(12) United States Patent
`England et al.
`
`111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006327652Bl
`US 6,327,652 Bl
`Dec. 4, 2001
`
`(10) Patent No.:
`(45) Date of Patent:
`
`(54) LOADING AND IDENTIFYING A DIGITAL
`RIGHTS MANAGEMENT OPERATING
`SYSTEM
`
`(75)
`
`Inventors: Paul England, Bellvue; John D.
`DeTreville, Seattle, both of WA (US);
`Butler W. Lampson, Cambridge, MA
`(US)
`
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/227,611
`
`(22) Filed:
`
`Jan. 8, 1999
`
`Related U.S. Application Data
`(60) Provisional application No. 60/105,891, filed on Oct. 26,
`1998.
`
`(51)
`
`Int. Cl? ...................................................... G06F 9/445
`
`(52) U.S. Cl. ................................................. 713/2; 713/200
`(58) Field of Search .................................... 713/1, 2, 155,
`713/164-167, 200; 717!11
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,827,508
`4,969,189
`4,977,594
`5,050,213
`5,140,634
`5,276,311
`5,410,598
`5,473,690
`5,473,692
`5,544,246
`5,654,746
`5,721,781
`5,796,824
`5,812,662
`
`5/1989 Shear .
`11/1990 Ohta eta!..
`12/1990 Shear .
`9/1991 Shear .
`8/1992 Guillou et a!. .
`1!1994 Hennige.
`4/1995 Shear .
`12/1995 Grimonprez et a!. .
`12/1995 Davis.
`8/1996 Mandelbaum et a!. .
`8/1997 McMullan, Jr. et a!. .
`2/1998 Deo eta!..
`8/1998 Hasebe eta!..
`9/1998 Hsu eta!..
`
`5,812,980
`5,892,900
`5,910,987
`5,915,019
`5,917,912
`5,920,861
`5,933,498
`5,940,504
`5,943,422
`5,949,876
`5,953,502 *
`5,982,891
`5,991,876
`6,006,332
`6,009,274
`6,009,401
`
`9/1998
`4/1999
`6/1999
`6/1999
`6/1999
`7/1999
`8/1999
`8/1999
`8/1999
`9/1999
`9/1999
`11/1999
`11/1999
`12/1999
`* 12/1999
`12/1999
`
`Asai.
`Ginter.
`Ginter eta!..
`Ginter eta!..
`Ginter eta!..
`Hallet a!. .
`Schneck et a!. .
`Griswold.
`VanWie eta!..
`Ginter eta!..
`Helbig, Sr ............................ 713/200
`Ginter eta!..
`Johnson et a!. .
`Rabne eta!..
`Fletcher et a!. ...................... 713/1 X
`Horstmann.
`
`(List continued on next page.)
`
`OTHER PUBLICATIONS
`
`Abadi et al., "Authentication and Delegations with Smart(cid:173)
`cards", Jul. 30, 1992, 30 pages.
`
`(List continued on next page.)
`Primary Examiner-Thomas M. Heckler
`(74) Attorney, Agent, or Firm-Lee & Hayes, PLLC
`ABSTRACT
`(57)
`
`The identity of an operating system running on a computer
`is determined from an identity associated with an initial
`component for the operating system, combined with iden(cid:173)
`tities of additional components that are loaded afterwards.
`Loading of a digital rights management operating system on
`a subscriber computer is guaranteed by validating digital
`signatures on each component to be loaded and by deter(cid:173)
`mining a trust level for each component. A trusted identity
`is assumed by the digital rights management operating
`system when only components with valid signatures and a
`pre-determined trust level are loaded. Otherwise, the oper(cid:173)
`ating system is associated with an untrusted identity. Both
`the trusted and untrusted identities are derived from the
`components that were loaded. Additionally, a record of the
`loading of each component is placed into a boot log that is
`protected from tampering through a chain of public-private
`key pairs.
`
`31 Claims, 10 Drawing Sheets
`
`Petitioner Apple Inc. - Ex. 1009, p. 1
`
`

`
`US 6,327,652 Bl
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`6,073,124
`6,112,181
`6,138,119
`6,148,402
`6,157,721
`6,185,683
`
`6/2000 Krishnan et a!. .
`8/2000 Shear et a!. .
`10/2000 Hall et a!. .
`11/2000 Campbell .
`12/2000 Shear et a!. .
