W093/09209
`
`'
`
`‘
`
`'
`
`i>crrus97/15243
`
`SPE 503, the RPC service table is extended by an»RPC dispatch
`
`table. The preferred embodiment RPC dispatch table is
`
`organized as a list of Load Module references for each RPC
`
`service supported internally by SPE 503. Each row in the table
`
`5
`
`'
`
`contains a load module ID that services the call, a control byte
`
`that indicates whether the call can be made from an external
`
`caller, and whether the load module needed to service the call is
`
`permanently resident in SPU 500. The RPC dispatch table may
`be constructed in 5PU ROM 532 (or EEPROM) when SPU
`
`10
`
`firmware 508 is loaded into the SPU 500. If the RPC dispatch
`
`table is in EEPROM. it flexibly allows for updates to the services
`
`without load module location and version control issues.
`
`In the preferred embodiment, SPE RPC manager 550 first
`
`15
`
`references a service request against the RPC service table to
`
`determine the location of the service manager that may service
`
`the request. The RPC manager 550 then routes the service
`
`request to the appropriate service manager for action. Service
`
`requests are handled by the service manager within the SPE 503
`
`20
`
`using the RPC dispatch table to dispatch the request. Once the
`
`RPC manager 550 locates the service reference in the RPC
`
`dispatch table, the load module that services the request is called
`
`and loaded using the load module execution manager 568. The
`
`load module execution manager 568 passes control to the
`
`-373-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5001
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5001
`
`
`
`'
`
`‘
`
`'
`
`i>crrus97/15243
`
`SPE 503, the RPC service table is extended by an»RPC dispatch
`
`table. The preferred embodiment RPC dispatch table is
`
`organized as a list of Load Module references for each RPC
`
`service supported internally by SPE 503. Each row in the table
`
`5
`
`'
`
`contains a load module ID that services the call, a control byte
`
`that indicates whether the call can be made from an external
`
`caller, and whether the load module needed to service the call is
`
`permanently resident in SPU 500. The RPC dispatch table may
`be constructed in 5PU ROM 532 (or EEPROM) when SPU
`
`10
`
`firmware 508 is loaded into the SPU 500. If the RPC dispatch
`
`table is in EEPROM. it flexibly allows for updates to the services
`
`without load module location and version control issues.
`
`In the preferred embodiment, SPE RPC manager 550 first
`
`15
`
`references a service request against the RPC service table to
`
`determine the location of the service manager that may service
`
`the request. The RPC manager 550 then routes the service
`
`request to the appropriate service manager for action. Service
`
`requests are handled by the service manager within the SPE 503
`
`20
`
`using the RPC dispatch table to dispatch the request. Once the
`
`RPC manager 550 locates the service reference in the RPC
`
`dispatch table, the load module that services the request is called
`
`and loaded using the load module execution manager 568. The
`
`load module execution manager 568 passes control to the
`
`-373-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5001
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5001
`
`
`
`wo 93/09209
`
`PC'l‘lUS97l15243
`
`requested load module after performing all required context
`
`configuration. or if necessary may first issue a request to load it
`
`from the external management files 610.
`
`5
`
`SPU Time Baas Manager 554
`
`The time base manager 554 supports calls that relate to
`
`the real time clock ( ”RTC“) 528. In the preferred embodiment,
`
`the time base manager 554 is always loaded and ready to
`
`respond to time based requests.
`
`10
`
`The table below lists examples of basic calls that may be
`
`supported by the Lime base manager 554:
`
`15 Sets the time in the RTC 528. Access to this
`
`
`
`command may be restricted to a VDE
`
`administrator.
`
`Changes the time in the RTC 528. Access to
`
`this command may be restricted to a VDE
`
`administrator.
`
`Set GMT / local time conversion and the
`
`
`
`
`
`
`20
`
`current and allowable magnitude of user
`ad'ustments to RTC 528 time.
`
`
`
`hannel Services Mann ; er Re o nests
`
`
`
`-374-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5002
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5002
`
`
`
`W0 98/053209
`
`PCl'IUS97l1S243
`
`I: ind Time
`
`Bind timer services to a channel as an event
`source.
`
`
`
`
`
`I all Name
`Descri tion
`
`
`
`
`’ nbind Time Unbind timer services from a channel as an
`I
`event SOUTCB.
`
`Sets an alarm notification for a specific time.
