer by money card with electronic memory
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5222134A (en) * 1990-11-07 1993-06-22 Tau Systems Corporation Secure system for activating personal computer software at remote locations
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5287408A (en) * 1992-08-31 1994-02-15 Autodesk, Inc. Apparatus and method for serializing and validating copies of computer software
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
US5301231A (en) * 1992-02-12 1994-04-05 International Business Machines Corporation User defined function facility
US5311591A (en) * 1992-05-15 1994-05-10 Fischer Addison M Computer system security method and apparatus for creating and using program authorization information data structures
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5337357A (en) * 1993-06-17 1994-08-09 Software Security, Inc. Method of software distribution protection
US5381526A (en) * 1992-09-11 1995-01-10 Eastman Kodak Company Method and apparatus for storing and retrieving generalized image data
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
US5394469A (en) * 1994-02-18 1995-02-28 Infosafe Systems, Inc. Method and apparatus for retrieving secure information from mass storage media
US5410598A (en) * 1986-10-14 1995-04-25 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US5414852A (en) * 1992-10-30 1995-05-09 International Business Machines Corporation Method for protecting data in a computer system
US5428606A (en) * 1993-06-30 1995-06-27 Moskowitz; Scott A. Digital information commodities exchange
US5432849A (en) * 1990-08-22 1995-07-11 International Business Machines Corporation Secure cryptographic operations using control vectors generated inside a cryptographic facility
US5499298A (en) * 1994-03-17 1996-03-12 National University Of Singapore Controlled dissemination of digital information
US5504818A (en) * 1991-04-19 1996-04-02 Okano; Hirokazu Information processing system using error-correcting codes and cryptography
US5504837A (en) * 1993-05-10 1996-04-02 Bell Communications Research, Inc. Method for resolving conflicts among distributed entities through the generation of counter proposals by transversing a goal hierarchy with acceptable, unacceptable, and indeterminate nodes
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
US5509070A (en) * 1992-12-15 1996-04-16 Softlock Services Inc. Method for encouraging purchase of executable and non-executable software
US5530235A (en) * 1995-02-16 1996-06-25 Xerox Corporation Interactive contents revealing storage device
US5532920A (en) * 1992-04-29 1996-07-02 International Business Machines Corporation Data processing system and method to enforce payment of royalties when copying softcopy books
US5534975A (en) * 1995-05-26 1996-07-09 Xerox Corporation Document processing system utilizing document service cards to provide document processing services
US5619570A (en) * 1992-10-16 1997-04-08 Sony Corporation Information furnishing and collection system
US5621797A (en) * 1994-04-28 1997-04-15 Citibank, N.A. Electronic ticket presentation and transfer method
US5625690A (en) * 1993-11-15 1997-04-29 Lucent Technologies Inc. Software pay per use system
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5633932A (en) * 1995-12-19 1997-05-27 Intel Corporation Apparatus and method for preventing disclosure through user-authentication at a printing node
US5634012A (en) * 1994-11-23 1997-05-27 Xerox Corporation System for controlling the distribution and use of digital works having a fee reporting mechanism
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5638513A (en) * 1993-12-22 1997-06-10 Ananda; Mohan Secure software rental system using continuous asynchronous password verification
US5649013A (en) * 1994-12-23 1997-07-15 Compuserve Incorporated Royalty tracking method and apparatus
US5708717A (en) * 1995-11-29 1998-01-13 Alasia; Alfred Digital anti-counterfeiting software method and apparatus
US5715403A (en) * 1994-11-23 1998-02-03 Xerox Corporation System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
US5734823A (en) * 1991-11-04 1998-03-31 Microtome, Inc. Systems and apparatus for electronic communication and storage of information
US5734891A (en) * 1991-11-04 1998-03-31 Saigh; Michael M. Systems and apparatus for electronic communication and storage of time encoded information
