U.S. patent application number 11/117444 was filed with the patent office on 2005-11-24 for systems and methods for integrity certification and verification.
This patent application is currently assigned to Content Guard Holdings, Inc.. Invention is credited to Chen, Eddie J., Fung, Joseph Zhung Yee, Gilliam, Charles P., Romero-Lobo, Jose, Ta, Thanh, Tieu, Vincent Hsiang, Tran, Duc, Venkatraman, Venugopal, Wang, Xin.
Application Number | 20050262086 11/117444 |
Document ID | / |
Family ID | 24606431 |
Filed Date | 2005-11-24 |
United States Patent
Application |
20050262086 |
Kind Code |
A1 |
Ta, Thanh ; et al. |
November 24, 2005 |
Systems and methods for integrity certification and
verification
Abstract
A method and system for integrity certification and verification
in a computer environment based on characteristics and behaviors of
one or more applications, systems or system components as compared
with a profile of characteristics and behaviors, including
determining a behavior integrity profile (BIP) specifying
characteristics and behaviors of one or more applications, systems
or system components; determining based on the BIP whether or not
characteristics and behaviors of one or more applications, systems
or system components are compliant with characteristics and
behaviors defined in a behavior integrity profile specification;
and determining access rights to the one or more applications,
systems or system components based on the step of determining the
compliance.
Inventors: |
Ta, Thanh; (Huntington
Beach, CA) ; Wang, Xin; (Torrance, CA) ; Tieu,
Vincent Hsiang; (Torrance, CA) ; Fung, Joseph Zhung
Yee; (Cerritos, CA) ; Tran, Duc; (Westminster,
CA) ; Venkatraman, Venugopal; (Wilmington, DE)
; Romero-Lobo, Jose; (Pasadena, CA) ; Chen, Eddie
J.; (Rancho Palos Verdes, CA) ; Gilliam, Charles
P.; (Darien, CT) |
Correspondence
Address: |
NIXON PEABODY, LLP
401 9TH STREET, NW
SUITE 900
WASHINGTON
DC
20004-2128
US
|
Assignee: |
Content Guard Holdings,
Inc.
Wilmington
DE
|
Family ID: |
24606431 |
Appl. No.: |
11/117444 |
Filed: |
April 29, 2005 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11117444 |
Apr 29, 2005 |
|
|
|
09649838 |
Aug 28, 2000 |
|
|
|
6931545 |
|
|
|
|
Current U.S.
Class: |
1/1 ;
707/999.009 |
Current CPC
Class: |
G06F 21/10 20130101;
H04L 63/0823 20130101; H04L 63/104 20130101 |
Class at
Publication: |
707/009 |
International
Class: |
G06F 007/00 |
Claims
What is claimed is:
1. A method for integrity certification and verification in a
computer environment based on characteristics and behaviors of one
or more applications, systems or system components as compared with
a profile of characteristics and behaviors, the method comprising:
determining a behavior integrity profile (BIP) specifying
characteristics and behaviors of one or more applications, systems
or system components; determining based on the BIP whether or not
characteristics and behaviors of one or more applications, systems
or system components are compliant with characteristics and
behaviors defined in a behavior integrity profile specification;
and determining access rights to the one or more applications,
systems or system components based on the step of determining the
compliance.
2. The method of claim 1, further comprising: determining an
application integrity profile (AIP); determining, based on the AIP,
authenticity of the one or more applications, systems or system
components; and determining the access rights based on the
authenticity determination.
3. The method of claim 2, further comprising utilizing one or more
application integrity profiles and one or more behavior integrity
profiles in a conjunctive manor.
4. The method of claim 2, further comprising providing an integrity
certification and verification device, the integrity certification
and verification device having access to the application integrity
profile for determining the authentication information about one or
more applications, systems or system components.
5. The method of claim 1, further comprising determining via a
component registration device BIP compliance status by verifying
the characteristics and behaviors of the one or more applications,
systems or system components against the BIP specification.
6. The method of claim 2, wherein the BIP includes at least one of
a BIP identification, identification of registered applications,
systems or system components, and compliance status.
7. The method of claim 6, further comprising maintaining via a
profile database a BIP with a BIP identification, and an
identification of registered applications, systems or system
components.
8. The method of claim 1, further comprising verifying via a
profile verification device proof of BIP compliance by checking
compliance status of the applications, systems or system components
to which the BIP has been issued.
9. The method of claim 1, further comprising obtaining via a
registration application device the authentication information
about the one or more applications, systems or system components
from an application, system or system component provider.
10. The method of claim 6, further comprising using the BIP
identification in conjunction with distributed information.
11. The method of claim 1, further comprising distributing via a
content provider content information associated with the BIP.
12. The method of claim 1, further comprising providing an
application, system or system component provider.
13. The method of claim 10, wherein when the BIP identification is
used in conjunction with the distributed information, if a profile
verification device determines that the one or more applications,
systems or system components are not authentic or are not compliant
with the BIP specification, access to content associated with the
one or more applications, systems or system components is
denied.
14. The method of claim 1, further comprising building via a BIP
creation device the BIP by deriving compliance status and
application identification information corresponding to the one or
more applications, systems or system components from a component
database.
15. The method of claim 1, further comprising: assessing the BIP
for allowing the determination of whether or not the
characteristics and behaviors of the one or more applications,
systems or system components are compliant with the characteristics
defined in the BIP specification; and determining the access rights
based on the assessment step.
16. The method of claim 15, further comprising verifying the BIP
compliance status of the one or more applications, systems or
system components.
17. The method of claim 15, wherein the access rights include
rights for at least one of allowing or denying access to content
associated with the one or more applications, systems or system
components.
18. The method of claim 15, further comprising obtaining
authentication information about at least one of the one or more
applications, systems or system components.
19. The method of claim 1, further comprising digitally signing the
BIP.
20. The method of claim 19, further comprising forwarding the
digitally signed BIP to a system of a consumer.
21. The method of claim 1, further comprising verifying the
integrity of an integrity authenticator associated with the one or
more applications, systems or system components.
22. The method of claim 2, further comprising: providing an
integrity certification and verification device having access to
authentication information about the one or more applications,
systems or system components; and providing the AIP used to
determine the authenticity of the one or more applications, systems
or system components.
23. The method of claim 22, further comprising determining via a
component registration device the AIP from the authentication
information, the AIP including at least one of verifiable
information and an identification of registered applications,
systems or system components.
24. The method of claim 22, further comprising maintaining via a
profile database the AIP and an identification of registered
applications, systems or system components.
25. The method of claim 22, further comprising verifying via a
profile verification device authenticity by comparing one or more
of application, system or system component identifications, the one
or more applications, systems or system components, the AIP, and/or
an AIP identification.
26. The method of claim 22, further comprising obtaining via a
registration application device the authentication information
about the one or more applications, systems or system components
from an application, system or system component provider.
27. The method of claim 22, wherein the AIP comprises an
identification of the one or more applications, systems or system
components that can be used in conjunction with distributed
information.
28. The method of claim 22, further comprising distributing via a
content provider content information associated with the one or
more applications, systems or system components.
29. The method of claim 22, further comprising providing an
application, system or system component provider.
30. The method of claim 22, wherein if a profile verification
device determines that the one or more applications, systems or
system components are not authentic, access to one or more
documents associated with the one or more applications, systems or
system components is denied.
31. The method of claim 22, further comprising determining via a
profile creation device the AIP based on verifiable information
about the one or more applications, systems or system
components.
32. The method of claim 2, further comprising certifying the
AIP.
33. The method of claim 2, further comprising verifying the
authenticity of one or more applications, systems or system
components.
34. The method of claim 2, wherein the access rights include rights
for at least one of allowing or denying access to content
associated with the one or more applications, systems or system
components.
35. The method of claim 2, further comprising obtaining
authentication information about the at least one application,
system or system component.
36. The method of claim 2, further comprising digitally signing the
AIP.
37. The method of claim 36, further comprising forwarding the
digitally signed integrity profile to a system of a consumer.
38. The method of claim 2, further comprising verifying the
integrity of an integrity authenticator associated with the
AIP.
39. The method of claim 1, further comprising establishing a tamper
resistant environment associated with the one or more applications,
systems or system components.
40. The method of claim 2, further comprising verifying the
AIP.
41. The method of claim 2, further comprising loading a valid
AIP.
42. The method of claim 38, wherein the verifying step comprises
establishing that the integrity authenticator is not being at least
one of monitored, controlled or recorded.
43. The method of claim 1, wherein said method is implemented as
one or more computer readable instructions embedded on a computer
readable medium and configured to cause one or more computer
processors to perform the steps recited in the method.
44. The method of claim 1, wherein said method is implemented as
one or more computer software and/or hardware devices configured to
perform the steps recited in the method.
45. A system for integrity certification and verification in a
computer environment based on characteristics and behaviors of one
or more applications, systems or system components as compared with
a profile of characteristics and behaviors, the system comprising:
means for determining a behavior integrity profile (BIP) specifying
characteristics and behaviors of one or more applications, systems
or system components; means for determining based on the BIP
whether or not characteristics and behaviors of one or more
applications, systems or system components are compliant with
characteristics and behaviors defined in a behavior integrity
profile specification; and means for determining access rights to
the one or more applications, systems or system components based on
the determining of the compliance.
46. The system of claim 45, further comprising: means for
determining an application integrity profile (AIP); means for
determining, based on the AIP, authenticity of the one or more
applications, systems or system components; and means for
determining the access rights based on the authenticity
determination.
47. The system of claim 46, further comprising means for utilizing
one or more application integrity profiles and one or more behavior
integrity profiles in a conjunctive manor.
48. The system of claim 46, further comprising an integrity
certification and verification device, the integrity certification
and verification device having access to the application integrity
profile for determining the authentication information about one or
more applications, systems or system components.
49. The system of claim 45, further comprising a component
registration device for determining BIP compliance status by
verifying the characteristics and behaviors of the one or more
applications, systems or system components against the BIP
specification.
