Method and apparatus to enable a securely provisioned computing environment
| Title: | Method and apparatus to enable a securely provisioned computing environment |
|---|---|
| Patent Number: | 7,913,295 |
| Publication Date: | March 22, 2011 |
| Appl. No: | 11/696351 |
| Application Filed: | April 04, 2007 |
| Abstract: | A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer. |
| Inventors: | Myers, Mark (Fall City, WA, US); Westerinen, William J. (Issaquah, WA, US); Carpenter, Todd L. (Monroe, WA, US); Wiley, Shaun (Seattle, WA, US); Hyun, Don (Bothell, WA, US) |
| Assignees: | Microsoft Corporation (Redmond, WA, US) |
| Claim: | 1. A removable peripheral apparatus for enabling a subscription-based computing system comprising: an execution unit including a processor; a private memory including an encrypted application; a computing system interface; and a cryptographic unit including a secure storage, the secure storage including a number of metering units and a non-transitory computer-readable medium having computer-executable instructions comprising: a communication module for routing messages and data from the execution unit through the computing system interface to the computing system; a decryption module for routing data related to the encrypted application through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system; and a metering module for decrementing the number of metering units during execution of the encrypted application by the computing system; wherein if the metering module decrements the number of metering units to a number below a threshold, the execution unit activates an indicator. |
| Claim: | 2. The apparatus of claim 1 , wherein the encrypted application is at least one of an operating system, a basic input/output system, a software application dependent upon the operating system, and a data file associated with the software application. |
| Claim: | 3. The apparatus of claim 1 , wherein the secure storage includes at least one of firmware, security certificates associated with the encrypted application, encryption keys, and a trusted clock. |
| Claim: | 4. The apparatus of claim 1 , further comprising a public non-volatile memory capable of storing at least one of an unencrypted application, a data file associated with the unencrypted application, and a data file associated with the encrypted application. |
| Claim: | 5. The apparatus of claim 1 , wherein the computing system interface includes a male type-A USB connector. |
| Claim: | 6. A system including a secure computing device in communication with a computer, the secure computing device including a protected processor for executing computer executable code, a secure memory for storing metered access time, and computer executable code, a cryptographic core and an input/output circuit, the protected processor physically configured to execute computer executable code for: determining if the metered access time is below a threshold; communicating an encrypted application from the secure memory to the cryptographic core; decrypting the encrypted application at the cryptographic core; communicating the decrypted application to the computer through the input/output circuit; executing the decrypted application on the computer; decrementing the metered access time while the decrypted application executes on the computer; and activating an indicator light of the secure computing device if the metered access time is below a threshold. |
| Claim: | 7. The system of claim 6 , further comprising a server in communication with the secure computing device and the computer, the server communicating an amount of metered access time to the secure computing device if the amount of metered access time is below a threshold. |
| Claim: | 8. The system of claim 6 , wherein the input/output circuit is in communication with a male type-A USB connector. |
| Claim: | 9. The system of claim 6 wherein the secure memory includes at least one of read-only memory and flash memory. |
| Claim: | 10. The system of claim 6 , wherein the secure computing device includes a smartcard. |
| Claim: | 11. The system of claim 6 , wherein the encrypted application is at least one of an operating system, a basic input/output system, a software application dependent upon the operating system, a Softgrid® application, and a data file associated with the software application. |
| Claim: | 12. The system of claim 6 , wherein the secure memory includes at least one of firmware, security certificates associated with the encrypted application, encryption keys, and a trusted clock. |
| Claim: | 13. The system of claim 6 , wherein secure computing device comprises a universal serial bus flash device. |
| Claim: | 14. The system of claim 6 , further comprising computer executable code for loading a degraded operating system if the metered access time is below a threshold. |
| Claim: | 15. A method for enabling a metered computing environment comprising: determining an amount of access data stored on a secure computing device, the secure computing device including a secure memory including an encrypted application, a cryptographic core, and a computing system interface; decrypting the encrypted application at the cryptographic core; executing the decrypted application at a computer through the computing system interface; decrementing an amount of access data from the secure computing device while the decrypted application is executing at the computer; saving the decremented amount of access data to the secure memory; and loading a degraded operating system if the amount of access data stored on the secure computing device is below a threshold level. |
| Claim: | 16. The method of claim 15 , further comprising displaying a user interface if the amount of access data stored on the secure computing device is below a threshold level; communicating an additional amount of access data through the user interface. |
| Claim: | 17. The method of claim 15 , wherein the access data comprises at least one of an amount of time, a number of uses, a number of pages associated with the decrypted application, a number of actions associated with the decrypted application, or a decrypted application file size. |
| Current U.S. Class: | 726/4 |
| Patent References Cited: | 5764762 June 1998 Kazmierczak et al. 5870726 February 1999 Lorphelin 6862684 March 2005 DiGiorgio 6920553 July 2005 Poisner 6920557 July 2005 Coffy et al. 6986036 January 2006 Wang et al. 7043587 May 2006 Burke et al. 2002/0007347 January 2002 Blumenthal et al. 2003/0221112 November 2003 Ellis et al. 2005/0193188 September 2005 Huang 2005/0198485 September 2005 Nguyen et al. 2006/0064577 March 2006 Chiu et al. 2006/0107119 May 2006 Miller et al. 2006/0112384 May 2006 Frank et al. 2006/0168389 July 2006 Bentley 2006/0282899 December 2006 Raciborski 20020013241 February 2002 20050022448 March 2005 |
| Other References: | Blundo et al.,“SAWM: A Tool for Secure and Authenticated Web Metering”, Jul. 15-19, 2002, ACM, pp. 641-648. cited by examiner Written Opinion for PCT/US2008/059248 mailed Mar. 26, 2009. cited by other International Search Report for PCT/US2008/059248 mailed Mar. 26, 2009. cited by other Microsoft Tests ‘pay as you go’ Computers http://msl1.mit.edu/furdlog/docs/latimes/2006-05-22—latimes—ms—computer pdf. cited by other The Technology behind Microsoft FlexGo http://www.microsoft.com/whdc/flexgo/tech.mspx, Feb. 12, 2007. cited by other AMD to resell Transmeta chip for pay-as-you-go PC's http://www.infoworld.com/article/06/06/05/78693—HNamdtransmeta—1.html. cited by other |
| Primary Examiner: | Smithers, Matthew B |
| Attorney, Agent or Firm: | Marshall, Gerstein & Borun LLP |
| Accession Number: | edspgr.07913295 |
| Database: | USPTO Patent Grants |
| Language: | English |
|---|