`
`
`
`
`
`
`
`
`
`
`The user will be notified by an alarm event at
`
`the time of the alarm. Parameters to this
`
`request determine the event, frequency, and
`
`reuested rocessin for the alarm.
`I Cancels a reuested alarm notification.
`
`
`
`
`
`
`lear
`
`OI
`
`SPU Encryption/Decryption Manager 556
`
`The Encryption/Decryption Manager 556 supports calls to
`
`the various encrvption/decryption techniques supported by SPE
`
`10
`
`503/HPE 655.
`
`It may be supported by a hardware-based
`
`encryption/decryption engine 522 within SPU 500. Those
`
`encryption/decryption technologies not supported by SPU
`
`encrypt"decrypt engine 522 may be provided by encrypt/decrypt .
`
`manager 556 in software. The primary bulk
`
`15
`
`encryption/decryption load modules preferably are loaded at all
`
`times, and the load modules necessary for other algorithms are
`
`preferably paged in as needed. Thus. if the primary bulk
`
`encryption/decryption algorithm is DES, only the DES load
`
`modules need be permanently resident in the RAM 534a of SPE
`
`20
`
`503/HPE 655.
`
`-375-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5003
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5003
`
`
`
`W0 98109209
`
`PCI‘/US97I15243
`
`The following are examples of RPC calls supported by
`
`Encrypt/Decrypt Manager 556 in the preferred embodiment:
`
`
`
`
`
`
`Call Name
`
`PK Encrypt
`
`Eric t
`
`Dec t
`
`RC-4
`
`Descri - tion
`
`Encrypt a block using a PK (public key)
`
`algorithm.
`
`
`
`
`
`I
`
`, Encrypt a block using the RC4 (or other bulk
`.-tion) alorithm.
`
`Decrypt a block using the RC-4 (or other bulk
`
`encrvotion) algorithm.
`
`Initialize DES instance to be used.
`
`
`
`Initialize RC-4 instance to be used.
`
`5
`
`1°
`
`15
`
`20 ‘
`
`25
`
`
`
`Initialize
`
`
`
`DES
`
`Instance
`
`Initialize
`
`MD5
`
`Instance
`
`Block
`
`Initialize MD5 instance to be used.
`
`
`
`
`
`The call pa.rameters passed may include the key to be
`
`30
`
`used; mode (encryption or decryption): any needed Initialization
`
`-376-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5004
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5004
`
`
`
`W0 98/119209
`
`PCT/US97/15243
`
`Vectors; the desired cryptographic operating (e.g.. type of
`
`feedback); the identification of the cryptographic instance to be
`
`used; and the start address, destination address, and length of
`
`the block to be encrypted or decrypted.
`
`5
`
`SPU Key and Tag Manager 558
`
`The SPU Key and Tag Manager 558 supports calls for key
`
`storage, key and management file tag look up, key convolution,
`
`and the generation of random keys, tags, and transaction
`
`10
`
`numbers.
`
`The following table shows an example of a list of SPE/HPE
`
`key and tag manager service 558 calls:
`
`all Name
`2 .‘ Raneata
`
`I
`
`Deucri tion
`
`l t Kev
`Kev
`net-ate Kev
`nerate Convoluted Key
`
`Remeve the requested kev.
`l
`Set (store; the specified kev.
`I
`l Generate a key ( air) for a snecified al orithm.
`Generate a key using a specified convolution
`al - orithm and algorithm - arameter block.
`
`Return the currently set (default) convolution
`arameters for a s ecific convolution al - orithm.
`
`15
`
`20
`
`25
`
`-377-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5005
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5005
`
`
`
`WO 98/09209
`
`PCNUS97/15243
`
`
`
`
`
`
`' alculate Hash Block
`Calculate the ‘hash block nu.mber“.for a specific
`i umber
`. VDE Item ID.
`-. t Hash Parameters
`‘
`Set the hash parameters and hash algorithm.
`I
`Forces a resvnchronization ofthe hash table.
`
`
`t Hash Parameters
`D Retrieve the current hash
`
`
`- chronize Management
`Synchronize the management files and rebuild
`es
`the hash block tables based on information
`found in the tables. Reserved for VDE
`
`
`-
`
`« arameters/al - orithm.