`2/2001 Ginter et a!. .
`
`01HER PUBLICATIONS
`
`Murphy et al., "Preventing Pirvacy: Authorization Software
`May Ease Hollywood's Fear of the Net", Internet World
`Magazine, Apr. 1, 2000, 3 pages.
`"Internet Security: SanDisk Products and New Microsoft
`Technology Provide Copy Protected Music for Internet
`Music Player Market. (Product Announcement)", Edge:
`Work Group Computing Report, Apr. 19, 1999, 2 pages.
`
`Arbaugh et al., "A Secure and Reliable Bootstrap Architec(cid:173)
`ture", Distributed Systems Laboratory, Philadelphia, PA,
`1997, pp. 65-71.
`
`Lampson et al., "Authentication in Distributed Systems:
`Theory and Practice", Digital Equipment Corporation,ACM
`Transactions on Computer Systems, vol. 10, No. 4, Nov.
`1992, pp 265-310.
`
`Clark et al., "Bits: A Smartcard Protected Operation Sys(cid:173)
`tem", Communications of the ACM, vol. 37, No. 11, Nov.
`1994, pp. 66-70, 94.
`
`Yee, "Using Secure Coprocessors", School of Computer
`Science, Carnegie Mellon University, 1994, 104 pages.
`
`* cited by examiner
`
`Petitioner Apple Inc. - Ex. 1009, p. 2
`
`

`
`1--"
`~
`N
`(It
`'0-,
`""-l
`N
`~
`0'1
`rJ'l
`
`e
`
`'"""' c
`'"""' 0 .....,
`~ .....
`'JJ. =(cid:173)~
`
`~ = ......
`~ ......
`~
`•
`\Jl
`d •
`
`,-------------------------~:~~
`
`48
`
`21
`
`SYSTEM BUS
`
`ADAPTER
`
`VIDEO
`
`UNIT
`
`PROCESSING
`
`37
`
`.-I _O_T_H_E_R-----.1-'
`
`PROGRAMS
`APPLICATION
`
`SYSTEM
`
`OPERATING
`
`26
`
`I
`
`24
`
`BIOS
`
`I
`(ROM)
`
`22
`
`SYSTEM MEMORY
`
`PROGRAMS
`APPLICATION
`
`40
`
`36
`
`c::JD
`
`=
`
`42
`
`I
`______ _j
`I
`
`-~------
`
`54
`
`-
`
`I
`I
`I
`I
`
`47
`
`L------------_,-_,.-J'--------"',----~----------------·--
`
`INTERFACE
`
`INTERFACE
`
`PORT
`SERIAL
`
`DRIVE
`
`OPTICAL
`
`INTERFACE
`DISK DRIVE
`MAGNETIC
`
`INTERFACE
`
`DRIVE
`
`HARD DISK
`
`PROGRAM r
`
`24
`
`I
`~======~ 38
`
`DATA
`
`MODULES
`PROGRAM
`
`'Jut, lr!
`
`DATA
`
`PROGRAMS MODULES
`
`SYSTEM
`
`OPERATING I APPLICATION I p~~~~~M I PROGRAM
`_,.-"'_,.
`c3s ',
`'
`'
`'
`'
`',
`29
`0
`
`'-
`
`c3?
`
`I
`
`c36
`
`I
`
`'
`
`'
`'
`
`c35
`
`I
`
`/
`
`t'
`
`/
`
`_,.-"'
`
`_,.-"'
`
`/
`
`_,.-"'
`
`_,.-"'
`
`_,.-"'
`
`Petitioner Apple Inc. - Ex. 1009, p. 3
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 2 of 10
`
`US 6,327,652 Bl
`
`140
`
`Suscriber Unit 124
`
`160
`
`CPU
`
`Processor
`
`Cryptography
`Accelerator
`
`Key Pair
`(Kcpu•KCPU -1
`
`)
`
`Mfr. Certificate
`
`S/W ID Reg.
`
`Boot Stack
`
`Nonvolatile
`Memory
`
`Operating
`System
`
`Boot Block
`
`S/W
`Program(s)
`
`Key
`
`180
`
`146
`
`Volatile Memory
`
`Network Interface
`
`Sound System
`
`Display
`
`Petitioner Apple Inc. - Ex. 1009, p. 4
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 3 of 10
`
`US 6,327,652 Bl
`
`r 200
`202
`,201
`l::l- 1--'
`CPU
`210
`v
`r-209
`L=v~---'
`
`9
`
`APPL
`
`8 2i r-205
`L=-
`DRMOS
`
`1
`
`206
`1.--- v
`
`3
`4
`5
`6
`
`[220
`
`221 """'\
`
`222\ {223
`
`CONTENT
`
`L2o3
`.........,
`.--r
`.........
