Abstract: A computer-implemented mechanism for granting rights is described. A license may be used to identify one or more principals, resources, rights and conditions. The license also identifies a license format scheme and a license format modification scheme. An access control module or other entity may interpret the license in accordance with the license format scheme and license format modification scheme.

Abstract: A computer-implemented mechanism for granting rights to a resource is described. A license identifies-one or more principals, resources, rights and conditions. At least one condition recited in the license includes a reference to state information. The state information is external to the license. When evaluating the license, a resource or access control module requests the state information from the entity identified in the reference to state information.

Abstract: A computer-implemented mechanism for granting rights to a resource is described. A license identifies one or more principals, resources, rights and conditions in fields of the license. The license fields include one or more instances of one or more variables. The variables are universally quantified so that each variable may be any one of a set of values. All instances of any given variable are bound to the same value.

Abstract: In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.

Abstract: In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.

Abstract: In accordance with certain aspects, an operating system is booted for execution on a central processing unit (CPU). An atomic operation is executed, and if the atomic operation completes correctly then a software identity register of the CPU is set to an identity of the operating system.

Abstract: A declarative approach is used for system configuration. The declarative approach improves a system's integrity which makes the system more dependable. An overall system model is defined that describes the system as a whole. The models are hierarchical and can reference and incorporate any number of sub-models. The models within the system model are used to define the programs within the system. The system model is applied to a collection of system parameters that produces a statically typed, fully configured system instance. Each system instance may then be checked against established system policies that can express a variety of additional ad hoc rules defining which system instances are acceptable.

Abstract: Described herein is at least one implementation employing multiple self-describing software artifacts persisted on one or more computer-storage media of a software-based computer. In this implementation, each artifact is representative of at least part of the software components (e.g., load modules, processes, applications, and operating system components) of the computing system and each artifact is described by at least one associated “manifest,” which include metadata declarative descriptions of the associated artifact.

Abstract: Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.

Abstract: Described herein is an implementation of a technology for the construction, identity, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.

Abstract: Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.

Abstract: Described herein is an implementation of an inter-process communications technology. One or more implementations, described herein, facilitate creation of a bi-directional message conduit having exactly two endpoints. A first endpoint is owned by a first software process and a second endpoint is owned by a second software process. One or more implementations, described herein, maintain the bi-directional message conduit for passing multiple messages via the bi-directional message conduit from the first process to the second process, according to established rules that can be checked.

Abstract: A secure communication channel between an open system and a portable IC device is established. An application running on the open system desiring access to the information on the portable IC device authenticates itself to the portable IC device, proving that it is trustworthy. Once such trustworthiness is proven, the portable IC device authenticates itself to the application. Once such two-way authentication has been completed, trusted communication between the open system and the portable IC device can proceed, and private information that is maintained on the portable IC device can be unlocked and made available to the application.

Abstract: A secure communication channel between an open system and a portable IC device is established. An application running on the open system desiring access to the information on the portable IC device authenticates itself to the portable IC device, proving that it is trustworthy. Once such trustworthiness is proven, the portable IC device authenticates itself to the application. Once such two-way authentication has been completed, trusted communication between the open system and the portable IC device can proceed, and private information that is maintained on the portable IC device can be unlocked and made available to the application.

Abstract: A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.

Abstract: An electronic book reader has a processor, a display surface, and access to a memory card upon which is stored a digitally-formatted creative work such as a book. In addition, the reader has access to a plurality of precompiled condensed content descriptions of respective books that are subject to copy restrictions. Before reading a given book, the reader creates a condensed content description of the book and compares it to the stored descriptions to determine whether the book is subject to copy restrictions. If it is, the reader checks for a valid license before allowing the user to read the book.

Abstract: Digital rights for content downloaded to a subscriber computer from a provider are specified in an access predicate. The access predicate is compared with a rights manager certificate associated with an entity, such as an application, that wants access to the content. If the rights manager certificate satisfies the access predicate, the entity is allowed access to the content. A license that specifies limitations on the use of the content can also be associated with the content and provided to the entity. The use the entity makes of the content is monitored and terminated if the entity violates the license limitations. In one aspect of the invention, the access predicate and the license are protected from tampering through cryptographic techniques.

Abstract: An electronic book reader has a processor, a display surface, and access to a memory card upon which is stored a digitally-formatted creative work such as a book. In addition, the reader has access to a plurality of precompiled condensed content descriptions of respective books that are subject to copy restrictions. Before reading a given book, the reader creates a condensed content description of the book and compares it to the stored descriptions to determine whether the book is subject to copy restrictions. If it is, the reader checks for a valid license before allowing the user to read the book.

Abstract: An electronic book reader has a processor, a display surface, and access to a memory card upon which is stored a digitally-formatted creative work such as a book. In addition, the reader has access to a plurality of precompiled condensed content descriptions of respective books that are subject to copy restrictions. Before reading a given book, the reader creates a condensed content description of the book and compares it to the stored descriptions to determine whether the book is subject to copy restrictions. If it is, the reader checks for a valid license before allowing the user to read the book.

Abstract: A computer-implemented mechanism for granting rights to a resource is described. A license identifies one or more principals, resources, rights and conditions. The license also conditions a right to be granted on the existence of one or more prerequisite rights. Before allowing an entity to exercise the right to be granted, a resource or other entity checks to determine whether the prerequisite rights exist.