Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
HK1059323B - A method and apparatus for securing digital data for use on a computing device - Google Patents
[go: Go Back, main page]

HK1059323B - A method and apparatus for securing digital data for use on a computing device - Google Patents

A method and apparatus for securing digital data for use on a computing device Download PDF

Info

Publication number
HK1059323B
HK1059323B HK04101309.0A HK04101309A HK1059323B HK 1059323 B HK1059323 B HK 1059323B HK 04101309 A HK04101309 A HK 04101309A HK 1059323 B HK1059323 B HK 1059323B
Authority
HK
Hong Kong
Prior art keywords
digital data
header
digest
computing device
data
Prior art date
Application number
HK04101309.0A
Other languages
Chinese (zh)
Other versions
HK1059323A1 (en
Inventor
Marcus Randall Whitten Jon
Clayton Sharpe Tracy
B. Asmi Yasser
E. Lange Jonathan
Michael Pirich Christopher
Gerald Thomason Jonathan
Original Assignee
Microsoft Technology Licensing, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/101,999 external-priority patent/US7627753B2/en
Application filed by Microsoft Technology Licensing, Llc filed Critical Microsoft Technology Licensing, Llc
Publication of HK1059323A1 publication Critical patent/HK1059323A1/en
Publication of HK1059323B publication Critical patent/HK1059323B/en