US5737413A (en) * 1992-04-24 1998-04-07 Fujitsu Limited Information distribution system wherein storage medium storing ciphered information is distributed
US5737416A (en) * 1994-04-25 1998-04-07 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US5745569A (en) * 1996-01-17 1998-04-28 The Dice Company Method for stega-cipher protection of computer code
US5748783A (en) * 1995-05-08 1998-05-05 Digimarc Corporation Method and apparatus for robust information coding
US5757907A (en) * 1994-04-25 1998-05-26 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US5761686A (en) * 1996-06-27 1998-06-02 Xerox Corporation Embedding encoded information in an iconic version of a text image
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5768426A (en) * 1993-11-18 1998-06-16 Digimarc Corporation Graphics processing system employing embedded code signals
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5910987A (en) * 1995-02-13 1999-06-08 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
US6073089A (en) * 1997-10-22 2000-06-06 Baker; Michelle Systems and methods for adaptive profiling, fault detection, and alert generation in a changing environment which is measurable by at least two different measures of state
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US6233684B1 (en) * 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
US6240185B1 (en) * 1996-08-12 2001-05-29 Intertrust Technologies Corporation Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US6266618B1 (en) * 1997-12-15 2001-07-24 Elf Exploration Production Method for automatic detection of planar heterogeneities crossing the stratification of an environment
US6405317B1 (en) * 1998-01-30 2002-06-11 International Business Machines Corporation Security module for a transaction processing system
US7243236B1 (en) * 1999-07-29 2007-07-10 Intertrust Technologies Corp. Systems and methods for using cryptography to protect secure and insecure computing environments

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3609697A (en) 1968-10-21 1971-09-28 Ibm Program security device
US4220991A (en) 1977-10-08 1980-09-02 Tokyo Electric Co., Ltd. Electronic cash register with removable memory packs for cashier identification
US4558176A (en) 1982-09-20 1985-12-10 Arnold Mark G Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software
US4614861A (en) 1984-11-15 1986-09-30 Intellicard International, Inc. Unitary, self-contained card verification and validation system and method
US4713753A (en) 1985-02-21 1987-12-15 Honeywell Inc. Secure data processing system architecture with format control
EP0252646B1 (en) 1986-07-07 1993-09-29 Semiconductor Energy Laboratory Co., Ltd. Paperless portable book
US4977594A (en) 1986-10-14 1990-12-11 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US5047928A (en) 1986-10-24 1991-09-10 Wiedemer John D Billing system for computer software
US4868376A (en) 1987-05-15 1989-09-19 Smartcard International Inc. Intelligent portable interactive personal data system
US4975647A (en) 1987-06-01 1990-12-04 Nova Biomedical Corporation Controlling machine operation with respect to consumable accessory units
US4961142A (en) 1988-06-29 1990-10-02 Mastercard International, Inc. Multi-issuer transaction device with individual identification verification plug-in application modules for each issuer
US5247575A (en) 1988-08-16 1993-09-21 Sprague Peter J Information distribution system
DE3903454A1 (en) 1988-12-12 1990-06-13 Raymund H Eisele ELEMENT INSERTABLE IN IT FACILITIES
US5347579A (en) 1989-07-05 1994-09-13 Blandford Robert R Personal computer diary
US5148481A (en) 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
FR2653914A1 (en) 1989-10-27 1991-05-03 Trt Telecom Radio Electr SYSTEM FOR AUTHENTICATING A MICROCIRCUIT CARD BY A PERSONAL MICROCOMPUTER, AND METHOD FOR ITS IMPLEMENTATION
US5263157A (en) 1990-02-15 1993-11-16 International Business Machines Corporation Method and system for providing user access control within a distributed data processing system by the exchange of access control profiles
US5263158A (en) 1990-02-15 1993-11-16 International Business Machines Corporation Method and system for variable authority level user access control in a distributed data processing system having multiple resource manager
US5058164A (en) 1990-05-03 1991-10-15 National Semiconductor Corp. Encryption of streams of addressed information to be used for program code protection
