`
`_
`
`'
`
`PCFIUS97/15243
`
`non-VDE aware application such as 608b could access only the ‘
`
`part of API 682 that provides an interface to other OS functions
`
`f 606, and therefore could not ‘access any VDE functions.
`
`Ul
`
`This ”translation“ feature of redirector 684 provides
`
`10
`
`.
`
`”transparency.“ It allows VDE functions tobe provided to the
`application 608( b) in a "transparent‘‘ way without requiring the
`‘application to become involved in the complexity and details
`associated with generating the one or more calls to VDE
`functions 604. This aspect of the ”transparenc_v“ features of ROS
`
`602 has at least two important advantages:
`(a) it allows applications not Written specifically for VDE
`
`functions 604 ("non-VDE aware applications“) to
`
`nevertheless access critical VDE functions; and
`
`15
`
`(b)
`
`it reduces the complexity of the interface between an
`
`application and ROS 602.
`
`-———3._
`Since the second advantage (reducing complexity) makes it
`
`easier for an application creator to produce applications, even
`
`"VDE aware“ applications 608a( 2) may be designed solthat some
`
`20
`
`calls invoking VDE functions 604 are requested at the level of an
`
`"other OS‘ functions“ call and then "translated" by redirector 684
`into a VDE function. call (in this sense, redirector 684 may be
`
`considered a part of API 682). Figure 11C shows an example of
`
`-270-
`
`Petitioner Apple Inc. —v Exhibit 1006, p. 1001
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1001
`
`
`
`WO 98/09209
`
`PCT/US9'H 15243
`
`this. ‘Other calls invoking VDE functions 604 may be passed
`
`directly without translation by redirector 684.
`
`Referring again to Figure 10, ROS 620 may also include an
`
`on
`
`“interceptor” 692 that transmits and/or receives one or more real
`
`time data feeds 694 (this may be provided over cable(s) 628 for
`
`example), and routes one or more such data feeds appropriately
`
`while providing "translation“ functions for real time data sent
`
`and/or received by electronic appliance 600 to allow _
`
`10
`
`”transparency“ for this type of information analogous to the
`
`transparency provided by redirector 684 (and/or it may generate
`
`one or more real time data feeds).
`
`Secure ROS Components and Component Assemblies
`
`15
`
`‘As discussed above, ROS 602 in the preferred embodiment
`
`is a component-based architecture. ROS VDE functions 604 may
`
`be based on segmented. independently loadable executable
`
`"component assemblies“ 690; These component assemblies 690
`
`are independently securely deliverable. The component
`
`20
`
`assemblies 690 provided by the preferred embodiment comprise
`
`code and data elements that are themselves independently
`
`deliverable. Thus, each component assembly 690 provided by the
`
`' preferred embodiment is comprised of independently securely
`
`deliverable elements which may be communicated using VDE
`
`-271-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1002
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1002
`
`
`
`wo 93,092.39
`
`0
`
`PCIIUS97/15243
`
`secure communication techniques. between VDE secure
`
`subsystems.
`
`These component assemblies 600 are the basic functional
`
`5
`
`unit provided by ROS 602. The component assemblies 690 are
`
`executed to perform operating system or application tasks. Thus,
`
`some component assemblies 690 may be considered
`
`be pa.rt of
`
`the ROS operating system 602, while other component
`
`assemblies may be considered to be "applications“ that run under
`
`p 10
`
`the support of the operating system. As with any system
`
`incorporating "applications“ and "operating systems,“ the
`
`boundary between these aspects of an overall system can be
`
`ambiguous- For example. commonly used "application“ functions
`
`(such as determining the structure and/or other attributes of a
`
`15
`
`content container) may be incorporated into an operating system.
`
`Furthermore, ”operating system“ functions (such as task
`
`management, or memory allocation) may be modified and/or
`
`replaced by an application. A common thread in the preferred
`
`embod.iment’s ROS 602 is that component assemblies 690
`
`20
`
`provide functions needed for a user to fulfill her intended
`
`activities, some of which may be "application-like“ and some of
`
`which may be "operating system-like.“
`
`-272-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1003
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1003
`
`
`
`WO 98/09209
`
`PCT/US97Il5243
`
`Components 690 are preferably designed to be easily
`
`separable and individually loadable. ROS 602 assembles these
`
`elements together into an executable component assembly 690
`
`prior to loading and executing the component assembly (e.g., in a
`
`0|
`
`secure operating environment such as SPE 503 and/or HPE 655).
`
`ROS 602 provides an element identification and referencing
`
`(mechanism that includes information necessary to automatically
`
`assemble elements into a component assembly 690 in a secure
`
`manner prior to. and/or during, execution.
`
`10
`
`ROS 602 application structures and control parameters
`
`used to form component assemblies 690 can be provided by
`
`different parties. Because the components forming component
`
`assemblies 690 are independently securely deliverable. they may
`
`15
`
`be delivered at different times and/or by different parties
`
`(“delivery" may take place within a local VDE secure subsystem,
`
`that is submission through the use of such a secure subsystem of
`
`control information by a chain of content control information
`
`handling participant for the preparation of a modified control
`
`20
`
`information set constitutes independent, secure delivery). For
`
`example, a content creator can produce a ‘R05 600 application
`
`that defines the circumstances required for licensing content
`
`contained within a VDE object 300. This application may
`
`reference structures provided by other parties. Such references
`
`-273-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1004
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1004
`
`
`
`WO 98/092053
`
`,
`
`‘
`
`PCT/US97/15243
`
`might, for example. take the form of a control path that uses
`
`content creator structures to meter user activities; and
`
`structures created/owned by a financial provider‘ to handle
`
`financial parts of a content distribution transaction (e.g.,
`
`OI
`
`defining a credit budget that must be present in a control
`
`structure to establish creditworthiness, audit processes which
`
`must be performed by the licensee, etc.). As another example, a
`distributor may give one usernmore favorable pricing than
`
`another user by delivering different data elements defining
`
`10
`
`pricing to different users. This attribute ofsupporting multiple
`
`party securely. independently deliverable control in.forrnation is
`
`fundamental to enabling electronic commerce. that is. defining of
`
`a content andjor appliance control information set that
`
`represents the requirements ofa collection ofindependent
`
`15
`
`parties such as content creators. other content providers,
`
`financial service providers, and/or users.
`
`In the preferred embodiment. ROS 602 assembles securely
`
`independently deliverable elements into a component assembly
`
`20
`
`690 based in part on context parameters (e.g., object, user).
`
`Thus", for example, ROS 602 may securely assemble different
`
`elements together to form different component assemblies 690
`
`for different users performing the same task on the same VDE
`
`object 300. Similarly, ROS 602 may assemble differing element
`
`-274-
`
`Petitioner Apple Inc. — Exhibit 1.006, p. 1005
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1005
`
`
`
`W0 98109209
`
`'
`
`A
`
`rcrrussv/15243
`
`sets which may include, that is reuse, one or more of the same
`
`components to form different component assemblies 690 for the
`
`same user performing the same task on different VDE objects
`
`300.
`
`The component assembly organization provided by ROS
`602 is ”recursive“ in that a component assembly 690 may
`comprise one or more component ”subassemblies“ that are
`themselves independently loadable and executable component
`assemblies 690. These component ”subassemblies“ may, in turn,
`
`be made of one or more component ”sub-sub-assemblies.“ In the
`
`general case. a component assembly 690 may include N levels of
`component subassemblies.
`I
`
`10
`
`15
`
`Thus, for example. a component assembly 690(k) that may
`
`includes a component subassembly 690(k + 1). Component
`
`subassembly 6900: + 1), in turn, may include a component sub- _
`
`sub-assembly 690(3),
`
`and so on to N-level subassembly 690(k +
`
`N). The ability of ROS 602 to build component assemblies 690
`
`20
`
`out of other component assemblies provides great advantages in
`
`terms of, for example, code/data reusability, and the ability to
`
`~ allow different parties to manage different parts of an overall
`
`component.
