According to one aspect of the invention, a client computer runs an operating system that executes applications by loading them using an application loader and executes device drivers for peripheral devices by loading the drivers using a device loader. The client computer also includes a digest catalog that includes digital signatures for program files that can be executed by the client computer. When attempting to load an application or driver, the appropriate loader checks whether a digital signature for the corresponding program file(s) is included in the digest catalog. If no such digital signature is included, then the loader does not load the program file(s) corresponding to the application or driver.
According to another aspect of the invention, the digest catalog includes, for each program file corresponding to an application or driver that should be executable by the computer, a digitally signed hash value that is generated from a hash function based on the corresponding program file. When attempting to load a particular file, the loader generates a hash value and compares it to the decrypted hash values in the digest catalog. If the comparison results in no matches, then the corresponding program file (and thus the application or driver) is not loaded.
According to another aspect of the invention, a consumer initially purchases a computer with restricted functionality at a price that is less than the price that would be charged for a computer with full functionality. Subsequently, the user can, at an additional cost, acquire a digital key that allows the restrictions to be removed, upgrading the computer to full functionality.
According to another aspect of the invention, a consumer can execute additional applications or drivers on his or her computer by obtaining appropriate digital signatures for the additional applications or drivers to add to the digest catalog. In exchange for payment, a software or hardware vendor will acquire a digital signature(s) for the appropriate program files from the supplier of the program files. The digital signature(s) will then be transmitted to the consumer in exchange for payment to the vendor. The digital signature(s) can then be added to the digest catalog at the consumer's computer, so that the next time he or she attempts to execute the application or driver the appropriate signatures will be in the digest catalog and the program files will be loaded.
According to another aspect of the invention, a consumer can execute additional applications or drivers on his or her computer by obtaining the appropriate digital signatures for such applications or drivers from the same OEM (original equipment manufacturer) as manufactured the consumer's computer. The consumer's computer executes only applications that have in the digest catalog a digital signature of the OEM. Thus, the OEM can limit what additional applications are made available to the consumer.
According to another aspect of the invention, the OEM maintains a digest catalog that can be made available to the consumer's computer (either locally at the computer or remotely). The consumer, in exchange for payment, is given access to the digest catalog so that any applications for which a corresponding digital signature exists in the OEM's digest catalog can be executed at the client computer. The consumer can be given a limited amount of time (e.g., one month or one year) within which he or she can access the OEM's digest catalog.
http://patft.uspto.gov/netacgi/nph-Parser?...RS=PN/7,536,726