US5052040A (en) 1990-05-25 1991-09-24 Micronyx, Inc. Multiple user stored data cryptographic labeling system and method
US5255106A (en) 1991-02-05 1993-10-19 International Integrated Communications, Ltd. Method and apparatus for delivering secured hard-copy facsimile documents
US5260999A (en) 1991-06-28 1993-11-09 Digital Equipment Corporation Filters in license management system
US5438508A (en) 1991-06-28 1995-08-01 Digital Equipment Corporation License document interchange format for license management system
US5453601A (en) 1991-11-15 1995-09-26 Citibank, N.A. Electronic-monetary system
US5341429A (en) 1992-12-04 1994-08-23 Testdrive Corporation Transformation of ephemeral material
IL110891A (en) 1993-09-14 1999-03-12 Spyrus System and method for data access control
CA2129075C (en) 1993-10-18 1999-04-20 Joseph J. Daniele Electronic copyright royalty accounting system using glyphs
US6135646A (en) * 1993-10-22 2000-10-24 Corporation For National Research Initiatives System for uniquely and persistently identifying, managing, and tracking digital objects
US5455953A (en) 1993-11-03 1995-10-03 Wang Laboratories, Inc. Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket
US5473687A (en) 1993-12-29 1995-12-05 Infosafe Systems, Inc. Method for retrieving secure information from a database
US5563946A (en) 1994-04-25 1996-10-08 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for passing encrypted files between data processing systems
US5473692A (en) 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5655077A (en) 1994-12-13 1997-08-05 Microsoft Corporation Method and system for authenticating access to heterogeneous computing services
US6006332A (en) * 1996-10-21 1999-12-21 Case Western Reserve University Rights management system for digital media
BR9714601A (en) * 1997-03-21 2002-09-10 Canal Plus Sa Broadcast and reception system and conditional access system for same
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system

Patent Citations (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3263158A (en) * 1963-08-15 1966-07-26 Motorola Inc Saturable reactor voltage control circuit
US3798605A (en) * 1971-06-30 1974-03-19 Ibm Centralized verification system
US3790700A (en) * 1971-12-17 1974-02-05 Hughes Aircraft Co Catv program control system
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4159468A (en) * 1977-11-17 1979-06-26 Burroughs Corporation Communications line authentication device
US4323921A (en) * 1979-02-06 1982-04-06 Etablissement Public De Diffusion Dit "Telediffusion De France" System for transmitting information provided with means for controlling access to the information transmitted
US4529870A (en) * 1980-03-10 1985-07-16 David Chaum Cryptographic identification, financial transaction, and credential device
US4442486A (en) * 1981-11-25 1984-04-10 U.S. Philips Corporation Protected programmable apparatus
US4593376A (en) * 1983-04-21 1986-06-03 Volk Larry N System for vending program cartridges which have circuitry for inhibiting program usage after preset time interval expires
US4658093A (en) * 1983-07-11 1987-04-14 Hellman Martin E Software distribution system
US4644493A (en) * 1984-09-14 1987-02-17 International Business Machines Corporation Implementing a shared higher level of privilege on personal computers for copy protection of software
US4891838A (en) * 1985-11-04 1990-01-02 Dental Data Service, Inc. Computer accessing system
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US5410598A (en) * 1986-10-14 1995-04-25 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
US4817140A (en) * 1986-11-05 1989-03-28 International Business Machines Corp. Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
US4796220A (en) * 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4999806A (en) * 1987-09-04 1991-03-12 Fred Chernow Software distribution system
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US4924378A (en) * 1988-06-13 1990-05-08 Prime Computer, Inc. License mangagement system and license storage key
US4932054A (en) * 1988-09-16 1990-06-05 Chou Wayne W Method and apparatus for protecting computer software utilizing coded filter network in conjunction with an active coded hardware device
US5023907A (en) * 1988-09-30 1991-06-11 Apollo Computer, Inc. Network license server