`
`-275-
`
`Petitioner Apple Inc. — Exhibit. 1006, p. 1006
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1006
`
`
`
`W0 9s,09209
`
`PCT/US97/1 5243
`
`Each component assembly 690 in the preferred
`
`embodiment is made of distinct components. Figures 11D-11H
`
`are abstract depictions of various distinct components that may
`be assembled to form a component assembly 690(k) showing
`
`OI
`
`Figure 111. These same components can be combined in
`
`different ways (e.g., with more or less components) to form
`
`diflerent component assemblies 690 providing completely
`different functional behavior. Figure 1’1J is
`abstract depiction
`of the same components being put together in a different way
`
`10
`
`(e.g., with additional components) to form a different component
`
`assembly 6900'). The component assemblies 690(k) and 6900)
`
`each include a common feature 691 that interlocks with a
`
`“channel” 594 defined by ROS 602. This "channel" 594
`
`assembles component assemblies 690 and interfaces them with
`
`15
`
`the (rest 00 ROS 602.
`
`ROS 602 generates component assemblies 690 in a secure
`
`manner. As shown graphically in Figures 111 and 11J, the
`
`20
`
`I
`
`different elements comprising a component-assembly 690 may be
`”interlocking“ in the sense that they can only go together in ways
`that are intended by the VDE participants who created the
`
`elements and/or specified the component assemblies. ROS 602
`
`includes security protections that can prevent an unauthorized
`
`person from modifying elements, and also prevent an
`
`-2'l6-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1007
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1007
`
`
`
`wo 93/09109
`
`PC!‘/US97/15243
`
`unauthorized person from substituting elements. One can
`
`picture an unauthorized person making a new element having
`
`the same ”shape"‘ as the one of the elements shown in Figures
`
`11D-11H, and then attempting to substitute the new element in
`
`_ 5
`
`place of the original element. Suppose one of the elements
`
`shown in Figure 11H establishes the price for using content
`
`within a VDE object 300. If an unauthorized person could
`
`substitute her own "price“ element for the price element intended
`
`by the VDE content distributor, then the person could establish a
`
`10
`
`price of zero instead of the price the content ‘distributor intended
`
`to charge. Similarly, if the element establishes an electronic
`
`credit card, then an ability to substitute a different element
`
`could have disastrous consequences in terms of allowing a person
`
`to charge her usage to someone else's (or a non-existent; credit
`
`15
`
`card. These are merely a few simple examples demonstrating
`
`the importance of ROS 602 ensuring that certain component
`
`assemblies 690 are formed in a secure manner. ROS 602
`
`provides a wide range of protections against a wide range of
`
`”threats“ to the secure handling and execution of component
`
`20
`
`assemblies 690.
`
`In the preferred embodiment, ROS 602 assembles
`
`component assemblies 690 based on the following types of
`
`elements:
`
`-277-
`
`Petitioner Apple Inc. — Exhibit 1006,
`
`1008
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1008
`
`
`
`WO 98109209
`
`PCT/US97l15243
`
`Permissions Records ("PERC“s) 808;
`
`Method ”Cores“ 1000;
`
`Load Modules 1100;
`
`Data Elements (e.g.. User Data Elements (”UDEs“) 1200
`
`(II
`
`and Method Data Elements (”MDEs“) 1202); and
`
`Other component assemblies 690.
`
`Briefly, a PERC 808 provided by the preferred
`
`embodiment is a record corresponding to a
`
`object 300 that ,
`
`10
`
`identifies to ROS 602. among other things, the elements ROS is
`
`to assemble together to form a component assembly 690. Thus
`
`PERC 808 in effect contains a “list of assembly instructions“ or a
`
`”plan“ specifying what elements ROS 602 is to assemble together
`
`into a component assembly and how the elements are to be
`
`15
`
`connected together. PERC 808 may itself contain data or other
`
`elements that are to become part of the component assembly 690.