50. The system of claim 46, wherein the BIP includes at least one
of a BIP identification, identification of registered applications,
systems or system components, and compliance status.
51. The system of claim 6, further comprising a profile database
for maintaining a BIP with a BIP identification, and an
identification of registered applications, systems or system
components.
52. The system of claim 45, further comprising a profile
verification device for verifying proof of BIP compliance by
checking compliance status of the applications, systems or system
components to which the BIP has been issued.
53. The system of claim 45, further comprising a registration
application device for obtaining the authentication information
about the one or more applications, systems or system components
from an application, system or system component provider.
54. The system of claim 50, further comprising means for using the
BIP identification in conjunction with distributed information.
55. The system of claim 45, further comprising a content provider
for distributing content information associated with the BIP.
56. The system of claim 45, further comprising an application,
system or system component provider.
57. The system of claim 54, further comprising a profile
verification device, wherein when the BIP identification is used in
conjunction with the distributed information, if the profile
verification device determines that the one or more applications,
systems or system components are not authentic or are not compliant
with the BIP specification, access to content associated with the
one or more applications, systems or system components is
denied.
58. The system of claim 45, further comprising a BIP creation
device for building the BIP by deriving compliance status and
application identification information corresponding to the one or
more applications, systems or system components from a component
database.
59. The system of claim 45, further comprising: means for assessing
the BIP for allowing the determination of whether or not the
characteristics and behaviors of the one or more applications,
systems or system components are compliant with the characteristics
defined in the BIP specification; and means for determining the
access rights based on the assessment.
60. The system of claim 59, further comprising means for verifying
the BIP compliance status of the one or more applications, systems
or system components.
61. The system of claim 59, wherein the access rights include
rights for at least one of allowing or denying access to content
associated with the one or more applications, systems or system
components.
62. The system of claim 59, further comprising means for obtaining
authentication information about at least one of the one or more
applications, systems or system components.
63. The system of claim 45, further comprising means for digitally
signing the BIP.
64. The system of claim 63, further comprising means for forwarding
the digitally signed BIP to a system of a consumer.
65. The system of claim 45, further comprising means for verifying
the integrity of an integrity authenticator associated with the one
or more applications, systems or system components.
66. The system of claim 46, further comprising: an integrity
certification and verification device having access to
authentication information about the one or more applications,
systems or system components; and means for providing the AIP used
to determine the authenticity of the one or more applications,
systems or system components.
67. The system of claim 66, further comprising a component
registration device for determining the AIP from the authentication
information, the AIP including at least one of verifiable
information and an identification of registered applications,
systems or system components.
68. The system of claim 66, further comprising a profile database
for maintaining the AIP and an identification of registered
applications, systems or system components.
69. The system of claim 66, further comprising a profile
verification device for verifying authenticity by comparing one or
more of application, system or system component identifications,
the one or more applications, systems or system components, the
AIP, and/or an AIP identification.
70. The system of claim 66, further comprising a registration
application device for obtaining the authentication information
about the one or more applications, systems or system components
from an application, system or system component provider.
71. The system of claim 66, wherein the AIP comprises an
identification of the one or more applications, systems or system
components that can be used in conjunction with distributed
information.
72. The system of claim 66, further comprising a content provider
for distributing content information associated with the one or
more applications, systems or system components.
73. The system of claim 66, further comprising an application,
system or system component provider.
74. The system of claim 66, further comprising a profile
verification device, wherein if the profile verification device
determines that the one or more applications, systems or system
components are not authentic, access to one or more documents
associated with the one or more applications, systems or system
components is denied.
75. The system of claim 66, further comprising a profile creation
device for determining the AIP based on verifiable information
about the one or more applications, systems or system
components.
76. The system of claim 46, further comprising means for certifying
the AIP.
77. The system of claim 46, further comprising means for verifying
the authenticity of one or more applications, systems or system
components.
78. The system of claim 46, wherein the access rights include
rights for at least one of allowing or denying access to content
associated with the one or more applications, systems or system
components.
79. The system of claim 46, further comprising means for obtaining
authentication information about the at least one application,
system or system component.
80. The system of claim 46, further comprising means for digitally
signing the AIP.
81. The system of claim 80, further comprising means for forwarding
the digitally signed integrity profile to a system of a
consumer.
82. The system of claim 46, further comprising means for verifying
the integrity of an integrity authenticator associated with the
AIP.
83. The system of claim 45, further comprising means for
establishing a tamper resistant environment associated with the one
or more applications, systems or system components.
84. The system of claim 46, further comprising means for verifying
the AIP.
85. The system of claim 46, further comprising means for loading a
valid AIP.
86. The system of claim 82, wherein the means for verifying
comprises means for establishing that the integrity authenticator
is not being at least one of monitored, controlled or recorded.
87. The system of claim 45, wherein said system is implemented as
one or more computer software and/or hardware devices.
Description
RELATED DOCUMENT INFORMATION
[0001] This application is a continuation-in-part application of
co-pending U.S. patent application Ser. No. 09/649,838 of TA et
al., entitled "Systems and Methods for Integrity Certification and
Verification of Content Consumption Environments" filed on Aug. 28,
2000, now allowed, the entire disclosure of which is hereby
incorporated by reference herein.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] This invention relates to integrity certification and
verification. In particular, this invention relates to use of
profiles including application integrity profiles (AIP) and
behavior integrity profiles (BIP).
[0004] 2. Discussion of the Background
[0005] One of the most important issues to enable the widespread
distribution and other use of digital documents and electronic
services via electronic commerce is the need for protection of the
intellectual property rights of content owners and providers.
Efforts to address this issue have been termed Intellectual
Property Rights Management (IPRM), Digital Property Rights
Management (DPRM), Intellectual Property Management (IPM), Digital
Rights Management (DRM), Rights Management (RM) and Electronic
Copyright Management (ECM).
[0006] However, there is a need by content providers to have their
content be consumed by certified applications and systems that have
a desired characteristic and/or behavior. There also is a need by
providers of applications, services and computing systems to have
their applications, services and systems be accessed or used only
by applications and systems that have a desired characteristic
and/or behavior.
[0007] The direct use of a public key infrastructure (PKI) makes it
possible for application and system providers to certify their own
products and makes it possible for providers of content and
services to verify the integrity of the applications and systems
that are used to consume their content and services. However, the
direct use of PKI creates a many-to-many relationship between the
vendors and the providers, which among other problems does not
scale well. Accordingly, there is a need for a method and system
for managing such relationships and for conducting efficient and
real-time or near real-time integrity verification.
SUMMARY OF THE INVENTION
[0008] Therefore, there is a need for a method and system that
addresses the above and other needs and problems. The above and
other needs and problems are addressed by the exemplary embodiments
of the present invention, which provide a method and system for
integrity certification and verification.
[0009] Accordingly, in exemplary aspects of the present invention,
a method and system for integrity certification and verification in
a computer environment based on characteristics and behaviors of
one or more applications, systems or system components as compared
with a profile of characteristics and behaviors are provided. The
exemplary method and system can include determining a behavior
integrity profile (BIP) specifying characteristics and behaviors of
one or more applications, systems or system components; determining
based on the BIP whether or not characteristics and behaviors of
one or more applications, systems or system components are
compliant with characteristics and behaviors defined in a behavior
integrity profile specification; and determining access rights to
the one or more applications, systems or system components based on
the step of determining the compliance.
[0010] Still other aspects, features, and advantages of the present
invention are readily apparent from the following detailed
description, simply by illustrating a number of exemplary
embodiments and implementations, including the best mode
contemplated for carrying out the present invention. The present
invention also is capable of other and different embodiments, and
its several details can be modified in various respects, all
without departing from the spirit and scope of the present
invention. Accordingly, the drawings and descriptions are to be
regarded as illustrative in nature, and not as restrictive.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] The embodiments of the present invention are illustrated by
way of example, and not by way of limitation, in the figures of the
accompanying drawings and in which like reference numerals refer to
similar elements and in which:
[0012] FIG. 1A is a functional overview illustrating an exemplary
embodiment of the integrity certification and verification system
according to this invention;
[0013] FIG. 1B is a functional overview illustrating an exemplary
embodiment of an integrity certification and verification system
that uses BIP(s) in conjunction with an AIP according to this
invention;
[0014] FIG. 1C is a functional overview illustrating an exemplary
embodiment of an integrity certification and verification system
that uses BIP(s) according to this invention;
[0015] FIG. 2 is a functional block diagram illustrating an
exemplary embodiment of the integrity certification and
verification system according to this invention;
[0016] FIG. 3 is a workflow diagram of an exemplary integrity
certification and verification device according to this
invention;
[0017] FIG. 4A illustrates an exemplary structure of an integrity
profile according to this invention;
[0018] FIG. 4B illustrates an exemplary structure of a BIP
according to this invention;
[0019] FIG. 5 illustrates an exemplary environment stack according
to this invention;
[0020] FIG. 6 illustrates another exemplary environment stack
according to this invention;
[0021] FIG. 7 illustrates an exemplary workflow of the exemplary
environment stack according to this invention;
[0022] FIG. 8 another exemplary workflow of the exemplary
environment stack according to this invention;
[0023] FIG. 9 illustrates an exemplary method of manipulating the
environment stack according to this invention;
[0024] FIG. 10 illustrates an exemplary method of preventing
dynamic tampering through the use of debugging according to this
invention;
[0025] FIG. 11A is a flowchart outlining an exemplary embodiment of
a method for integrity certification and verification according to
this invention;
[0026] FIG. 11B is a flowchart outlining an exemplary embodiment of
a method for integrity certification and verification that uses
BIP(s) in conjunction with an AIP according to this invention;
[0027] FIG. 11C is a flowchart outlining an exemplary embodiment of
a method for integrity certification and verification that uses
BIP(s) according to this invention;
[0028] FIG. 12 is a flowchart outlining an exemplary embodiment of
a method for registering applications and/or systems according to
this invention;
[0029] FIG. 13 is a flowchart outlining an exemplary embodiment of
a method for determining an integrity profile according to this
invention; and
[0030] FIG. 14 is a flowchart outlining an exemplary embodiment of
a method for verifying the integrity of an integrity authenticator
according to this invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0031] The present invention includes recognition that providers
often want to have their content and services consumed by certified
applications and systems that have desired characteristics and
behaviors. By controlling these aspects of the consumption
environment, the content provider, for example, can restrict usage,
such as copying, printing, embedding, distribution, and the
like.