US4953209A (en) * 1988-10-31 1990-08-28 International Business Machines Corp. Self-verifying receipt and acceptance system for electronically delivered data objects
US4949187A (en) * 1988-12-16 1990-08-14 Cohen Jason M Video communications system having a remotely controlled central source of video and audio data
US5113519A (en) * 1989-05-15 1992-05-12 International Business Machines Corporation Maintenance of file attributes in a distributed data processing system
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
US5191193A (en) * 1989-10-13 1993-03-02 Gemplus Card International System of payment or information transfer by money card with electronic memory
US5432849A (en) * 1990-08-22 1995-07-11 International Business Machines Corporation Secure cryptographic operations using control vectors generated inside a cryptographic facility
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
US5103476A (en) * 1990-11-07 1992-04-07 Waite David P Secure system for activating personal computer software at remote locations
US5222134A (en) * 1990-11-07 1993-06-22 Tau Systems Corporation Secure system for activating personal computer software at remote locations
US5504818A (en) * 1991-04-19 1996-04-02 Okano; Hirokazu Information processing system using error-correcting codes and cryptography
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5734891A (en) * 1991-11-04 1998-03-31 Saigh; Michael M. Systems and apparatus for electronic communication and storage of time encoded information
US5734823A (en) * 1991-11-04 1998-03-31 Microtome, Inc. Systems and apparatus for electronic communication and storage of information
US5301231A (en) * 1992-02-12 1994-04-05 International Business Machines Corporation User defined function facility
US5183404A (en) * 1992-04-08 1993-02-02 Megahertz Corporation Systems for connection of physical/electrical media connectors to computer communications cards
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5502766A (en) * 1992-04-17 1996-03-26 Secure Computing Corporation Data enclave and trusted path system
US5737413A (en) * 1992-04-24 1998-04-07 Fujitsu Limited Information distribution system wherein storage medium storing ciphered information is distributed
US5532920A (en) * 1992-04-29 1996-07-02 International Business Machines Corporation Data processing system and method to enforce payment of royalties when copying softcopy books
US5412717A (en) * 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5311591A (en) * 1992-05-15 1994-05-10 Fischer Addison M Computer system security method and apparatus for creating and using program authorization information data structures
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5287408A (en) * 1992-08-31 1994-02-15 Autodesk, Inc. Apparatus and method for serializing and validating copies of computer software
US5381526A (en) * 1992-09-11 1995-01-10 Eastman Kodak Company Method and apparatus for storing and retrieving generalized image data
US5619570A (en) * 1992-10-16 1997-04-08 Sony Corporation Information furnishing and collection system
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5414852A (en) * 1992-10-30 1995-05-09 International Business Machines Corporation Method for protecting data in a computer system
US5509070A (en) * 1992-12-15 1996-04-16 Softlock Services Inc. Method for encouraging purchase of executable and non-executable software
US5504837A (en) * 1993-05-10 1996-04-02 Bell Communications Research, Inc. Method for resolving conflicts among distributed entities through the generation of counter proposals by transversing a goal hierarchy with acceptable, unacceptable, and indeterminate nodes
US5337357A (en) * 1993-06-17 1994-08-09 Software Security, Inc. Method of software distribution protection
US5539735A (en) * 1993-06-30 1996-07-23 Moskowitz; Scott A. Digital information commodities exchange
US5428606A (en) * 1993-06-30 1995-06-27 Moskowitz; Scott A. Digital information commodities exchange
US5625690A (en) * 1993-11-15 1997-04-29 Lucent Technologies Inc. Software pay per use system
US5768426A (en) * 1993-11-18 1998-06-16 Digimarc Corporation Graphics processing system employing embedded code signals
US5638513A (en) * 1993-12-22 1997-06-10 Ananda; Mohan Secure software rental system using continuous asynchronous password verification
US5394469A (en) * 1994-02-18 1995-02-28 Infosafe Systems, Inc. Method and apparatus for retrieving secure information from mass storage media
