Abstract: A declarative approach is used for system configuration. The declarative approach improves a system's integrity which makes the system more dependable. An overall system model is defined that describes the system as a whole. The models are hierarchical and can reference and incorporate any number of sub-models. The models within the system model are used to define the programs within the system. The system model is applied to a collection of system parameters that produces a statically typed, fully configured system instance. Each system instance may then be checked against established system policies that can express a variety of additional ad hoc rules defining which system instances are acceptable.

Abstract: Described herein is an implementation of a technology for the construction, identity, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.

Abstract: Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.

Abstract: Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.

Abstract: Described herein is an implementation of an inter-process communications technology. One or more implementations, described herein, facilitate creation of a bi-directional message conduit having exactly two endpoints. A first endpoint is owned by a first software process and a second endpoint is owned by a second software process. One or more implementations, described herein, maintain the bi-directional message conduit for passing multiple messages via the bi-directional message conduit from the first process to the second process, according to established rules that can be checked.

Abstract: In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.

Abstract: In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.

Abstract: In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.

Abstract: Described herein is at least one implementation employing multiple self-describing software artifacts persisted on one or more computer-storage media of a software-based computer. In this implementation, each artifact is representative of at least part of the software components (e.g., load modules, processes, applications, and operating system components) of the computing system and each artifact is described by at least one associated “manifest,” which include metadata declarative descriptions of the associated artifact.

Abstract: In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.

Abstract: A system and method for authenticating an operating system includes, in accordance with one aspect, a method in a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key. The method comprises forming an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key. In accordance with another aspect, the signed identity is submitted to a recipient to prove an identity of the operating system to the recipient.

Abstract: A content player can detect pirated content by storing a list of highly compressed content pieces that correspond to different pieces of content (e.g., audio content, video content, audio/video content, etc.). A piece of content to be played back by the content player is compared to the highly compressed content pieces stored at the content player. If the piece of content to be played back matches one of the highly compressed content pieces, then appropriate responsive action is taken. This repsponsive action can vary, and can include, for example, checking for a valid license, giving the user the option to notify the publisher if he or she has unknowingly acquired a pirated copy of the content, etc.

Abstract: In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.

Abstract: In accordance with one aspect of attesting to a value of a register and/or memory region, an operating system of a device receives a request, in response to an ATTEST operation being invoked, to make a signed attestation of a value. The operating system signs a statement that includes the value using a private key of a pair of public and private keys of a processor of the device. The value may be stored in a register and/or a region of memory.

Abstract: A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.

Abstract: An electronic book reader has a processor, a display surface, and access to a memory card upon which is stored a digitally-formatted creative work such as a book. In addition, the reader has access to a plurality of precompiled condensed content descriptions of respective books that are subject to copy restrictions. Before reading a given book, the reader creates a condensed content description of the book and compares it to the stored descriptions to determine whether the book is subject to copy restrictions. If it is, the reader checks for a valid license before allowing the user to read the book.

Abstract: Secure storage for downloaded content on a subscriber computer is keyed to a trusted digital rights management operating system, a trusted application, a trusted user or a combination thereof. A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.

Abstract: A method, system, and apparatus are provided for securely accessing a digital work, such as digital movie, music file, photo, or other type of digital media. Provider contexts, requester contexts, and exporting contexts exchange logic statements as defined by a distributed logic-based programming language. Logic statements may define trust, delegation, and other security relationships. Decisions regarding access to a digital work are made by a provider context based upon locally stored logic statements and other logic statements imported from other contexts. If the logic statements satisfy a security policy, also defined in terms of logic statements, access is granted to the digital work. Otherwise, access to the digital work is denied.

Abstract: An electronic book reader has a processor, a display surface, and access to a memory card upon which is stored a digitally-formatted creative work such as a book. In addition, the reader has access to a plurality of precompiled condensed content descriptions of respective books that are subject to copy restrictions. Before reading a given book, the reader creates a condensed content description of the book and compares it to the stored descriptions to determine whether the book is subject to copy restrictions. If it is, the reader checks for a valid license before allowing the user to read the book.

Abstract: A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.