Abstract: A technique for quickly switching between a first operating system (OS) and a second OS involves deactivating the first OS and booting the second OS from memory. The technique can include inserting a context switching layer between the first OS and a hardware layer to facilitate context switching. It may be desirable to allocate memory for the second OS and preserve state of the first OS before deactivating the first OS and booting the second OS from memory.

Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Abstract: A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

Abstract: A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.

Abstract: A technique for content management involves storing runtime state of content externally. A system created according to the technique may include a state server that receives runtime state of content from a playback device, and provides the runtime state to that or another playback device upon request. A playback device constructed according to the technique may include a content state recovery engine for recovering runtime state that was previously stored externally to the playback device. A method according to the technique may include generating the runtime state locally, storing the runtime state externally, and re-acquiring the runtime state.

Abstract: Improving connectivity in a peer-to-peer (P2P) network involves packet forwarding by infrastructure or peers. A system can achieve full connectivity and a setup for transactions that takes a fraction of a second. The system can include a routing table that is initially configured so that packets to peers are routed via the infrastructure. NAT traversal heuristics can be employed to establish direct connections between peers in parallel with packet forwarding in accordance with the routing table. When a direct connection is ready, the routing table can be updated so that packets are sent P2P. If a direct connection cannot be made, the routing table can be updated so that the packets are sent through a peer intermediary without going through the infrastructure.

Abstract: A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Abstract: Dynamic assignment of rights to content, such as in a closed distribution system. Noting state information generated by an item of current content, and modifying state or rights of new content in response. Preloading or dynamically sending new content to the owner of the current content, with rights being enabled only at a later time, in the playback device, with predetermined conditions. In response to current state information, dynamically sending a license for new content from a server. Conditional or dynamic licenses to new content, including a set of rights associated with a class of possible sets of state information. Assignment of limited rights to a content, with support in a secure player to enforce them; for purposes of rental, bonus content, trials and other business models.

Abstract: Dynamic assignment of rights to content, such as in a closed distribution system. Noting state information generated by an item of current content, and modifying state or rights of new content in response. Preloading or dynamically sending new content to the owner of the current content, with rights being enabled only at a later time, in the playback device, with predetermined conditions. In response to current state information, dynamically sending a license for new content from a server. Conditional or dynamic licenses to new content, including a set of rights associated with a class of possible sets of state information. Assignment of limited rights to a content, with support in a secure player to enforce them; for purposes of rental, bonus content, trials and other business models.

Abstract: A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction in speed or other resources available to the application software.

Abstract: A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction in speed or other resources available to the application software.

Abstract: The invention provides a method and system for delivering relatively large documents (such as for example media documents) with reduced use of time and other resources. Relatively large documents sent by a sender to a recipient in an email message are delivered separately from the email message, asynchronously from delivery of the email message or its presentation to the recipient, and using an out-of-band technique separate from email message delivery. This provides for relatively rapid and reliable delivery of the email message, separate reliable delivery of the media document, and presentation of the media document to the recipient without further sending delay. Pre-probing of destination devices may occur to determine a preferred set of characteristics to manage delivery.

Abstract: The invention provides a method and system for creating and customizing a home page that is used in conjunction with a technique for dynamically trading knowledge and services. A provider of knowledge, goods or services could request a home page on a web site dedicated to dynamically providing goods and services. Upon receiving the request, the provider of knowledge, goods or services is given the opportunity to create a specially customized home page. This homepage provides prospective buyers, with some or all of the following information: the name of the provider, the type of product, the amount of product available, a way of categorizing the product, a description, a fixed price, optional goods or services and other related information that would be helpful to those trying to identify providers of good and services and select among them.