US5499298A (en) * 1994-03-17 1996-03-12 National University Of Singapore Controlled dissemination of digital information
US5757907A (en) * 1994-04-25 1998-05-26 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US5737416A (en) * 1994-04-25 1998-04-07 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
US5621797A (en) * 1994-04-28 1997-04-15 Citibank, N.A. Electronic ticket presentation and transfer method
US5634012A (en) * 1994-11-23 1997-05-27 Xerox Corporation System for controlling the distribution and use of digital works having a fee reporting mechanism
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5715403A (en) * 1994-11-23 1998-02-03 Xerox Corporation System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5649013A (en) * 1994-12-23 1997-07-15 Compuserve Incorporated Royalty tracking method and apparatus
US6237786B1 (en) * 1995-02-13 2001-05-29 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6363488B1 (en) * 1995-02-13 2002-03-26 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6389402B1 (en) * 1995-02-13 2002-05-14 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6253193B1 (en) * 1995-02-13 2001-06-26 Intertrust Technologies Corporation Systems and methods for the secure transaction management and electronic rights protection
US5910987A (en) * 1995-02-13 1999-06-08 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5915019A (en) * 1995-02-13 1999-06-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5917912A (en) * 1995-02-13 1999-06-29 Intertrust Technologies Corporation System and methods for secure transaction management and electronic rights protection
US6185683B1 (en) * 1995-02-13 2001-02-06 Intertrust Technologies Corp. Trusted and secure techniques, systems and methods for item delivery and execution
US5530235A (en) * 1995-02-16 1996-06-25 Xerox Corporation Interactive contents revealing storage device
US5748783A (en) * 1995-05-08 1998-05-05 Digimarc Corporation Method and apparatus for robust information coding
US5534975A (en) * 1995-05-26 1996-07-09 Xerox Corporation Document processing system utilizing document service cards to provide document processing services
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5708717A (en) * 1995-11-29 1998-01-13 Alasia; Alfred Digital anti-counterfeiting software method and apparatus
US5633932A (en) * 1995-12-19 1997-05-27 Intel Corporation Apparatus and method for preventing disclosure through user-authentication at a printing node
US5745569A (en) * 1996-01-17 1998-04-28 The Dice Company Method for stega-cipher protection of computer code
US5761686A (en) * 1996-06-27 1998-06-02 Xerox Corporation Embedding encoded information in an iconic version of a text image
US6240185B1 (en) * 1996-08-12 2001-05-29 Intertrust Technologies Corporation Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6233684B1 (en) * 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
US6073089A (en) * 1997-10-22 2000-06-06 Baker; Michelle Systems and methods for adaptive profiling, fault detection, and alert generation in a changing environment which is measurable by at least two different measures of state
US6266618B1 (en) * 1997-12-15 2001-07-24 Elf Exploration Production Method for automatic detection of planar heterogeneities crossing the stratification of an environment
US6405317B1 (en) * 1998-01-30 2002-06-11 International Business Machines Corporation Security module for a transaction processing system
US6345256B1 (en) * 1998-08-13 2002-02-05 International Business Machines Corporation Automated method and apparatus to package digital content for electronic distribution using the identity of the source content
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US7243236B1 (en) * 1999-07-29 2007-07-10 Intertrust Technologies Corp. Systems and methods for using cryptography to protect secure and insecure computing environments

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7552222B2 (en) * 2001-10-18 2009-06-23 Bea Systems, Inc. Single system user identity
US20030079029A1 (en) * 2001-10-18 2003-04-24 Sandilya Garimella Single system user identity
US20060075140A1 (en) * 2002-11-27 2006-04-06 Sobel William E Client compliancy in a NAT environment
US20060130139A1 (en) * 2002-11-27 2006-06-15 Sobel William E Client compliancy with self-policing clients