[0032] For example, a content or service provider may want to
protect content against misuse by demanding that the system that
consumes it be of a certain level of security and rights management
capability. The content provider may also want to assure that no
"alien" application, e.g., a debugger, virus, interception routine,
and the like, interacts with the content consumption application on
the user system and which may confiscate or otherwise "steal"
content or other sensitive information. For example, U.S. patent
application Ser. No. 09/649,841 of Raley, entitled "Document
Distribution Management Method and Apparatus Using a Standard
Rendering Engine and a Method and Apparatus for Controlling a
Standard Rendering Engine" filed on Aug. 28, 2000, incorporated
herein by reference in its entirety, allows the management of the
functionality of a user system to restrict a user's access to and
over a document. These considerations similarly apply for providers
of applications, services and computing systems and for whom the
content being consumed is their service, application or system.
[0033] In order to certify that given applications and systems have
desired characteristics and behaviors, a verification of all
suitable applications and system components needed to consume
content, access a service or in any other suitable way interact
with other systems, applications and components need be confirmed
by a verification application. The verification application
verifies the application and system components using one or more
integrity profiles that can be of the same or different types.
Furthermore, two or more integrity profiles of the same or of
different types can be used conjunctively or disjunctively.
[0034] An integrity profile can be of various types. In an
exemplary embodiment, integrity profiles can include an application
integrity profile (AIP), a behavior integrity profile (BIP), and
the like. An application integrity profile can include verifiable
information and characteristics specific to an application. Thus,
an AIP can be tied to a specific application. A behavior integrity
profile can include information indicating whether or not an
application's behaviors are compliant with those specified in a BIP
specification. Advantageously, a BIP can include a BIP
identification that designates a BIP specification that specifies a
set of behaviors and/or consumption terms and conditions by which
all suitable compliant applications abide. For example, a BIP
specification can specify that all suitable applications compliant
with the BIP are play-only applications that are permitted to play,
but not to perform other actions. In addition to a function or
action, further exemplary embodiments provide other types of BIPs,
for example, based on geography, locale, time, performance, service
level, other suitable criteria, and the like, to verify
applications, systems, devices, components, and the like.
[0035] The exemplary embodiments include systems and methods that
provide certification and verification services for computer
environments. Within such an exemplary system, an integrity
certification and verification device that provides these services
can be introduced between a content or service provider and a
system, application, and the like, provider. This certification
device can register individual applications and/or systems from
their respective providers, and can certify the integrity of these
applications and/or systems according to a predetermined selection.
Through the use of this service, a user can "trust" an integrity
certification and verification device. With this trust, the
provider establishes a profile of a set of applications and systems
that are allowed to consume its content and services, and verifies
on the user system(s), according to the profile, that the user's
set of applications and systems are authentic.
[0036] Advantageously, the exemplary embodiments include
provisioning of certification and verification services for the
integrity of content, such as documents, other content, and the
like, consumption environments. Within such an exemplary system, an
integrity certification and verification device that provides these
services is introduced between content providers and content
consumption system and application providers who may distribute,
for example, personal computers, handheld computers, PDAs,
multimedia display devices, DVD players, distributed network
enabled phones, and applications, such as word processors, content
viewers, multimedia players, and the like. The integrity
certification and verification device registers individual
applications and/or systems from the content consumption
system/application providers, and certifies sets of these
applications and systems to content providers. By using this
service, a content provider can select or trust, the integrity
certification and verification device, establish a profile of a set
of applications and systems that are allowed to consume its
content, and verify on a user system, according to the profile,
that the set of applications and systems on the user system are
authentic. In this manner, the extent of access to or control over,
the content requested or submitted, by the user can be controlled
and determined.
[0037] The exemplary embodiments include certification and
verification services using BIP(s). In one exemplary embodiment,
the integrity certification and verification device registers and
certifies individual applications and/or systems from the content
and services consumption system/application providers, verifies
that the applications' behaviors comply with a BIP specification,
and provides proof of compliance status. The consumer can use any
suitable content or service consumption system or application to
consume the content or service that complies with some BIP mandated
by the provider. In this manner, use of the content or service can
be controlled without limiting consumption to a particular
application or system. Similarly, the consumer can use any suitable
computing system or application to interact with another system or
application that complies with some BIP.
[0038] For added security, the verification of the application,
system, and the like, can be performed using a BIP in conjunction
with an AIP. In an exemplary embodiment, an integrity certification
and verification device registers and certifies individual
applications and/or systems from the content and service
consumption system/application providers, verifies that the
applications are authentic according to the integrity profile
associated with the applications and system components, verifies
that the applications' behaviors comply with a BIP specification,
and provides proof of such compliance.
[0039] A document, as the term is used herein, can include any
suitable unit of information subject to distribution or transfer,
including, correspondence, books, magazines, journals, newspapers,
other papers, software, plug-ins, photographs and other images,
audio and video clips, multimedia presentations, and the like. A
document can be embodied in printed form on paper, as digital data
on a storage medium or in any suitable other known or later
developed variety of media or software, including compact discs
(CDs), digital video discs (DVD), laser discs, magneto and
magneto-optic media, and the like. Consumption and consume, as the
terms are used herein, can encompass any suitable form of action,
including usage of content and services or accessing or otherwise
interacting with computer systems, including accessing, rendering,
editing, manipulating, executing, copying, storing, transferring,
issuing, obtaining, distributing, and the like. Content, as the
term is used herein, can encompass any suitable thing that can be
referred to by a noun, such as an entity, a resource, a quality, an
event, a state, a concept, a substance, and the like. Exemplary
resources can include documents, multimedia files, web or other
services, names, email addresses, and the like.
[0040] The systems and methods of the exemplary embodiments provide
for integrity certification and verification services. The
exemplary embodiments can separately provide systems and methods
for integrity certification and verification services for content
consumption system environments. The exemplary embodiments also can
provide systems and methods for certification and verification of
standardized behaviors of systems and applications. The exemplary
embodiments also separately can provide a system and method for
determining an integrity profile. The exemplary embodiments
additionally can provide a system and method for verifying the
integrity of one or more system environments. The exemplary
embodiments also can provide a system and method for managing
integrity profiles, system and system component information. The
exemplary embodiments additionally can provide a system and method
that performs an integrity check on a user system through the use
of an integrity profile. The exemplary embodiments additionally can
provide a system and method that performs a compliance check on a
user system through the use of a BIP.
[0041] In an exemplary embodiment, a content provider, such as a
content publisher or distributor, and the like, for providing
content, such as for consumption by a user, system, device, and the
like, can initiate a request for an integrity profile. This request
for the integrity profile is forwarded to an integrity
certification and verification device. The integrity certification
and verification device can, if an integrity profile does not
already exist for the requested applications and systems
components, query a content consumption system/application provider
that has supplied various system components and/or applications to
users. The content consumption system/application provider returns
to the integrity certification and verification device
authentication information about the particular applications or
system components. The integrity certification and verification
device having access to authentication information can make a
comparison or integrity verification between an application or
system component on a user's system, and the original application
or system component as distributed by the content consumption
system/application provider.
[0042] The authentication information for system applications and
components can be stored in a component database. The profiles for
content providers can be stored in a profile database.
Alternatively, the content consumption system/application provider
can maintain a database of authentication information that can be
forwarded directly to the respective database of the integrity
certification and verification device, without the need for the
integrity verification and certification device to determine the
integrity profile. An integrity profile identification,
corresponding to the determined integrity profile, is then returned
to the content provider.
[0043] A content provider, such as a content distributor, and the
like, provides, for example, protected content to a user. The
content provider forwards to the user a protected version of the
digital content that includes, for example, a license agreement and
an integrity profile identification. The integrity profile
identification includes, for example, the applications and system
components that are allowed to be used in conjunction with the
protected content, and the identification of the integrity profile
for those systems, applications, and the like.
[0044] Having the authentication information from the content
consumption system/application provider, the integrity
certification and verification device forwards, for example, at the
request of the user system, an integrity profile to the user
system. With this integrity profile, an integrity verification of
the user's system can be performed. If it is determined that the
components/applications of the user's system are authentic, the
digital content provided by the content provider can then be
accessed by the user's applications and systems in accordance with,
for example, the additional profile information.
[0045] Advantageously, the content provider can associate one or
more BIP identifications with the digital content. For example, a
music content provider who wants its music content consumed by
play-only and copy-once-only devices can associate both play-only
and copy-once-only BIP identifications with the content. An AIP
identification is not associated with the protected content, but
can be embedded into or associated with the applications and system
components by the system/application provider. For example, where
the content provider is providing a service, it may want a customer
to be able to consume the service only if a secure browser is being
used.
[0046] Using the BIP identification, the integrity certification
and verification device retrieves proof of BIP compliance from its
profile verification device. Using the AIP identification, the
integrity certification and verification device retrieves the
integrity profile and forwards it to the user system. With this
integrity profile, an integrity verification of the user's system
can be performed to ensure that the components/applications of the
user's system have not been tampered with. If it is determined that
the components/applications of the user's system are authentic and
proof of BIP compliance exists, the digital content provided by the
content provider can be consumed by the user's applications and
systems. Similarly, a service can be consumed or an application or
computing resource accessed, if it is determined that
components/applications are authentic and proof of BIP compliance
exists.
[0047] However, it is to be appreciated that the request for an
integrity certification need not originate with the content
provider. For example, the certification request can be initiated
by a software application embedded in the profile identification
information that is forwarded with the protected content from the
content provider to the user's system.
[0048] In further exemplary embodiments, the content provider can
also serve as the integrity verification and certification system.
For example, the content provider can conduct the integrity
certification and verification service itself by gathering the
appropriate authentication information and determining an integrity
profile for the content provider's own use.
[0049] In further exemplary embodiments, the content or service
consumption application/system provider can also act as the
integrity certification and verification device. For example, the
content or service consumption application/system provider can also
supply an integrity profile together with the associated
application and/or system component.
[0050] The systems and methods of the exemplary embodiments provide
certification and verification services to determine the integrity
of an environment for the consumption of digital content and
services and use or other interaction with computing systems. For
example, an exemplary system is provided for consumption of content
and services, including consumer media, such as audio, video,
on-line services, and the like. The exemplary system for
consumption of content can include an integrity certification and
verification device introduced between one or more content
providers, and one or more content consumption systems and
application providers. The integrity certification and verification
device obtains authentication information from the content
consumption application and/or system providers. This
authentication information allows a content provider to trust the
environment to which content will be provided. Thus, based on the
authentication information received from the content consumption
application and system provider, an integrity profile is
established. This profile is then forwarded to the user system to
confirm that the user has not altered, modified or does not
potentially interfere in an unauthorized manner with the digital
content provided by the content provider.
[0051] Referring now to the drawings, wherein like reference
numerals designate identical or corresponding parts throughout the
several views and more particularly to FIG. 1A thereof, there is
illustrated an exemplary system 100 for performing integrity
certification and verification. In an exemplary embodiment, the
integrity certification and verification system 100 can include an
integrity certification and verification device 200, a content
provider and/or distributor 300, a user system 400, a content
consumption system/application provider 500, a component database
260, a profile database 270, and the like.
[0052] In an exemplary operating environment, the content
consumption system/application provider 500 provides applications,
systems and/or software/hardware components to a user. The user
system 400 allows consumption of digital content, such as
documents, that are supplied by the content provider and
distributor 300. In order to verify the integrity of the user
system 400, the integrity certification and verification device 200
collects and registers authentication information about the
individual applications, systems and/or software/hardware
components from the content consumption system/application provider
500. With this authentication information, the integrity
certification and verification device 200 determines and certifies
an integrity profile of one or more applications, systems and/or
system components based on a service request 20 from the content
provider 300. This determined integrity profile 50 is then
forwarded to the user system 400 so that the integrity of the user
system 400 can be determined.
[0053] In operation, a content provider and distributor 300
provides digital content, such as a document, and the like, to a
user system 400. The user system 400 can include one or more system
components, such as hardware components and/or various software
applications, and the like. These applications and
hardware/software components are usually obtained by the user from
one or more content consumption system/application providers, such
as a computer supplier, a software warehouse, an application
provider, and the like. These applications and hardware and
software components are then assembled, if not already done so or
installed, as appropriate, by the user in order to allow the user
to consume content, such as documents, and the like.
[0054] Accordingly, during the course of use of the applications
and hardware/software of the user environment, the user may want to
view protected content, such as a document. Thus, the user 400 can
request from the content provider 300 one or more pieces of
content, such as an electronic book, a multimedia file, a
presentation, a form template, and the like. Upon receiving this
request, the content provider and distributor 300 can provide the
requested content in protected form with a profile identification
10 to the end user 400. This profile identification 10 includes,
for example, specifics as to in which applications the protected
content can be viewed, and for example, the extent to which the
provided content can be manipulated within the particular
software/hardware environment.
[0055] Additionally, the content provider 300 can forward a service
request 20 to an integrity certification and verification device
200. The service request 20 includes, for example, a list of
components and/or software applications on which the content
provider 300 wishes to allow the user system 400 to consume the
distributed protected content. The integrity certification and
verification device 200 determines if the components and
applications/software identified in the service request have
corresponding authentication information stored in the component
database 260 and/or the profile database 270. If the integrity
certification and verification device does not have access to the
authentication information specified in the service request 20, the
integrity certification and verification device 200 can request
from one or more content consumption system/application providers
500, authentication information about a particular application,
system, hardware/software component, and the like. Having access to
this authentication information, the integrity certification and
verification device 200 stores information pertaining to the
application and system components in the component database 260. In
a further exemplary embodiment, the integrity certification and
verification device 200 can develop an integrity profile for one or
more applications. With this information, which confirms the
authenticity of applications, systems and system components, the
integrity certification and verification device 200 forwards an
integrity profile 50 to the user system 400. This integrity profile
50 is used to confirm the authenticity of systems, system
components and/or applications of the user system 400. If it is
determined if the user's system components and/or applications are
authentic, the protected content 10 is made to be unprotected so
that the user system 400 can view or otherwise manipulate, and the
like, the protected content in accordance with the integrity
profile.
[0056] FIG. 1B illustrates another exemplary system for performing
integrity certification and verification that employs BIP
verification in conjunction with AIP verification. Similar to the
exemplary system depicted by FIG. 1A, the user system 400 receives
from the content provider 300 one or more pieces of content, such
as an electronic book, a multimedia file, a presentation, a form
template, and the like. The content provider and distributor 300
can provide the content in protected form with one or more BIP
identifications, an optional BIP conjunctive verification flag, and
optionally a usage license to the end user system 400. The BIP
identification designates a specific BIP specification that
specifies a well known set of behaviors or terms and conditions to
which the user system 400 complies with in order to consume the
protected content. The BIP conjunctive verification flag indicates
whether or not to verify BIP compliance conjunctively when multiple
BIP identifications are specified. If a BIP conjunctive
verification flag is not explicitly specified, the integrity
certification and verification device can default its verification
to verify non-conjunctively. For example, if the content provider
and distributor 300 specified both a play-only BIP identification
and a transfer-once-only BIP identification with the protected
content and the BIP conjunctive verification flag is specified,
then only systems, applications, and the like, that are compliant
with both play-only BIP and transfer-once-only BIP can consume the
protected content. On the other hand, if the BIP conjunctive
verification flag is not specified, then systems, applications, and
the like, that are compliant with either play-only BIP or
transfer-once-only BIP or with both BIPs can consume the protected
content. In another exemplary system, the user system 400 receives
from the content provider 300 one or more BIP identifications, an
optional BIP conjunctive verification flag, and an optional usage
license, without receiving content directly from the content
provider 300. Under this scenario, the content may exist in the
user system 400, referenced by the optional usage licenses or
implied or referenced by other means. In yet another example,
"content" can include any suitable content, service, computing
environment, and the like, accessible by the user system 300.
[0057] Before the user system 400 can consume the protected
content, the integrity certification and verification device 200
verifies the integrity of the applications/systems to make sure
that they are authentic and their behaviors comply with the BIP
specification(s). If it is determined that the user's system
components and/or applications satisfy both criteria, the protected
content 10 is made to be unprotected so that the user system 400
can consume the protected content in accordance with the BIP
specification(s). Advantageously, by certifying applications and
systems based on their desired characteristics and behaviors, the
same protected content can be consumed by existing certified
applications and systems, as well as by applications and systems
that have yet to be developed and certified or by existing
applications and systems when they are certified in the future.
[0058] In order to verify the integrity of the user system 400, the
integrity certification and verification device 200 collects and
registers authentication information about the individual
applications, systems, and/or software/hardware components from the
content consumption system/application provider 500. With this
authentication information, the integrity certification and
verification device 200 determines and certifies an integrity
profile of one or more applications, systems, and/or system
components. Then, the AIP 50 is forwarded to the user system 400 so
that the integrity of the user system 400 can be determined. Once
the integrity of the system has been confirmed and it has been
determined that the system hasn't been tampered with, the integrity
certification and verification device 200 ensures that the
applications are compliant with the BIP specification(s) by
verifying that proof exists that the applications are indeed
compliant with the BIP specification(s) identified by the BIP
identifier(s). The integrity certification and verification device
200 obtains the BIP identifier(s) specified in the protected
content 10, constructs the application identification information
based on information from the AIP, and uses this information to
obtain proof of BIP compliance. The integrity certification and
verification device 200 can dynamically obtain proof of BIP
compliance by invoking its profile verification device to retrieve
the compliance status associated with the BIP identifier and
application identification information. When both the integrity of
the system and the behaviors of the system have been verified
successfully using the corresponding AIP and BIP(s), the user
system 400 is allowed to consume the protected content.
[0059] FIG. 1C illustrates yet another exemplary system for
performing integrity certification and verification that need only
employ BIP verification. In this embodiment, before the user system
400 can consume the protected content, the integrity certification
and verification device 200 verifies the integrity of the
applications/systems to make sure that their behaviors comply with
the BIP specification(s). If it is determined that the user's
system components and/or applications comply with the BIP
specification(s), the protected content 10 is made to be
unprotected so that the user system 400 can consume the protected
content in accordance with the BIP specification(s). The advantage
of this approach is faster performance, because AIP verification
steps need not be performed. However, even when proof(s) of BIP
compliance exist for user system 400, there is no guarantee that
user system 400 has been free from tampering. For certain
applications, such as in a closed system, application integrity
verification need not be employed.
[0060] According to FIG. 1C, the integrity certification and
verification device 200 ensures that the applications are compliant
with the BIP specification(s) by verifying that proof exists that
the applications are indeed compliant with the BIP specification(s)
identified by the BIP identifier(s). The integrity certification
and verification device 200 obtains the BIP identifier(s) specified
in the protected content 10, constructs the application
identification information based on information from the user
system 400, and uses this information to obtain proof of BIP
compliance. The integrity certification and verification device 200
can dynamically obtain proof of BIP compliance by invoking its
profile verification device to retrieve compliance status
associating with the BIP identifier and application identification
information. When the behaviors of the application have been
verified successfully using the BIP(s), the user system 400 is
allowed to access or otherwise consume the protected content.
[0061] To ensure that the applications, systems, and/or
software/hardware components comply with the BIP, the integrity
certification and verification device 200 can perform rigorous
verification at the functional and/or system levels to verify that
the behaviors of the applications/systems are compliant with the
specification(s) in the BIP.
[0062] At the functional level, the verification process can ensure
that all suitable functions provided by the applications/systems
operate within the boundary defined by the BIP specification. The
verification process at the functional level can utilize automated
and/or manual tests aimed at exercising the features. For example,
given a play-only BIP, the verification processes can make sure
that the applications/systems provide play-only features, such as
displaying content to the user, and the like. Accordingly, features
provided by applications/systems that violate the play-only
behavior, such as editing, copying, and the like, would result in
the applications/systems being deemed non-compliant.
[0063] At the system level, the verification process can ensure
that the applications/systems do not have intended or unintended
effects that violate the BIP. For example, an application/system
may have unintended effects by using temporary files to cache
content in the clear, by writing large amounts of clear content to
memory and then transferring it to a swap file, by writing clear
content information to the registry or to an environment variable,
and the like. Accordingly, verification processes at the system
level can utilize low level monitoring software to detect file I/O,
network I/O, memory tracking and other effects for determining BIP
compliance.
[0064] Functional and system verifications can be performed when
the system/application provider 500 registers its
application/system for certification. Verifications can be, but
need be, carried out by the component registration device
sub-component of the integrity certification and verification
device. Once the component registration device determines the
compliance status of the applications/systems in association with
the BIP, the component registration device records the status along
with detailed identification information about the
applications/systems to a component database. Examples of the type
of identification information needed to accurately identify an
application/system can include the application/system product name
or unique identification number and/or the full version number, and
the like. Using the identification information of the
applications/systems and the BIP identification, the profile
verification device can retrieve the compliance status in response
to a verification request from the integrity certification and
verification device. As will be appreciated, the above-described
exemplary BIP certification model can be varied as needed. As will
be further appreciated, the exemplary verification model can be
varied as needed for other than a content consumption
environment.
[0065] In general, a BIP specification can be created by
organizations, such as standards bodies, trade groups, government
bodies, and the like, and can be adopted by vendors in the
industry, and the like. Each BIP specification describes a set of
application behaviors or features, security requirements, and
detailed information about what vendors can do to make their
systems, applications, and the like, comply with the profile.
Advantageously, each BIP specification can have a unique BIP
identification associated with it.
[0066] FIG. 2 illustrates an exemplary overview of the components
of an integrity certification and verification environment 100. In
FIG. 2, the integrity certification and verification environment
100 can include one or more content providers 300, one or more user
systems 400, one or more integrity certification and verification
devices 200, one or more content consumption system/application
providers 500, and the like.
[0067] The content provider 300 can include a controller 310, a
memory 320, an I/O controller 330, a content database 340, and the
like. In a further exemplary embodiment, the content provider 300
can also distribute content in a more traditional manner. For
example, the content provider 300 can distribute a compact disk,
and the like, including the content. The compact disk can be
delivered, for example, through a postal service, and the like, to
a user. In general, any suitable type of distribution and
dissemination process can be employed equally well with the systems
and methods of the exemplary embodiments.
[0068] The integrity certification and verification device 200 can
include a controller 210, a memory 220, an I/O controller 230, a
digital signature device 240, a component registration device 250,
a component database 260, a profile database 270, a profile
creation device 280, a profile distribution device 290, a profile
verification device 295, and the like. The integrity certification
and verification device 200 can provide a component registration
service, a behavior integrity profile (BIP) certification service,
an integrity profile service, and the like. The registration
service allows registration of applications, systems, and/or
software/hardware components from their respective providers as
authentic ones, with intended characteristics, purposes and/or
behaviors.
[0069] A BIP certification service is provided to certify that the
systems, applications, and the like, are compliant with a BIP and
to provide proof of BIP compliance status. During registration of
the system/application, the integrity certification and
verification device 200 uses the component registration device 250
to execute system monitoring processes and verification test cases
stored in the profile database 270 to determine the BIP compliance
status of the system/application registered in the component
database 260. Upon successfully certifying the system/application,
the BIP certification service creates, issues, and associates a BIP
with the system/application being certified. The compliance status
along with the applications/systems identification information are
recorded and stored in the component database 260. As part of BIP
certification service, the profile verification device 295 provides
proof of compliance by retrieving compliance status associated with
some applications/systems identification information.
[0070] In an exemplary embodiment, the BIP certification service
can be implemented using components of the integrity certification
and verification device 200. Alternatively, the BIP certification
service can be implemented as a separate BIP certification service
provider. In such a case, the content consumption
system/application provider 500 can register its applications for
BIP certification directly with the BIP certification service
provider. Subsequently, during verification of the application, the
integrity certification and verification device 200 can dynamically
obtain proof of BIP compliance by sending the BIP identifier and
application information to an online BIP certification service
provider.
[0071] An integrity profile service can be provided to a user to
build and retrieve integrity profiles. An integrity profile can be
in the form of a document, and the like, which is optionally
digitally signed, and that can include verifiable information and a
set of registered system components that are to consume the
contents of protected documents. Once the integrity profile is
created, the integrity profile's identification is returned to the
user. The content provider can include the integrity profile
identification and advantageously can optionally provide a usage
license with the protected documents. When the content of the
protected document is consumed and there is a need to conduct a
local integrity verification of the system and environment of the
user, the integrity profile can be retrieved from the integrity
certification and verification device 200 for the user system.
[0072] The user system 400 can include a controller 410, a memory
420, an I/O controller 430, a storage device 440, an integrity
authentication device 450, a profile storage device 460, and the
like. Accordingly, it is to be appreciated that such exemplary user
system is based on a model of a computer. However, it is to be
further appreciated that the components of the exemplary user
system can be changed depending on, for example, the type of
content or service being consumed, the type of computing
environment being accessed, the type of activity being engaged in,
and the like, according to further exemplary embodiments. In
general, any suitable user system having one or more portions
thereof whose integrity can be verified can be employed equally
well with the systems and methods of the exemplary embodiments.
[0073] The system/application provider 500 can include a controller
510, a memory 520, an I/O controller 530, a registration
application device 540, an application database 550, a system
database 560, and the like. However, similar to the content
provider 300, the system/application provider can have several
different forms depending on the type of system and/or application
the system/application provider supplies, according to further
exemplary embodiments. For example, if the system/application
provider 500 supplies a specific hardware component, the
system/application provider 500 need not maintain application and
system databases. In a further exemplary embodiment, the
system/device component supplier can send, for example, on a disk,
and the like, authentication information directly to the integrity
certification and verification device 200.
[0074] In another exemplary embodiment, the system/application
provider 500 can coordinate efforts with the content provider 300
to facilitate determination of an integrity profile. In general,
the system/application provider can include any suitable entity
that is capable of supplying hardware or software and
authentication information about the same.
[0075] In the exemplary embodiments, the system/application
provider 500 can include various system components. However, it is
to be appreciated that the system/application provider 500 can
include a computer distributor, a software developer, a software
provider, a software distributor, and the like, according to
further exemplary embodiments. Thus, the system/application
provider 500 is capable of supplying devices and/or software that
allows for the consumption of content that is provided by the
content provider 300.
[0076] The various components of the integrity certification and
verification environment 100 are capable of communication there
between, via link 5, which can be a wired or wireless link or any
other suitable known or later-developed element(s) that is capable
of supplying electronic data to and from the connected elements.
For example, the link 5 can include one or more distributed
networks, which can in turn be connected to one or more additional
integrity certification and verification environments 100 or
alternatively to multiple instances of any one or more of the
content providers 300, user systems 400, content consumption
system/application providers 500, integrity certification and
verification devices 200, and the like.
[0077] In an exemplary operating environment, the content
consumption system/application provider 500 supplies applications,
software and/or hardware to a user. These applications, software
and/or hardware are used by a user to consume content, such as
viewing documents, and the like.
[0078] The content provider 300, for example, at the request of a
user located at the user system 400, distributes content, such as a
document, and the like, to the user system 400. In an exemplary
embodiment, a request can be received by the content provider 300
from the user system 400. This request, which can be received
through the I/O controller 330, is processed by the controller 310
in cooperation with memory 320 to retrieve the requested content
from the content database 340. In an exemplary embodiment, the
content provider 300 can include an on-line content provider, a
book store, a software provider, any other suitable content
provider, and the like, that wishes to provide content, such as a
document, and the like, to a user, and the like.
[0079] Upon receiving a content request from the user system 400,
the content provider 300 returns to the user system the requested
content, as well as additional information, such as a profile
identification, and the like, associated with the protected
content. In a further exemplary embodiment, the additional
information can include information instructing the user system to
request a profile, and hence an integrity certification, and the
like, before enabling of the content. The additional information
also can include information to identify which system components
and/or hardware/software can be running and/or used on the user's
machine when viewing or interacting with the requested content.
Thus, one or more of the requested content, additional information,
profile identification, and the like, are received by the user
system 400, via the I/O controller 430, and at the direction of
controller 410, stored in one or more of the memory 420 and the
storage device 440.
[0080] In an exemplary embodiment, the content provider 300 can
initiate a service request 20, such as a request for an integrity
profile, from the integrity certification and verification device
260. The integrity certification and verification device 260,
receives, via the I/O controller 230, and in cooperation with the
controller 210 and memory 220 the service request from the content
provider 300.
[0081] As previously discussed, the integrity certification and
verification device 200 can include a component database 260 and a
profile database 270. The component database 260 provides access to
authentication information pertaining to systems and system
components that can be distributed by one or more content
consumption system/application providers 500. Similarly, the
profile database 270 stores verifiable information and a set of
registered system components that are to consume the contents of
protected documents for one or more individual content providers
300. The verifiable information can include verification test cases
used in the certification of compliance with a BIP for registered
systems and applications
[0082] Thus, upon receipt of the request for an integrity profile
from the content provider 300, the integrity certification and
verification device 200, at the direction of the controller 210 and
with the aid of memory 220, searches the component database 260 and
the profile database 270 to determine if authentication information
already exists that corresponds to the information in the service
request.
[0083] In a further exemplary embodiment, the integrity
certification and verification device 200 can perform an on-line
verification service. The on-line verification service is provided
to perform the integrity verification on-line, for example, in
real-time or near real-time within the integrity certification and
verification device 200. In order to initiate this service, a piece
of software, called an integrity authenticator, can be forwarded to
the user system 400. The integrity authenticator allows the
collection of information of local software and/or hardware
components.
[0084] In another exemplary embodiment, the integrity authenticator
can be a dedicated device, such as the integrity authentication
device 450 illustrated in FIG. 2, and the like. The information
gathered about the local software and/or hardware components is
returned along with the integrity profile identification to the
integrity certification and verification device 200 so that the
on-line integrity verification can be performed. The component
registration device 250 examines software/hardware components from
their respective providers and stores identification information in
the component database 260. The information pertaining to the
software/hardware component can be, for example, hashed and the
hash value can be used as the authentic software/hardware
identification. However, it is to be appreciated that the
information to identify each software/hardware component can be any
suitable known or later-developed scheme that allows for
identification of an authentic piece of hardware and/or software,
according to further exemplary embodiments.
[0085] In an exemplary embedment, the registration of a particular
software and/or hardware component can be accomplished by the
content consumption system/application provider 500 communicating
with the identification and certification verification device 200
to request a registration service. In a further exemplary
embodiment, the identification and certification verification
device 200 can communicate with content consumption
system/application provider 500 in order to secure the
authentication information. The registration application device
540, in cooperation with the controller 510, the memory 520 and the
I/O controller 530, then searches one or more of the application
database 550 and the system database 560 to secure information
about the particular software and/or hardware, including the
provider name, a component identification, such as a serial number,
version number, build number, and the like, the application itself,
and the like.
[0086] In an exemplary operating scenario, instead of acquiring
authentication information from a particular content consumption
system/application provider 500, the integrity certification and
verification device 200 can request a particular application, such
as a software program, and the like, directly from the content
consumption system/application provider 500. In this way, the
integrity certification and verification device 200 need not employ
authentication information, since the integrity certification and
verification device 200 can secure the particular software
application directly from the content consumption
system/application provider 500.
[0087] The component registration device 250 verifies the
information of the component, and optionally computes, for example,
a hash value that can be used, for example, as the authentic
software and/or hardware identification. The component registration
device 250 then stores the component information and, for example,
the hash value, in the component database 260.
[0088] In the case where a system/application provider registers
the application/system for BIP certification, the component
registration device 250 also performs functional and system
verifications to determine the compliance status of the
application/system in association with the BIP. The component
registration device 250 then records the compliance status along
with detailed identification information about the
application/system in the component database 260.
[0089] In a further exemplary embodiment, instead of sending the
software and/or hardware component to the registration application
device 540, the content consumption system/application provider 500
can also connect to the component registration device 250 to
download a small software application, such as a registration
application, plug-in, applet, and the like, and have it execute
locally. This registration application can examine the target
software/hardware component and send information pertaining to this
software/hardware component, possibly along with an integrity
value, such as a hash value, and the like, back to the component
registration device 250, which then can store the authentication
information about the component in the component database 260.
[0090] In another exemplary embodiment, the profile creation device
280 builds integrity profiles for software. For example, an
integrity value, such as a hash value, and the like, of each
software application can be retrieved from the component database
and stored. An optional interaction relationship among the
components also can be included in the profile. This relationship
is used to identify the calling and returning sequence of the
components in order to prevent unintended interaction with other
components. The content of the integrity profile is then, for
example, digitally signed and the resulting signature is appended
to the integrity profile. Each integrity profile is associated with
a unique identification.
[0091] The profile creation device 280 can also build BIPs for
systems and applications that registered for and successfully
passed the BIP certification. The profile creation device 280 can
retrieve the BIP compliance status of each application from the
component database 260 and if the compliance status indicates
successful compliance certification create a BIP for an
application. The profile creation device can optionally record the
compliance status in the BIP. Each BIP also can include a unique
BIP identification associated with the BIP specification and the
application/system identification information. The content of the
integrity profile is then, for example, digitally signed and the
resulting signature is appended to the BIP.
[0092] FIG. 3 illustrates an exemplary workflow of input, output
and services and operations provided by the integrity certification
and verification device 200. In an exemplary embodiment, for the
component registration service, a component identification, and
optionally, meta information about the particular component, is
forwarded to the component registration device 250. The component
registration device 250 registers the component, for example, with
intended characteristics, purposes, and behaviors in the component
database. Then, the component registration device 250 returns the
identification of the registered component to, for example, the
content consumption system/application provider, and makes the
identification available to, for example, the content provider
300.
[0093] For profile creation, the profile creation device 280
receives the identifications of registered components. The
identifications of the registered components, when combined with
the information about the associated components, if any, are then
digitally signed and stored in the profile database. An integrity
profile identification then is returned to the requestor.
[0094] The profile creation device 280 can also create a separate
BIP for each pair, including a BIP specification and
system/application, which registered for and successfully passed
the BIP certification. The BIP can include the unique BIP
identification associated with the BIP specification. The
identifications of the registered components, when combined with
the information about the associated components, such as their
compliance status with the BIP specification, are recorded in the
BIP, digitally signed and stored in the profile database. The
unique BIP identification and the application/system identification
information serve as the primary key to uniquely identify a
particular BIP within the profile database.
[0095] Similarly, the profile distribution device 290 receives an
integrity profile identification. The profile database 270 is then
queried to determine if an integrity profile corresponding to the
integrity profile identification is available. If the integrity
profile is available, the integrity profile is returned to the
requester. Otherwise, the integrity profile can be determined with
the aid of the profile creation device 280.
[0096] The profile verification device 295 receives information
identifying one or more components and an integrity profile
identification. The profile verification device 295 compares the
component identifications, integrity profile identification and
corresponding integrity profile to determine verification data. If
the profiles and components and identifications match, the
integrity of the system is verified. Otherwise, it is determined
that the system is not the one specified in the integrity profile
or it has been altered in some way.
[0097] In the case of BIP verification, the profile verification
device 295 receives information identifying one or more components
and some unique BIP identification. Using such identifications, the
profile verification device 295 retrieves the appropriate BIP from
the profile database 270. The verification device 295 then checks
the compliance status of the component to determine proof of BIP
compliance. The compliance status indicates whether or not the
behaviors of the applications/systems are compliant with the
specifications in the BIP.
[0098] FIG. 4A illustrates an exemplary integrity profile. The
exemplary integrity profile can be created by the profile creation
device 280. To build an integrity profile for an authenticated
content provider, a request for creating an integrity profile is
initiated. For example, the provider can contact the integrity
certification and verification device 200 and request the creation
of an integrity profile. Then, the provider sends a list of names
of software and/or hardware components to the integrity
certification and verification device 200. The profile creation
device 280 then retrieves the identification, such as an integrity
value, a hash value, and the like, of each of the components from
the component database 260. The profile creation device 280 then
determines an integrity profile, which can include the
authentication information, such as the integrity value, hash
value, and the like, of each of the components, together with other
information, such as the integrity profile identification, version
number, creation date, build date, content provider name, and the
like, and optionally, the interaction relationship between any of
the software and/or hardware components.
[0099] The profile creation device 280 forwards the determined
integrity profile to a digital signer 240, which can then sign the
content of the profile. The profile creation device 280 then stores
the signed profile in the profile database 270 and returns the
profile identification to the content provider 300.
[0100] FIG. 4B illustrates an exemplary BIP. The profile creation
device 280 creates a BIP when a system/application provider
registers its system/application and passes the certification of
compliance with a BIP specification. The profile creation device
builds the BIP by retrieving the compliance status and application
identification information corresponding to a system/application
from the component database 260. The exemplary BIP can include the
BIP identification(s), the version number of BIP, the creation date
of BIP, the name of the organization that created the BIP, the
URL(s) of the specification associated with the BIP
identification(s), the application identification information of
the registered system/application, the digital signature of the
BIP, and the like, and optionally the compliance status of the
registered system, application, and the like. When a BIP includes
multiple BIP identifications, the system/application must comply
with all suitable BIP specifications associated with the specified
BIP identifications.
[0101] When creating, for example, a usage license for the content
of a protected document, the content provider 300 can optionally
include the integrity profile identification in the usage license.
On the user system 400, the integrity profile can be used to verify
all of the suitable software/hardware components in an environment
call stack. This assures that the sensitive information can only be
consumed by authorized software/hardware components or any
combination thereof. In a further exemplary embodiment, the content
provider 300 optionally can include an integrity profile
identification that corresponds to a BIP specification. In this
case, similar to the process described, the integrity profile
associated with the specific application is used first in the user
system 400 to verify all of the software/hardware components in an
environment call stack. Once the integrity of the
system/application is confirmed, the BIP is used to prove that the
behaviors of the system/application are in compliance with the BIP
specification identified by the BIP identification.
[0102] The profile distribution device 290 accepts requests for
obtaining integrity profiles and retrieves them from the profile
database 270 and returns the integrity profiles to the respective
requestor. Similarly, the profile verification device 295 accepts
requests for verifying user systems for one or more system
environments. The profile verification device 295 gathers the
information about the software/hardware components according to
integrity profiles, verifies the information against the profiles,
and returns the verification results back to the requesters. The
profile verification device 295 also derives compliance status from
a BIP in response to a BIP verification request.
[0103] The user system 400 can include an integrity authentication
device 450. The integrity authentication device 450, for example,
runs on top of any suitable content consumption application.
[0104] Thus, FIG. 5 illustrates an exemplary system environment
stack on user device 400 for verifying system integrity. In an
exemplary embodiment, the user system environment stack can include
an integrity authenticator, one or more system components, and the
like.
[0105] FIG. 6 illustrates an example of an environment stack, which
includes an integrity authenticator, a plug-in, a rendering
application, an operating system, an operating system (OS) boot
strap, respective hardware, and the like.
[0106] In an exemplary operating environment, the integrity
authentication device 450 can include its own encryption/decryption
key pair and a verification key of an identification certification
and verification device. These keys can be hidden and/or embedded
within the integrity authentication device 400 for providing
tamper-resistance. For those applications that require the use of a
user's private information or involve sensitive documents and data,
the integrity authentication device 450 can use an associated
integrity profile to verify the software/hardware components on the
call stack in the user system environment.
[0107] The integrity authentication device 450 can verify the
signature of the profile using the integrity certification and
verification device verification key. As illustrated in FIGS. 7-9,
once the signature is verified, the integrity authentication device
450 examines the current call stack and starts to authenticate each
software/hardware component on the call stack using the information
provided in the integrity profile. The call stack can be configured
as a continuous block of memory, which can include memory images,
the involved functions or procedures, and the like. The stack can
operate on a last-in-first-out basis and the stacks operations can
include stack "push" and stack "pop." Push can be used to store the
images onto the stack and advance to the top of the stack to a
position. Pop can be used to remove the data from the stack and
restore the top of the stack to a previous position.
[0108] With the call stack, the image of the currently executed
function is at the top of the stack. When the currently executed
function invokes or calls the next function, the memory image of
the next function is pushed on the top of the call stack and the
top of the call stack points to the image of the next function.
Each portion of the stacked images can include the addresses or
return instruction after the called function finishes its
execution.
[0109] FIG. 10 illustrates how the execution environment is
protected. In an exemplary embodiment, to protect the Integrity
Authenticator (IA), the execution of the IA is monitored by a
trusted application, which is part of the IA. The monitoring
process, such an application, and the like, can include a debugger,
a special process, and the like, that can prevent the IA from being
monitored by any other suitable process or application in the
system. In an environment where a process can only be debugged by
only one process, the trusted monitoring program can be implemented
as a debugger, and the like. Since the monitoring program is a
trusted application, the monitoring program's integrity can be
included in the current integrity profile. Accordingly, the IA will
verify the integrity of the trusted application before loading and
execution. The function of the trusted monitoring application is to
prevent the IA from being monitored and controlled and captured by
other processes. Another function of the trusted monitoring
application is to monitor the current environment and determine if
the change in environment is valid. However, like the IA, the
trusted monitoring application can also be protected, and the IA
can act as the monitor to protect the trusted monitoring
application from being monitored, captured and/or controlled by
other applications. This dual protection mechanism creates a closed
system that can prevent other applications from monitoring the
execution of the integrity authenticator.
[0110] FIG. 11A illustrates an exemplary method of operation of the
integrity certification and verification device. In an exemplary
embodiment, control begins in step S100 and continues to step S110.
In step S110, an integrity profile is determined. Next, in step
S120, the integrity profile is certified. Then, in step S130, the
integrity profile is forwarded to the user. Control then continues
to step S140.
[0111] In step S140, the integrity of the user system is verified.
Next, in step S150, a determination is made whether or not the user
system is authentic. If the user system is authentic, control
continues to step S160, where the user is allowed access to the
selected content. Otherwise, control jumps to step S170, where the
content access is denied or disabled. Control then continues to
step S180, where the control sequence ends.
[0112] FIG. 11B illustrates an exemplary method of operation of the
integrity certification and verification device using BIP(s) in
conjunction with an AIP. In an exemplary embodiment, control begins
in step S800 and continues to step S810. In step S810, an AIP is
determined. Next, in step S820, the AIP is certified. Then, in step
S830, the AIP is forwarded to the user. Control then continues to
step S840.
[0113] In step S840, the integrity of the user system is verified.
Next, in step S850, a determination is made whether or not the user
system is authentic. If the user system is not authentic, control
jumps to step S930, where the content access is denied or disabled.
Control then continues to step S940, where the control sequence
ends. However, if in step S850 the user system is authentic,
control continues to step S860 to determine if the BIP conjunctive
verification flag is explicitly specified.
[0114] If the BIP conjunctive verification flag is specified,
control goes to S870, where the user system is verified for
compliance with the specified BIP specification(s). In step S880, a
determination is made whether or not the user system has proof(s)
that it complies with the BIP(s). If the user system has proof(s)
of compliance, control continues to step S890, where the user is
allowed access to the selected content. Otherwise, control jumps to
step S930, where the content access is denied or disabled. Control
then continues to step S940, where the control sequence ends.
[0115] However, if in step S860 the BIP conjunctive verification
flag is not specified, control goes to S910, where the user system
is verified for compliance with any one of the specified BIP
specification(s). In step S920, a determination is made whether or
not the user system has proof that it complies with the one of the
BIP(s). If the user system has proof of compliance, control
continues to step S890, where the user is allowed access to the
selected content. Otherwise, control jumps to step S930, where the
content access is denied or disabled. Control then continues to
step S940, where the control sequence ends.
[0116] FIG. 11C illustrates an exemplary method of operation of the
integrity certification and verification device using BIP(s). In
particular, control begins in step S1000 and continues to step
S1010. In step S1010, the BIP conjunctive verification flag is
checked to determine if it is explicitly specified. If the BIP
conjunctive verification flag is specified, then control goes to
S1020, where the user system is verified for compliance with the
specified BIP specification(s). In step S1030, a determination is
made whether or not the user system has proof(s) that it complies
with the BIP(s). If the user system has proof(s) of compliance,
control continues to step S1080, where the user is allowed access
to the selected content. Otherwise, control jumps to step S1040,
where the content access is denied or disabled. Control then
continues to step S1050, where the control sequence ends.
[0117] However, if in step S1010 the BIP conjunctive verification
flag is not specified, control goes to S1060, where the user system
is verified for compliance with any one of the specified BIP
specification(s). In step S1070, a determination is made whether or
not the user system has proof that it complies with one of the
BIP(s). If the user system has proof of compliance, control
continues to step S1080, where the user is allowed access to the
selected content. Otherwise, control jumps to step S1090, where the
content access is denied or disabled. Control then continues to
step S1050, where the control sequence ends.
[0118] FIG. 12 illustrates an exemplary method of registering
components/hardware and/or software. In an exemplary embodiment,
control begins in step S200 and continues to step S210. In step
S210, the registration service is initiated. Next, in step S220,
the component supplier provides authentication information about
particular components/hardware and/or software. Then, in step S230,
information about the particular components/hardware and/or
software is verified. Control then continues to step S240.
[0119] In step S240, a determination whether or not an integrity
value should be determined. If an integrity value is to be
determined, control continues to step S250, where an integrity
value is determined. Otherwise, control jumps to step S260, where
authentication information about the component/hardware and/or
software is stored.
[0120] Next, in step S270, a determination is made whether or not
to store an integrity value. If an integrity value is to be stored,
control continues to step S280, where the integrity value is
stored. Otherwise, if an integrity value is not to be stored,
control jumps to step S290, where the control sequence ends.
[0121] FIG. 13 illustrates an exemplary method of determining a
profile. In an exemplary embodiment, control begins in step S300
and continues to step S310. In step S310, the integrity profile
determination is initiated. Next, in step S320, the name, such as
an identification, and the like, of the component and/or hardware
or software is obtained. Then, in step S330, the identification for
the component/hardware or software is retrieved. Control then
continues to step S340.
[0122] In step S340, the integrity profile is determined. Next, in
step S350, the integrity profile is digitally signed. Then, in step
S360, the digitally signed integrity profile is stored. Control
then continues to step S370.
[0123] In step S370, the signed integrity profile is then forwarded
to the requestor, such as the content consumption
system/application provider, and the like. Control then continues
to step S380, where the control sequence ends.
[0124] FIG. 14 illustrates an exemplary method of verifying the
integrity of the integrity authenticator. In an exemplary
embodiment, control begins in step S400 and continues to step S410.
In step S410, the integrity of the integrity authenticator is
verified. Next, in step S420, a determination is made whether or
not the integrity authenticator is valid. If the integrity
authenticator is valid, control continues to step S430. Otherwise
control jumps to step S540.
[0125] In step S430, a tamper-resistant environment is established.
Next, in step S440, the integrity profile is verified. Then, in
step S450, a determination is made whether or not the integrity
profile is valid. If the integrity profile is valid, control
continues to step S460. Otherwise, control jumps to step S540.
[0126] In step S460, the integrity profile is loaded. Next, in step
S470, the call stack of the current execution environment, as
illustrated in relation to FIG. 6, is constructed. At the bottom of
the call stack is a set of hardware and/or devices, with the
software components towards the top of the stack. The relationship
of the components in the stack is that the lower component calls
the component just above it. Once the call stack is constructed,
the top of the call stack, which includes the execution image of
the last executed component, is located. Thus, the execution image
of each component on the stack helps identify the calling
component. Then, in step S480, the identification calling component
is retrieved. Control then continues to step S490.
[0127] In step S490, the integrity of the component is verified
against the integrity profile. Next, in step S500, a determination
is made whether or not the component is valid. If the component is
valid, control continues to step S510. Otherwise, control jumps to
step S540.
[0128] In step S510, a determination is made whether or not the
stack is empty. If the stack is empty, control jumps to step S520.
Otherwise, control jumps to step S530. In step S520, the next
component in the stack is located and this next component is set as
the current stack frame. Control then returns to step S480 for
verification.
[0129] In step S530, the integrity is verified and control
continues to step S550, where the control sequence ends. In step
S540, the integrity check fails and control continues to step S550,
where the control sequence ends.
[0130] Thus, a content provider, such as a document publisher or
distributor, provides, for example, protected content to a user,
for consumption within a trusted user environment. By providing
integrity certification and verification services, the authenticity
of the content consumption environments can be verified. The
content provider forwards to the user a protected version of the
digital content which includes, for example, a license agreement
and an integrity profile identification. The profile includes, for
example, the applications and system components that are allowed to
be used in conjunction with the protected content. Additionally,
the content provider initiates a request for an integrity profile.
This request for the integrity profile is forwarded to an integrity
certification and verification device. The integrity certification
and verification device can, for example, if an integrity profile
does not already exist for the requested applications and/or
systems components, query a content consumption system/application
provider, who, for example, has supplied the system components to
the user. The content consumption system/application provider
returns to the integrity certification and verification device
authentication information about the particular applications or
system components. The authentication information allows a
comparison or integrity verification, to be made between an
application and/or system component on a user's system, and the
original application or system component as distributed by the
content consumption system/application provider.
[0131] In a further exemplary embodiment, the content provider
forwards to the user a protected version of the digital content,
which includes, for example, a license agreement and a BIP
identification. An application integrity profile identification is
not associated with the protected content, but is embedded into the
applications and system components by the content consumption
system/application provider. Unlike an application integrity
profile, which is tied to a specific application, a BIP is tied to
a standard specification that specifies a set of behaviors and/or
consumption terms and conditions by which all compliant
applications abide. Using the application integrity profile
identification, the integrity certification and verification
services first verify the authenticity of the content consumption
system, application, and the like. Once the integrity of the
content consumption system/application has been confirmed and it
has been determined that it hasn't been tampered with, the
integrity certification and verification device ensures that the
content consumption system/application is compliant with the BIP by
verifying that proof exists that the applications are indeed
compliant with the BIP specification. Then, the integrity
certification and verification device enables the content
consumption system/application to consume the protected content. By
certifying applications and systems based on a BIP identification,
the consumer can use any suitable content consumption system or
application that complies with some BIP specification mandated by
the content provider to consume the protected content. In this
manner, use of the content can be controlled without limiting
consumption to a particular application or system.
[0132] The integrity certification and verification method and
system of the exemplary embodiments of FIGS. 1-14 can be
implemented on a single programmed general purpose computer or
separate programmed general purpose computers. The exemplary
embodiments of FIGS. 1-14 can also be implemented on a special
purpose computer, a programmed microprocessor or microcontroller
and peripheral integrated circuit element, an ASIC or other
integrated circuit, a digital signal processor, a hard-wired
electronic or logic circuit, such as a discrete element circuit, a
programmable logic device, such as a PLA, PLD, FPGA, PAL, and the
like. In general, any suitable system, device, software,
combination thereof, and the like, capable of implementing the
processes of the exemplary embodiments of FIGS. 1-14 (e.g., via a
finite state machine, and the like) can be employed.
[0133] The exemplary embodiments of FIGS. 1-14 can be readily
implemented with software using object or object-oriented software
development techniques in environments that provide portable source
code that can be used in a variety of computer or workstation
hardware platforms. The exemplary embodiments of FIGS. 1-14 also
can be implemented partially or fully in hardware using standard
logic circuits or a VLSI design. Whether or not software and/or
hardware is used to implement the exemplary systems and methods is
dependent on the speed and/or efficiency requirements of the
system, the particular function, and particular hardware or
software systems or microprocessor or microcomputer system being
utilized. The integrity certification and verification devices and
methods described above, however, can be readily implemented in
hardware or software, using any known or later-developed systems or
structures, devices, and/or software by those skilled in the
applicable art without undue experimentation from the functional
description provided herein, together with a general knowledge of
the computer arts. Moreover, the disclosed methods can be readily
implemented as software executed on a programmed general purpose
computer, a special purpose computer, a microprocessor, a server,
and the like. In this case, the methods and systems of the
exemplary embodiments can be implemented as a routine embedded on a
personal computer or server, such as a JAVA or CGI script, as a
resource residing on a server or graphics work station, as a
routine embedded in a dedicated integrity certification and
verification device, a web browser, a web TV interface, a PDA
interface, a multimedia presentation device, and the like. The
integrity certification and verification device can also be
implemented by physically incorporating the systems and methods
into a software and/or hardware system, such as the hardware and
software systems of a graphics workstation or dedicated integrity
certification and verification device.
[0134] Accordingly, the above-described devices and subsystems of
the exemplary embodiments of FIGS. 1-14 can include, for example,
any suitable servers, workstations, PCs, laptop computers, PDAs,
Internet appliances, handheld devices, cellular telephones,
wireless devices, other devices, and the like, capable of
performing the processes of the exemplary embodiments of FIGS.
1-14. The devices and subsystems of the exemplary embodiments of
FIGS. 1-14 can communicate with each other using any suitable
protocol and can be implemented using one or more programmed
computer systems or devices.
[0135] One or more interface mechanisms can be used with the
exemplary embodiments of FIGS. 1-14, including, for example,
Internet access, telecommunications in any suitable form (e.g.,
voice, modem, and the like), wireless communications media, and the
like. For example, employed communications networks or links can
include one or more wireless communications networks, cellular
communications networks, G3 communications networks, Public
Switched Telephone Network (PSTNs), Packet Data Networks (PDNs),
the Internet, intranets, a combination thereof, and the like.
[0136] It is to be understood that the devices and subsystems of
the exemplary embodiments of FIGS. 1-14 are for exemplary purposes,
as many variations of the specific hardware used to implement the
exemplary embodiments are possible, as will be appreciated by those
skilled in the relevant art(s). For example, the functionality of
one or more of the devices and subsystems of the exemplary
embodiments of FIGS. 1-14 can be implemented via one or more
programmed computer systems or devices.
[0137] To implement such variations as well as other variations, a
single computer system can be programmed to perform the special
purpose functions of one or more of the devices and subsystems of
the exemplary embodiments of FIGS. 1-14. On the other hand, two or
more programmed computer systems or devices can be substituted for
any one of the devices and subsystems of the exemplary embodiments
of FIGS. 1-14. Accordingly, principles and advantages of
distributed processing, such as redundancy, replication, and the
like, also can be implemented, as desired, to increase the
robustness and performance of the devices and subsystems of the
exemplary embodiments of FIGS. 1-14.
[0138] The devices and subsystems of the exemplary embodiments of
FIGS. 1-14 can store information relating to various processes
described herein. This information can be stored in one or more
memories, such as a hard disk, optical disk, magneto-optical disk,
RAM, and the like, of the devices and subsystems of the exemplary
embodiments of FIGS. 1-14. One or more databases of the devices and
subsystems of the exemplary embodiments of FIGS. 1-14 can store the
information used to implement the exemplary embodiments of the
present invention. The databases can be organized using data
structures (e.g., records, tables, arrays, fields, graphs, trees,
lists, and the like) included in one or more memories or storage
devices listed herein. The processes described with respect to the
exemplary embodiments of FIGS. 1-14 can include appropriate data
structures for storing data collected and/or generated by the
processes of the devices and subsystems of the exemplary
embodiments of FIGS. 1-14 in one or more databases thereof.
[0139] All or a portion of the devices and subsystems of the
exemplary embodiments of FIGS. 1-14 can be conveniently implemented
using one or more general purpose computer systems,
microprocessors, digital signal processors, micro-controllers, and
the like, programmed according to the teachings of the exemplary
embodiments of the present invention, as will be appreciated by
those skilled in the computer and software arts. Appropriate
software can be readily prepared by programmers of ordinary skill
based on the teachings of the exemplary embodiments, as will be
appreciated by those skilled in the software art. Further, the
devices and subsystems of the exemplary embodiments of FIGS. 1-14
can be implemented on the World Wide Web. In addition, the devices
and subsystems of the exemplary embodiments of FIGS. 1-14 can be
implemented by the preparation of application-specific integrated
circuits or by interconnecting an appropriate network of
conventional component circuits, as will be appreciated by those
skilled in the electrical art(s). Thus, the exemplary embodiments
are not limited to any specific combination of hardware circuitry
and/or software.
[0140] Stored on any one or on a combination of computer readable
media, the exemplary embodiments of the present invention can
include software for controlling the devices and subsystems of the
exemplary embodiments of FIGS. 1-14, for driving the devices and
subsystems of the exemplary embodiments of FIGS. 1-14, for enabling
the devices and subsystems of the exemplary embodiments of FIGS.
1-14 to interact with a human user, and the like. Such software can
include, but is not limited to, device drivers, firmware, operating
systems, development tools, applications software, and the like.
Such computer readable media further can include the computer
program product of an embodiment of the present invention for
performing all or a portion (if processing is distributed) of the
processing performed in implementing the invention. Computer code
devices of the exemplary embodiments of the present invention can
include any suitable interpretable or executable code mechanism,
including but not limited to scripts, interpretable programs,
dynamic link libraries (DLLs), Java classes and applets, complete
executable programs, Common Object Request Broker Architecture
(CORBA) objects, and the like. Moreover, parts of the processing of
the exemplary embodiments of the present invention can be
distributed for better performance, reliability, cost, and the
like.
[0141] As stated above, the devices and subsystems of the exemplary
embodiments of FIGS. 1-14 can include computer readable medium or
memories for holding instructions programmed according to the
teachings of the present invention and for holding data structures,
tables, records, and/or other data described herein. Computer
readable medium can include any suitable medium that participates
in providing instructions to a processor for execution. Such a
medium can take many forms, including but not limited to,
non-volatile media, volatile media, transmission media, and the
like. Non-volatile media can include, for example, optical or
magnetic disks, magneto-optical disks, and the like. Volatile media
can include dynamic memories, and the like. Transmission media can
include coaxial cables, copper wire, fiber optics, and the like.
Transmission media also can take the form of acoustic, optical,
electromagnetic waves, and the like, such as those generated during
radio frequency (RF) communications, infrared (IR) data
communications, and the like. Common forms of computer-readable
media can include, for example, a floppy disk, a flexible disk,
hard disk, magnetic tape, any other suitable magnetic medium, a
CD-ROM, CDRW, DVD, any other suitable optical medium, punch cards,
paper tape, optical mark sheets, any other suitable physical medium
with patterns of holes or other optically recognizable indicia, a
RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory
chip or cartridge, a carrier wave or any other suitable medium from
which a computer can read.
[0142] While the present invention have been described in
connection with a number of exemplary embodiments, and
implementations, the present invention is not so limited, but
rather covers various modifications, and equivalent arrangements,
which fall within the purview of the appended claims.
* * * * *