`
`Keys and tags may be securely generated within SPE 503
`(HPE 655) in the preferred embodiment. The key generation
`
`10
`
`algorithm is typically specific to each type of encryption
`
`supported. The generated keys may be checked for cryptographic
`
`weakness Le-fore they are used. A request for Key and Tag
`
`Manager 558 to generate a key, tag and/or transaction number
`
`15
`
`preferably takes a length as its input parameter. It generates a
`
`random number (or other appropriate ‘key value) of the requested
`
`length as its output.
`
`The key and tag manager 558 may support calls to retrieve
`
`20
`
`specific keys from the key storage areas in SPU 500 and any
`
`keys stored external to the SPU. The basic format of the calls is
`
`to request keys by key type and key number. Many of the keys
`
`are periodically updated through contact with the VDE
`
`administrator, and are kept within SPU 500 in NVRAM 534b or
`
`-378-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5006
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5006
`
`
`
`W0 93/09109
`
`I
`
`"
`
`rcr/vs97/15243
`
`EEPROM because these memories are secure. updatable and
`
`non-volatile.
`
`SPE 503/HPE 655 may support both Public Key type keys
`
`.5
`
`and Bulk Encryption type keys. The public key (PK) encryption
`
`type keys stored by SPU 500 and managed by key and tag
`
`manager 558 may include. for example, a device public key, a
`
`device private key. a PK certificate, and a public key for the
`
`certificate. Generally, public keys and certificates can be stored
`
`10
`
`externally in non—secured memory if desired, but the device
`
`private key and the public key for the certificate should only be
`
`stored internally in an SPU 500 EEPROM or NVRAM 534b.
`
`Some of the types of bulk encryption keys used by the SPU 500
`
`may include, for example, general-purpose bulk encryption keys,
`
`15
`
`administrative object private header keys, stationary object
`
`private header keys, traveling object private header keys,
`
`download/initialization keys, backup keys, trail keys, and
`
`
`A management file keys.
`
`20
`
`As discussed above, preferred embodiment Key and Tag
`
`Manager 558 supports requests to adjust or convolute keys to
`
`' make new keys that are produced in a deterministic way
`
`dependent on site and/or time, for example. Key convolution is
`
`an algorithmic process that acts on a key and some set of input
`
`-379-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5007
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5007
`
`
`
`W0 98109209
`
`Pcr/Us97/15243
`
`parameter(s‘v to yield a new key. It can be used, for example, to
`
`increase the number of keys available for use without incurring’
`
`additional key storage space. It may also be used. for example,
`
`as a process to ”age“ keys by incorporating the value of real-time
`
`5
`
`RTC 528 as parameters. It can be used to make keys site specific
`
`by incorporating aspects of the site ID as parameters.
`
`Key and Tag Manager 558 also provides services relating
`
`to tag generation and management. In the preferred
`
`10
`
`embodiment, transaction and access tags are preferably stored
`
`by SPE 503 (HPE 655) in protected memory (e.g., within the
`
`NVRAM 534b of SPU 500). These tags may be generated by key
`
`and tag manager 558. They are used to, for example. check
`
`access rights to. validate and correlate data elements. For
`
`15
`
`example, they may be used to ensure components of the secured
`
`data structures are not tampered with outside of the SPU 500.
`
`Key and tag manager 558 may also support :1 trail transaction
`
`tag and a communications transaction tag.
`
`20
`
`SPU Summary Services Manager 560
`
`SPE 503 maintains an audit trail in reprogrammable non-
`
`volatile memory within the SPU 500 and/or in secure database
`
`610. This audit trail may consist of an audit summary of budget
`
`activity for financial purposes, and a security summary of SPU
`
`-380-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5008
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5008
`
`
`
`wo 93/09209
`
`PCTIUS97/15243
`
`use. When a request is made to the SPU, it logs the request as
`
`having occurred and then notes whether the request succeeded
`
`or failed. All successful requests may be summed and stored by
`
`type in the SPU 500. Failure information, including the
`
`5
`
`elements listed below, may be saved along with details of the
`
`failure:
`
`10
`
`15
`
`
`
`
`
`
`
`an SPE on Access Failures
`
`
`
`
`
`
`This information may be analyzed to detect cracking attempts or
`
`to determine patterns of usage outside expected (and budgeted)
`norms. The audit trail histories in the SPU 500 may be retained
`
`20
`
`until the audit is reported to the appropriate parties. This will
`
`allow both legitimate failure analysis and attempts to
`
`cryptoanalyze the SPU to be noted.