US7836501B2 (en) * 2002-11-27 2010-11-16 Symantec Corporation Client compliancy with self-policing clients
US7827607B2 (en) * 2002-11-27 2010-11-02 Symantec Corporation Enhanced client compliancy using database of security sensor data
US7694343B2 (en) * 2002-11-27 2010-04-06 Symantec Corporation Client compliancy in a NAT environment
US20050022034A1 (en) * 2003-07-25 2005-01-27 International Business Machines Corporation Method and system for user authentication and identification using behavioral and emotional association consistency
US7249263B2 (en) * 2003-07-25 2007-07-24 International Business Machines Corporation Method and system for user authentication and identification using behavioral and emotional association consistency
US20070107043A1 (en) * 2005-11-09 2007-05-10 Keith Newstadt Dynamic endpoint compliance policy configuration
US7805752B2 (en) 2005-11-09 2010-09-28 Symantec Corporation Dynamic endpoint compliance policy configuration
US8763076B1 (en) 2006-06-30 2014-06-24 Symantec Corporation Endpoint management using trust rating data
US20080086458A1 (en) * 2006-09-15 2008-04-10 Icebreaker, Inc. Social interaction tagging
US10031830B2 (en) * 2006-10-13 2018-07-24 International Business Machines Corporation Apparatus, system, and method for database management extensions
US20080091978A1 (en) * 2006-10-13 2008-04-17 Stephen Andrew Brodsky Apparatus, system, and method for database management extensions
US10379888B2 (en) 2007-03-30 2019-08-13 Intel Corporation Adaptive integrity verification of software and authorization of memory access
US9710293B2 (en) * 2007-03-30 2017-07-18 Intel Corporation Adaptive integrity verification of software using integrity manifest of pre-defined authorized software listing
US20130055391A1 (en) * 2007-03-30 2013-02-28 Ravi Sahita Method and apparatus for adaptive integrity measurement of computer software
US20080319959A1 (en) * 2007-06-22 2008-12-25 International Business Machines Corporation Generating information on database queries in source code into object code compiled from the source code
US8145655B2 (en) 2007-06-22 2012-03-27 International Business Machines Corporation Generating information on database queries in source code into object code compiled from the source code
US20090144837A1 (en) * 2007-11-30 2009-06-04 Huff David P Systems and methods for software application certification service
US8997054B2 (en) * 2007-11-30 2015-03-31 Red Hat, Inc. Software application certification service
US9779234B2 (en) * 2008-06-18 2017-10-03 Symantec Corporation Software reputation establishment and monitoring system and method
US20090319998A1 (en) * 2008-06-18 2009-12-24 Sobel William E Software reputation establishment and monitoring system and method
US20160191486A1 (en) * 2008-10-16 2016-06-30 Verisign, Inc. Transparent client authentication
US20100287547A1 (en) * 2009-05-08 2010-11-11 Samsung Electronics Co., Ltd. System and method for verifying integrity of software package in mobile terminal
US9832651B2 (en) * 2009-05-08 2017-11-28 Samsung Electronics Co., Ltd System and method for verifying integrity of software package in mobile terminal
US20140122897A1 (en) * 2011-12-31 2014-05-01 Rakesh Dodeja Securing device environment for trust provisioning
CN104160405A (en) * 2011-12-31 2014-11-19 英特尔公司 Securing device environment for trust provisioning
EP2798566B1 (en) * 2011-12-31 2019-10-09 Intel Corporation Securing device environment for trust provisioning
US20140325047A1 (en) * 2012-09-12 2014-10-30 Empire Technology Development Llc Compound certifications for assurance without revealing infrastructure
US9210051B2 (en) * 2012-09-12 2015-12-08 Empire Technology Development Llc Compound certifications for assurance without revealing infrastructure
CN104620278A (en) * 2012-09-12 2015-05-13 英派尔科技开发有限公司 Compound certifications for assurance without revealing infrastructure
US9135436B2 (en) * 2012-10-19 2015-09-15 The Aerospace Corporation Execution stack securing process
US20140115689A1 (en) * 2012-10-19 2014-04-24 The Aerospace Corporation Execution stack securing process
WO2014116769A1 (en) * 2013-01-23 2014-07-31 Mcafee Inc. System and method for an endpoint hardware assisted network firewall in a security environment
US9560014B2 (en) 2013-01-23 2017-01-31 Mcafee, Inc. System and method for an endpoint hardware assisted network firewall in a security environment