`. /
`
`7
`
`"- ---
`
`_./
`
`207 ~
`
`.........
`
`'---
`
`...._
`
`Petitioner Apple Inc. - Ex. 1009, p. 5
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 4 of 10
`
`US 6,327,652 Bl
`
`301
`
`303
`
`EXECUTE
`BOOT
`LOADER
`
`CHECK
`COMPONENT
`SIGNATURE
`
`305
`
`307
`
`CHECK TRUST
`LEVEL
`
`LOAD
`COMPONENT
`
`ASSUME
`IDENTITY
`
`RENOUNCE
`TRUSTED
`IDENTITY
`
`Petitioner Apple Inc. - Ex. 1009, p. 6
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 5 of 10
`
`US 6,327,652 Bl
`
`400~
`
`r 403
`40 ~ NAME
`
`r 405
`VERSION
`
`r 407
`SIGNER
`
`•
`•
`•
`•
`•
`
`600~
`
`605
`
`601
`
`[BOOT BLOCK]
`
`[COMPONENTS]
`
`606
`k1
`k2
`
`k -1
`0
`
`•
`•
`•
`
`Petitioner Apple Inc. - Ex. 1009, p. 7
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 6 of 10
`
`US 6,327,652 Bl
`
`501
`
`503
`
`505
`
`507
`
`509
`
`511
`
`GET 1ST KEY
`PAIR
`
`LOAD&
`RECORD BOOT
`BLOCK
`
`GET NEW KEY
`PAIR
`
`RECORD NEW
`PUBLIC KEY IN
`LOG
`
`515
`
`LOAD&
`RECORD
`COMPONENTS
`
`SIGN LOG WITH
`PREV. PRIVATE
`KEY
`
`DELETE
`PREVIOUS
`PRIVATE KEY
`
`513
`
`CREATE
`SENTINEL &
`DEL. KEYS
`
`Petitioner Apple Inc. - Ex. 1009, p. 8
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 7 of 10
`
`US 6,327,652 Bl
`
`701~
`
`703~
`
`705~
`
`710
`
`71 1
`BASIC BOOT CODE 715 PUB. 719 SIGN. 723
`'--
`KEY -
`(_ BOOT CODE
`71
`
`SIGN. 725
`
`717 PUB. 721
`-
`KEY
`
`(727
`
`(729
`
`COMPONENT SIGN.
`
`c731
`
`c733
`
`I COMPONENT
`
`c735
`c737
`c739
`I SIGN.
`I CERT.
`
`Petitioner Apple Inc. - Ex. 1009, p. 9
`
`

`
`1--"
`~
`N
`(It
`'0-,
`-.....l
`N
`~
`0'1
`rJ'l
`
`e
`
`"'""' c
`......,
`0
`00
`~ .....
`'JJ. =-~
`
`"'""'
`N c c
`
`~,J;;..
`!"l
`~
`~
`
`~ = ......
`
`......
`~
`~
`•
`\Jl
`d •
`
`'Ju;, B'
`
`CPU LEVEL
`
`GENERATE KEY FUNCTION
`
`r
`
`r
`
`800 \
`
`---------------------------f----------
`
`SEED 823
`
`SEED 813
`
`817\
`
`811
`KEY
`APPL
`
`USER LEVEL
`
`825
`
`815
`
`KEY
`
`GENMY'
`
`KEY
`
`~"'GENAPP
`
`SEED 833
`HASHED
`
`ID
`
`831
`
`OS LEVEL
`
`FUNC.
`
`KEY-HASH
`
`SEED 827
`HASHED
`
`829\
`
`SEED 819
`HASHED
`
`_)
`
`828
`
`FUNCTION
`
`FUNCTION
`
`HASH
`
`HASH
`
`ONE-WAY
`
`ONE-WAY
`
`·---------------------r--------------
`801
`SKEY
`
`SEED 803
`
`.. GEN KEY
`
`~
`
`(805
`
`0
`
`Petitioner Apple Inc. - Ex. 1009, p. 10
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 9 of 10
`
`US 6,327,652 Bl
`
`900~
`
`STANDARD
`DIGITAL
`CERTIFICATE
`FIELDS
`
`901
`906 .......
`
`1\
`
`I
`
`905
`
`PROPERTY1
`
`ARGUMENTS1
`
`905
`
`PROPERTY1
`
`ARGUMENTS2
`
`.---
`
`907
`
`I
`
`I
`
`•
`•
`•
`•
`
`Petitioner Apple Inc. - Ex. 1009, p. 11
`
`

`
`U.S. Patent
`
`Dec. 4, 2001
`
`Sheet 10 of 10
`
`US 6,327,652 Bl
`
`1000~
`
`1001
`
`BASIC TRUST LEVEL ID
`
`1003
`
`EXTENDED TRUST LEVEL ID1
`
`1003
`
`EXTENDED TRUST LEVEL ID2
`
`•
`•
`•
`
`1100~
`
`1101
`
`1103
`
`1105
`
`1107
`
`USAGE COUNTER
`
`DERIVATION RIGHTS
`
`EXPIRATION COUNTER
`
`SUBLICENSE RIGHTS
`
`•
`•
`•
`
`Petitioner Apple Inc. - Ex. 1009, p. 12
`
`

`
`US 6,327,652 Bl
`
`10
`
`1
`LOADING AND IDENTIFYING A DIGITAL
`RIGHTS MANAGEMENT OPERATING
`SYSTEM
`
`RELATED APPLICATIONS
`
`This application is a continuation-in-part of U.S. provi(cid:173)
`sional patent application Ser. No. 60/105,891 filed on Oct.
`26, 1998, which is herein incorporated by reference, and is
`related to co-pending and co-filed applications titled "Sys(cid:173)
`tem and Method for Authenticating an Operating System to
`a Central Processing Unit, Providing the CPU/OS with
`Secure Storage, and Authenticating the CPU/OS to a Third
`Party" (Ser. No. 09/266,207, filed Mar. 10, 1999, "Key(cid:173)
`based Secure Storage" (Ser. No. 09/227,568, filed Jan. 8,
`1999, Digital Rights Management Using One Or More
`Access Predicates, Rights 1999, and "Digital Rights Man(cid:173)
`ager Certificates, And Licenses" (Ser. No. 09/227,559, filed
`Jan. 8, 1999).
`
`FIELD OF THE INVENTION
`
`This invention relates generally to computer operating
`systems, and more particularly to booting and identifying an
`operating system that enforces digital rights.
`
`COPYRIGHT NOTICE/PERMISSION
`
`A portion of the disclosure of this patent document
`contains material which is subject to copyright protection.
`The copyright owner has no objection to the facsimile
`reproduction by anyone of the patent document or the patent
`disclosure as it appears in the Patent and Trademark Office
`patent file or records, but otherwise reserves all copyright
`rights whatsoever. The following notice applies to the soft(cid:173)
`ware and data as described below and in the drawings
`hereto: Copyright © 1998, Microsoft Corporation, All
`Rights Reserved.
`
`BACKGROUND OF THE INVENTION
`
`15
`
`20
`
`2
`without permission. A publisher could also adjust pricing
`according to whether the client is allowed to make a per(cid:173)
`sistent copy, or is just allowed to view the content online as
`it is delivered. These scenarios reveal a peculiar arrange-
`s ment. The user that possesses the digital bits often does not
`have full rights to their use; instead, the provider retains at
`least some of the rights. In a very real sense, the legitimate
`user of a computer can be an adversary of the data or content
`provider.
`"Digital rights management" is therefore fast becoming a
`central requirement if online commerce is to continue its
`rapid growth. Content providers and the computer industry
`must quickly provide technologies and protocols for ensur(cid:173)
`ing that digital content is properly handled in accordance
`with the rights granted by the publisher. If measures are not
`taken, traditional content providers may be put out of
`business by widespread theft, or, more likely, will refuse
`altogether to deliver content online.
`Traditional security systems ill serve this problem. There
`are highly secure schemes for encrypting data on networks,
`authenticating users, revoking certificates, and storing data
`securely. Unfortunately, none of these systems address the
`assurance of content security after it has been delivered to a
`client's machine. Traditional uses of smart cards offer little
`25 help. Smart cards merely provide authentication, storage,
`and encryption capabilities. Ultimately, useful content must
`be assembled within the host machine for display, and again,
`at this point the bits are subject to theft. Cryptographic
`coprocessors provide higher-performance cryptographic
`30 operations, and are usually programmable but again,
`fundamentally, any operating system or sufficiently privi(cid:173)
`leged application, trusted or not, can use the services of the
`cryptographic processor.
`There appear to be three solutions to this problem. One
`35 solution is to do away with general-purpose computing
`devices and use special-purpose tamper-resistant boxes for
`delivery, storage, and display of secure content. This is the
`approach adopted by the cable industry and their set-top
`boxes, and looks set to be the model for DVD-video
`40 presentation. The second solution is to use secret, propri(cid:173)
`etary data formats and applications software, or to use
`tamper-resistant software containers, in the hope that the
`resulting complexity will substantially impede piracy. The
`third solution is to modify the general-purpose computer to
`45 support a general model of client-side content security and
`digital rights management.
`This invention is directed to a system and methodology
`that falls generally into the third category of solutions.
`A fundamental building block for client-side content
`so security is a secure operating system. If a computer can be
`booted only into an operating system that itself honors
`content rights, and allows only compliant applications to
`access rights-restricted data, then data integrity within the
`machine can be assured. This stepping-stone to a secure
`ss operating system is sometimes called "Secure Boot." If
`secure boot cannot be assured, then whatever rights man(cid:173)
`agement system the secure OS provides, the computer can
`always be booted into an insecure operating system as a step
`to compromise it.
`Secure boot of an operating system is usually a multi(cid:173)
`stage process. A securely booted computer runs a trusted
`program at startup. The trusted program loads an initial layer
`of the operating system and checks its integrity (by using a
`code signature or by other means) before allowing it to run.
`This layer will in turn load and check the succeeding layers.
`This proceeds all the way to loading trusted (signed) device
`drivers, and finally the trusted application(s).
`
`More and more content is being delivered in digital form,
`and more and more digital content is being delivered online
`over private and public networks, such as Intranets, the
`Internet and cable TV networks. For a client, digital form
`allows more sophisticated content, while online delivery
`improves timeliness and convenience. For a publisher, digi(cid:173)
`tal content also reduces delivery costs. Unfortunately, these
`worthwhile attributes are often outweighed in the minds of
`publishers by the corresponding disadvantage that online
`information delivery makes it relatively easy to obtain
`pristine digital content and to pirate the content at the
`expense and harm of the publisher.
`Piracy of digital content, especially online digital content,
`is not yet a great problem. Most premium content that is
`available on the Web is of low value, and therefore casual
`and organized pirates do not yet see an attractive business
`stealing and reselling content. Increasingly, though, higher(cid:173)
`value content is becoming available. Books and audio
`recordings are available now, and as bandwidths increase,
`video content will start to appear. With the increase in value
`of online digital content, the attractiveness of organized and 60
`casual theft increases.
`The unusual property of digital content is that the pub(cid:173)
`lisher (or reseller) gives or sells the content to a client, but
`continues to restrict rights to use the content even after the
`content is under the sole physical control of the client. For 65
`instance, a publisher will typically retain copyright to a work
`so that the client cannot reproduce or publish the work
`
`Petitioner Apple Inc. - Ex. 1009, p. 13
`
`

`
`US 6,327,652 Bl
`
`3
`An article by B. Lampson, M. Abadi, and M. Burrows,
`entitled "Authentication in Distributed Systems: Theory and
`Practice," ACM Transactions on Computer Systems vlO,
`265, 1992, describes in general terms the requirements for
`securely booting an operating system. The only hardware
`assist is a register that holds a machine secret. When boot
`begins this register becomes readable, and there's a hard(cid:173)
`ware operation to make this secret unreadable. Once it's
`unreadable, it stays unreadable until the next boot. The boot
`code mints a public-key pair and a certificate that the
`operating system can use to authenticate itself to other
`parties in order to establish trust. We note that in this
`scheme, a malicious user can easily subvert security by
`replacing the boot code.
`Clark and Hoffman's BITS system is designed to support
`secure boot from a smart card. P. C. Clark and L. J. Hoffman, 15
`"BITS: A Smartcard Operating System," Comm. ACM. 37,
`66, 1994. In their design, the smart card holds the boot
`sector, and PCs are designed to boot from the smart card.
