DETAILED DESCRIPTION OF THE INVENTION
[0029] Computer Environment
[0030] FIG. 1 and the following discussion are intended to provide a brief general description of a suitable computing environment in which the present invention and/or portions thereof may be implemented. Although not required, the invention is described in the general context of computer-executable instructions, such as program modules, being executed by a computer, such as a client workstation or a server. Generally, program modules include routines, programs, objects, components, data structures and the like that perform particular tasks or implement particular abstract data types. Moreover, it should be appreciated that the invention and/or portions thereof may be practiced with other computer system configurations, including hand-held devices, multi-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers and the like. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
[0031] As shown in FIG. 2, an exemplary general purpose computing system includes a conventional personal computer 120 or the like, including a processing unit 121, a system memory 122, and a system bus 123 that couples various system components including the system memory to the processing unit 121. The system bus 123 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes read-only memory (ROM) 124 and random access memory (RAM) 125. A basic input/output system 126 (BIOS), containing the basic routines that help to transfer information between elements within the personal computer 120, such as during start-up, is stored in ROM 124.
[0032] The personal computer 120 may further include a hard disk drive 127 for reading from and writing to a hard disk (not shown), a magnetic disk drive 128 for reading from or writing to a removable magnetic disk 129, and an optical disk drive 130 for reading from or writing to a removable optical disk 131 such as a CD-ROM or other optical media. The hard disk drive 127, magnetic disk drive 128, and optical disk drive 130 are connected to the system bus 123 by a hard disk drive interface 132, a magnetic disk drive interface 133, and an optical drive interface 134, respectively. The drives and their associated computer-readable media provide non-volatile storage of computer readable instructions, data structures, program modules and other data for the personal computer 20.
[0033] Although the exemplary environment described herein employs a hard disk, a removable magnetic disk 129, and a removable optical disk 131, it should be appreciated that other types of computer readable media which can store data that is accessible by a computer may also be used in the exemplary operating environment. Such other types of media include a magnetic cassette, a flash memory card, a digital video disk, a Bernoulli cartridge, a random access memory (RAM), a read-only memory (ROM), and the like.
[0034] A number of program modules may be stored on the hard disk, magnetic disk 129, optical disk 131, ROM 124 or RAM 125, including an operating system 135, one or more application programs 136, other program modules 137 and program data 138. A user may enter commands and information into the personal computer 120 through input devices such as a keyboard 140 and pointing device 142. Other input devices (not shown) may include a microphone, joystick, game pad, satellite disk, scanner, or the like. These and other input devices are often connected to the processing unit 121 through a serial port interface 146 that is coupled to the system bus, but may be connected by other interfaces, such as a parallel port, game port, or universal serial bus (USB). A monitor 147 or other type of display device is also connected to the system bus 123 via an interface, such as a video adapter 148. In addition to the monitor 147, a personal computer typically includes other peripheral output devices (not shown), such as speakers and printers. The exemplary system of FIG. 2 also includes a host adapter 155, a Small Computer System Interface (SCSI) bus 156, and an external storage device 162 connected to the SCSI bus 156.
[0035] The personal computer 120 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 149. The remote computer 149 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the personal computer 120, although only a memory storage device 150 has been illustrated in FIG. 2. The logical connections depicted in FIG. 2 include a local area network (LAN) 151 and a wide area network (WAN) 152. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet. The personal computer 120 may also act as a host to a guest such as another personal computer 120, a more specialized device such as a portable player or portable data assistant, or the like, whereby the host downloads data to and/or uploads data from the guest, among other things.
[0036] When used in a LAN networking environment, the personal computer 120 is connected to the LAN 151 through a network interface or adapter 153. When used in a WAN networking environment, the personal computer 120 typically includes a modem 154 or other means for establishing communications over the wide area network 152, such as the Internet. The modem 154, which may be internal or external, is connected to the system bus 123 via the serial port interface 146. In a networked environment, program modules depicted relative to the personal computer 120, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
[0037] Secure Hardware Identifier (HWID)
[0038] A secure HWID individualizes a device 14 and allows a trusted component 14 on the device 14 to verify that it is indeed intended for the device 14. That is, the secure HWID is employed to bind the trusted component 14 to the device 12, and a license 16 bound to the trusted component 14 is by extension bound to the device 14 and authorizes content 12 to be rendered on the device 14. Accordingly, content 12 can be securely rendered on a device 14 with a non-secure operating system. In some devices 14, however, the operating system of the device 14 cannot of itself retrieve a secure HWID from the device 14 based on one or more values incumbent in the device 14.
[0039] Accordingly, in one embodiment of the present invention, and turning now to FIG. 3, the device 14 is manufactured by a manufacturer that supplies the device 14 with a HWID component 30 that retrieves a secure HWID from the device 14 and forwards such secure HWID to the operating system 32 of the device 14 upon such operating system 32 requesting same. Presumably, the secure HWID is required either as part of binding a license 16 to the device 14 or verifying that a license 16 is in fact bound to the device 14, although the secure HWID could be required for any other purpose without departing from the spirit and scope of the present invention.
[0040] The HWID component 30 may be any appropriate component without departing from the spirit and scope of the present invention. For example, the HWID component 30 may be a piece of software or may be hardware. In addition, the HWID component 30 may contain the secure HWID or may obtain the secure HWID from elsewhere without departing from the spirit and scope of the present invention. For example, the secure HWID may be resident within the HWID component 30 or may be remote therefrom but obtainable thereby. The secure HWID may be stored in any appropriate location without departing from the spirit and scope of the present invention. For example, the secure HWID may be physically stored in a piece of hardware or may only be part of a piece of software. Generally, securely storing the HWID and employing a HWID component 30 to securely obtain the HWID are known or should be apparent to the relevant public and therefore need not be described herein in any detail. Significantly, the manufacturer may implement the secure HWID in any fashion without departing from the spirit and scope of the present invention as long as the implemented HWID is indeed secure, and is not easily susceptible to change or misrepresentation by a nefarious entity.
[0041] In one embodiment of the present invention, the HWID component 30 is registered with the operating system 32, and is called by same when an application 34 requests the secure HWID. As part of securing the HWID and imparting trustworthiness thereto, both the manufacturer-supplied HWID component 30 and each calling component of the operating system 32 are digitally signed to produce respective digital signatures, and such signatures are verified as part of the calling process to ensure that the components have not been tampered with or replaced.
[0042] In one embodiment of the present invention, the operating system 32 or at least a relevant portion thereof is resident on the device 14 in a ROM (read-only memory) 34 thereon and instantiated therefrom, and the operating system 32 is placed on the ROM 34 by or at the behest of the manufacturer of the device 14 according to a method of the present invention in order to ensure that the operating system 32 can access a secure HWID by way of the HWID component 30. With reference to FIG. 4, such a method is as follows:
[0043] Preliminarily, the manufacturer or an agent thereof (hereinafter, ‘the manufacturer’) generates an asynchronous public-private manufacturer key pair (PU-OEM, PR-OEM) (step 401), and provides (PU-OEM) to a DRM server (not shown) (step 403). As may be appreciated, the DRM server is a central authority that certifies that the manufacturer may in fact include the device 14 in the DRM system 10, and signifies the certification by returning (PU-OEM) to the manufacturer signed by a private key of the DRM server (PR-DRM) to result in ((PU-OEM) S (PR-DRM)). The manufacturer receives ((PU-OEM) S (PR-DRM)) (step 405) and places same in a ROM image 36, as seen in FIG. 5 (step 407).
[0044] Typically, the manufacturer receives the actual operating system 32 from an external source (step 409) and incorporates same into the device 14. In one embodiment of the present invention, the operating system 32 as received comprises multiple individual files, and each relevant file of the operating system 32 is accompanied by a signature based on the file. As may be appreciated, each relevant file may comprise every file, or may be a select subset of every file, such as executable files, executable files relevant to DRM processes, all files relevant to DRM processes, combinations thereof, and the like.
[0045] As seen in FIG. 3, one of the files in the operating system 32 is typically a kernel executable file 38. As should be appreciated, the kernel 38 within the operating system 32 provides core functionalities. Typically, the kernel 38 initiates a function by calling a driver in the operating system 32 to perform the function, and the kernel 38 has access to a driver table 40 that includes a pointer to each driver. Most relevant to the present invention, the operating system 32 on the device 14 includes a HWID driver 42 that communicates with the HWID component 30 to obtain the secure HWID. Notably, the HWID driver 42 is specific to the HWID component 30, the HWID component 30 is provided by the manufacturer, and therefore the HWID driver 42 is also provided by the manufacturer. In particular, the manufacturer provides the HWID driver 42 by placing same in the ROM image 36 (step 411), and places a reference to the HWID driver 42 in the driver table 40 (step 413). The manufacturer may also sign the HWID driver 42 with (PR-OEM) and place the signature in the ROM image 36 (step 414).
[0046] The manufacturer also takes the files of the operating system 32 as provided and places such files into the ROM image 36 (step 415) for each signed file, and referring now to FIG. 4A, the manufacturer verifies the signature thereof (step 415A), strips out the signature (step 415B), creates a new signature therefor with (PR-OEM) (step 415C), and places the file with the new signature therefor in the ROM image 36 (step 415D). In one embodiment of the present invention, each signature is based not only on the file but on the base address and length of the file in the ROM image 36 to result in ((file, start, length) S (PR-OEM)).
[0047] With the operating system 32 as embodied in the ROM image 36 as shown in FIG. 5, and perhaps with other information, the manufacturer places such operating system 32 on the device 14 by burning the ROM image 36 into the ROM 34 on such device 14 (step 417). In addition, the manufacturer obtains a trusted component 18 for the device 14 from a DRM trusted component server (not shown). As may be appreciated, the DRM trusted component server is a central authority that provides trusted components 18 and ensures that each trusted component 18 is bound to a device 14.
[0048] In particular, the manufacturer accesses the secure HWID from the device 14 (step 419), and provides the accessed HWID to the server as part of a request for a trusted component 18 for the device 14 (step 421). The server constructs the trusted component 18 to include the provided HWID therein, and also to include therein a public-private key pair to be associated with the device 14 (PU-HW, PR-HW). As may be appreciated, HWID and (PR-HW) are embedded in the trusted component 18 in a highly secure manner so that such items cannot be altered without great difficulty, but can be found by the trusted component 18 itself. The manufacturer then receives the trusted component 18 with HWID, (PU-HW), and (PR-HW), and places the received trusted component 18 in a memory 44 of the device (step 423). Note that the trusted component 18 may be updated on occasion, in which case the memory 44 is a non-volatile re-writable memory 44. Of course, the trusted component 18 should be protected against alteration by a nefarious entity, and therefore should at a minimum include a verifying signature, and perhaps other security measures. Note that in an alternate embodiment of the invention, an end user of the device 14 obtains the trusted component 18 therefor.
[0049] With the secure HWID, the HWID component 30, the operating system 32 in the ROM 34, and the trusted component 18 in the memory 44, the device 14 in operation accesses the secure HWID thereon by verifying the operating system 32 and then making a call to the HWID driver 42 to obtain the secure HWID from the HWID component 30. Again, the secure HWID is presumably required either as part of binding a license 16 to the device 14 or verifying that a license 16 is in fact bound to the device 14, although the secure HWID could be required for any other purpose without departing from the spirit and scope of the present invention. As should be appreciated, verifying the operating system 32 imparts trust to the HWID driver 42, and provides assurance that the HWID returned thereby is valid and correct.
[0050] The secure HWID is typically accessed upon the request of the trusted component 18, although other requesters may be employed without departing from the spirit and scope of the present invention. In one embodiment of the present invention, and referring now to FIG. 6, the secure HWID is accessed in the following manner:
[0051] Preliminarily, the trusted component 18 obtains ((PU-OEM) S (PR-DRM)) from the ROM memory 34 (step 601), verifies the signature, and verifies the operating system 32 based on such obtained (PU-OEM) (step 603). In particular, for each signed file of the operating system 32, the signature thereof which is based on (PR-OEM), the trusted component 18 verifies the signature based on the obtained (PU-OEM), and based on the attributes and/or elements of the file employed to create the signature (i.e., the file itself and the base address and length of the file in ROM memory 34).
[0052] If each signature verifies, the operating system 32 likewise verifies and is deemed trustworthy, and the process proceeds. If not, the operating system 32 is deemed not trustworthy and the process halts. Assuming that each signature verifies and the process proceeds, the trusted component 18 next examines the driver table 40 in the ROM 34 to locate the HWID driver 42 (step 605), verifies the signature of the HWID driver 42 (if present) with (PU-OEM) (step 607), and determines whether the HWID driver 42 contains a pointer back to an address inside of the kernel 38 (step 609).
[0053] If the HWID driver 42 verifies and contains a pointer back to an address inside of the kernel 38, it can be presumed that the HWID driver will appropriately obtain the secure HWID from the HWID component 30 and return same to the kernel 38, such HWID driver 42 is deemed trustworthy, and the process proceeds. If not, the HWID driver 42 is deemed not trustworthy and the process halts. Assuming that the HWID driver 42 is deemed trustworthy, the trusted component 18 then presumes that the operating system 32 is to be trusted and in fact calls to the operating system 32 with the kernel 38, the driver table 40 and the HWID driver 42 to obtain the secure HWID from the HWID component 30 and return same to the trusted component 18 (step 611). As should be appreciated, the call is to the kernel 38, and the kernel 38 transparently re-directs the call to the HWID driver 42 with the aid of the driver table 40, receives the returned secure HWID, from the HWID driver 42, and forwards same to the trusted component 18.
[0054] With the secure HWID, the trusted component 18 then proceeds to perform whatever task is required concerning the secure HWID, including verifying that the trusted component 18 is in fact on the correct device 14 (step 613). Thus, if a license 16 is bound to the trusted component 18 (by for example including a content key (CK) encrypted according to (PU-HW), such license is by extension bound to the device 14 having the secure HWID.
[0055] Conclusion
[0056] Although the present invention is especially useful in connection with a device 14 with limited ability to generate a secure HWID on its own, the present invention may be practiced with regard to any appropriate device, all without departing from the spirit and scope of the present invention, such as for example a personal computer, a server, an intelligent appliance, etc. Accordingly, the device 14 is to be interpreted to encompass any appropriate device requiring a secure HWID.
[0057] The programming necessary to effectuate the processes performed in connection with the present invention is relatively straight-forward and should be apparent to the relevant programming public. Accordingly, such programming is not attached hereto. Any particular programming, then, may be employed to effectuate the present invention without departing from the spirit and scope thereof.
[0058] In the foregoing description, it can be seen that the present invention comprises a new and useful method and mechanism that imparts a secure HWID to a device 14 in for example the case where the hardware is not trusted to provide a secure HWID. The imparted secure HWID can be obtained by the operating system 32 of the device 14 by way of a HWID component 30 as provided by a manufacturer of the device 14, and the HWID component 30 is trusted to impart a secure HWID to the device 14 and to divulge such secure HWID to the operating system of such device 14, where the secure HWID cannot easily be changed or misrepresented by a nefarious entity. It should be appreciated that changes could be made to the embodiments described above without departing from the inventive concepts thereof. It should be understood, therefore, that this invention is not limited to the particular embodiments disclosed, but it is intended to cover modifications within the spirit and scope of the present invention as defined by the appended claims.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