Links

Description

Method and apparatus for securing digital data for use on a computing device
Technical Field
The present invention relates generally to legalizing digital data before enabling its use, and more particularly to ensuring that security policies relating to the use of digital data are enforced, wherein the security policies ensure the source and legitimacy of the digital data.
Background
Personal computers provide a platform on which anyone willing to engage in programming can write programs that can implement almost any desired functionality, subject only to the constraints of the programming language, operating environment, and hardware executing the programs, and the manufacturers and departments providing the operating systems and programming tools of personal computers impose few restrictions on how users choose to use their respective products. However, there are situations where it may be important to limit how the computer device is used. Broadly speaking, a computing device may be any device that includes a processor that executes machine instructions stored in a memory to perform a certain function. Thus, a computing device may have a proprietary function or may be general in function, as a typical personal computer.
One type of computing device that is similar in some respects to personal computers, but more specialized in its primary function, is a game console, whose primary function is to execute machine instructions to enable one or more users to play various types of games, although the game console may typically perform other functions. A fundamental interest of companies that produce game consoles is in controlling various aspects of any game software that executes on their game consoles. For example, they would like to ensure that the quality of the game software meets certain specifications. Because the manufacturer of a game console typically permits other companies to produce game software that can be used on their game console, it is desirable to prevent unauthorized software from being used on the game console. There is also a problem with maintaining quality control over software played on a game console if playing unauthorized software on the game console would result in lost revenue. It would also be important to ensure that software licensed for use on a game console is not modified after it is licensed for distribution and distribution to the public. If such control is not applied, the game software may be "hacked" to add pornography or other features or functions that were not included in the authorized software originally approved for distribution by the software company that acquired the game console license. In addition, the game console should be able to enforce restrictions on the geographic area of the game console. Game software permitted for play in one geographic area on one sold game console is prevented from being used in a different area.
Other policies that should be enforced for the game console involve sorting the game software based on its level of violence, the language used, sexual content, and other criteria. The Entertainment Software Rating Bureau (ESRB) is an organization that examines and ranks game software and categorizes the software by assigning it to an age group directory deemed appropriate for the game software. These age group categories include: "everyone" (suitable for all age groups), "adult" (age 18 years or older), "mature" (age 17 years or older), "teenager" (age 13 years or older) and "child" (age 3 years or older). Game software producers who subscribe to this service receive the rating from the ESRB and agree to include the corresponding rating symbols on the packaging of their software. Ratings are also included in the game software that the game console can be selectively programmed by authorized users to not play with game software having ratings of any age group above a desired rating. Thus, a parent may set up a game console to only play game software rated as appropriate for each individual. It is important that the game console prevent the user from circumventing any restrictions regarding the game software being played outside of the directory last set by the authorized user on the console.
There are several different approaches that may be used to enforce policies relating to software executing on a computing device, such as a game console. For example, a hardware element, such as a resistor having one of several different resistance values, may be used in a computing device to designate the region authorized by the software. Software from a different area will then test for resistance values and will not execute on the game console because the resistance values detected in the game console are not within a predefined tolerance of expected values.
Other hardware-related techniques have been used to authenticate software using plug-in cartridges for storing game software. In one prior art gaming system, the base of the authorized game software cartridge and the corresponding receptacle in the game console are configured to prevent the insertion of a differently shaped cartridge into the receptacle. In addition, the game console and any authorized cartridges include a processor and a Read Only Memory (ROM) that stores specific data needed to authenticate the cartridge. If the results of the calculations performed by both the processor in the game console and the processor in the box are not consistent, the game console will not be able to cause the game software stored in the box to execute on the game console.
Because of the richness of the graphics and complexity of games designed to run on contemporary game consoles, game software is more efficiently distributed on optical storage media such as compact disc-read only memory discs (CDROMs) or Digital Versatile Discs (DVDs). Therefore, an alternative approach that does not rely on hardware must be employed in the software component, since the disk does not provide an option to include other hardware components for use in authenticating the software and enforcing security and use policies. Details of how each game console manufacturer chooses to address this problem are not readily available. Clearly, it would be desirable to use the data stored on the disk to determine if the software has been altered and enforce security policies and usage of the software executing on the game console.
Disclosure of Invention
There are two main steps that must be addressed in practice in accordance with the present invention to ensure that digital data used by a computing device, such as a game console, is authorized, has not been altered since it was distributed, and follows any policies regarding use on such devices. In a first main step, the digital data must be encrypted before being distributed to an end user. Second, the computing device must be programmed to determine that the digital data is authorized, has not been altered, and in another manner, to confirm the security policy regarding the use of the digital data on this particular computing device.
In order to encrypt digital data before it is distributed, the method used in the invention determines a data digest for the digital data according to predefined steps, typically the digital data comprises a plurality of portions, and in this step a partial digest is defined for each portion using the predefined steps, so that all the partial digests constitute the data digest. This step generates a data digest having a form uniquely associated with the digital data, and the data digest is then included in the header of the digital data. Next, a header digest is determined for the header using predefined steps, and the header digest is uniquely associated with the header. The header digest is then encrypted using the secured private key. Such that the digital data is secure for distribution.
Once encrypted, the encrypted header digest, the header, and the digital data may be distributed for use on a computing device, the computing device must confirm the authenticity of the digital data before using the digital data on the computing device, the computing device must confirm that the digital data is authorized and has not been altered since being encrypted by performing the following steps. The encrypted header digest is initially decrypted using a public key corresponding to the private key to recover the header digest. Next, the confirmed header digest is determined by a predetermined procedure. The computing device then compares the validated header digest of the header with the header digest recovered by the step of decrypting to ascertain whether the header distributed with the digital data has been altered since the digital data was encrypted. If not, the computing device determines a validated data digest of the digital data corresponding to the data digest included in the header using predefined steps. The confirmed data digest is then compared with the data digest included in the header to confirm whether the digital data distributed after the encryption step has been altered. In effect, these last two steps determine a confirmed partial digest for each portion of the digital data, and then compare the confirmed partial digest with the partial digests included in the header. The computing device is programmed to prevent further use of the digital data by the computing device if the validated header digest does not correspond to the header digest recovered by the decrypting step, or if the validated data digest does not correspond to the data digest included in the header.
The preceding part of the method is only part of the problem. To control the use of digital data, information specifying criteria for a security policy to be enforced is included in a header of the digital data before the digital data is encrypted. Thus, a predefined step is applied to the header including this information, as indicated above, to determine the header digest. Before the digital data can be used on the computing device (assuming that the validated header digest is already consistent with the header digest recovered by the decrypting step), the computing device is programmed to determine whether the information in the header enables or allows the digital data to be used on the computing device. If so, further use of the digital data on the computing device is permitted, otherwise blocked because the authenticity of the digital data is not confirmed. If not, any further use of the digital data on the computing machine is prevented.
In determining whether the information in the header enables the digital data to be used on the computing device, the computing device compares an indication of the security policy criteria included in the information in the header with a corresponding criteria state stored in the computing device to confirm that they are consistent. For at least one criterion, an authorized user can select a status of the criterion on the computing machine. Other types of criteria are stored in memory of the computing device, which are not accessible or changeable by a user of the computing device, the information in the header preferably indicates policy criteria for a number of systems, including a geographic area in which the digital data is permitted to be used on the computing device, a type of media in which the digital data is permitted to be loaded for use in the computing device, a rating based on at least one characteristic of the digital data, the console system settings that must be in place before the digital data is executed or used (e.g., language of the user interface, date, time, etc.), when certain system components are determined to be faulty, a fault tolerance indication of whether the digital data can be trusted, an ejection control indicating whether the digital data can be trusted, to allow removal of the portable medium on which the digital data resides, and/or any other predetermined system policy.
