Digital Rights Management Operating System

Anonymous Coward sent in a note about Microsoft being granted a patent on a "Digital Rights Management Operating System". Anything more to say? Nope, don't think so. After Windows XP will be Windows DRM.

Summary of a DRM OS

[twoflower]

A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file. The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock.

So, basically you're screwed. If you load any software they don't approve of, the OS itself will prevent you from accessing any protected content, and any programs which _can_ access the protected content. Looks like something designed to prevent situations similar to the current DRM "fix" programs.

Twoflower

Microsoft has some really major people on this...

[Hobart]

One of the named inventors on the patent, Butler Lampson, is a famed CS person who is noted in the Jargon File. Microsoft Research has all kinds of famous computer folk working there, including the inventor of Qsort, the author of VMS, the author of Turbo Pascal (now C#), and others.

Of course, this rights-management is all useless (as any informed antivirus software user can tell you) as long as users have the right to execute whatever code they want on their PCs. No software is safe from attack from an emulator. They'd have to make VMWare and Virtual PC illegal, and make flashing your computer's BIOS to a different BIOS illegal to actually have this work and stop any but the most casual practitioners.

Of course the way the legal system is acting as of late, that may not be too unrealistic a scenario :-(

Arrgh! No one's read the claims yet!

[Azog]

So far, none of the posters here have actually read the details of the patent. So everyone chill out for a second and read this critical little quote from the patent text:

The CPU manufacturer equips the CPU 140 with a pair of public and private keys 164 that is unique to the CPU [...] Other physical implementations may include storing the key on an external device to which the main CPU has privileged access (where the stored secrets are inaccessible to arbitrary application or operating systems code). The private key is never revealed and is used only for the specific purpose of signing stylized statements, such as when responding to challenges from a content provider, as is discussed below.

And, if you take the trouble to read the description of how the whole thing works, it comes down to the fact that the CPU can authenticate itself over the network at runtime by using this private key that ONLY the CPU can access.

Now, I don't know about you, but I haven't heard anything about Intel or AMD building public key / private key pairs into their CPUs. In fact, the whole Intel processor ID fiasco has probably scared them away from this area. Don't forget that this patent was filed in 1998, and was probably designed long before the PIII was released.

I think the most interesting thing about this is that it shows where Microsoft wanted to go in 1998 - they probably were working with Intel on the processor ID thing, and the next step would have been public / private keys to enable the design shown in this patent.

But it won't be happening anytime real soon. Unless maybe all those Pentium 4's out there actually have this as an unannounced feature. Unlikely, but possible - the P4 hyperthreading stuff was like that...