`The smart card continues to be involved in the boot process
`(for example, the smart card holds the signatures or keys of 20
`other parts of the OS).
`Bennet Yee describes a scheme in which a secure proces(cid:173)
`sor first gets control of the booting machine. B. Yee, "Using
`Secure Coprocessors", Ph.D. Thesis, Carnegie Mellon
`University, 1994. The secure processor can check code 25
`integrity before loading other systems. One of the nice
`features of this scheme is that there is a tamper-resistant
`device that can later be queried for the details of the running
`operating system.
`Another secure boot model, known as AEGIS, is dis- 30
`closed by W. Arbaugh, D. G. Farber, and J. M Smith in a
`paper entitled "A Secure and Reliable Bootstrap
`Architecture", Univ. of Penn. Dept. of CIS Technical Report,
`IEEE Symposium on Security and Privacy, page 65, 1997.
`This AEGIS model requires a tamper-resistant BIOS that has 35
`hard-wired into it the signature of the following stage. This
`scheme has the very considerable advantage that it works
`well with current microprocessors and the current PC
`architecture, but has three drawbacks. First, the set of trusted
`operating systems or trusted publishers must be wired into 40
`the BIOS. Second, if the content is valuable enough (for
`instance, e-cash or Hollywood videos), users will find a way
`of replacing the BIOS with one that permits an insecure
`boot. Third, when obtaining data from a network server, the
`client has no way of proving to the remote server that it is 45
`indeed running a trusted system.
`On the more general subject of client-side rights
`management, several systems exist or have been proposed to
`encapsulate data and rights in a tamper-resistant software
`package. An early example is IBM's Cryptolope. Another 50
`existent commercial implementation of a rights management
`system has been developed by Intertrust. In the audio
`domain, AT&T Research have proposed their "A2b" audio
`rights management system based on the PolicyMaker rights
`management system.
`Therefore, there is a need in the art for guaranteeing that
`a digital rights management operating system has been
`properly loaded on a computer. Furthermore, such a digital
`rights management operating system must be readily dis(cid:173)
`cernable from a non-trusted operating system executing on 60
`the same computer.
`
`55
`
`SUMMARY OF THE INVENTION
`The above-mentioned shortcomings, disadvantages and
`problems are addressed by the present invention, which will
`be understood by reading and studying the following speci(cid:173)
`fication.
`
`4
`The identity of an operating system running on a com(cid:173)
`puter is determined from an identity associated with an
`initial component for the operating system, combined with
`identities of additional components that are loaded after-
`5 wards. Loading of a digital rights management operating
`system on a subscriber computer is guaranteed by validating
`digital signatures on each component to be loaded and by
`determining a trust level for each component. A trusted
`identity is held by the digital rights management operating
`10 system when only components with valid signatures and a
`pre-determined trust level are loaded. Otherwise, the oper(cid:173)
`ating system is associated with an untrusted identity. Both
`the trusted and untrusted identities are derived from the
`components that were loaded.
`The initial component is described variously as a boot
`block, or a set of components required to boot the operating
`system.
`In another aspect of the invention, a record of the loading
`of each component is placed into a boot log. The boot log is
`protected from tampering through a chain of public-private
`key pairs. The contents of the boot log are used to determine
`whether the operating system is to be considered trusted or
`untrusted.
`Use of a special public-private key pair to validate a boot
`block and to alleviate replacement issues should a standard
`key pair be compromised is also disclosed.
`The guaranteed loading of a digital lights management
`operating system on a general-purpose personal computer
`ensures that downloaded content can be protected from
`unauthorized access. Furthermore, the generation of an
`identity for an operating system based on its loaded com(cid:173)
`ponents allows a content provider to knowledgeably deter(cid:173)
`mine whether to trust content to the subscriber computer.
`The present invention describes systems, clients, servers,
`methods, and computer-readable media of varying scope. In
`addition to the aspects and advantages of the present inven(cid:173)
`tion described in this summary, further aspects and advan(cid:173)
`tages of the invention will become apparent by reference to
`the drawings and by reading the detailed description that
`follows.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG lA is a diagram of the hardware and operating
`environment in conjunction with which exemplary embodi(cid:173)
`ments of the invention may be practiced;
`FIG. lB is a diagram of a client computer for use with
`exemplary embodiments of the invention;
`FIG. 2 is a diagram illustrating a system-level overview of
`an exemplary embodiment of the invention;
`FIG. 3 is a flowchart of a method to be performed by a
`client when booting or loading system components accord(cid:173)
`ing to an exemplary embodiment of the invention;
`FIG. 4 is a diagram of a certificate revocation list data
`structure for use in an exemplary implementation of the
`invention;
`FIG. 5 is a flowchart of a method to be performed by a
`client to create a boot log according to an exemplary
`embodiment of the invention;
`FIG. 6 is a block diagram of an exemplary boot log
`created using the method of FIG. 5;
`FIGS. 7A, 7B and 7C are block diagrams of boot blocks
`65 for use in an exemplary embodiment of the invention;
`FIG. 8 is a block diagram of key generation functions
`according to an exemplary embodiment of the invention;
`
`Petitioner Apple Inc. - Ex. 1009, p. 14
`
`

`
`US 6,327,652 Bl
`
`5
`FIG. 9 is a diagram of a rights manager certificate data
`structure for use in an exemplary implementation of the
`invention;
`FIG. 10 is a diagram of a required properties access
`control list data structure for use in an exemplary imple(cid:173)
`mentation of the invention; and
`FIG. 11 is a diagram of a license data structure for use in
`an exemplary implementation of the invention.
`
`DETAILED DESCRIPTION OF 1HE
`INVENTION
`
`In the following detailed description of exemplary
`embodiments of the invention, reference is made to the
`accompanying drawings, which form a part hereof, and in
`which is shown by way of illustration specific exemplary
`embodiments in which the invention may be practiced.
`These embodiments are described in sufficient detail to
`enable those skilled in the art to practice the invention, and
`it is to be understood that other embodiments may be utilized
`and that logical, mechanical, electrical and other changes
`may be made without departing from the spirit or scope of
`the present invention. The following detailed description is,
`therefore, not to be taken in a limiting sense, and the scope
`of the present invention is defined only by the appended
`claims.
`The detailed description is divided into four sections. In
`the first section, the hardware and the operating environment
`in conjunction with which embodiments of the invention
`may be practiced are described. In the second section, a
`system level overview of the invention is presented. The
`third section described methods and data structures
`employed by various exemplary embodiments of the inven(cid:173)
`tion. Finally, in the fourth section, a conclusion of the
`detailed description is provided.
`
`Hardware and Operating Environment
`
`FIG. 1A is a diagram of the hardware and operating
`environment in conjunction with which embodiments of the
`invention may be practiced. The description of FIG. 1A is
`intended to provide a brief, general description of suitable
`computer hardware and a suitable computing environment in
`conjunction with which the invention may be implemented.
`Although not required, the invention is described in the
`general context of computer-executable instructions, such as
`program modules, being executed by a computer, such as a
`personal computer. Generally, program modules include
`routines, programs, objects, components, data structures,
`etc. that perform particular tasks or implement particular
`abstract data types.
`Moreover, those skilled in the art will appreciate that the
`invention may be practiced with other computer system
`configurations, including hand-held devices, multiprocessor
`systems, microprocessor-based or programmable consumer
`electronics, network PCs, minicomputers, mainframe
`computers, and the like. The invention may also be practiced
`in distributed computing environments where tasks are
`performed by remote processing devices that are linked
`through a communications network. In a distributed com(cid:173)
`puting environment, program modules may be located in
`both local and remote memory storage devices.
`The exemplary hardware and operating environment of
`FIG. 1A for implementing the invention includes a general
`purpose computing device in the form of a computer 20,
`including a processing unit 21, a system memory 22, and a
`system bus 23 that operatively couples various system
`
`5
`
`6
`components, including the system memory 22, to the pro(cid:173)
`cessing unit 21. There may be only one or there may be more
`than one processing unit 21, such that the processor of
`computer 20 comprises a single central-processing unit
`(CPU), or a plurality of processing units, commonly referred
`to as a parallel processing environment. The computer may
`be a conventional computer, a distributed computer, or any
`other type of computer; the invention is not so limited.
`The system bus 23 may be any of several types of bus
`10 structures including a memory bus or memory controller, a
`peripheral bus, and a local bus using any of a variety of bus
`architectures. The system memory may also be referred to as
`simply the memory, and includes read only memory (ROM)
`24 and random access memory (RAM) 25. A basic input/
`15 output system (BIOS) 26, containing the basic routines that
`help to transfer information between elements within the
`computer 20, such as during start-up, is stored in ROM 24.
`The computer 20 further includes a hard disk drive 27 for
`reading from and writing to a hard disk, not shown, a
`20 magnetic disk drive 28 for reading from or writing to a
`removable magnetic disk 29, and an optical disk drive 30 for
`reading from or writing to a removable optical disk 31 such
`as a CD ROM or other optical media.
`The hard disk drive 27, magnetic disk drive 28, and
`25 optical disk drive 30 are connected to the system bus 23 by
`a hard disk drive interface 32, a magnetic disk drive inter(cid:173)
`face 33, and an optical disk drive interface 34, respectively.
`The drives and their associated computer-readable media
`provide nonvolatile storage of computer-readable
`30 instructions, data structures, program modules and other
`data for the computer 20. It should be appreciated by those
`skilled in the art that any type of computer-readable media
`that can store data that is accessible by a computer, such as
`magnetic cassettes, flash memory cards, digital video disks,
`35 Bernoulli cartridges, random access memories (RAMs),
`read only memories (ROMs), and the like, may be used in
`the exemplary operating environment.
`A number of program modules may be stored on the hard
`disk, magnetic disk 29, optical disk 31, ROM 24, or RAM
`40 25, including an operating system 35, one or more applica(cid:173)
`tion programs 36, other program modules 37, and program
`data 38. A user may enter commands and information into
`the personal computer 20 through input devices such as a
`keyboard 40 and pointing device 42. Other input devices
`45 (not shown) may include a microphone, joystick, game pad,
`satellite dish, scanner, or the like. These and other input
`devices are often connected to the processing unit 21
`through a serial port interface 46 that is coupled to the
`system bus, but may be connected by other interfaces, such
`50 as a parallel port, game port, or a universal serial bus (USB).
`A monitor 47 or other type of display device is also
`connected to the system bus 23 via an interface, such as a
`video adapter 48. In addition to the monitor, computers
`typically include other peripheral output devices (not
`55 shown), such as speakers and printers.
`The computer 20 may operate in a networked environ(cid:173)
`ment using logical connections to one or more remote
`computers, such as remote computer 49. These logical
`connections are achieved by a communication device
`60 coupled to or a part of the computer 20; the invention is not
`limited to a particular type of communications device. The
`remote computer 49 may be another computer, a server, a
`router, a network PC, a client, a peer device or other
`common network node, and typically includes many or all of
`65 the elements described above relative to the computer 20,
`although only a memory storage device 50 has been illus(cid:173)
`trated in FIG. 1. The logical connections depicted in FIG. 1
`
`Petitioner Apple Inc. - Ex. 1009, p. 15
`
`

`
`US 6,327,652 Bl
`
`8
`the private key "Kcpu-b In this way, only the CPU knows
`the CPU private key Kcpu-\ the same key is not issued to
`other CPUs and the manufacturer keeps no record of it. The
`certificate can in principle be stored on a separate physical
`5 device associated with the processor but still logically
`belongs to the processor with the corresponding key.
`The manufacturer has a pair of public and private signing
`1
`1 is known
`keys, KMFR and KMFR -
`. The private key KMFR -
`only to the manufacturer, while the public key KMFR is made
`10 available to the public. The manufacturer certificate 166
`contains the manufacturer's public key KMRF• the CPU's
`public key KcPu• and the above testimony. The manufacture
`1
`signs the certificate using its private signing key, KMRF -
`, as
`follows:
`
`7
`include a local-area network (LAN) 51 and a wide-area
`network (WAN) 52. Such networking environments are
`commonplace in offices, enterprise-wide computer
`networks, intranets and the Internet.
`When used in aLAN-networking environment, the com(cid:173)
`puter 20 is connected to the local network 51 through a
`network interface or adapter 53, which is one type of
`communications device. When used in a WAN-networking
`environment, the computer 20 typically includes a modem
`54, a type of communications device, or any other type of
`communications device for establishing communications
`over the wide area network 52, such as the Internet. The
`modem 54, which may be internal or external, is connected
`to the system bus 23 via the serial port interface 46. In a
`networked environment, program modules depicted relative 15
`to the personal computer 20, or portions thereof, may be
`stored in the remote memory storage device. It is appreciated
`that the network connections shown arc exemplary and other
`means of and communications devices for establ