`
`The PERC 808 may reference one or more method ”cores“
`
`1000’. A method core 1000’ may define a basic ”method“ 1000
`
`20
`
`(e.g., "control," ”billing,“ ”metering,“ etc.)
`
`In the preferred embodiment, a ”method“ 1-000 is a
`collection of basic instructions, and information related to basic '
`
`instructions, that provides context, data, requirements, and/or
`
`- 278_ -
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1009
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1009
`
`
`
`wo 93/09209
`
`PCT/US97Il5243
`
`relationships for use in performing, and/or preparing to perform, ‘
`
`'
`
`basic instructions in relation to the operation of one or more
`
`electronic appliances 600. Basic instructions may be comprised
`
`of, for example:
`
`-
`
`machine code of the type commonly usedlin the
`
`programming of computers; pseudo-code for use by ,
`
`an interpreter or other instruction processing
`
`program operating on a computer;
`
`a sequence of electronically represented logical
`
`operations for use with an electronic appliance 600;
`
`or other electronic representations of instructions,
`
`source code. object code. and/or pseudo code as those
`
`terms are commonly understood in the arts.
`
`-
`
`-
`
`5
`
`10
`
`15
`
`Information relating to said basic instructions may
`
`comprise, for example, data associated intrinsically with basic
`
`instructions such as for example, an identifier for the combined
`
`basic instructions and intrinsic data, addresses, constants,
`
`20
`
`and/or the like. The information may also, for example, include
`
`one or more of the following:
`
`-279-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1010
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1010
`
`
`
`WO 98/09209
`
`PCT/US97Il5243
`
`-
`
`information that identifies associated basic
`
`U1
`
`10
`
`15
`
`instructions and said intrinsic data for access,
`
`correlation and/or validation purposes;
`
`required and/or optional parameters for use with
`
`basic instructions and said intrinsic data;
`
`information defining relationships to other methods;
`T data elements that may comprise data values, fields
`
`of information, and/or the like;
`
`information specifying and/or defining relationships
`
`among data elements, basic instructions and/or
`
`intrinsic data:
`
`information specifying relationships to external data
`
`elements:
`
`information specifying relationships between and
`
`among internal and external data elements,
`
`methods, and/or the like. if any exist; and
`
`additional information required in the operation of
`
`basic instructions and intrinsic data to complete, or
`
`-
`
`-
`-
`
`-
`
`-
`
`-
`
`-
`
`20
`
`attempt to complete, a purpose intended by a user of
`
`a method, where required, including additional
`
`instructions and/or intrinsic data.
`
`-280-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1011
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1011
`
`
`
`wo 98/09209
`
`PCUUS97/1524.3
`
`Such information associated with a method may be stored,
`
`in part or whole, separately from basic instructions andintrinsic
`
`data. When these components are stored separately, a method
`
`may nevertheless include and encompass the other information
`
`....-_
`
`DI
`
`10
`
`and one or more sets of basic instructions and intrinsic data (the
`
`latter being included because of said other information’s
`
`reference to one or more sets of basic instructions and intrinsic
`
`data), whether or not said one or more sets of basic instructions
`and intrinsic data are accessible at any given point in time.
`
`Method core 1000’ may be parameterized by an "event
`
`code“ to permit it to respond to different events in different ways.
`
`For example. a METER method may respond to a "use“ event by
`
`storing usage information in a meter data structure. I The same
`
`15
`
`METER method may respond to an “administrative” event by
`
`reporting the meter data structure to a VDE clearinghouse or
`
`
`other VDE participant.
`
`In the preferred embodiment, method core 1000’ may
`
`20
`
`"contain," either explicitly or by reference, one or more "load
`
`modules“ 1100 and one or more data elements (UDEs 1200,
`MDEs 1202). in the preferred embodiment, a "load module“ 1100
`
`is a portion of a method that reflects basic instructions and
`
`intrinsic data. Load modules 1100 in the preferred embodiment
`
`-281-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1012
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1012
`
`
`
`WO 98109209
`
`PC'l'lUS97l15243
`
`contain executable code, and may also containdata elements
`
`(”DTDs“ 1108) associated with the executable code. In the
`preferred embodiment. load modules 1100 supply the program
`
`instructions that are actually ”executed“ by hardware to perform
`
`5
`
`the process defined by the method. Load modules 1100 may
`
`contain or reference other load modules.
`
`Load modules 1100 in the preferred embodiment are
`
`modular and "code pure“ so thatindividual load modules may be
`
`10
`
`reenterable and reusable. In order for components 690 to be
`
`dynamically updatable. they may be individually addressable
`
`within a global public name space. In view ofthese design goals,
`
`load modules 1100 are preferably small. code land code—like)
`
`pure modules that are individually named and addressable. A
`
`15
`
`single method may provide different load modules 1100 that
`
`perform the same or similar functions on different platforms,
`
`thereby making the method scalable and/or portable across a
`
`wide range of different electronic appliances.
`
`20
`
`UDEs 1200 and MDEs 1202 may store data for input to or
`
`output from executable component assembly 690 (or data
`
`describing such inputs and/or outputs). In the preferred
`
`embodiment, UDEs 1200 may be user dependent, whereas MDEs
`1202 may be user independent.
`
`-282-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1013
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1013
`
`
`
`WO 98109209
`
`PCT/US97/15243
`
`The component assembly example 690(k) shown in Figure
`
`11E comprises a method core 1000’, UDEs 1200a & 1200b, an
`
`MDE 1202, load modules 1100a-1100d, and a further component
`
`assembly 690(k+1). As mentioned above, a PERC 808(k) defines,
`
`5
`
`among other things, the "assembly instructions“ for component
`assembly 690(k), and may contain or reference parts of some or
`
`all of the components that are to be assembled to create a
`
`component assembly.
`
`10
`
`One of the load modules 1100b shown in this example is
`
`itself comprised of plural load modules 1100c, 1100d. Some of
`
`the load modules 4e.g., 1100a, 1l00d‘J in this example include one i
`
`/or more ”DTD“ data elements 1108 (e.g., 1108a, 1108b). ”DTD“
`
`data elements 1108 may be used, for example, to inform load
`
`15 .
`
`module 1100a of the data elements included in MDE 1202 and/or
`
`UDEs 1200a, 1200b. Furthermore, DTDs 1108 may be used as
`
`an aspect of forming a portion of an application used to inform a
`
`user as to the information required and/or manipulated by one or
`
`more load modules 1100, or other component elements. Such an
`
`20
`
`application program may also include functions for creating
`
`and/or manipulating UDE(s) 1200, MDE(s) 1202, or other
`
`component elements, subassemblies, etc.
`
`-2233.
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1014
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1014
`
`
`
`WO 98109209
`
`PCTIUS97/1 5243
`
`Components within component assemblies 690’ may be
`
`’’reused‘‘ to form difierent component assemblies. As mentioned
`
`above. figure 11F is an abstract depiction of one example of the
`
`same components used for assembling component assembly
`
`690(k) to be reused (e.g., with some additional components
`
`specified by a different set of "assembly instructions“ provided in
`
`a diflerent PERC 808(1)) to form a diflerent component assembly
`
`690(1). Even though component assembly 690(1) is formed from
`some of the same components used to form component assembly
`690(l£), these two component assemblies may perform completely
`
`different processes in complete different ways.
`
`OI
`
`10
`
`As mentioned above, ROS 602 provides several layers of
`
`security to ensure the security of component assemblies 690.
`
`15
`
`One important security layer involves ensuring that certain
`
`component assemblies 690 are formed, loaded and executed only
`
`in secure execution space such as provided within an SPU 500.
`
`Components 690 and/or elements comprising them may be stored
`
`on external media encrypted using local SPU 500 generated
`and/or distributor provided keys.
`
`20
`
`ROS 602 also provides a tagging and sequencing scheme
`
`that may be used within the loadable component assemblies 690
`
`to detect tampering by substitution. Each element comprising a
`
`-284-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1015
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1015
`
`
`
`WO 98/09209
`
`PCT/US97/15243
`
`"component assembly 690 may be loaded into an SPU 500,
`
`decrypted using encrypt/decrypt engine 522, and then
`
`tested/compared to ensure that the proper element has been
`
`loaded. Several independent comparisons may be used to ensure
`
`01
`
`there has been no unauthorized substitution. For example, the
`
`public and private copies of the element ID may be compared to
`
`ensure that they are the same, thereby preventing gross
`
`substitution of elements. In addition. a validation/correlation
`
`tag stored under the encrypted layer of the loadable element may
`
`10
`
`be compared to make sure it matches one or more tags provided
`
`by a requesting process. This prevents unauthorized use of
`
`information. As a third protection, a device assigned tag (e.g., a
`
`sequence number stored under an encryption layer of a loadable
`
`element may be checked to make sure it matches a corresponding
`
`15
`
`tag value expected by SPU 500. This prevents substitution of
`
`older elements. Validation/correlation tags are typically passed
`
`only in secure wrappers to prevent plaintext exposure of this
`
`information outside of SPU 500.
`
`20
`
`.
`
`The secure component based architecture of ROS 602 has
`
`important advantages. For example, it accommodates limited
`resource execution environments such as provided by a lower
`
`cost SPU 500. It also provides an extremely high level of
`
`configurability. In fact, ROS 602 will accommodate an almost
`
`-285-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1016
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1016
`
`
`
`WO 98/09209
`
`PCTIUS97115243
`
`unlimited diversity of content types, content provider objectives,
`transaction types and client requirements. In addition, the
`ability to dynamically assemble independently deliverable
`
`components at execution time based on particular objects and
`
`5
`
`users provides a high degree of flexibility, and facilitates or
`
`enables a distributed database, processing, and execution
`
`environment. I
`
`One. aspect of an advantage of the component-based
`
`10
`
`architecture provided by R08 602 relates to the ability to ”stage“
`
`functionality and capabilities over time. As designed,
`
`implementation of ROS 602 is a finite task. Aspects of its wealth
`
`of functionality can remain unexploited until market realities
`dictate the implementation of corresponding
`application
`
`15
`
`functionality. As a result. initial product implementation
`
`investment and complexity may be limited. The process of
`
`”surfacing“ the fullrange of capabilities providediby ROS 602 in
`
`terms of authoring," administrative, and artificial intelligence
`
`applications may take place over time. Moreover, already- .
`
`20‘
`
`designed functionality of ROS 602 may be changed or enhanced
`
`at any time to adapt to changing needs or requirements.
`
`-286-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1017
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1017
`
`
`
`, WO 98/09209
`
`PCT/US97ll5243
`
`More Detailed Discussion of Rights ‘Operating System 602
`Architecture
`’
`
`Figure 12 shows an example of a detailed architecture of
`
`5
`
`ROS 602 shown in Figure 10. ROS 602 may include a file system
`
`687 that includes a commercial database manager 730 and
`
`external object repositories 728. Commercial database manager
`
`730 may maintain secure database 610. Object repository 728
`may store, provide access to, and/or maintain VDE objects 300.
`
`10
`
`Figure 12 also shows that ROS 602 may provide one or
`more SPES 503 and/or one or more HPES 655. As discussed
`
`above, HPE 655 may "emulate“ an SPU 500 device, and such
`
`HPES 655 may be integrated in lieu of(or in addition to) physical
`
`15
`
`Sl’Us 500 for systems that need higher throughput. Some
`
`security may be lost since HPEs 655 are typically protected by
`
`operating system security and may not provide truly secure
`
`processing. Thus, in the preferred embodiment, for high security
`
`applications at least, all secure processing should take place
`
`20
`
`within an SPE 503 having an execution space within a physical
`
`SPU 500 rather than a HPE 655 using software operating
`
`elsewhere in electronic appliance 600.