`
`Summary services manager 560 may store and maintain
`
`25
`
`this internal summary audit information. This audit
`
`information can be used to check for security breaches or other
`
`aspects of the operation of SPE 503. The event summaries may
`
`-381-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5009
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5009
`
`
`
`WO 98/09209
`
`PCTIUS97/15243
`
`be maintained, analyzed and used by SPE 503 (HPE 655) or a
`
`VDE administrator to determine and potentially limit abuse of
`
`electronic appliance 600. In the preferred embodiment, such
`
`parameters may be stored in secure memory (e.g., within the
`
`5
`
`NVRAM 534b of SPU 500).
`
`There are two basic structures for which summary services
`
`are used in the preferred embodiment. One (the "event summary
`data structure“) is VDE administrator specific and keeps track of
`
`10
`
`events. The event summary structure may be maintained and
`
`audited during periodic contact with VDE administrators. The
`
`other is used by VDE administrators and/or distributors for
`
`overall budget. A VDE administrator may register for event
`
`summaries and an overall budget summary at the time an
`
`15
`
`electronic appliance 600 is initialized. The overall budget
`summary may be reported to and used by a VDE administrator
`
`
`in determining distribution of consumed budget (for example) in
`
`the case of corruption of secure management files 61a
`
`Participants that receive appropriate permissions can register
`
`20
`
`their processes (e.g., specific budgets) with summary services
`
`manager 560, which may then reserve protected memory space
`
`(e.g., within NVRAM 534b) and keep desired use and/or access
`'
`.
`
`parameters. Access to and modification of each summary can be
`
`controlled by its own access tag.
`
`-382-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5010
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5010
`
`
`
`WO 98109209
`
`PCIVUS97/15243
`
`The following table shows an example of a list of PPE
`
`summary service manager 560 service calls:
`
`Create summary
`
`Create a summary service if the user
`
`info
`
`has a "ticket“ that permits her to
`
`reuest this service.
`
`Return the current value of the
`
`summary service. The caller must
`
`present an appropriate tag (and/or
`
`"ticket“) to use this request.
`
`l Set the value of a sum.rnarv service.
`
`Increment
`
`Increment the specified summary
`
`service(e.g., a scalar meter summary
`
`data area). The caller must present
`
`an appropriate tag land/or ”ticket“) to
`
`use this reuest.
`
`Destroy the specified summary service
`
`if the user has a tag and/or "ticket“
`
`that permits them to request this
`service.
`
`In the preferred embodiment, the event summary data
`
`structure uses a fixed event number to index into a look up table.
`
`The look up table contains a value that can be configured as a
`
`counter or a counter plus limit. Counter mode may be used by
`
`VDE administrators to determine device usage. The limit mode
`
`may be used to limit tampering and attempts to misuse the
`
`electronic appliance 600. Exceeding a limit will result in SPE
`
`-383 -
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5011
`
`
`
`W0 98/09209
`
`PCTIUS97/15243
`
`503 (HPE 655) refusing to service user requests until it is reset
`
`by a VDE administrator. Calls to the system wide event
`
`summary process may preferably be built into all load modules
`
`that process the events that are of interest.
`
`The following table shows examples of events that may be
`
`separately metered by the preferred embodiment event summary
`
`data structure:
`
`Initialization completed successfullv.
`
`User authentication acce ted.
`
`Communications established.
`
`Channel loads set for specified values.
`
`Dec tion comleted.
`
`Kev information updated.
`
`New budget created or ezdsting budget
`udated.
`
`New billing information generated or
`
`eicistin - billing u dated.
`
`New meter set up or existing meter
`u dated.
`
`New PERC created or ezdsting PERC
`u dated.
`
`New ob'ects re ; 'stered.
`
`Administrative objects successfully
`rocessed.
`
`Audit rocessed successfull
`
`.
`
`-384-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5012
`
`3 I
`
`Event
`
`;- e
`
`S uccessful
`
`Events
`
`10
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5012
`
`
`
`WO 98/09209
`
`PCTIUS97I1S243
`
`
`
`
`
`Failed Events
`
`
`
`
`
`
`
`
`
`
`
`Initialization failed.
`
`correlation ta match.
`
`Available budget insufiicient to complete
`re uested rocedure.
`
`Audit did not occur
`
`Administrative object did not process
`correctlv.
`
`
`
`Other failed events.
