This invention relates to computer security, and more particularly, to ways of remotely controlling and authenticating computer data.
Many methods of secure communication between computers are well-known. Algorithms for encryption, authentication, random number generation, and related functions are described in U.S. National Institute for Technology Federal Information Processing Standards, and in other commonly available standards and publications. Some of the algorithms are the secure hashing algorithm (SHA-1), the advanced encryption standard (AES), and the digital signature algorithm (DSA). Some of the best methods are resistant to adaptive chosen ciphertext attacks by hostile intruders with enormous computer resources.
The Public Key Infrastructure (PKI) is a way of managing identifying credentials in a computer network. Each entity typically has a certificate with its name and public key signed by a certificate authority (CA). Certificates can be validated by checking signatures against root certificates, and also by checking lists of revoked certificates. X.509 certificates bind a distinguished name to a public key, for a given time interval, possibly with some constraints. X.509 certificates, and how they are used in a PKI, are described in IETF RFC 2459 and in the book Digital Certificates—Applied Internet Security, by Feghii, Feghii, and Williams. Addison-Wesley, 1999. A PKI can use RSA, DH/DSA, ECC or other public key algorithms.
Truly secure operating systems are difficult with current technology. Most computers today are susceptible to viruses and other problems. To reduce those problems, computers are being developed with trusted components. The trusted hardware might be the motherboard, cryptographic unit, keyboard, mouse, and a video display mode, so that the user can reliably have some tamper-resistant input and output. It might also include other peripherals. The trusted software is a trusted kernel that is a highly reliable part of the operating system. When the trusted kernel starts up, it verifies various hashes or certificates, and it is capable of attestation that a program is running in an environment with specified security properties. The attestation can take the form of hashes and certificates that can be validated elsewhere. A combination of hardware and software features may also protect certain program operations from interference by other programs, and provide sealed storage for programs running in the trusted environment. The Trusted Computing Platform Alliance (TCPA) issues specifications for trusted computing platforms, and their effort is described in the book Trusted Computing Platforms: TCPA Technology in Context, edited by Siani Pearson (Hewlett-Packard Books and Prentice-Hall, July 2002). U.S. Pat. Nos. 6,327,652 and 6,330,670 describe a digital rights management operating system that could act as a trusted platform. Other approaches may also be possible.
Secure distribution of electronic content presents some unusual challenges. In particular it is difficult to buy just one copy of a digital file because files are copied so easily on computers. Some digital rights management systems are described in U.S. Pat. Nos. 6,385,596, 6,427,140, and 6,445,797, and in US patent application 20020006204.
Many content distributors use some sort of technological copy protection scheme in order to help enforce license terms. Often it involves hiding special information, such as dates, serial numbers, cryptographic keys, usage counts, or other codes, on a disk in the consumer's own equipment. Another technique is to put the special information in a chip on a smart card or dongle that attaches to the device that is using the protected content.
These license enforcement mechanisms are subject to reverse engineering and other attacks. There is a need for a system of reliably and acceptably maintaining provider information on a consumer device, even in the face of consumer attacks.
One problem with licensors storing hidden codes on user equipment is that the codes are subject to accidental loss when there is a hardware failure, user mistake, virus attack, or unexpected conflict. Eg, the codes could be stored on a disk drive and the disk could fail. Users usually prefer to back up vital data to another medium, so as to guard against a loss. But if the user is allowed to back up the licensor codes, then he might be able to restore the licensor codes to another machine, or otherwise violate the license. Even restoring the codes to the same machine might lead to a violation because one of the codes might be a usage counter. Restoring a previous value of a usage counter might result in unlicensed usage because any usage between when the counter was backed up and restored would no longer be counted.
There is a need for a system that allows licensor codes to be backed up, but imposes conditions on restoration in order to thwart abuse.
The license requirements of content providers change over time. Vulnerabilities get exposed and exploited. There is a need for systems that are extensible and can be upgraded in the field.
Consumers want a system that is understandable, fair, voluntary, and respectful of privacy. There is a need for such a system. There is a need for a technological system that provides improved tools for effectively tracking and enforcing licenses on users. There is also a need for users to understand how their computers are being constrained.