`
`As mentioned above, three basic components of R05 602
`
`25
`
`are a kernel 680, a Remote Procedure Call (RPC) manager 732
`
`-287-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1018
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1018
`
`
`
`wo 93/09209
`
`PCTIUS97/15243
`
`and an object switch 734." These components, _and the way they
`
`interact with other portions of ROS 602, will be discussed below.
`
`' Kernel 680
`
`(II
`
`Kernel 680 manages the basic hardware resources of
`
`electronic appliance 600, and controls the basic tasking provided
`by ROS 602. Kernel 680 in the preferred embodiment may
`
`include a memory manager 680a, a task manager 680b, and an
`
`I/O manager 680C. Task manager 680b may initiate and/or
`
`10
`
`manage initiation-of executable tasks and schedule them to be
`
`executed by a processor on which ROS 602 runs (e.g., CPU 654
`
`shown in Figure 8). For example. Task manager 680b may
`
`include or be associated with a ”bootstrap loader“ that loads
`
`other parts of ROS 602. Task manager 680b may manage all
`
`15
`
`tasking related to ROS 602, including tasks associated with
`
`application prog'ram(s) 608. Memory manager 680a may manage
`
`allocation, deallocation, sharing and/or use of memory (e.g., RAM
`
`656 shown in Figure 8) of electronic appliance 600, and may for
`
`example provide virtual memory capabilities as required by an
`
`20
`
`electronic appliance and/or associated application(s). I/O
`
`manager 680c may manage all input to and output from ROS
`
`602, and may interact with drivers and other hardware
`managers that provide communications and interactivity with
`
`physical devices-.
`
`-288-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1019
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1019
`
`
`
`WO 98109209
`
`PCI‘IUS9‘lI15243
`
`RPC Manager 702
`
`ROS 602 in a preferred embodiment is designed around a
`
`"services based“ Remote Procedure‘ Call architecture/interface.
`
`All functions performed by ROS 602 may use this common
`
`5
`
`interface to request services and share information. For
`
`example, SPE( s) 503 provide processing for one or more RPC
`
`based services.
`
`In addition to supporting SPUs 500, the RPC
`
`interface permits the dynamic integration of external services
`
`and provides an array of configuration options using existing
`
`10
`
`operating system components. ROS 602 also communicates with
`
`external services through the RPC interface to seamlessly
`
`provide distributed and/or remote processing. In smaller scale
`
`instances of ROS 602. a simpler message passing IPC protocol
`
`may be used to conserve resources. This may limit the
`
`15
`
`configurability of ROS 602 services. but this possible limitation
`
`may be acceptable in some electronic appliances.
`
`The RPC structure allows services to be called/requested
`
`without the calling process having to know or specify where the
`
`20
`
`service is physically provided, what system or device will service
`
`the request, or how the service request will be fulfilled. This
`
`feature supports families of services that may be scaled and/or
`
`customized for specific applications. Service requests can be
`
`forwarded and serviced by different processors and/or different
`
`-289-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1020
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1020
`
`
`
`WO 98109209
`
`.
`
`PCT/US97l15243
`
`sites as easily as they can be forwarded and serviced by a local
`
`service system. Since the same RPC interface is used by ROS
`
`602 in the preferred embodiment to request services within and
`
`outside of the operating system. a request for distributed and/or
`
`OI
`
`remote processing incurs substantially no additional operating
`, system overhead. Remote processing is easily and simply
`integrated as part of the same service calls used by ROS 602 for
`
`requesting local-based services. In addition, the use ofa
`A standard RPC interface t”RSI“) allows R08 602 to be
`
`10
`
`modularized. with the different modules presenting a
`
`standardized interface to the remainder of the operating system.