The predefined step for generating each digest preferably comprises a hashing algorithm, as noted above, and each portion of the digital data is processed by the predefined step to generate the partial digest included in the header. The computing device is programmed to prevent further use of digital data in any portion that confirms that the partial digest does not coincide with the corresponding partial digest in the header.
Other aspects of the invention are directed to a system for implementing the steps of the method used in encrypting digital data and enforcing a security policy on the digital data before use on the system. In each case, the system includes a processor and a memory in which machine instructions are stored that enable the processor to perform functions generally consistent with the steps of the methods described above. The present invention is also directed to a storage medium having stored thereon machine instructions for performing the steps discussed above.
Drawings
The above aspects and many of the attendant advantages of this invention will become more readily appreciated as the same become better understood by reference to the following detailed description, when taken in conjunction with the accompanying drawings, wherein:
FIG. 1 is a schematic isometric view of a gaming system suitable for use in practicing the present invention;
FIG. 2 is a block diagram of the gaming system of FIG. 1;
FIG. 3 is a diagram illustrating a network gaming system in which the gaming system of FIG. 1 is connected to other consoles and service devices via a network;
FIG. 4 is a flow chart illustrating a logical process for encrypting data on a portable medium for use only on authorized consoles;
FIG. 5 is a flowchart illustrating a logical process for initializing a console to enforce security policies relating to the console and digital data;
FIG. 6 is a logical process flow diagram useful in explaining a security policy for enforcing compatibility between a console and digital data;
FIG. 7 is a flowchart illustrating a logical process for enforcing a security policy with respect to using digital data with a console; and
fig. 8 is a block diagram of a generally conventional Personal Computer (PC) that is suitable for encrypting digital data before distributing the digital data for use on a console.
Detailed Description
A preferred embodiment of the present invention is described below, including its use in an electronic gaming system designed to execute gaming software distributed on portable, removable media. Those skilled in the art will recognize that the present invention may also be implemented in set-top boxes, arcade gaming machines, Personal Computers (PCs), and other systems that require enforcement of security policies when using digital data.
Demonstration system
As shown in FIG. 1, an exemplary electronic gaming system 100 includes a game console 102 and supports, such as controllers 104a and 104b, for up to 4 user input devices. The game console 102 houses an internal hard disk drive (not shown in this figure) and a portable media drive 106 that supports various forms of portable optical storage media, as represented by optical storage disk 108. Examples of suitable portable storage media include DVD disks and CD-ROM disks. In such a gaming system, the game program is preferably distributed on a DVD disk for use with the game console, but it is also contemplated that other storage media may be used on this or other types of systems in which the present invention is used to enforce data security policies and to ensure the authenticity of the digital data input to the system.
On the front panel of the game console 102 are 4 slots 110 for connecting and supporting controllers, however the number and arrangement of slots can be modified. A power button 112 and an eject button 114 are also placed on the front panel of the game console 102. The power button 112 controls the application of power to the game console and the eject button 114 alternately opens and closes a tray (not shown) of the portable media drive 106 to enable insertion and extraction of the storage disc 108 so that the digital data on the disc can be read for use by the game console.
Game console 102 is connected to a television or other display monitor or screen (not shown) via an audio/visual (A/V) interface cable 120. The power cable plug 122, when connected to a conventional ac line power supply (not shown), delivers electrical power to the game console. The game console 102 may further be provided with a data connector 124 for transferring data over a network, such as the internet, for example, via a conventional telephone modem or broadband connection.
Each controller 104a and 104b is coupled to game console 102 by a wire (or alternatively by a wireless interface), and in the illustrated embodiment is a compatible Universal Serial Bus (USB) and is connected to game console 102 by a USB cable 130, and game console 102 may be equipped with any of a wide range of user devices for interfacing with and controlling game software. As shown in FIG. 1, each of the controllers 104a and 104b is equipped with two hand levers 132a and 132b, a D-plate 134, buttons 136, and two triggers 138. These controllers are merely representative, and other known gaming input and control mechanisms may be substituted for or added to the device shown in FIG. 1 for use with the game console 102.
A removable or portable Memory Unit (MU)140 may be inserted as an option into the controller 104, providing an additional removable memory device, the portable MU enabling a user to store game parameters and transport them for play on other consoles by inserting the portable MU into other controllers. In the described embodiment, each controller is configured to accommodate two MUs, although more or less than two MUs may alternatively be employed.
The gaming system 100 can, for example, play games, play music, and television. It is contemplated that other functions may be performed using digital data read from an online source, or from MU140, using optical storage disc 108 stored on a hard disk drive or from drive 106. For example, the gaming system 100 can potentially implement:
playing game items stored on CD and DVD disks, on hard drives, or downloaded from online sources;
playing digital music stored on a CD in the portable media drive 106, in a file on a hard drive (e.g., Windows Media Audio (WMA) format), or obtained from an online streaming source over the Internet or other network; and
playing digital audio-visual (AV) data stored on a DVD disk in the portable media drive 106, or in a file (e.g., active streaming format) on a hard drive, or derived from an online streaming source over the internet or other network.
Fig. 2 shows the functional components of the gaming system 100 in greater detail, with the gaming console 102 including a Central Processing Unit (CPU)200, and a memory controller 202 that facilitates processor access to various types of memory, including Read Only Memory (ROM)204, Random Access Memory (RAM)206, hard disk drive 208, and portable media drive 106. The CPU 200 is equipped with a level 1 ultra high speed memory 210 and a level 2 ultra high speed memory 212 to temporarily store data in order to reduce the number of memory access cycles, thereby improving processing speed and throughput. The CPU 200, memory controller 202, and various memory devices are interconnected by one or more buses, including serial and parallel buses, a memory bus, a peripheral bus, and a processor or local bus using any of a variety of bus architectures. Such architectures may include, by way of example, Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, television electronics standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
As an example of a suitable implementation, CPU 200, memory controller 202, ROM204, and RAM 206 are integrated onto a common module 214. In this embodiment, ROM204 is configured as flash ROM, and is connected to memory controller 202 via a PCI bus and a ROM bus (neither of which are shown). The RAM 206 is configured as multiple double data rate synchronous dynamic RAMs (DDR SDRAMs), which are independently controlled by the memory controller 202 via separate buses (not shown). Hard disk drive 208 and portable media drive 106 are connected to the memory controller by a PCI bus and an Advanced Technology Attachment (ATA) bus 216.
A 3D graphics processing unit 220 and a video encoder 222 form a video processing pipeline for high speed and high resolution graphics processing. Data is transferred from the graphics processing unit 220 to the video encoder 222 via a digital video bus (not shown). An audio processing unit 224 and an audio encoder/decoder (Codec)226 form respective audio processing pipelines for high fidelity and stereo audio data processing. Audio data is communicated between audio processing unit 224 and audio vocoder 226 via a communication link (not shown). The video and audio processing pipelines output data to an a/V port 228 for transmission to a television or other display monitor. In the illustrated embodiment, the video and audio processing component 220 and 228 are mounted on the module 214.
A USB host controller 230 and a network interface 232 are also implemented by the module 214. The USB host controller 230 is connected to the CPU 200 and the memory controller 202 via a bus (e.g., PCI bus) and functions as a host for the peripheral controllers 104a-104 d. The network interface 232 provides access to a network (e.g., the internet, local network, etc.) and may be any of a wide variety of various wired or wireless interface components including an ethernet card, a modem, a bluetooth module, a cable modem, and the like.
The game console 102 has two dual-controller support subassemblies 240a and 240b, each of which supports two game controllers 104a-104 d. A front panel input/output (I/O) subassembly 242 supports the functionality of power button 112 and eject button 114, as well as any Light Emitting Diodes (LEDs) or other indicators exposed on the exterior surface of the game console. Subassemblies 240a, 240b, and 242 are coupled to module 214 by one or more cable assemblies 244.
8 MUs 140a-140h are shown, which may be connected to 4 controllers 104a-104d, i.e., two MUs per controller. Each MU140 provides additional memory for the game, may store game parameters and other data, and may be accessed by the memory controller 202 when the MU140 is plugged into the controller.
The system power module 250 provides power to the components of the gaming system 100. An electric fan 252 cools the components and circuitry within game console 102.
To implement the present invention, a game software application 260 comprising machine instructions stored on a DVD or other storage medium (or downloaded over a network) is loaded into RAM 206 and/or caches 210, 212 for execution by CPU 200. Portions of software application 260 may be loaded only when needed, or all software applications (depending on its size) may be loaded into RAM 206. Software application 260 is described in more detail below.
The gaming system 100 may operate as a stand alone system by connecting the system directly to a television or other display monitor. In this stand alone mode, the gaming system 100 enables one or more users to play games, watch movies, or listen to music. However, using a typical modem or broadband connection to the Internet or other network available through network interface 232, gaming system 100 may further operate as a component of a larger network gaming community, enabling multiple players online to interact in a game over the Internet or other network.
Network system