`
`Another, "overall currency budget“ summary data
`
`structure maintained by the preferred embodiment summary
`
`services manager 560 allows registration of VDE electronic
`
`appliance 600. The first entry is used for an overall currency
`
`budget consumed value, and is registered by the VDE
`
`administrator that first initializes SPE 503 (HPE 655). Certain
`
`10
`
`currency consuming load modules and audit load modules that
`
`complete the auditing process for consumed currency budget may
`
`call the summary services manager 560 to update the currency
`
`consumed value. Special authorized load modules may have
`
`-385-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5013
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5013
`
`
`
`WO 98109209
`
`PCTIUS97Il5243
`
`access to the overall currency summary, while additional
`
`summaries can be registered for by individual providers.
`
`OI
`
`SPE Authentication Managerlservice Communications
`Manager 564
`
`The Authentication Manager/Service Communications
`
`Manager 564 supports calls for user password validation and
`
`“ticket”. generation and validation. It may also support secure
`
`10
`
`communications between SPE 503 and an external node or
`
`device (e.g., a VDE administrator or distributor). It may support
`
`the following examples of authentication-related service requests
`
`in the preferred embodiment:
`
`
`
`Create User
`
`Creates a new user and stores Name Services
`
`
`
`Call Name
`
`| Deecri tion
`
`User Services
`
`
`
`Records (NSRSJ for use by the Name Services
`Mana - er 752.
`
`Authenticate
`User
`
`Authenticates a user for use of the system.
`This request lets the caller authenticate as a
`
`
`
`
`specific user ID. Group membership is also
`authenticated by this request. The
`
`
`
`
`
`
`
`Delete User
`
`Ticket Services
`
`
`
`Generate
`Ticket
`
`authentication returns a ”ticket“ for the user.
`
`
`
`
`Deletes a user’s NSR and related records.
`
`Generates a ”ticket“ for use of one or more
`services.
`
`-386-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5014
`
`15
`
`20
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5014
`
`
`
`wo 98/09209
`
`PCTIUS97/15243
`
`Authenticate
`
`Ticket
`
`Authenticates a ”ticket.“
`
`5
`
`/
`
`Not included in the table above are calls to the secure
`
`communications service. The secure communications service
`
`provided by manager 564 may provide (e.g., in conjunction with
`
`low-level services manager 582 if desired) secure
`
`communications based on a public key (or others) challenge-
`
`10
`
`response protocol. This protocol is discussed in further detail
`
`elsewhere in this document. Tickets identify users with respect
`
`to the electronic appliance 600 in the case where the appliance
`
`may be used by multiple users. Tickets may be requested by and
`
`returned to VDE software applications through a ticket-granting
`
`15
`
`protocol (e.g., Kerberosn. VDE components may require ticketspto
`
`be presented in order to authorize particular services.
`
`SPE Secure Database Manager 566
`
`Secure database manager 566 retrieves, maintains and
`
`20
`
`stores secure database records within secure database 610 on
`
`memory external to SPE 503. Many of these secure database
`
`files 610 are in encrypted form. All secure information retrieved
`
`by secure database manager 566 therefore must be decrypted by
`
`encrypt/decrypt manager 556 before use. Secure information
`
`25
`
`(e.g., records of use) produced by SPE 503 (HIPE 655) which must
`
`-387-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5015
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5015
`
`
`
`WO 98/09209
`
`PCI‘/US97Il5243
`
`be stored external to the secure execution environment are also
`
`encrypted by encrypt/decrypt manager 556 before they are stored
`
`via secure database manager 566 in a secure database file 610.
`
`(II
`
`For each VDE item loaded into SPE 503, Secure Database
`
`manager 566 in the preferred embodiment may search a master
`
`list for the VDE item ID, and then check the corresponding
`
`transaction tag against the one in the item to ensure that the
`
`item provided is the current item. Secure Database Manager
`
`10
`
`566 may maintain list of VDE item ID and transaction tags in a
`
`"hash structure" that can be paged into SPE 503 to quickly locate
`
`the appropriate VDE item ID.
`
`In smaller systems, a look up
`
`table approach may be used.
`
`In either case, the list should be
`
`structured as a pagable structure that allows VDE item ID to be
`
`15
`
`located quickly.