`
`Such modularization and standardized interfacing permits
`
`diflerent vendorsxoperating system programmers to create
`
`different portions of the operating system independently, and
`
`15
`
`also allows the functionality of ROS 602 to be flexibly updated
`
`and/or changed based on different requirements and/or
`
`platforms.
`
`RPC manager 732 manages the RPC interface. It receives
`
`20
`
`service requests in the form of one or more "Remote Procedure
`
`Calls“ (RPCS) from a service requestor, and routes the service
`
`requests to a service provider(s) that can service the request. For
`
`example, when rights operating system 602 receives a request
`
`from a user application via user API 682, RPC manager 732 may
`
`-290-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1021
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1021
`
`
`
`W0 93/0920!’
`
`'
`
`PC'l‘IUS97Il5243
`
`route the service request to an appropriate service through the
`
`"RPC service interface“ (“RSI”). The RSI is an interface between
`
`RPC manager 732, service requestors, and a resource that will
`
`accept and service requests.
`
`The
`
`interface (RSI) is used for several major ROS 602
`
`subsystems in the preferred embodiment.
`
`RPC services provided by R08 602 in the preferred 7
`
`10
`
`embodiment are divided into subservices, i.e.. individual
`
`instances of a specific service each of which may be tracked
`
`individually by the RPC manager 732. This mechanism permits
`
`multiple instances of a specific service on higher throughput
`
`systems while maintaining a common interface across a
`
`15
`
`spectrum of implementations. The subservice concept extends to
`
`supporting multiple processors, multiple SPES 503, multiple
`
`I-IPES 655, and multiple communications services.
`
`The preferred embodiment ROS 602 provides the following
`
`20
`
`RPC based service providers/requestors (each of which have an
`
`RPC interface or "RSI“ that communicates with RPC manager
`
`732%
`
`SPE device driver 736 (this SPE device driver is connected
`
`to an SPE 503
`
`the preferred embodiment);
`
`-291-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1022
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1022
`
`
`
`WO 98/09209
`
`‘
`
`PCTIUS97I15243
`
`HPE Device Driver 738 (this HPE device driver is
`
`connected to an HPE 738 in the preferred
`
`embodiment):
`
`Notification Service 740 (this notification service is
`
`5
`
`connected to user notification interface 686 in the
`
`preferred embodiment);
`
`API Service 742 (this API service is connected to user API_
`
`682 in the preferred embodiment;
`
`Redirector 684;
`
`10
`
`»
`
`Secure Database (File) Manager 744 (this secure database
`or file manager 744 may connect to and interact
`
`with commercial database manager 730 and secure
`
`files 610 through a cache manager 746, a database
`
`interface 748, and a database driver 750);
`
`15
`
`Name Services Manager 752;
`
`Outgoing Administrative Objects Manager 754;
`
`Incoming Adrninistrative Objects Manager 756;
`
`a Gateway 734 to object switch 734 (this is a path used to
`
`allow direct communication between RPC manager
`
`20
`
`732 and Object Switch 734); and
`
`Communications Manager 776.
`
`The types of services provided by HPE 655‘, SPE 503, User
`
`Notification 686, API 742 and Redirector 684 have already been
`
`-292-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1023
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1023
`
`
`
`WO 98109209
`
`PCTIUS97Il5243
`
`described above. Here is a brief description of the typels) of
`
`4
`
`services provided by OS resources 744, 752, 754, 756 and 776:
`
`5£mm services requests for access
`
`to secure database 610;
`
`5 fl services requests relating to
`
`user, host, or service identification;
`
`_
`
`Qm.gging Admin’i§1;1:a1;1've Qbjegts Manage: Z551 services
`
`requests relating to outgoing administrative objects;
`Inggmjngu Aglmjgjstggtjve Qbjegts Manage]; .Z5§ services
`
`10
`
`I
`
`requests relating to incoming administrative objects;
`
`and
`
`Qgmmuniggtigns Manager 776 services requests relating
`
`to communications between electronic applia