Fig. 3 illustrates an exemplary network gaming environment 300 that interconnects a plurality of gaming systems 100 a. Network 302 represents any of a wide range of data communication networks and may include a public portion (e.g., the Internet) as well as a private portion (e.g., a residential Local Area Network (LAN)). Network 302 may be implemented using any one or more of a wide range of common communication configurations, including both wired and wireless types. Any of a wide range of communication protocols may be used to communicate data over network 302, including both public and privileged protocols. Examples of such protocols include TCP/IP, IPX/SPX, NetBEUI, and the like.
In addition to the gaming system 100, one or more online service devices 304a,., 304m may be accessible via the network 302 to provide various services to participants, such as hosting online games, providing downloadable music or video file services, hosting game tournaments, providing streaming A/V file services, and the like. The network gaming environment 300 may further employ a key distribution center 306 that plays a role in authentication of various players and/or gaming systems 100 interconnected with each other and connected to the online service device 304. The distribution center 306 distributes keys and service tickets to active participants, which can then be used to compose a play set comprising a plurality of players, or to purchase service items from the online service 304.
The network gaming environment 300 introduces another available source of memory, i.e., online memory, for each gaming system 100. In addition to the optical storage disc 108, the hard drive 208, and the MU140, the gaming system 100a may also access data files available on remote storage locations via the network 302, such as provided by remote storage 308 on the online service device 304 m.
Exemplary method
For exemplary purposes, a preferred embodiment is described below for encrypting a game and securely using the game only on authorized consoles to ensure that the game software has not been altered and that only authorized play software can be played on the game console. In particular, this embodiment enforces security and other policies regarding the distribution of games on portable media, such as optical disks, and ensures that only game copies that have not been altered can be executed, and only through a particular authorized set of game consoles, such as those sold for use only in a particular region of the world. Those skilled in the art will recognize that the present invention may be applied to other forms of digital data, such as simulation, image, video, audio, text, etc. The methods described below are also applicable to, or readily adaptable for use in, controlling access to digital data over virtually any type of network, over virtually any type of medium, or through virtually any type of propagation medium, including, for example, radio frequency propagation and optical signals, without limitation.
FIG. 4 is a flowchart illustrating a logical process for encrypting game software as digital data 400 stored on a portable medium for use only by authorized consoles. The certificate 402 is encoded on the portable medium along with the digital data. Certificate 402 includes desired security policy information, such as content ratings specified by the ESRB, and other security policy information includes the gaming region where the gaming software is authorized to be used, such as north america, japan, europe, or the "rest of the world," which may indicate a functional aspect rather than a geographic region. For example, a "manufacturing area" may be used during production and post-production service of a game console, making digital data available only on a particular model console provided to the manufacturer and maintenance service provider. Another form of security policy information included as an option in the certificate specifies the type of media that the game console is authorized to access when the digital data is loaded into RAM. For example, the certificate may be set to a unique type of optical storage disc that can only be read by certain kinds of game consoles, with the type of media the software distributor may prevent the loading of software into RAM from the hard drive or over the network, or conversely, may be set or authorized to download over the network, e.g. to permit the play of demonstration software on a console. Alternatively, the media type may be configured to include a specific authorized web address, whereby the digital data may be accessed and loaded into RAM, preventing the software from being downloaded from any other web address.
To encrypt digital data on a portable medium, a security system identifies portions of the digital data and computes a digest for each portion of the digital data at step 404. Each digest is referred to as a partial digest. Preferably, the partial digest is computed using an Algorithm, such as the Secure Hash Algorithm (Secure Hash Algorithm) version 1(SHA-1) specified by the National Institute of Standards and Technology (NIST). Further information about SHA-1 is available from http:// www.itl.nist.gov/fippubs/fip 180-1. htm.
At step 406, the security system establishes a header that includes each partial digest, security policy information, and any other information that is desired to be included in the digital data header data. The security system then computes a digest of the entire header, generating a header digest, at step 408. At step 410, the security system encrypts the header digest using a private key. As is well known in the art, a private key is part of a digital signature algorithm used to encrypt and authenticate digital data, such that a corresponding public key can be used to confirm the authenticity of the data and decrypt the data. Additional information about digital signature algorithms can be found in the following websites: http:// cs. n.st. gov/publications/fiss 186-2pdf, it is clear that the use of private and public keys is well known in terms of secure transmission of data. Once the header digest is encrypted, the security system inserts the encrypted header digest into the beginning of the header at step 412, and then stores the header and digital data on a portable media or other storage device for distribution at step 414. For example, the header and digital data may be stored on a DVD for distribution to end users having appropriate game consoles.
To authenticate the digital data and ensure that the digital data has not been altered following the encryption process described above, the console performs the verification steps as described below, in relation to fig. 5-7. FIG. 5 is a flowchart illustrating a logical process for initializing a console to enforce security policies relating to the console and digital data. At step 420, the console is powered up (or reset), it is "booted" up, and at decision step 422, the console determines whether initial values and parameters have been set. For example, the console determines whether or not initial values entered for the time zone, clock setting, and typically when the game console is initially set for use, have been configured. If any of these values or parameters for the console have not been configured, the console initiates a user interface, referred to as a "dashboard," at step 424, enabling the user to configure the console with one or more parameters or values that have not been entered.
When the console is configured, the console determines whether the portable media is in the console's media drive at decision step 426. Those skilled in the art will recognize that the console may additionally, or alternatively, determine whether the digital data is currently accessible for download from the streaming server, or for other access. If the portable media is not in the console media drive, the console starts the control panel using the machine instructions and data stored on the hard drive at step 428. If the portable media is detected in the media drive, or other entry for data is provided, at decision step 430 the console determines whether the portable media includes a file with a predetermined name, the console desires to find a file with a predetermined name to identify the type of media provided in the media drive or from another source. The media drive is capable of reading a variety of media types, such as audio CDs, DVDs, game discs, and other media types. If the predetermined file name identifies the portable medium as a game disc including the necessary head and other digital data, the following steps are performed. If the portable media does not include the desired predefined file name indicating the media type, the console activates the control panel so that the console can be used to play a CD, DVD, or other media type, step 432.
When the game disc is detected, the console loads the head piece from the game disc at step 434. At step 436, the console decrypts the header digest using the public key associated with the private key used to encrypt the header digest. Preferably, the public key is stored in a permanent memory of the console, i.e., in ROM 204. The console then computes a confirmation digest of the header at step 438 for comparison with the decrypted header digest. Control is then passed to decision step 440 of fig. 6 via connector a.
Referring to fig. 6, decision step 440 indicates that the console determines whether the decrypted header digest coincides with the confirmation digest. If the two digests do not agree, the console initiates the control board to handle the error, step 445. The console will indicate that an error has occurred in the authentication software data.
If the two digests agree, the console reads the header for the security policy information and determines at decision step 442 whether the media type written in the header agrees with the media type detected at decision step 430 of FIG. 5. At decision step 430, the console may check for a desired predefined filename, which will give an initial indication that a valid game software disk is in the portable media drive. However, the intended predefined file name may be written directly on the writable compact disc. Thus, at decision 442 of FIG. 6, the console determines whether the header also indicates whether the data is authorized to be stored on a read-only game disk, rather than on a writable compact disk, cartridge memory, memory card, remote storage device, or other type of storage medium. If the media types listed in the header do not correspond to the detected media types, the console initiates the control board to handle the error at step 445.
If the authorized media type is consistent with the type of portable media being output, the console performs a similar check on the play area. In particular, at decision step 444, the console determines whether the identified play area in the header coincides with a play area stored in the console's persistent memory, i.e., ROM 204. For example, the console confirms that north american game boards are used in game consoles sold for use only in north america. If the identified game area in the header does not correspond to the game area stored in the console, the console initiates the dashboard to handle the error, step 445.
If the play areas are consistent, the console may perform other similar optional verification operations. For example, at decision step 446, the console may determine whether the digital data on the portable media is intended for manufacturing or software development purposes, or for post-production services, or other non-gaming functions. Alternatively, or in addition, the console may determine whether the digital data to be loaded requires the system to ensure that various system settings are in place prior to executing the digital data, which may include the language of the user interface, the date, the time of day, and/or other settings. The console may also determine whether the digital data can be relied upon when certain system components are determined to be faulty. For example, the console may check whether a bit is set to unclamp the hard disk. Another check may be whether the digital data can be relied upon to permit the user to safely remove the portable media, or whether such removal should be performed by the system itself.
If the console determines that the header does not identify a valid authorized function for the digital data, or that one of the validity checks fails, the console initiates the control panel to handle the error at step 445. However, if the console determines that a valid function has been implemented, at step 448, the console initiates a manufacturing function, a service function, or other valid function that has been detected, and then passes control to step 450 of FIG. 7 via connector B.
In the logical process of fig. 7, a security policy using digital data with a console is enforced. At this point, the console has determined that the header data is valid and has tested the information contained in the certificate. However, to ensure that the digital data itself for each portion is not altered, the console must verify the digest for each portion. To effectively do so, the console loads all of the pre-loaded sections at step 450. The pre-installed section includes the portion of the game program code that must be executed to initiate the game. At step 452, the console calculates a partial digest of the first portion of digital data. At decision step 454, the console compares the calculated partial digest with the partial digest of the portion stored in the header. If the calculated digest of the portion does not correspond to the digest stored in the header of the portion, the console initiates the control board to handle the error, step 445. If the partial digests are consistent, the console determines whether another portion of the digital data was preloaded at decision step 456. If another portion of digital data is preloaded, control returns to step 452 to calculate a partial digest for the next portion of digital data. The digital data of each portion is compared. All other portions of the digital data are allowed to perform the same steps on them before they are executed on the game console.
Once all of the portions have been verified, the console reads and runs certain initialization codes from the portable media at step 458. The initialization code is preferably stored by the security system on a portable medium and used to process other security policy information. For example, at decision step 460, the console may use the initialization code to determine whether the digital data is consistent with the ESRB rating received by the console as configured by an authorized user (e.g., a parent of a child who is using the gaming console). If the ESRB rating of the digital data does not match the ESRB rating configured in the console (i.e., stored in ROM 204), the console initiates the control board to handle the error at step 445. Those skilled in the art will recognize that the initialization code may be incorporated into the ROM in another manner than a portable medium. Thus, all checks may be implemented as described above with respect to FIG. 6. Otherwise, some or all of the policies checked by the ROM may be checked in another manner by the initialization code of the portable medium.
In any event, once the ESRB rating, and/or other security policies are verified, the console processes the remainder of the digital data, executes games or performs other operations that the console is instructed to perform at step 462. Thus, the game console may detect the changed software and will not allow any changed software to execute on the console. Moreover, if other parameters included in the certificate information of the software header do not correspond to settings on the game console, the digital data will not be executed on the game console. Thus, the present invention ensures that only authorized game software will execute on the game console, since game software that is not secure by encrypting the header digest with the private key will not be executed. Changes in the software or other digital data stored on the media will be detected because the decrypted digest of the header will not be consistent with the digest of the header as determined by the game console. All other security and use policies will also be enforced based on the results of the comparison of the parameters stored in the console's ROM with those in the certification paper for the game software header. Because the header includes the certification information, any changes to the certification information will also be easily detected, preventing the digital data from being executed on the game console.
Exemplary operating Environment for encrypting digital data
Fig. 8 and the following discussion are intended to provide a brief, general description of a suitable computing environment in which the invention may implement encryption of digital data for subsequent distribution and use on many different consoles. This portion of the invention may be implemented on a single computing device, but is often implemented on a client computing device and/or server or other remote computing device connected by a communications network, both of which typically include the functional components shown in FIG. 8. Although not required, this aspect of the invention will be described in the general context of computer-executable instructions, such as program modules, being executed by a PC. Generally, program modules include applications, routines, objects, components, functions, data structures, etc. that perform particular tasks or implement particular abstract data types. Those skilled in the art will also appreciate that the invention may be practiced with other computer system configurations, such as client devices, which are personal production devices, other microprocessor-based or programmable consumer electronics, multiprocessor systems, network PCs, minicomputers, mainframe computers, and the like. Moreover, the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
With reference to FIG. 8, an exemplary system for encrypting digital data in accordance with the invention includes a general purpose computing device in the form of a conventional PC520, provided with a processing unit 521, a system memory 522, and a system bus 523. The system bus couples various system components including the system memory to the processing unit 521 and may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes Read Only Memory (ROM)524 and Random Access Memory (RAM) 525. A basic input/output system 526(BIOS), containing the basic routines that help to transfer information between elements within PC520, such as during start-up, is stored in ROM 524. The PC520 further includes a hard disk drive 527 for reading from and writing to a hard disk (not shown), a magnetic disk drive 528 for reading from or writing to a removable magnetic disk 529, and an optical disk drive 530 for reading from or writing to a removable optical disk 531 such as a CD-ROM or other optical media. The hard disk drive 527, magnetic disk drive 528, and optical disk drive 530 are connected to the system bus by a hard disk drive interface 532, a magnetic disk drive interface 533, and an optical drive interface 534, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer-readable machine instructions, data structures, program modules and other data for the PC 520. Although the exemplary environment described herein employs a hard disk, a removable magnetic disk 529, a removable optical disk 531, it should be appreciated by those skilled in the art that other types of computer readable media which can store data and machine instructions that are accessible by a computer, such as magnetic cassettes, flash memory cards, Digital Video Disks (DVDs), Bernoulli cartridges, RAMs, ROMs, and the like, may also be used in the exemplary operating environment.
A number of program modules can be stored on the hard disk, magnetic disk 529, optical disk 531, ROM 524, or RAM 525, including an operating system 535, one or more application programs 536, other program modules 537, and program data 538. A user may enter commands and information into PC520 and provide control inputs through input devices such as a keyboard 540 and a pointing device 542. Pointing device 542 may include a mouse, stylus, wireless remote control, or other pointer. As used hereinafter, the term "mouse" is intended to encompass virtually any pointing device useful for controlling the position of a cursor on a screen. Other input devices (not shown) may include a microphone, joystick, touch stick, joystick, foot pedal, game pad, satellite dish, scanner, or the like. These and other input/output (I/O) devices are often connected to the processing unit 521 through an I/O interface 546 connected to the system bus 523. The term I/O interface is intended to include each interface specifically adapted for use with a serial port, a parallel port, a game port, a keyboard port, and/or a Universal Serial Bus (USB). A monitor 547 or other type of display device is also connected to system bus 523 via an appropriate interface, such as video adapter 548, and may be used to display application programs, graphical images, web pages, and/or other information. In addition to the monitor, PCs are often connected to other peripheral output devices (not shown), such as speakers (via a sound card or other audio interface-not shown) and printers.
As indicated above, the present invention may be implemented on a single machine, however, PC520 may also operate in a networked environment using logical connections to one or more remote computers, such as remote computer 549. The remote computer 549 may be another PC, a server (typically configured much like the PC 520), a router, a network PC, a peer device, or a satellite or other common network node, and typically includes many or all of the elements described above relative to the PC520, although only an external memory storage device 550 has been illustrated in FIG. 8, the logical connections depicted in FIG. 8 including a Local Area Network (LAN)551 and a Wide Area Network (WAN)552, such networking environments being common in offices, enterprise-wide computer networks, intranets, and the Internet.
When used in a LAN networking environment, the PC520 is connected to the LAN 551 through a network interface or adapter 553. When used in a WAN networking environment, PC520 typically includes a modem 554, or other means, such as a cable modem, Digital Subscriber Line (DSL) interface, or Integrated Services Digital Network (ISDN) interface, for establishing communications over WAN 552, such as the Internet. The modem 554, which may be internal or external, is connected to the system bus 523 or to the system bus 523 via the I/O device interface 546, i.e., via a serial port. In a networked environment, program modules depicted relative to PC520, or portions thereof, may be stored in the remote memory storage device, it being recognized that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used, such as wireless communications and broadband network links.
PC520 may have a secure entry for a private key that is used to encrypt the game's header digest using the usual private/public key encryption scheme. Alternatively, once the header digest has been computed on PC520, the digital data, header, and header digests may be moved to a secure location where the header digest will be encrypted with the private key. The digital data, header, and encrypted header digest are then stored in the host computer for copying on another suitable medium, such as a DVD or CD-ROM, prior to distribution, or for distribution over a network, such as the Internet, to a console or other type of computing device as has been described above.
Although the present invention has been described in connection with the preferred form of practicing it and several modifications thereto, those skilled in the art will recognize that many other modifications may be made within the scope of the following claims. It is therefore not intended that the scope of the invention be limited by the above description, but rather determined entirely by reference to the claims that follow.

Claims (52)

1. A method for securing digital data to be distributed for use on a computing device, comprising the steps of:
(a) processing the digital data to create a data summary uniquely corresponding to the digital data;
(b) including the data digest in a header of the digital data;
(c) processing the header to create a header digest uniquely corresponding to the header;
(d) encrypting the header digest with a private key, the private key having a corresponding public key, the public key being provided when the digital data is to be used on the computing device; and
(e) the digital data with the encrypted header is distributed to the end user for use on the computing device.
2. The method of claim 1 wherein the steps of creating the data digest and the header digest each include the step of generating the data digest and the header digest, respectively, using a hashing algorithm.
3. The method of claim 1, wherein:
(a) the digital data includes a plurality of portions;
(b) the step of processing the digital data to create a data digest includes the step of processing each of the plurality of portions to produce a plurality of portion digests that uniquely correspond to the plurality of portions of digital data; and
(c) the step of including the data digest includes the step of including the plurality of partial digests into the header.
4. The method of claim 1, further comprising including information within the header for controlling use of digital data on a computing device, the header digest being created from the header.
5. The method of claim 4, wherein the information comprises at least one of:
(a) an indication of a geographic area in which the digital data is authorized for use;
(b) an indication of a type of media that the digital data is authorized to be loaded into the computing device for use;
(c) a nominal value based on at least one characteristic of the digital data;
(d) console system settings that must be in place before digital data can be used;
(e) fault tolerance indication of whether the digital data is trustworthy when certain system components are determined to be faulty; and
(f) an ejection control indication of whether the digital data is trusted to allow removal of the portable medium storing the digital data.
6. The method of claim 1, wherein the distributing step comprises the step of storing the digital data with the encrypted header segments on a medium usable by the computing device to execute the digital data.
7. The method of claim 1, wherein the distributing step further comprises:
the digital data with the encrypted header segments is transmitted for use by the computing device over at least one of a wired and wireless communication network.
8. The method of claim 1, wherein the digital data comprises game software; wherein the computing device runs the gaming software to enable an end user to play a game.
9. A method of enabling digital data to be used on a computing device to ensure that the digital data is not altered and to enforce policies regarding the use of the digital data, the digital data being distributed along with a header and an encrypted header digest for the digital data, the encrypted header digest being generated by encrypting the header digest with a private key, the method comprising the steps of:
(a) decrypting, using the computing device, the encrypted header digest with a public key corresponding to the private key to recover the header digest;
(b) creating a validation header digest of the header distributed with the digital data, the validation header digest being generated using a method identical to that employed in generating the encrypted header digest;
(c) comparing the confirmation header digest with the header digest restored by the decryption; and
(d) if the header digest is confirmed to be the same as the recovered header digest, the digital data is only made available on the computing device.
10. The method of claim 9, wherein the digital data includes at least one portion, the header including a portion digest that uniquely corresponds to the one portion of the digital data, which is generated prior to distribution of the digital data, the method further comprising the steps of:
(a) processing, with the computing device, each portion of the digital data using the same steps as previously used to generate the corresponding portion digest contained in the header, generating a validation portion digest for each portion;
(b) comparing the confirmed partial digest of a portion with the partial digest contained in the header; and
(c) if the confirmation header digest does not coincide with the header digest recovered by the decrypting step, or if the confirmation data digest does not coincide with the data digest included in the header, the computing device is prevented from further using the digital data.
11. The method of claim 9, wherein if the step of comparing determines that the digital data is enabled for use on the computing device, further comprising the step of: determining whether information contained with the digital data relating to usage of the digital data enables the digital data to be used on the computing device, if so, enabling the digital data to be used on the computing device, and if not, preventing the digital data from being used on the computing device.
12. The method of claim 11, wherein the information comprises at least one of:
(a) a geographic area where digital data is allowed to be used on a computing device;
(b) the type of media that the digital data is allowed to be loaded onto the computing device for use;
(c) a nominal value based on at least one characteristic of the digital data;
(d) console system settings that must be in place prior to digital data use;
(e) fault tolerance indication of whether the digital data is trustworthy when certain system components are determined to be faulty; and
(f) whether the digital data is trusted to allow removal of an ejection control indication of the portable medium storing the digital data.
13. The method of claim 11, wherein the determining step includes the step of comparing the information to corresponding parameters set on the computing device, enabling use of the digital data by the computing device if the result of the comparison confirms that use is authorized, and preventing use of the digital data by the computing device if unauthorized.
14. The method of claim 13, further comprising the step of enabling an authorized user to enter and store parameter settings for rating digital data permitted by the authorized user for use on the computing device.
15. The method of claim 13, wherein the parameter is set before the computing device is provided to the end user.
16. A method for enforcing a security policy on distributed digital data intended for use on a computing device, comprising the steps of:
(a) digital data is made secure and reliable prior to distribution by:
(i) determining a data digest of the digital data according to predefined steps including a hashing algorithm, resulting in a data digest of a form uniquely associated with the digital data;
(ii) including the data digest in a header of the digital data;
(iii) determining a header digest of the header using predefined steps, the header digest being uniquely associated with the header; and
(iv) encrypting the header digest using a secret private key;
(b) distributing the encrypted header digest, the header and the digital data;
(c) prior to using the digital data on the computing device, the authenticity of the digital data is confirmed by:
(i) decrypting the encrypted header digest using a public key corresponding to the private key to recover the header digest;
(ii) determining a confirmation header digest using predefined steps;
(iii) comparing the confirmed header digest of the header with the header digest restored through the decrypting step, confirming whether the header distributed with the digital data is changed; if not, then
(iv) Determining, by a predetermined step, a confirmation data digest of the digital data corresponding to the data digest contained in the header; and
(v) comparing the confirmation data digest with the data digest contained in the header section to confirm whether the distributed digital data has been changed after the security and reliability step; and
(d) preventing the computing device from further utilizing the digital data if any of the following occurs:
(i) confirming that the header digest is not consistent with the header digest recovered by the decrypting step; and
(ii) the confirmation data digest does not coincide with the data digest contained in the header.
17. The method of claim 16, wherein the step of securing the digital data prior to distribution comprises the steps of:
(a) including information in the header that specifies security policy criteria for using the digital data to be enforced on the computing device; and
(b) when a predefined step is applied to the header to determine the header digest, this information is included as part of the header.
18. The method of claim 17, further comprising the step of, if the header digest is confirmed to be consistent with the header digest recovered by the decrypting step, before the digital data can be used on the computing device:
(a) determining whether information in the header enables the digital data to be used on the computing device; if so, then
(b) Allowing further use of the digital data on the computing device unless use is prevented because the authenticity of the digital data is not confirmed; if not, then
(c) Preventing any further use of the digital data on the computing machine.
19. The method of claim 18 wherein the step of determining whether the information in the header allows use of the digital data on the computing device includes the step of comparing an indication of the security policy criteria contained in the information in the header with the status of the criteria on the computing device to confirm that they are consistent.
20. The method of claim 19, further comprising the step of enabling an authorized user to select the criteria state on the computing machine.
21. The method of claim 19, wherein the criteria are stored in memory on the computing device and are not accessible or alterable by a user of the computing device.
22. The method of claim 17, wherein the information indicates at least one of:
(a) a geographic area where digital data is allowed to be used on a computing device;
(b) the type of media that the digital data is allowed to be loaded into the computing device for use;
(c) a nominal value based on at least one characteristic of the digital data;
(d) console system settings that must be in place before digital data can be used;
(e) fault tolerance indication of whether the digital data is trustworthy when certain system components are determined to be faulty; and
(f) whether the digital data is trusted to allow removal of an ejection control indication of the portable medium storing the digital data.
23. The method of claim 16, wherein the digital data is divided into a plurality of portions; and the step of determining the data digest comprises the step of applying predefined steps to each portion to produce a partial digest of each portion, all of said partial digests constituting the data digest.
24. The method of claim 23, wherein the step of determining the confirmation data digest of the digital data comprises the steps of: predefined steps are applied to each portion to generate a validation portion digest for each portion, all of which constitute a validation data digest.
25. The method of claim 24, wherein the step of comparing the confirmation data digest with the data digest contained in the header includes: the step of comparing each confirmation part digest with its corresponding part digest in the header before using any digital data contained therein.
26. The method of claim 25, wherein the step of preventing the computing device from further using the digital data comprises the steps of: if the confirmation header digest does not coincide with the header digest recovered by the decrypting step, or if the confirmation data digest does not coincide with the data digest included in the header, the computing device is prevented from further using the digital data.
27. An apparatus for securing digital data to be distributed for use on a computing device, comprising:
(a) means for processing the digital data to create a data digest that uniquely corresponds to the digital data;
(b) means for including the data digest in a header of the digital data;
(c) means for processing the header to create a header digest uniquely corresponding to the header;
(d) means for encrypting the header digest with a private key, the private key having a corresponding public key, the public key being provided when the digital data is to be used on the computing device; and
(e) means for distributing the digital data with the encrypted header to an end user for use on the computing device.
28. The apparatus of claim 27, wherein the means for creating the data digest and the header digest each comprises means for generating the data digest and the header digest using a hashing algorithm, respectively.
29. The apparatus of claim 27, wherein:
(a) the digital data includes a plurality of portions;
(b) the means for processing the digital data to create a data digest includes means for processing each of the plurality of portions to produce a plurality of portion digests that uniquely correspond to the plurality of portions of digital data; and
(c) the means for including the data digest comprises means for including the plurality of partial digests in the header.
30. The apparatus of claim 27, further comprising means for including information in said header for controlling the use of digital data on the computing device, said header digest being created from said header.
31. The apparatus of claim 30, wherein the information comprises at least one of:
(a) an indication of a geographic area in which the digital data is authorized for use;
(b) an indication of a type of media that the digital data is authorized to be loaded into the computing device for use;
(c) a nominal value based on at least one characteristic of the digital data;
(d) console system settings that must be in place before digital data can be used;
(e) fault tolerance indication of whether the digital data is trustworthy when certain system components are determined to be faulty; and
(f) an ejection control indication of whether the digital data is trusted to allow removal of the portable medium storing the digital data.
32. The apparatus of claim 27, wherein the distributing means comprises means for storing the digital data with the encrypted header segments on a medium usable by the computing device to execute the digital data.
33. The apparatus of claim 27, wherein the dispensing means further comprises:
means for transmitting the digital data with the encrypted header segments over at least one of a wired and wireless communication network for use by a computing device.
34. The apparatus of claim 27, wherein the digital data comprises game software; wherein the computing device runs the gaming software to enable an end user to play a game.
35. An apparatus for enabling digital data to be used on a computing device to ensure that the digital data is not altered and to enforce policies regarding the use of the digital data, the digital data being distributed along with a header and an encrypted header digest for the digital data, the encrypted header digest being generated by encrypting the header digest with a private key, the apparatus comprising:
(a) means for decrypting, using the computing device, the encrypted header digest using a public key corresponding to the private key to recover the header digest;
(b) means for creating a validation header digest of the header distributed with the digital data, the validation header digest being generated using a method identical to that employed in generating the encrypted header digest;
(c) means for comparing the validation header digest with the header digest recovered by the decrypting; and
(d) means for only letting the digital data be used on the computing device if the header digest is confirmed to be the same as the recovered header digest.
36. The apparatus of claim 35, wherein the digital data includes at least one portion, the header including a portion digest that uniquely corresponds to the one portion of the digital data, which is generated prior to distribution of the digital data, the apparatus further comprising:
(a) means for processing, with the computing device, each portion of the digital data using the same means previously used to generate the corresponding portion digest contained in the header, generating a confirmation portion digest for each portion;
(b) means for comparing the confirmed partial digest of a portion with the partial digest contained in the header; and
(c) means for preventing the computing device from further using the digital data if the confirmation header digest does not coincide with the header digest recovered by the decrypting means or if the confirmation data digest does not coincide with the data digest included in the header.
37. The apparatus of claim 35, wherein if the comparing means determines that the digital data is enabled for use on the computing device, further comprising: means for determining whether information contained with the digital data relating to the use of the digital data enables the use of the digital data on the computing device, and if so, enabling the use of the digital data on the computing device, and if not, preventing the use of the digital data on the computing device.
38. The apparatus of claim 37, wherein the information comprises at least one of:
(a) a geographic area where digital data is allowed to be used on a computing device;
(b) the type of media that the digital data is allowed to be loaded onto the computing device for use;
(c) a nominal value based on at least one characteristic of the digital data;
(d) console system settings that must be in place prior to digital data use;
(e) fault tolerance indication of whether the digital data is trustworthy when certain system components are determined to be faulty; and
(f) whether the digital data is trusted to allow removal of an ejection control indication of the portable medium storing the digital data.
39. The apparatus of claim 37, wherein the determining means includes means for comparing the information with corresponding parameters set on the computing device to enable use of the digital data by the computing device if the comparison results in a determination that use is authorized and to prevent use of the digital data by the computing device if unauthorized.
40. The apparatus of claim 39, further comprising means for enabling an authorized user to enter and store parameter settings for rating digital data permitted by the authorized user for use on the computing device.
41. The device of claim 39, wherein the parameter is set before the computing device is provided to the end user.
42. An apparatus for enforcing a security policy on distributed digital data intended for use on a computing device, comprising:
(a) means for securing digital data prior to distribution by:
(i) means for determining a data digest of the digital data in accordance with predefined steps including a hashing algorithm, resulting in a data digest of a form uniquely associated with the digital data;
(ii) means for including a data digest in a header of the digital data;
(iii) means for determining a header digest of the header using predefined steps, the header digest being uniquely associated with the header; and
(iv) means for encrypting the header digest using a secret private key;
(b) means for distributing the encrypted header digest, the header, and the digital data;
(c) means for verifying the authenticity of the digital data prior to use on the computing device by:
(i) means for decrypting the encrypted header digest using a public key corresponding to the private key to recover the header digest;
(ii) means for determining a confirmation header digest using predefined steps;
(iii) means for comparing the confirmed header digest of the header with the header digest restored by the decrypting means, and confirming whether the header is changed with the digital data distribution; if not, then
(iv) Means for determining a confirmation data digest of the digital data corresponding to the data digest included in the header by a predetermined procedure; and
(v) means for comparing the confirmation data digest with the data digest contained in the header section to confirm whether the distributed digital data has been changed after the secure and reliable means; and
(d) means for preventing the computing device from further utilizing the digital data if any of the following occurs:
(i) confirming that the header digest is not consistent with the header digest restored by the decrypting apparatus; and
(ii) the confirmation data digest does not coincide with the data digest contained in the header.
43. The apparatus of claim 42, wherein the means for securing the digital data prior to distribution comprises:
(a) means for including information in the header specifying security policy guidelines for using the digital data to be enforced on the computing device; and
(b) means for including this information as part of the header when a predefined step is applied to the header to determine the header digest.
44. The apparatus of claim 43, further comprising, if it is confirmed that the header digest coincides with the header digest recovered by the decrypting means before the digital data can be used on the computing device:
(a) means for determining whether the information in the header enables the digital data to be used on the computing device; if so, then
(b) Including means for allowing further use of the digital data on the computing device unless use is prevented because the authenticity of the digital data is not confirmed; if not, then
(c) Including means for preventing any further use of the digital data on the computing machine.
45. The apparatus of claim 44 wherein the means for determining whether the information in the header allows use of the digital data on the computing device comprises means for comparing an indication of security policy criteria contained in the information in the header with a status of the criteria on the computing device to confirm that they are consistent.
46. The apparatus of claim 45 further comprising means for enabling an authorized user to select the criteria state on the computing machine.
47. The device of claim 45, wherein the criteria are stored in memory on the computing device and are not accessible or alterable by a user of the computing device.
48. The apparatus of claim 43, wherein the information indicates at least one of:
(a) a geographic area where digital data is allowed to be used on a computing device;
(b) the type of media that the digital data is allowed to be loaded into the computing device for use;
(c) a nominal value based on at least one characteristic of the digital data;
(d) console system settings that must be in place before digital data can be used;
(e) fault tolerance indication of whether the digital data is trustworthy when certain system components are determined to be faulty; and
(f) whether the digital data is trusted to allow removal of an ejection control indication of the portable medium storing the digital data.
49. The apparatus of claim 42, wherein the digital data is divided into a plurality of portions; the means for determining the data summary comprises means for applying predefined steps to each portion to generate a partial summary of each portion, all of said partial summaries constituting the data summary.
50. The apparatus of claim 49, wherein the means for determining the confirmation data digest of the digital data comprises: means for applying predefined steps to each portion to generate a validation portion digest for each portion, all of said validation portion digests constituting a validation data digest.
51. The apparatus of claim 50, wherein the means for comparing the confirmation data digest with the data digest contained in the header comprises: means for comparing each confirmation part digest with its corresponding part digest in the header before using any digital data contained therein.
52. The apparatus of claim 51, wherein the means for preventing further use of the digital data by the computing device comprises: means for preventing the computing device from further using the digital data if the confirmation header digest does not coincide with the header digest recovered by the decrypting means or if the confirmation data digest does not coincide with the data digest included in the header.
HK04101309.0A 2002-03-19 2004-02-24 A method and apparatus for securing digital data for use on a computing device HK1059323B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/101,999 US7627753B2 (en) 2002-03-19 2002-03-19 Secure digital data format and code enforced policy
US10/101999 2002-03-19

Publications (2)

Publication Number Publication Date
HK1059323A1 HK1059323A1 (en) 2004-06-25
HK1059323B true HK1059323B (en) 2009-08-07

Family

ID=

Similar Documents

Publication Publication Date Title
EP2078548B1 (en) Secure digital data format and code enforced policy
EP1369764B1 (en) Use of hashing in a secure boot loader
JP4575904B2 (en) Game console manufacturing method and identification evaluation method thereof
US7287052B2 (en) Challenge and response interaction between client and server computing devices
JP4906854B2 (en) Information processing apparatus, information recording apparatus, information processing system, program update method, program, and integrated circuit
CN100511453C (en) Method and device for supplying a data set stored in a database
US20070005504A1 (en) Dynamic digital content licensing
EP1357455B1 (en) Digital rights management on device without interactive authentication
US7441121B2 (en) Device certificate self-individualization
TWI272818B (en) Authorization processing hardware, authorization processing system, and usage management hardware
JP5129121B2 (en) Hard disk authentication
US20020012432A1 (en) Secure video card in computing device having digital rights management (DRM) system
US20090024849A1 (en) Information acquisition device, information acquisition method, and information acquisition program
EP1676395B1 (en) Optical disc, optical disc player and method for playing an optical disc together with an authentification of downloaded content
HK1059323B (en) A method and apparatus for securing digital data for use on a computing device
CN101167296A (en) Updatable and personalizable element of a protected computing environment
HK1058561B (en) Use of hashing in a secure boot loader
HK1051918A (en) Secure video card in computing device having digital rights management (drm) system