US10103892B2 (en) 2013-01-23 2018-10-16 Mcafee, Llc System and method for an endpoint hardware assisted network firewall in a security environment
TWI502342B (en) * 2013-03-08 2015-10-01 Chunghwa Telecom Co Ltd Method and system for automatic synchronization of dual - track test
US20150121072A1 (en) * 2013-10-30 2015-04-30 Electronics And Telecommunications Research Institute Object verification apparatus and its integrity authentication method
US20170230420A1 (en) * 2014-06-26 2017-08-10 Olivier Joffray Method for protecting intangible assets in telecommunications networks
US10454972B2 (en) * 2014-06-26 2019-10-22 Olivier Joffray Method for protecting intangible assets in telecommunications networks
WO2016001814A1 (en) * 2014-07-02 2016-01-07 Indian Institute Of Technology Madras System and method for determining the behavioral integrity of an application
US20170034245A1 (en) * 2015-07-29 2017-02-02 Yahoo Japan Corporation Transferring device and transferring system
US10149166B2 (en) 2016-01-14 2018-12-04 Blackberry Limited Verifying a certificate
US11240044B2 (en) 2018-11-22 2022-02-01 International Business Machines Corporation Verifying purpose of data usage at sub-application granularity
US11586777B2 (en) * 2019-10-28 2023-02-21 Robert Bosch Gmbh Device, system and method for verifying an integrity status of a device

Also Published As

Publication number Publication date
AU2001285298B2 (en) 2005-09-08
CN1953459A (en) 2007-04-25
WO2002019598A3 (en) 2002-06-13
WO2002019598A2 (en) 2002-03-07
DE60119326T2 (en) 2006-08-31
CN1291326C (en) 2006-12-20
MXPA03001761A (en) 2003-06-04
EP1301863B1 (en) 2006-05-03
JP2004507845A (en) 2004-03-11
JP3671178B2 (en) 2005-07-13
CN1449523A (en) 2003-10-15
CA2419863A1 (en) 2002-03-07
ATE325384T1 (en) 2006-06-15
US6931545B1 (en) 2005-08-16
KR20030040427A (en) 2003-05-22
BR0113572A (en) 2003-07-15
EP1301863A2 (en) 2003-04-16
EP1301863A4 (en) 2003-07-02
DE60119326D1 (en) 2006-06-08
AU8529801A (en) 2002-03-13
KR100402071B1 (en) 2003-10-17
CA2419863C (en) 2006-04-25

Similar Documents

Publication Publication Date Title
US20050262086A1 (en) Systems and methods for integrity certification and verification
AU2001285298A1 (en) Systems and methods for integrity certification and verification of content consumption environments
EP1477879B1 (en) Tying a digital license to a user and tying the user to multiple computing devices in a digital rights management (DRM) system
US7424606B2 (en) System and method for authenticating an operating system
US7991995B2 (en) Method and apparatus for protecting information and privacy
US6327652B1 (en) Loading and identifying a digital rights management operating system
US7305366B2 (en) Content revocation and license modification in a digital rights management (DRM) system on a computing device
KR100949657B1 (en) Using a flexible rights template to obtain a signed rights labelsrl for digital content in a rights management system
US9906509B2 (en) Method for offline DRM authentication and a system thereof
US20030079133A1 (en) Method and system for digital rights management in content distribution application
US20030095660A1 (en) System and method for protecting digital works on a communication network
US20070219917A1 (en) Digital License Sharing System and Method
NO332664B1 (en) Procedure for Using a Rights Template to Obtain a Signed Rights Mark (SRL) for Digital Content in a Digital Rights Management System
WO1997050036A1 (en) Computationally efficient method for trusted and dynamic digital objects dissemination
EP1884052A1 (en) Systems and methods for integrity certification and verification
US8353049B2 (en) Separating keys and policy for consuming content
US20050060544A1 (en) System and method for digital content management and controlling copyright protection
WO2020085226A1 (en) Control method, content management system, program, and data structure
JP2003256596A (en) Copyright protected content delivery method and system, copyright protection management method, copyright protection management terminal, program and storage medium

Legal Events

Date Code Title Description
AS Assignment

Owner name: CONTENT GUARD HOLDINGS, INC., DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TA, THANH;WANG, XIN;TIEU, VINCENT HSIANG;AND OTHERS;REEL/FRAME:016801/0913;SIGNING DATES FROM 20050616 TO 20050705

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION