Abstract: A dynamic software provisioning system allows provisioning software on a number of different computing devices based upon a desired business process. The dynamic software provisioning system allows a user to request usage of the operating system for a specific period of time, for a specific amount of usage, or in any other desired manner from an operating system provisioning service or from a third party. The provisioning service processes the request from the user or from the third party to provision the use of the operating system and in response to the request provisions use of the operating system for a specific device specified by the request. The dynamic software activation system also includes a local provisioning module located on the device using the operating system, wherein the local provisioning module activates and deactivates the operating system based on instructions received from the provisioning service.

Abstract: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.

Abstract: Inter-service messages conform to a protocol message schema and support predetermined types according to the destination service. Because the schema and types are well defined, input queues corresponding to the services are able to quickly identify and remove non-conforming messages. The schema supports both prepaid and subscription business models and is extensible to other types.

Abstract: Linked databases including a core database and a distribution database support provisioning for computers in pay-per-use and subscription business models. The core database is well removed from front-end processing and includes job, device and bootstrap tables. The distribution database includes tables for packet distribution and logging and is near the front-end processing blocks. The core database is well protected from attack, while the more volatile data in the distribution database is available with low latency. Performance is maintained while reducing the surface area exposed to external attack.

Abstract: A client data distribution service may receive messages from a client device requesting data sets from the data distribution service. The data sets may include a client certificate used to protect in verified subsequent communications between the client device in the data distribution service as well as provisioning packets used by the client device to enable operation by the user. Specific messages between the client device in the data distribution service include hardware identifiers, initialization keys, last used sequence numbers, and Underwriter product identifiers. Corresponding acknowledgment messages may be used by the data distribution service to remove completed transactions.

Abstract: Described is a technology by which a computing device is booted into a normal mode of operation or a limited mode of operation, depending on whether the computing device was operating correctly (e.g., with respect to policy) prior to a reboot. The reboot may be forced. Examples of incorrect state include an overdue payment on a leased computer, or improper execution of certain important software. A metering mechanism evaluates the state of the computing device, and when an incorrect state is detected, configures the computing device for operation in the limited mode, by setting the computing device to boot via one boot path (e.g., a limited-mode BIOS) instead of another boot path (e.g., a normal-mode BIOS). A BIOS selector switches to the limited BIOS on the next reboot, wherein the computing device is restricted to the limited mode of operation (regardless of subsequent reboots) until the correct state is restored.

Abstract: An application program interface (API) for sending and receiving batches of requests and responses has a batch request call for exchanging one or more request items between a provider system and a subscription system and a batch response call for exchanging corresponding responses between the provider system and the subscription system. Requests are grouped according to an extensible markup language schema and responses are grouped according to another extensible markup language schema.

Abstract: Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code's being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.

Abstract: A pay-per-use or subscription computer may require customer assistance for both technical and business purposes. A customer service interface available via a web service may be used to provide customer service offered by a provider at a different level of the distribution chain. The web service may be focused in three areas, each exposing various methods. The three areas may include customer/computer data, distribution/sales data, and business or service level adjustments.

Abstract: A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.

Abstract: A computer participates in a system for licensing use in a metered fashion using individual licenses cryptographically linked to the computer and a particular service provider or underwriter. The computer may have a cryptographic unit, secure memory, sanction and metering functions as part of a secure execution environment for enabling metered operation and conformance to a security policy. Payment for licenses may be made through a payment system with licenses generated at a server with access to cryptographic functions for verification of requests, certificate/key pair generation, and signing licenses.

Abstract: A system for supplying computers with little or no upfront payment has a service provider, a computer, and an optional funding account. The computer is adapted to render itself substantially useless unless provisioned by the service provider. The service provider has a capability to collect funds from the user and to provide the data necessary for continued operation of the computer. Cryptographic means may be employed to generate and receive the data necessary for continued operation of the computer. The computer's self-imposed sanctions may include slowed operation, reduced graphics capability, limited communication, and limited access to peripherals.

Abstract: A software provisioning method and apparatus use a provisioning packet delivery mechanism having a database, a distribution service, and a confirmation service to receive, queue, and confirm delivery of provisioning packet to a computer. When the number of unconfirmed delivery requests exceeds a limit the distribution service may remove the provisioning packet from the database, for example, to limit denial of service attacks.

Abstract: An apparatus and method to automate the deployment, provisioning, and management of a programmable device for the life cycle states of the programmable device is presented. The system includes an automation interface for a developer to develop modules to aid in the automation of the deployment, provisioning, and management of the programmable device and for a user to direct the system to enter into a state of the life cycle. A controller moves the programmable device into states of the life cycle in response to triggering events occurring.

Abstract: A dynamic software activation system allows activation and deactivation of an operating system based upon a desired business process. The dynamic software activation system allows a user to request usage of the operating system for a specific period of time, for a specific amount of usage, or in any other desired manner from an operating system provisioning service or from a third party. The provisioning service processes the request from the user or from the third party to provision the use of the operating system and in response to the request provisions use of the operating system for a specific device specified by the request. The dynamic software activation system also includes a local provisioning module located on the device using the operating system, wherein the local provisioning module activates and deactivates the operating system based on instructions received from the provisioning service.

Abstract: A computer is configured for pay-per-use or prepaid operation using internally stored value that may be directed to various aspects of the computer's operation, for example, printing or use of a particular application program. The value used may be logged and that information may be transferred to a host where individual service providers may be compensated for purchases made on the computer according to usage. The user may be presented with payment options such as single use or subscription for a given local purchase decision. A method of operation is also disclosed.

Abstract: A dynamic software provisioning system allows provisioning software on a number of different computing devices based upon a desired business process. The dynamic software provisioning system allows a user to request usage of the operating system for a specific period of time, for a specific amount of usage, or in any other desired manner from an operating system provisioning service or from a third party. The provisioning service processes the request from the user or from the third party to provision the use of the operating system and in response to the request provisions use of the operating system for a specific device specified by the request. The dynamic software activation system also includes a local provisioning module located on the device using the operating system, wherein the local provisioning module activates and deactivates the operating system based on instructions received from the provisioning service.

Abstract: A system and method for monitoring a computer, particularly a pay-per-use computer, uses an isolated computing environment or supervisor. The isolated computing environment boots prior to any boot device associated with an operating system, runs concurrently with the operating system and monitors and measures the computer in operation. Once the isolated computing environment determines the computer is not in compliance with the required policies, the isolated computing environment may either impose an impediment to use such as slowing clock speed or completely disable the operating system. The user may have to return the computer to a service provider to restore it from the offending condition and reset the computer to an operational state.

Abstract: Described is a mechanism for receiving new data at an auxiliary device associated with a main computer system, and processing that new data within the auxiliary device firmware to take some action. The receipt and processing of the data is independent of whether the main computer system is in a powered-up state (online) or powered-down state (offline). A cache that maintains the user application data for offline navigation may be updated with new data, either to change existing data in the cache or add a new navigation path. The received data can be processed to perform other actions, depending on the context of that data as determined by auxiliary processing.

Abstract: Described is a system and system by which application programs provide data to auxiliary display device (that is associated with a main computer system) for display, including at times when the main computer system is powered down. The cache maintains the user data in association with structured navigational information, to allow navigation within the data via the structure. When online, the main computer system prepares the data cache from program data in combination with navigational information, and transfers the cache to an offline medium such as auxiliary storage in firmware. The cache may be arranged as a tree structure, such that navigation commands result in output according to data in the tree. Other events such as time-based events can change the auxiliary device output.