`
`The ”hash based“ approach may be used to sort the list
`
`into "hash buckets“ that may then be accessed to provide more
`
`rapid and efiicient location of items in the list. In the "hash
`
`20
`
`based“ approach, the VDE item IDs are ”hashed“ through a
`
`subset of the full item ID and organized as pages of the ”hashed“
`
`table. Each ”hashed“ page may contain the rest of the VDE item
`
`ID and current transaction tag for each item associated with that
`
`page. The ”hash“ table page number may be derived from the
`
`-388-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5016
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5016
`
`
`
`wo 9s/09209
`
`1>c'rrus9-ms243
`
`components of the VDE item ID, such as distribution ID, item
`
`ID, site ID, user ID. transaction tag, creator ID, type and/or
`
`version. The hashing algorithm (both the algorithm itself and
`
`the parameters to be hashed) may be configurable by a VDE
`
`5
`
`administrator on a site by site basis to provide optimum hash
`
`page use. An example of a hash page structure appears below:
`
`
`
`
`
`
`
`
`
`
`
`Hash Pae Header
`
`Distributor ID
`
`Site ID
`
`Transaction Tag
`
`Hash Pae Ent
`
`-
`
`
`
`
`
`
`
`
`
`
`10
`
`15
`
`20
`
`
`
`Item ID
`
`
`
`T e
`
`Version
`
`
`
` Transaction Ta
`
`In this example, each hash page may contain all of the
`
`25
`
`VDE item IDs and transaction tags for items that have identical
`
`distributor ID, item ID, and user ID fields (site ID will be fixed
`
`for a given electronic appliance 600). These four pieces of
`
`information may thus be used as hash algorithm parameters.
`
`-389-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5017
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5017
`
`
`
`wo 93/09209
`
`PCIIUS97/15243
`
`The ”hash"‘ pages may themselves be frequently updated,
`
`and should carry transaction tags that are checked each time a
`
`"hash" page is loaded. The transaction tag may also be updated
`
`’each time a ”hash“ page is written out.
`
`As an alternative to the hash-based approach, if the
`
`number of updatable items is kept small (such as in a dedicated
`
`consumer electronic appliance 600), then assigning each
`updatable item a unique sequential site record number as part of
`its VDE item ID may allow a look up table approach to be used.
`
`10
`
`Only a small number of bytes of transaction tag are needed per
`‘item, and a table transaction tag for all frequently updatable
`
`items can be kept in protected memory such as SPU NVRAM
`
`534b.
`
`Random Value Generator Manager 565
`
`Random Value Generator Manager 565 may generate
`
`random values. If a ha.rdware~based SPU random value
`
`generator 542 is present, the Random Value Generator Manager
`
`20
`
`565 may use it to assist in generating random values.
`
`Other SPE RPC Services 592
`
`Other authorized RPC services may be included in SPU
`
`500 by having them "register“ themselves in the RPC Services
`
`-390-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5018
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5018
`
`
`
`WO 98109209
`
`PCTlUS97I!52-13
`
`Table and adding their entries to the l?.PC Dispatch Table. For
`
`example, one or more component assemblies 690 may be used to
`
`provide additional services as an integral part of SPE 503 and its
`
`associated operating system. Requests to services not registered
`
`5
`
`in these tables will be passed out of SPE 503 (HPE 655) for
`
`external servicing.
`
`SPE 603 Performance Considerations
`
`10
`
`-
`
`-
`
`-
`
`-
`
`Performance of SPE 503 (HPE 655) is a function of:
`
`complexity of the component assemblies used
`
`number of simultaneous component assembly operations
`
`amount of internal SPU memory available
`
`speed of algorithm for block encryption/decryption
`
`15
`
`The complexity of component assembly processes along
`
`with the number of simultaneous component assembly processes
`
`is perhaps the primary factor in determining performance.
`
`These factors combine to determine the amount of code and data
`
`and must be resident in SPU 500 at any one time (the minimum
`
`20
`
`device size) and thus the number of device size "chunks" the
`
`processes must be broken down into. Segmentation inherently
`
`increases run time size over simpler models. Of course, feature
`
`limited versions of SPU 500 may be implemented using
`
`significantly smaller amounts of RAM 534. ”Agg'regate“ load
`
`-391-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5019
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5019
`
`
`
`WO 98109209
`
`PCl‘IUS97I15243
`
`modules as described above may remove flexibility in configuring
`
`VDE structures and also further limit the ability of participants
`
`to individually update otherwise separated elements, but may
`
`result in a smaller minimum device size. A very simple metering
`
`5
`
`version of SPU 500 can be constructed to operate with minimal
`
`device resources.
`
`The amount of RAM 534 internal to SPU 500 has more
`
`impact on the performance of the SPE 503 than perhaps any
`
`10
`
`other aspect of the SPU. The flexible nature ofVDE processes
`
`allows use ofa large number of load modules, methods and user
`
`data elements. It is impractical to store more than a small
`
`number of these items in ROM 532 within SPU 500. Most of the
`
`code and data structures needed to support a specific VDE
`
`15
`
`process will need to be dynamically loaded into the SPU 500 for
`
`the specific VDE process when the process is invoked. The
`
`operating system within SPU 500 then may page in the
`
`necessary VDE items to perform the process. The amount of
`
`RAM 534 within SPU 500 will directly determine how large any
`
`20
`
`single VDE load module plus its required data can be, as well as
`
`the number of page swaps that will be necessary to run a VDE
`
`process. The SPU I/O speed, encryption/decryption speed, and
`
`the amount of internal memory 532, 534 will directly afl'ect the
`
`number of page swaps required in the device. Insecure external
`
`-392-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5020
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5020
`
`
`
`WO 98/09209
`
`PCI‘IUS97IlS243
`
`memory may reduce the wait time for swapped pages to be
`
`loaded into SPU 500, but will still incur substantial
`
`encryption/decryption penalty for each page.
`
`5
`
`In order to maintain security, SPE 503 must encrypt and
`
`cryptographically seal each block being swapped out to a storage
`
`device external to a supporting SPU 500, and must similarly
`
`decrypt, verify the cryptographic seal for, and validate each block
`
`as it is swapped into SPU 500. Thus, the data movement and
`
`10
`
`encryption/decryption overhead for each swap block has a very
`
`large impact on SPE performance.
`
`The performance of an SPU microprocessor 520 may not
`
`significantly impact the performance of the SPE 503 it supports
`
`15
`
`if the processor is not responsible for moving data through the
`
`encrypt/decrypt engine 522.
`
`
`
`l
`
`I VDE Secure Database 610
`
`VDE 100 stores separately deliverable VDE elements in a
`
`20
`
`secure (e.g., encrypted) database 610 distributed to each VDE
`
`electronic appliance 610. The database 610 in the preferred
`
`embodiment may store and/or manage three basic classes of VDE
`
`items:
`
`VDE objects,
`
`-393 -
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5021
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5021
`
`
`
`W098l09209
`
`PCTlUS97I15243
`
`VDE process elements, and
`
`VDE data structures.
`
`The following table lists examples of some of the VDE
`
`items stored in or managed by information stored in secure
`
`database 610:
`
`
`
`
`jects
`
`Content Objects
`
`Provide a container for
`
`1b
`
`
`
`
`
`content.
`
`Provide a container for
`
`
`
`
`
`Administrative
`
`
`Objects
`information used to keep
`VDE 100 0
`- eratinz.
`
`
`
`Traveling Objects
`Provide a container for
`
`
`
`
`
`
`
`content and control
`
`information.
`
`
`
` Smart Objects
`Provide a container for
`(user-specified) processes
`
`and data.
` Method Cores
`
`
`
`
`
`10
`
`Provide a mechanism to
`
`relate events E0 COI'ltI‘0l
`
`mechanisms and
`
`ermissions.
`
`("LMs“)
`
`executable code.
`
`Method Data
`
`Independently deliverable
`
`
`
`
`
`
`
`Elements (”MDEs“)
`
`data structures used to
`
`control/customize
`
`
`
`
`
`
`
`Permissions Records
`Permissions to use
`
`("PERCs“)
`objects; ”b1ueprints“ to
`
`build component
`assemblies.
`
`methods.
`
`-394-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5022
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5022
`
`
`
`PCT/US9'7IlS243
`
`
`
`
`
`storing information used
`
`WO 98/09209
`
`
`
`
`User Data Elements
`
`Basic data structure for
`
`in conjunction with load
`
`Administrative Data
`
`Used by VDE node to
`
`modules.
`
`
`
`
`
`Structures
`
`
`
`maintain admim''strative
`
`
`Ul
`
`10
`
`Each electronic appliance 600 may have an instance of a
`
`secure database 610 that securely maintains the VDE items.
