Abstract: In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.

Abstract: In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This is applicable, for example, to Microsoft®'s Next Generation Secure Computing Base (NGSCB), where a regular operating system (e.g., the Windows® operating system) hosts a secure operating system (e.g., the nexus).

Abstract: Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.

Abstract: In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.

Abstract: System and method for electronically transferring data through a communications connection in a transparent manner such that the data transfer does not interfere with other traffic sharing the connection. The invention transfers data using bandwidth of the connection that other traffic are not using. If other traffic desires to use the bandwidth currently being used by the invention, the invention relinquishes the bandwidth to the other traffic and retreats to avoid bandwidth contention. Although a retreat may cause gaps in the data transferred, a key aspect of the invention is that any missing data due to these gaps is recovered easily and in a bandwidth-efficient way using novel error correction and recovery.

Abstract: Each software component loaded for a verified operating system on a client computer must satisfy a set of boot rules for a boot certificate. A verified operating system identifier is created from the boot certificate. The boot certificate is published and signed by a boot authority that attests to the validity of the operating system booted under the boot certificate. Each software component for the operating system is associated with a component certificate published and signed by the same boot authority that signed the boot certificate. The boot rules determine the validity of the software component based on the contents of the component and boot certificates. The client computer transmits the verified operating system identity and the boot certificate to a server computer, such as a content provider, and the content provider determines whether to trust the verified operating system with its content.

Abstract: Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

Abstract: A scrambling architecture protects data streams in the operating system and hardware components of a computer by scrambling the otherwise raw data prior to the data being handled by the operating system. Scrambled content is passed to a filter graph (or other processing system) where the content is processed while scrambled. A scrambler also generates a random signal based on a first key and a second key. After processing, the scrambled data is passed to a driver for output. A driver may implement a descrambler to detect tone patterns in the content and recovers the first key from varying amplitudes of the tone patterns. The descrambler may also receive the second key via a separate channel and generates the same random signal using the recovered first key and the second key. The descrambler subtracts the tone patterns and the random signal from the scrambled content to restore the content.

Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

Abstract: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.

Abstract: Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable file represents a type of malware. The multiple malware checks are integrated into an operating system trust verification process along the path of execution.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: Various technologies and techniques are disclosed for switching user mode thread context. A user mode portion of a thread can be switched without entering a kernel by using execution context directly based on registers. Upon receiving a request to switch a user mode part of a thread to a new thread, user mode register contexts are switched, as well as a user mode thread block by changing an appropriate register to point at the user mode thread block of the new thread. Switching is available in environments using segment registers with offsets. Each user mode thread block in a process has a descriptor in a local descriptor table. When switching a user mode thread context to a new thread, a descriptor is located for a user mode thread block of the new thread. A shadow register is updated with a descriptor base address of the new thread.

Abstract: Various technologies and techniques are disclosed for detecting and handling blocking events. A user mode thread is assigned a dedicated backing thread. System calls are made on the dedicated backing thread. The kernel detects when a system call results in a blocking event. A core that the dedicated backing thread is currently running on is observed. An entry in a per process table that maps cores to a currently associated primary thread waiting to be woken is consulted. The currently associated primary thread for the core is woken with a special result code to indicate that it was woken due to the blocking system call. The primary thread is released back to the application. A user mode scheduler is notified of the blocking event so a core can continue to be utilized.

Abstract: Various technologies and techniques are disclosed for allowing a user mode stack to be shared by multiple contexts. A user mode stack can be shared between execution contexts that are guaranteed to not need the user mode stack at the same time. For example, each user mode portion of a kernel thread is provided with a dedicated backing thread. When a respective dedicated backing thread is sleeping and not using a respective user mode stack, the user mode stack is allowed to float with a respective user mode portion to other kernel threads. The user mode stack is disassociated from the kernel portion of the thread. The kernel is notified of an address of a user mode thread context. The kernel mode portion of the converted thread becomes a backing thread that waits. The user mode portion of the converted thread can be switched without entering the kernel.

Abstract: Various technologies and techniques are disclosed for virtualizing threads. An operating system thread is virtualized by intercepting accesses of the operating system thread state and emulating a normal operating system behavior. A kernel mode thread state is virtualized by intercepting kernel accesses of the kernel mode thread state and emulating a normal kernel mode behavior. A user mode thread state is virtualized by intercepting user mode accesses of the user mode thread state and emulating a normal user mode behavior. If the access is a write access, then the write access is applied to a virtual thread structure. If the access is a read access, then the read access is applied to the virtual thread structure.

Abstract: Various technologies and techniques are disclosed for providing lazy kernel thread binding. User mode and kernel mode portions of thread scheduling are decoupled so that a particular user mode thread can be run on any one of multiple kernel mode threads. A dedicated backing thread is used whenever a user mode thread wants to perform an operation that could affect the kernel mode thread, such as a system call. For example, a notice is received that a particular user mode thread running on a particular kernel mode thread wants to make a system call. A dedicated backing thread that has been assigned to the particular user mode thread is woken. State is shuffled from the user mode thread to the dedicated backing thread using a state shuffling process. The particular kernel mode thread is put to sleep. The system call is executed using the dedicated backing thread.

Abstract: In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.

Abstract: In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.