throbber
wo 98/09209
`
`_
`
`'
`
`PCFIUS97/15243
`
`non-VDE aware application such as 608b could access only the ‘
`
`part of API 682 that provides an interface to other OS functions
`
`f 606, and therefore could not ‘access any VDE functions.
`
`Ul
`
`This ”translation“ feature of redirector 684 provides
`
`10
`
`.
`
`”transparency.“ It allows VDE functions tobe provided to the
`application 608( b) in a "transparent‘‘ way without requiring the
`‘application to become involved in the complexity and details
`associated with generating the one or more calls to VDE
`functions 604. This aspect of the ”transparenc_v“ features of ROS
`
`602 has at least two important advantages:
`(a) it allows applications not Written specifically for VDE
`
`functions 604 ("non-VDE aware applications“) to
`
`nevertheless access critical VDE functions; and
`
`15
`
`(b)
`
`it reduces the complexity of the interface between an
`
`application and ROS 602.
`
`-———3._
`Since the second advantage (reducing complexity) makes it
`
`easier for an application creator to produce applications, even
`
`"VDE aware“ applications 608a( 2) may be designed solthat some
`
`20
`
`calls invoking VDE functions 604 are requested at the level of an
`
`"other OS‘ functions“ call and then "translated" by redirector 684
`into a VDE function. call (in this sense, redirector 684 may be
`
`considered a part of API 682). Figure 11C shows an example of
`
`-270-
`
`Petitioner Apple Inc. —v Exhibit 1006, p. 1001
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1001
`
`

`
`WO 98/09209
`
`PCT/US9'H 15243
`
`this. ‘Other calls invoking VDE functions 604 may be passed
`
`directly without translation by redirector 684.
`
`Referring again to Figure 10, ROS 620 may also include an
`
`on
`
`“interceptor” 692 that transmits and/or receives one or more real
`
`time data feeds 694 (this may be provided over cable(s) 628 for
`
`example), and routes one or more such data feeds appropriately
`
`while providing "translation“ functions for real time data sent
`
`and/or received by electronic appliance 600 to allow _
`
`10
`
`”transparency“ for this type of information analogous to the
`
`transparency provided by redirector 684 (and/or it may generate
`
`one or more real time data feeds).
`
`Secure ROS Components and Component Assemblies
`
`15
`
`‘As discussed above, ROS 602 in the preferred embodiment
`
`is a component-based architecture. ROS VDE functions 604 may
`
`be based on segmented. independently loadable executable
`
`"component assemblies“ 690; These component assemblies 690
`
`are independently securely deliverable. The component
`
`20
`
`assemblies 690 provided by the preferred embodiment comprise
`
`code and data elements that are themselves independently
`
`deliverable. Thus, each component assembly 690 provided by the
`
`' preferred embodiment is comprised of independently securely
`
`deliverable elements which may be communicated using VDE
`
`-271-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1002
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1002
`
`

`
`wo 93,092.39
`
`0
`
`PCIIUS97/15243
`
`secure communication techniques. between VDE secure
`
`subsystems.
`
`These component assemblies 600 are the basic functional
`
`5
`
`unit provided by ROS 602. The component assemblies 690 are
`
`executed to perform operating system or application tasks. Thus,
`
`some component assemblies 690 may be considered
`
`be pa.rt of
`
`the ROS operating system 602, while other component
`
`assemblies may be considered to be "applications“ that run under
`
`p 10
`
`the support of the operating system. As with any system
`
`incorporating "applications“ and "operating systems,“ the
`
`boundary between these aspects of an overall system can be
`
`ambiguous- For example. commonly used "application“ functions
`
`(such as determining the structure and/or other attributes of a
`
`15
`
`content container) may be incorporated into an operating system.
`
`Furthermore, ”operating system“ functions (such as task
`
`management, or memory allocation) may be modified and/or
`
`replaced by an application. A common thread in the preferred
`
`embod.iment’s ROS 602 is that component assemblies 690
`
`20
`
`provide functions needed for a user to fulfill her intended
`
`activities, some of which may be "application-like“ and some of
`
`which may be "operating system-like.“
`
`-272-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1003
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1003
`
`