`
`Figure 16 shows one example of a secure database 610. The
`
`secure database 610 shown in this example includes the
`
`following VDE-protected items:
`
`°
`
`-
`
`-
`
`-
`
`one or more PERCS 808;
`
`methods 1000 (including static and dynamic method
`
`”cores“ 1000, and MDES 1202);
`
`Static UDEs 1200a and Dynamic UDES 1200b; and
`
`load modules 1100.
`
`Secure database 610 may also include the following
`
`15
`
`additional data structures used and maintained for
`
`administrative purposes:
`
`-
`
`0
`
`an “object registry“ 450 that references an object
`
`storage 728 containing one or more VDE objects;
`
`name service records 452; and
`
`-395-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5023
`
`
`
`("U'DEs“)
`
`
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5023
`
`
`
`wo 93/09209
`
`'
`
`PCT/US97I15243
`
`-
`
`configuration records 454 (including site
`
`configuration records 456 and user configuration
`
`records 458).
`
`5
`
`Secure database 610 in the preferred embodiment does not
`
`include VDE objects 300, but rather references VDE objects
`
`stored, for example. on file system 687 and/or in a separate object
`
`repository 728. Nevertheless, an appropriate ”starting point“ for
`understanding VDE-protected information may be a discussion
`
`10
`
`of VDE objects 300.
`
`VDE Objects 300
`
`VDE 100 provides a media independent container model
`
`for encapsulating content. Figure 17 shows an example ofa
`
`15
`
`’’logical‘‘ structure or format 800 for an object 300 provided by the
`
`preferred embodiment.
`
`The generalized "logical object“ structure 800 shown in
`
`Figure 17 used by the preferred embodiment supports digital
`
`20
`
`content delivery over any currently used media. "Logical object“
`
`in the preferred embodiment may refer collectively to: content;
`
`computer software and/or methods used to manipulate, record,
`
`and/or otherwise control use of said content; and permissions,
`
`limitations, administrative control information and/or
`
`-396-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5024
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5024
`
`
`
`wo 98I09209
`
`PCTIUS97IlS243
`
`requirements applicable to said content, and/or said computer
`
`software and/or methods. Logical objects may or may not be
`
`stored, and may or may not be present in. or accessible to, any
`
`given electronic appliance 600. The content portion of a logical
`
`5
`
`object may be organized as information contained in, not
`
`contained in, or partially contained in one or more objects.
`
`Briefly, the Figure 17 "logical object“ structure 800 in the
`
`preferred embodiment includes a public header 802, private
`
`10
`
`header 804, a "private body“ 806 containing one or more methods
`
`1000, permissions recordis) (PERC) 808 (which may include one
`
`or more key blocks 810), and one or more data blocks or areas
`
`812. These elements may be “packaged” within a ”container“
`
`302. This generalized. logical object structure 800 is used in the
`
`15
`
`preferred embodiment for different types of VDE objects 300
`
`categorized by the type and location of their content.
`
`The “container” concept is a convenient metaphor used to
`
`give a name to thecollection of elements required to make use of
`
`20
`
`content or to perform an administrative-type activity. Container
`
`302 typically includes identifying information, control structures
`
`and content (e.g., a property or administrative data). The term
`
`"container" is often (e.g., Bento/OpenDoc and OLE) used to
`
`describe a collection of information stored on a computer
`
`-397-
`
`Petitioner Apple Inc. — Exhibit 1002, p. 5025
`
`Petitioner Apple Inc. - Exhibit 1002, p. 5025
`
`
`
`wo 93/09209
`
`PCTlUS97Il5243
`
`system’s secondary storage system(s) or accessible to a computer
`
`system over a communications network on a ”server's“ secondary
`
`storage system. The "’container“ 302 provided by the preferred
`
`embodiment is not so limited or restricted. In VDE 100, there is
`
`5
`
`no requirement that this information is stored together, received
`
`at the same time, updated at the same time, used for only a
`
`single object, or be owned by the same entity. Rather, in VDE
`
`100 the container concept is extended and generalized to include
`real-time content and/or online interactive content passed to an
`
`10
`
`electronic appliance over a cable, by broadcast, or communicated
`
`by other electronic communication means.
`
`Thus, the “complete” VDE container 302 or logical object
`
`structure 800 may not exist at the user’s location (or any other
`
`15
`
`location, for that matter) at any one time. The "logical object“
`
`may exist over a particular period of time (or periods of time),
`
`rather than all at once. T
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
