W3C home > Mailing lists > Public > public-widgets-pag@w3.org > October to December 2011

Re: US Patent Application 20070101146: Safe distribution and use of content

From: Marcos Caceres <w3c@marcosc.com>
Date: Thu, 6 Oct 2011 21:34:55 +0200
To: public-widgets-pag@w3.org
Cc: widget-pag <member-widgets-pag@w3.org>
Message-ID: <0406FEF181034ADA8A8140FFE3B707A5@marcosc.com>
By addressing each of the following claims, I will show why this patent application (20070101146) does not apply to WARP. It can be ignored for the purposes of the PAG and WARP.  


On Thursday, October 6, 2011 at 8:12 PM, Marcos Caceres wrote:

> 1. A method of distributing content, comprising: creating a cryptographic hash of at least a portion of content; creating a ticket file including the cryptographic hash; and distributing the ticket file to a user system.  
WARP does not make use of any cryptographic information.
WARP does not create a ticket file including the cryptographic hash.  
WARP does not distribute a ticket file to a user system or anything to the system.  
> 2. The method of claim 1, where creating a ticket file comprises: including in the ticket file information relating to downloading the content from a distribution site over the network; digitally signing the ticket file; receiving a request for the content from the user system; and sending the user system the ticket file separate from the content.  

WARP does nothing relating to the above.  
> 3. The method of claim 1, further comprising: receiving notification from the user system that verification of the digital signature has failed; and initiating a security action in response to the notification.  
WARP does not make use of digital signatures.  
> 4. The method of claim 3, where initiating a security action comprises: initiating a revocation service.  
WARP has no relation to initializing revocation services.  
> 5. The method of claim 3, where initiating a security action comprises: preventing user systems from downloading the content.  
WARP does not rely in cryptographic methods to prevent user systems from downloading content.  

> 6. A method of downloading content from a network, comprising: sending a request for content to a content aggregator site; and receiving from the content aggregator site a digitally signed ticket file including a first cryptographic hash of at least a portion of content.  
WARP does not download any content. WARP does not make use of any cryptographic hashes or any cryptography.  
> 7. The method of claim 6, further comprising: downloading the content to a user system over a network, where the content is downloaded separately from the ticket file; and verifying the digital signature of the ticket file.  
WARP has no relationship to digital signatures or ticket files.  
> 8. The method of claim 7, where verifying the digital signature comprises: creating a second cryptographic hash of the downloaded content; comparing the second cryptographic hash with the first cryptographic hash; and if the hashes do not match, initiating a security action.  
As above.  
> 9. The method of claim 8, where initiating a security action comprises: deleting the content from the user system.  
WARP does not interact with the user's system. WARP does not have the ability to demand that, or have any provisions that would require, content be deleted from the user's system.  
> 10. The method of claim 8, where initiating a security action comprises: notifying the content aggregator site of a failed verification if the hashes do not match; and receiving a command for revoking the digital signature of the ticket file.  
WARP has no means to contact other sites on failure.  
> 11. The method of claim 8, where initiating a security action comprises: scanning the user system for instances of revoked content.  
WARP most definitely does not have any provisions to scan the user's hard drive deleting content (WOW! this is *really super evil*, btw!!!)  
> 12. The method of claim 1, further comprising: creating a security log on the user system that includes a history of content installation.  
WARP does not write anything to the user's hard drive or do any privacy violating things like keeping records of stuff on user's hard drives.  
> 13. A computer-readable medium having stored thereon instructions which, when executed by a processor, causes the processor to perform the operations of: creating a cryptographic hash of at least a portion of content; creating a ticket file including the cryptographic hash; and distributing the ticket file to a user system.  
WARP does not cryptographically do anything… specially nothing relating to content.  
> 14. The computer-readable medium of claim 13, where creating a ticket file comprises: including in the ticket file information relating to downloading the content from a distribution site over the network; digitally signing the ticket file; receiving a request for the content from the user system; and sending the user system the ticket file separate from the content.  
As above.  
> 15. The computer-readable medium of claim 13, further comprising: receiving notification from the user system that verification of the digital signature has failed; and initiating a security action in response to the notification.  
WARP has nothing to do with digital signatures or events based on signatures failing of being verified.  
> 16. The computer-readable medium of claim 15, where initiating a security action comprises: initiating a revocation service.  
WARP has nothing to do with digital signatures or events based on signatures failing of being verified.  
> 17. The computer-readable medium of claim 15, where initiating a security action comprises: preventing user systems from downloading the content.  
WARP has nothing to do with digital signatures or events based on signatures failing of being verified. Hence this does not apply.  
> 18. A computer-readable medium having stored thereon instructions which, when executed by a processor, causes the processor to perform the operations of: sending a request for content to a content aggregator site; and receiving from the content aggregator site a digitally signed ticket file including a first cryptographic hash of at least a portion of content.  
WARP does not access content.  
> 19. The computer-readable medium of claim 18, further comprising: downloading the content to a user system over a network, where the content is downloaded separately from the ticket file; and verifying the digital signature of the ticket file.  
WARP does not access content. WARP does not download or deal with ticket files.  
> 20. The computer-readable medium of claim 18, where verifying the digital signature comprises: creating a second cryptographic hash of the downloaded content; comparing the second cryptographic hash with the first cryptographic hash; and if the hashes do not match, initiating a security action.  
WARP does not do any cryptographic checks.  
> 21. The computer-readable medium of claim 20, where initiating a security action comprises: deleting the content from the user system.  
WARP does not do any cryptographic checks. WARP does not do evil deletion of people's content.  
> 22. The computer-readable medium of claim 20, where initiating a security action comprises: notifying the content aggregator site of a failed verification if the hashes do not match; and receiving a command for revoking the digital signature of the ticket file.  
WARP does not do any cryptographic checks.  
> 23. The computer-readable medium of claim 20, where initiating a security action comprises: scanning the user system for instances of revoked content.  
WARP does not do any cryptographic checks. WARP does not do evil deletion of people's content.  

> 24. The computer-readable medium of claim 18, further comprising: creating a security log on the user system that includes a history of content installation.  
WARP does not deliberately violate people's privacy by writing log files about their computer's content. WARP does not generate security logs.  
> 25. A method of installing content, comprising: receiving content from a content distributor, the content including a first cryptographic hash of the content; creating a second cryptographic hash of the content; comparing the second cryptographic hash with the first cryptographic hash; and if the hashes do not match, initiating a security action.  
WARP does not do this as it does not do any cryptographic checks.  
> 26. The method of claim 25, further comprising: comparing the content to one or more lists of content to determine if the content can be safely installed.
WARP does not do this. it has nothing to do with content installation.  

--  
Marcos Caceres
http://datadriven.com.au 
Received on Thursday, 6 October 2011 19:35:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 6 October 2011 19:35:29 GMT