`
`WO 98/09209
`
`PCT/US97Il5243
`
`Components 690 are preferably designed to be easily
`
`separable and individually loadable. ROS 602 assembles these
`
`elements together into an executable component assembly 690
`
`prior to loading and executing the component assembly (e.g., in a
`
`0|
`
`secure operating environment such as SPE 503 and/or HPE 655).
`
`ROS 602 provides an element identification and referencing
`
`(mechanism that includes information necessary to automatically
`
`assemble elements into a component assembly 690 in a secure
`
`manner prior to. and/or during, execution.
`
`10
`
`ROS 602 application structures and control parameters
`
`used to form component assemblies 690 can be provided by
`
`different parties. Because the components forming component
`
`assemblies 690 are independently securely deliverable. they may
`
`15
`
`be delivered at different times and/or by different parties
`
`(“delivery" may take place within a local VDE secure subsystem,
`
`that is submission through the use of such a secure subsystem of
`
`control information by a chain of content control information
`
`handling participant for the preparation of a modified control
`
`20
`
`information set constitutes independent, secure delivery). For
`
`example, a content creator can produce a ‘R05 600 application
`
`that defines the circumstances required for licensing content
`
`contained within a VDE object 300. This application may
`
`reference structures provided by other parties. Such references
`
`-273-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1004
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1004
`
`

`
`WO 98/092053
`
`,
`
`‘
`
`PCT/US97/15243
`
`might, for example. take the form of a control path that uses
`
`content creator structures to meter user activities; and
`
`structures created/owned by a financial provider‘ to handle
`
`financial parts of a content distribution transaction (e.g.,
`
`OI
`
`defining a credit budget that must be present in a control
`
`structure to establish creditworthiness, audit processes which
`
`must be performed by the licensee, etc.). As another example, a
`distributor may give one usernmore favorable pricing than
`
`another user by delivering different data elements defining
`
`10
`
`pricing to different users. This attribute ofsupporting multiple
`
`party securely. independently deliverable control in.forrnation is
`
`fundamental to enabling electronic commerce. that is. defining of
`
`a content andjor appliance control information set that
`
`represents the requirements ofa collection ofindependent
`
`15
`
`parties such as content creators. other content providers,
`
`financial service providers, and/or users.
`
`In the preferred embodiment. ROS 602 assembles securely
`
`independently deliverable elements into a component assembly
`
`20
`
`690 based in part on context parameters (e.g., object, user).
`
`Thus", for example, ROS 602 may securely assemble different
`
`elements together to form different component assemblies 690
`
`for different users performing the same task on the same VDE
`
`object 300. Similarly, ROS 602 may assemble differing element
`
`-274-
`
`Petitioner Apple Inc. — Exhibit 1.006, p. 1005
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1005
`
`

`
`W0 98109209
`
`'
`
`A
`
`rcrrussv/15243
`
`sets which may include, that is reuse, one or more of the same
`
`components to form different component assemblies 690 for the
`
`same user performing the same task on different VDE objects
`
`300.
`
`The component assembly organization provided by ROS
`602 is ”recursive“ in that a component assembly 690 may
`comprise one or more component ”subassemblies“ that are
`themselves independently loadable and executable component
`assemblies 690. These component ”subassemblies“ may, in turn,
`
`be made of one or more component ”sub-sub-assemblies.“ In the
`
`general case. a component assembly 690 may include N levels of
`component subassemblies.
`I
`
`10
`
`15
`
`Thus, for example. a component assembly 690(k) that may
`
`includes a component subassembly 690(k + 1). Component
`
`subassembly 6900: + 1), in turn, may include a component sub- _
`
`sub-assembly 690(3),
`
`and so on to N-level subassembly 690(k +
`
`N). The ability of ROS 602 to build component assemblies 690
`
`20
`
`out of other component assemblies provides great advantages in
`
`terms of, for example, code/data reusability, and the ability to
`
`~ allow different parties to manage different parts of an overall
`
`component.
`
`-275-
`
`Petitioner Apple Inc. — Exhibit. 1006, p. 1006
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1006
`
`

`
`W0 9s,09209
`
`PCT/US97/1 5243
`
`Each component assembly 690 in the preferred
`
`embodiment is made of distinct components. Figures 11D-11H
`
`are abstract depictions of various distinct components that may
`be assembled to form a component assembly 690(k) showing
`
`OI
`
`Figure 111. These same components can be combined in
`
`different ways (e.g., with more or less components) to form
`
`diflerent component assemblies 690 providing completely
`different functional behavior. Figure 1’1J is
`abstract depiction
`of the same components being put together in a different way
`
`10
`
`(e.g., with additional components) to form a different component
`
`assembly 6900'). The component assemblies 690(k) and 6900)
`
`each include a common feature 691 that interlocks with a
`
`“channel” 594 defined by ROS 602. This "channel" 594
`
`assembles component assemblies 690 and interfaces them with
`
`15
`
`the (rest 00 ROS 602.
`
`ROS 602 generates component assemblies 690 in a secure
`
`manner. As shown graphically in Figures 111 and 11J, the
`
`20
`
`I
`
`different elements comprising a component-assembly 690 may be
`”interlocking“ in the sense that they can only go together in ways
`that are intended by the VDE participants who created the
`
`elements and/or specified the component assemblies. ROS 602
`
`includes security protections that can prevent an unauthorized
`
`person from modifying elements, and also prevent an
`
`-2'l6-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1007
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1007
`
`

`
`wo 93/09109
`
`PC!‘/US97/15243
`
`unauthorized person from substituting elements. One can
`
`picture an unauthorized person making a new element having
`
`the same ”shape"‘ as the one of the elements shown in Figures
`
`11D-11H, and then attempting to substitute the new element in
`
`_ 5
`
`place of the original element. Suppose one of the elements
`
`shown in Figure 11H establishes the price for using content
`
`within a VDE object 300. If an unauthorized person could
`
`substitute her own "price“ element for the price element intended
`
`by the VDE content distributor, then the person could establish a
`
`10
`
`price of zero instead of the price the content ‘distributor intended
`
`to charge. Similarly, if the element establishes an electronic
`
`credit card, then an ability to substitute a different element
`
`could have disastrous consequences in terms of allowing a person
`
`to charge her usage to someone else's (or a non-existent; credit
`
`15
`
`card. These are merely a few simple examples demonstrating
`
`the importance of ROS 602 ensuring that certain component
`
`assemblies 690 are formed in a secure manner. ROS 602
`
`provides a wide range of protections against a wide range of
`
`”threats“ to the secure handling and execution of component
`
`20
`
`assemblies 690.
`
`In the preferred embodiment, ROS 602 assembles
`
`component assemblies 690 based on the following types of
`
`elements:
`
`-277-
`
`Petitioner Apple Inc. — Exhibit 1006,
`
`1008
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1008
`
`

`
`WO 98109209
`
`PCT/US97l15243
`
`Permissions Records ("PERC“s) 808;
`
`Method ”Cores“ 1000;
`
`Load Modules 1100;
`
`Data Elements (e.g.. User Data Elements (”UDEs“) 1200
`
`(II
`
`and Method Data Elements (”MDEs“) 1202); and
`
`Other component assemblies 690.
`
`Briefly, a PERC 808 provided by the preferred
`
`embodiment is a record corresponding to a
`
`object 300 that ,
`
`10
`
`identifies to ROS 602. among other things, the elements ROS is
`
`to assemble together to form a component assembly 690. Thus
`
`PERC 808 in effect contains a “list of assembly instructions“ or a
`
`”plan“ specifying what elements ROS 602 is to assemble together
`
`into a component assembly and how the elements are to be
`
`15
`
`connected together. PERC 808 may itself contain data or other
`
`elements that are to become part of the component assembly 690.
`
`The PERC 808 may reference one or more method ”cores“
`
`1000’. A method core 1000’ may define a basic ”method“ 1000
`
`20
`
`(e.g., "control," ”billing,“ ”metering,“ etc.)
`
`In the preferred embodiment, a ”method“ 1-000 is a
`collection of basic instructions, and information related to basic '
`
`instructions, that provides context, data, requirements, and/or
`
`- 278_ -
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1009
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1009
`
`

`
`wo 93/09209
`
`PCT/US97Il5243
`
`relationships for use in performing, and/or preparing to perform, ‘
`
`'
`
`basic instructions in relation to the operation of one or more
`
`electronic appliances 600. Basic instructions may be comprised
`
`of, for example:
`
`-
`
`machine code of the type commonly usedlin the
`
`programming of computers; pseudo-code for use by ,
`
`an interpreter or other instruction processing
`
`program operating on a computer;
`
`a sequence of electronically represented logical
`
`operations for use with an electronic appliance 600;
`
`or other electronic representations of instructions,
`
`source code. object code. and/or pseudo code as those
`
`terms are commonly understood in the arts.
`
`-
`
`-
`
`5
`
`10
`
`15
`
`Information relating to said basic instructions may
`
`comprise, for example, data associated intrinsically with basic
`
`instructions such as for example, an identifier for the combined
`
`basic instructions and intrinsic data, addresses, constants,
`
`20
`
`and/or the like. The information may also, for example, include
`
`one or more of the following:
`
`-279-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1010
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1010
`
`

`
`WO 98/09209
`
`PCT/US97Il5243
`
`-
`
`information that identifies associated basic
`
`U1
`
`10
`
`15
`
`instructions and said intrinsic data for access,
`
`correlation and/or validation purposes;
`
`required and/or optional parameters for use with
`
`basic instructions and said intrinsic data;
`
`information defining relationships to other methods;
`T data elements that may comprise data values, fields
`
`of information, and/or the like;
`
`information specifying and/or defining relationships
`
`among data elements, basic instructions and/or
`
`intrinsic data:
`
`information specifying relationships to external data
`
`elements:
`
`information specifying relationships between and
`
`among internal and external data elements,
`
`methods, and/or the like. if any exist; and
`
`additional information required in the operation of
`
`basic instructions and intrinsic data to complete, or
`
`-
`
`-
`-
`
`-
`
`-
`
`-
`
`-
`
`20
`
`attempt to complete, a purpose intended by a user of
`
`a method, where required, including additional
`
`instructions and/or intrinsic data.
`
`-280-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1011
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1011
`
`

`
`wo 98/09209
`
`PCUUS97/1524.3
`
`Such information associated with a method may be stored,
`
`in part or whole, separately from basic instructions andintrinsic
`
`data. When these components are stored separately, a method
`
`may nevertheless include and encompass the other information
`
`....-_
`
`DI
`
`10
`
`and one or more sets of basic instructions and intrinsic data (the
`
`latter being included because of said other information’s
`
`reference to one or more sets of basic instructions and intrinsic
`
`data), whether or not said one or more sets of basic instructions
`and intrinsic data are accessible at any given point in time.
`
`Method core 1000’ may be parameterized by an "event
`
`code“ to permit it to respond to different events in different ways.
`
`For example. a METER method may respond to a "use“ event by
`
`storing usage information in a meter data structure. I The same
`
`15
`
`METER method may respond to an “administrative” event by
`
`reporting the meter data structure to a VDE clearinghouse or
`
`
`other VDE participant.
`
`In the preferred embodiment, method core 1000’ may
`
`20
`
`"contain," either explicitly or by reference, one or more "load
`
`modules“ 1100 and one or more data elements (UDEs 1200,
`MDEs 1202). in the preferred embodiment, a "load module“ 1100
`
`is a portion of a method that reflects basic instructions and
`
`intrinsic data. Load modules 1100 in the preferred embodiment
`
`-281-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1012
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1012
`
`

`
`WO 98109209
`
`PC'l'lUS97l15243
`
`contain executable code, and may also containdata elements
`
`(”DTDs“ 1108) associated with the executable code. In the
`preferred embodiment. load modules 1100 supply the program
`
`instructions that are actually ”executed“ by hardware to perform
`
`5
`
`the process defined by the method. Load modules 1100 may
`
`contain or reference other load modules.
`
`Load modules 1100 in the preferred embodiment are
`
`modular and "code pure“ so thatindividual load modules may be
`
`10
`
`reenterable and reusable. In order for components 690 to be
`
`dynamically updatable. they may be individually addressable
`
`within a global public name space. In view ofthese design goals,
`
`load modules 1100 are preferably small. code land code—like)
`
`pure modules that are individually named and addressable. A
`
`15
`
`single method may provide different load modules 1100 that
`
`perform the same or similar functions on different platforms,
`
`thereby making the method scalable and/or portable across a
`
`wide range of different electronic appliances.
`
`20
`
`UDEs 1200 and MDEs 1202 may store data for input to or
`
`output from executable component assembly 690 (or data
`
`describing such inputs and/or outputs). In the preferred
`
`embodiment, UDEs 1200 may be user dependent, whereas MDEs
`1202 may be user independent.
`
`-282-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1013
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1013
`
`

`
`WO 98109209
`
`PCT/US97/15243
`
`The component assembly example 690(k) shown in Figure
`
`11E comprises a method core 1000’, UDEs 1200a & 1200b, an
`
`MDE 1202, load modules 1100a-1100d, and a further component
`
`assembly 690(k+1). As mentioned above, a PERC 808(k) defines,
`
`5
`
`among other things, the "assembly instructions“ for component
`assembly 690(k), and may contain or reference parts of some or
`
`all of the components that are to be assembled to create a
`
`component assembly.
`
`10
`
`One of the load modules 1100b shown in this example is
`
`itself comprised of plural load modules 1100c, 1100d. Some of
`
`the load modules 4e.g., 1100a, 1l00d‘J in this example include one i
`
`/or more ”DTD“ data elements 1108 (e.g., 1108a, 1108b). ”DTD“
`
`data elements 1108 may be used, for example, to inform load
`
`15 .
`
`module 1100a of the data elements included in MDE 1202 and/or
`
`UDEs 1200a, 1200b. Furthermore, DTDs 1108 may be used as
`
`an aspect of forming a portion of an application used to inform a
`
`user as to the information required and/or manipulated by one or
`
`more load modules 1100, or other component elements. Such an
`
`20
`
`application program may also include functions for creating
`
`and/or manipulating UDE(s) 1200, MDE(s) 1202, or other
`
`component elements, subassemblies, etc.
`
`-2233.
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1014
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1014
`
`

`
`WO 98109209
`
`PCTIUS97/1 5243
`
`Components within component assemblies 690’ may be
`
`’’reused‘‘ to form difierent component assemblies. As mentioned
`
`above. figure 11F is an abstract depiction of one example of the
`
`same components used for assembling component assembly
`
`690(k) to be reused (e.g., with some additional components
`
`specified by a different set of "assembly instructions“ provided in
`
`a diflerent PERC 808(1)) to form a diflerent component assembly
`
`690(1). Even though component assembly 690(1) is formed from
`some of the same components used to form component assembly
`690(l£), these two component assemblies may perform completely
`
`different processes in complete different ways.
`
`OI
`
`10
`
`As mentioned above, ROS 602 provides several layers of
`
`security to ensure the security of component assemblies 690.
`
`15
`
`One important security layer involves ensuring that certain
`
`component assemblies 690 are formed, loaded and executed only
`
`in secure execution space such as provided within an SPU 500.
`
`Components 690 and/or elements comprising them may be stored
`
`on external media encrypted using local SPU 500 generated
`and/or distributor provided keys.
`
`20
`
`ROS 602 also provides a tagging and sequencing scheme
`
`that may be used within the loadable component assemblies 690
`
`to detect tampering by substitution. Each element comprising a
`
`-284-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1015
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1015
`
`

`
`WO 98/09209
`
`PCT/US97/15243
`
`"component assembly 690 may be loaded into an SPU 500,
`
`decrypted using encrypt/decrypt engine 522, and then
`
`tested/compared to ensure that the proper element has been
`
`loaded. Several independent comparisons may be used to ensure
`
`01
`
`there has been no unauthorized substitution. For example, the
`
`public and private copies of the element ID may be compared to
`
`ensure that they are the same, thereby preventing gross
`
`substitution of elements. In addition. a validation/correlation
`
`tag stored under the encrypted layer of the loadable element may
`
`10
`
`be compared to make sure it matches one or more tags provided
`
`by a requesting process. This prevents unauthorized use of
`
`information. As a third protection, a device assigned tag (e.g., a
`
`sequence number stored under an encryption layer of a loadable
`
`element may be checked to make sure it matches a corresponding
`
`15
`
`tag value expected by SPU 500. This prevents substitution of
`
`older elements. Validation/correlation tags are typically passed
`
`only in secure wrappers to prevent plaintext exposure of this
`
`information outside of SPU 500.
`
`20
`
`.
`
`The secure component based architecture of ROS 602 has
`
`important advantages. For example, it accommodates limited
`resource execution environments such as provided by a lower
`
`cost SPU 500. It also provides an extremely high level of
`
`configurability. In fact, ROS 602 will accommodate an almost
`
`-285-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1016
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1016
`
`

`
`WO 98/09209
`
`PCTIUS97115243
`
`unlimited diversity of content types, content provider objectives,
`transaction types and client requirements. In addition, the
`ability to dynamically assemble independently deliverable
`
`components at execution time based on particular objects and
`
`5
`
`users provides a high degree of flexibility, and facilitates or
`
`enables a distributed database, processing, and execution
`
`environment. I
`
`One. aspect of an advantage of the component-based
`
`10
`
`architecture provided by R08 602 relates to the ability to ”stage“
`
`functionality and capabilities over time. As designed,
`
`implementation of ROS 602 is a finite task. Aspects of its wealth
`
`of functionality can remain unexploited until market realities
`dictate the implementation of corresponding
`application
`
`15
`
`functionality. As a result. initial product implementation
`
`investment and complexity may be limited. The process of
`
`”surfacing“ the fullrange of capabilities providediby ROS 602 in
`
`terms of authoring," administrative, and artificial intelligence
`
`applications may take place over time. Moreover, already- .
`
`20‘
`
`designed functionality of ROS 602 may be changed or enhanced
`
`at any time to adapt to changing needs or requirements.
`
`-286-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1017
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1017
`
`

`
`, WO 98/09209
`
`PCT/US97ll5243
`
`More Detailed Discussion of Rights ‘Operating System 602
`Architecture
`’
`
`Figure 12 shows an example of a detailed architecture of
`
`5
`
`ROS 602 shown in Figure 10. ROS 602 may include a file system
`
`687 that includes a commercial database manager 730 and
`
`external object repositories 728. Commercial database manager
`
`730 may maintain secure database 610. Object repository 728
`may store, provide access to, and/or maintain VDE objects 300.
`
`10
`
`Figure 12 also shows that ROS 602 may provide one or
`more SPES 503 and/or one or more HPES 655. As discussed
`
`above, HPE 655 may "emulate“ an SPU 500 device, and such
`
`HPES 655 may be integrated in lieu of(or in addition to) physical
`
`15
`
`Sl’Us 500 for systems that need higher throughput. Some
`
`security may be lost since HPEs 655 are typically protected by
`
`operating system security and may not provide truly secure
`
`processing. Thus, in the preferred embodiment, for high security
`
`applications at least, all secure processing should take place
`
`20
`
`within an SPE 503 having an execution space within a physical
`
`SPU 500 rather than a HPE 655 using software operating
`
`elsewhere in electronic appliance 600.
`
`As mentioned above, three basic components of R05 602
`
`25
`
`are a kernel 680, a Remote Procedure Call (RPC) manager 732
`
`-287-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1018
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1018
`
`

`
`wo 93/09209
`
`PCTIUS97/15243
`
`and an object switch 734." These components, _and the way they
`
`interact with other portions of ROS 602, will be discussed below.
`
`' Kernel 680
`
`(II
`
`Kernel 680 manages the basic hardware resources of
`
`electronic appliance 600, and controls the basic tasking provided
`by ROS 602. Kernel 680 in the preferred embodiment may
`
`include a memory manager 680a, a task manager 680b, and an
`
`I/O manager 680C. Task manager 680b may initiate and/or
`
`10
`
`manage initiation-of executable tasks and schedule them to be
`
`executed by a processor on which ROS 602 runs (e.g., CPU 654
`
`shown in Figure 8). For example. Task manager 680b may
`
`include or be associated with a ”bootstrap loader“ that loads
`
`other parts of ROS 602. Task manager 680b may manage all
`
`15
`
`tasking related to ROS 602, including tasks associated with
`
`application prog'ram(s) 608. Memory manager 680a may manage
`
`allocation, deallocation, sharing and/or use of memory (e.g., RAM
`
`656 shown in Figure 8) of electronic appliance 600, and may for
`
`example provide virtual memory capabilities as required by an
`
`20
`
`electronic appliance and/or associated application(s). I/O
`
`manager 680c may manage all input to and output from ROS
`
`602, and may interact with drivers and other hardware
`managers that provide communications and interactivity with
`
`physical devices-.
`
`-288-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1019
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1019
`
`

`
`WO 98109209
`
`PCI‘IUS9‘lI15243
`
`RPC Manager 702
`
`ROS 602 in a preferred embodiment is designed around a
`
`"services based“ Remote Procedure‘ Call architecture/interface.
`
`All functions performed by ROS 602 may use this common
`
`5
`
`interface to request services and share information. For
`
`example, SPE( s) 503 provide processing for one or more RPC
`
`based services.
`
`In addition to supporting SPUs 500, the RPC
`
`interface permits the dynamic integration of external services
`
`and provides an array of configuration options using existing
`
`10
`
`operating system components. ROS 602 also communicates with
`
`external services through the RPC interface to seamlessly
`
`provide distributed and/or remote processing. In smaller scale
`
`instances of ROS 602. a simpler message passing IPC protocol
`
`may be used to conserve resources. This may limit the
`
`15
`
`configurability of ROS 602 services. but this possible limitation
`
`may be acceptable in some electronic appliances.
`
`The RPC structure allows services to be called/requested
`
`without the calling process having to know or specify where the
`
`20
`
`service is physically provided, what system or device will service
`
`the request, or how the service request will be fulfilled. This
`
`feature supports families of services that may be scaled and/or
`
`customized for specific applications. Service requests can be
`
`forwarded and serviced by different processors and/or different
`
`-289-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1020
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1020
`
`

`
`WO 98109209
`
`.
`
`PCT/US97l15243
`
`sites as easily as they can be forwarded and serviced by a local
`
`service system. Since the same RPC interface is used by ROS
`
`602 in the preferred embodiment to request services within and
`
`outside of the operating system. a request for distributed and/or
`
`OI
`
`remote processing incurs substantially no additional operating
`, system overhead. Remote processing is easily and simply
`integrated as part of the same service calls used by ROS 602 for
`
`requesting local-based services. In addition, the use ofa
`A standard RPC interface t”RSI“) allows R08 602 to be
`
`10
`
`modularized. with the different modules presenting a
`
`standardized interface to the remainder of the operating system.
`
`Such modularization and standardized interfacing permits
`
`diflerent vendorsxoperating system programmers to create
`
`different portions of the operating system independently, and
`
`15
`
`also allows the functionality of ROS 602 to be flexibly updated
`
`and/or changed based on different requirements and/or
`
`platforms.
`
`RPC manager 732 manages the RPC interface. It receives
`
`20
`
`service requests in the form of one or more "Remote Procedure
`
`Calls“ (RPCS) from a service requestor, and routes the service
`
`requests to a service provider(s) that can service the request. For
`
`example, when rights operating system 602 receives a request
`
`from a user application via user API 682, RPC manager 732 may
`
`-290-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1021
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1021
`
`

`
`W0 93/0920!’
`
`'
`
`PC'l‘IUS97Il5243
`
`route the service request to an appropriate service through the
`
`"RPC service interface“ (“RSI”). The RSI is an interface between
`
`RPC manager 732, service requestors, and a resource that will
`
`accept and service requests.
`
`The
`
`interface (RSI) is used for several major ROS 602
`
`subsystems in the preferred embodiment.
`
`RPC services provided by R08 602 in the preferred 7
`
`10
`
`embodiment are divided into subservices, i.e.. individual
`
`instances of a specific service each of which may be tracked
`
`individually by the RPC manager 732. This mechanism permits
`
`multiple instances of a specific service on higher throughput
`
`systems while maintaining a common interface across a
`
`15
`
`spectrum of implementations. The subservice concept extends to
`
`supporting multiple processors, multiple SPES 503, multiple
`
`I-IPES 655, and multiple communications services.
`
`The preferred embodiment ROS 602 provides the following
`
`20
`
`RPC based service providers/requestors (each of which have an
`
`RPC interface or "RSI“ that communicates with RPC manager
`
`732%
`
`SPE device driver 736 (this SPE device driver is connected
`
`to an SPE 503
`
`the preferred embodiment);
`
`-291-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1022
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1022
`
`

`
`WO 98/09209
`
`‘
`
`PCTIUS97I15243
`
`HPE Device Driver 738 (this HPE device driver is
`
`connected to an HPE 738 in the preferred
`
`embodiment):
`
`Notification Service 740 (this notification service is
`
`5
`
`connected to user notification interface 686 in the
`
`preferred embodiment);
`
`API Service 742 (this API service is connected to user API_
`
`682 in the preferred embodiment;
`
`Redirector 684;
`
`10
`

`
`Secure Database (File) Manager 744 (this secure database
`or file manager 744 may connect to and interact
`
`with commercial database manager 730 and secure
`
`files 610 through a cache manager 746, a database
`
`interface 748, and a database driver 750);
`
`15
`
`Name Services Manager 752;
`
`Outgoing Administrative Objects Manager 754;
`
`Incoming Adrninistrative Objects Manager 756;
`
`a Gateway 734 to object switch 734 (this is a path used to
`
`allow direct communication between RPC manager
`
`20
`
`732 and Object Switch 734); and
`
`Communications Manager 776.
`
`The types of services provided by HPE 655‘, SPE 503, User
`
`Notification 686, API 742 and Redirector 684 have already been
`
`-292-
`
`Petitioner Apple Inc. — Exhibit 1006, p. 1023
`
`Petitioner Apple Inc. - Exhibit 1006, p. 1023
`
`

`
`WO 98109209
`
`PCTIUS97Il5243
`
`described above. Here is a brief description of the typels) of
`
`4
`
`services provided by OS resources 744, 752, 754, 756 and 776:
`
`5£mm services requests for access
`
`to secure database 610;
`
`5 fl services requests relating to
`
`user, host, or service identification;
`
`_
`
`Qm.gging Admin’i§1;1:a1;1've Qbjegts Manage: Z551 services
`
`requests relating to outgoing administrative objects;
`Inggmjngu Aglmjgjstggtjve Qbjegts Manage]; .Z5§ services
`
`10
`
`I
`
`requests relating to incoming administrative objects;
`
`and
`
`Qgmmuniggtigns Manager 776 services requests relating
`
`to communications between electronic applia

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket