A Massively Distributed Trusted System

Olin Sibert, Jim Horning, and Susan Owicki
InterTrust STAR Lab

InterTrust Technologies is developing a software infrastructure that will enable trusted electronic transactions on a world-wide scale. The initial focus of this effort is support for vending digital content, including text, images, video, and software. Ultimately the architecture should support a wide range of applications, including electronic commerce, multi-party trading systems, enterprise document control, and workflow management. It must protect the rights of all participants in electronic interactions, including individuals, businesses, and societies.

The InterTrust Commerce Architecture™ infrastructure has three principal components: the DigiBox™ secure container, the InterRights™ Point software, and the Transaction Authority infrastructure. Content is distributed and stored in DigiBox containers, where cryptographic protection ensures privacy and integrity. The InterRights Point provides a protected processing environment. Here content can be decrypted for presentation to the consumer, and the associated business rules are enforced. The Transaction Authority infrastructure provides for delivering financial and usage information generated as a consequence of the business rules. Information flows from the consumer's node, through a clearinghouse, to the content provider or distributor.

The InterTrust architecture provides for a distributed trusted computing base, made up of independent systems running the InterRights Point software. The architecture is truly peer-to-peer; transactions can proceed without interaction with servers. Anyone who holds a DigiBox container may ship a copy to anyone else, with continuing guarantees that access to its content can only be made in accordance with the associated rules. Because it is based on a unique combination of cryptography and conventional computer security techniques, this approach is fundamentally different from mechanisms such as S/MIME secure E-mail or the superficially similar IBM Cryptolopes™. The InterTrust architecture has most in common with traditional capability-based systems. However, it is different in that cryptography is not just a service controlled by the operating system, but a fundamental mechanism in the implementation of the trusted system itself.

InterTrust recently formed the Strategic Technologies and Architecture Research (STAR) Lab to investigate technological options for building trusted systems. STAR researchers will be exploring a variety of operating systems topics, such as: techniques for implementing a trusted processing environment, establishing an appropriate balance (for specific commercial purposes) among trust functions provided by tamper-resistant hardware and software; managing trust in distributed system having hundreds of millions of nodes (consider secure key distribution, for example); and performance scaling for large distributed systems.