Systems and methods for computer device authentication
First Claim
1. A system for using and protecting access to a master cryptographic key, comprising:
- non-volatile storage;
a system initialization process that;
reads the master key from the non-volatile storage during a system initialization process;
writes a sensitive value derived from the master key to a hidden storage location; and
disables access to the non-volatile storage by any program running in the system until the next start of system initialization process;
means to prevent access to the hidden storage location by programs running in the normal operating mode of the system; and
means to allow access to the hidden storage location by a program running in a restricted operating mode of the system.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for device authentication using a master key that is stored in protected non-volatile memory. The master key is used to derive sensitive data that is transferred to storage that is only accessible in a privileged mode of operation of the computing system. The sensitive data and the master key are not directly accessible by programs that are not running in the privileged mode of operation. The master key is used to derive one or more application keys that are used to secure data that is specific to an application/device pair. Non-privileged programs can request functions that run in the privileged mode to use these application keys. The privileged mode program checks the integrity of the non-privileged calling program to insure that it has the authority and/or integrity to perform each requested operation. One or more device authority servers are used to issue and manage both master and application keys.
-
Citations
25 Claims
-
1. A system for using and protecting access to a master cryptographic key, comprising:
-
non-volatile storage;
a system initialization process that;
reads the master key from the non-volatile storage during a system initialization process;
writes a sensitive value derived from the master key to a hidden storage location; and
disables access to the non-volatile storage by any program running in the system until the next start of system initialization process;
means to prevent access to the hidden storage location by programs running in the normal operating mode of the system; and
means to allow access to the hidden storage location by a program running in a restricted operating mode of the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for hiding a master cryptographic key in storage, comprising
power-on software that: -
reads a master key from non-volatile storage;
closes access to the non-volatile storage such that access does not become available again until the next system reset; and
writes sensitive data derived from the master key to a hidden address space; and
wherein only a program that runs in a restricted operational mode of the system has access to the sensitive data in the hidden address space.
-
-
10. A method of controlling read and write access to data to an application by restricting the availability of a cryptographic key to an application, the method comprising:
-
a master key;
an application container that holds a sealed or unsealed form of the data that the application wants to access;
a cryptographic gatekeeping module that performs a cryptographic digest of a portion of the bytes that make up the calling application to compute a cryptographic transformation; and
a cryptographic processing module that includes integrity-checking that examines the application container and cryptographic transformation, and the master key to determine if the application is allowed to unseal the data in the given application container, or when sealing the data modifies it to add the integrity check information. - View Dependent Claims (11, 12, 13)
-
-
14. A method of controlling access to data to an application by restricting the availability of a cryptographic key to the application on a specific device, comprising:
-
a key known to a cryptographic processing module;
an application container data structure that contains a cryptographically sealed form of the data that the application wants to access;
a cryptographic gatekeeping function that intercepts all access between application-level programs and the cryptographic processing module;
includes a means to examine a portion of the bytes of an executable in-memory image of a program that is attempting to access cryptographic services or data; and
computes a cryptographic digest of a portion of the bytes of in-memory image of the calling application to compute the cryptographic transformation of the application; and
an integrity-check method performed by the cryptographic processing module that examines the application container data structure and cryptographic transformation, and the master key to determine if the application is allowed to unseal the data in the given application container data structure, or when sealing the data modifies it to add the integrity check information. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for authenticating an identified application on an identified device to another computing machine comprising an authentication server with the help of another computing machine comprising a device authority, the method comprising:
-
an enrollment process that includes the steps of;
a) a first cryptographic operation performed during a system management interruption (SMI) on the device producing a result that is sent to the device authority, and b) a second cryptographic operation performed during an SMI interrupt on the device processing a value generated by the device authority that is received by the device;
a registration process that includes the steps of;
a) a first cryptographic operation performed during an SMI interruption on the Device producing a result that is sent to the authentication server, b) a second cryptographic operation performed by the authentication server producing a cryptographic variable that is stored for use during the authentication method, and p2 c) an optional third cryptographic operation performed during an SMI interrupt on the device processing a value generated by the authentication server that is received by the device;
an authentication process that includes the steps of;
a) a first cryptographic operation performed during an SMI interruption on the device producing authentication data that is sent to the authentication server, and b) a second cryptographic operation performed by the authentication server on the authentication data received from the device using at least the cryptographic variable stored during the registration method to determine the result of the authentication.
-
-
23. A method for authenticating an identified application on an identified device, or for providing a second factor for identifying a user of the identified device to another computing machine comprising a PASS server, the method comprising:
-
an application that a) performs an enrollment method involving communication with a device authority and an authentication server to create an application container data structure on the device, wherein the application container data structure is cryptographically associated with the application; and
b) stores credential information, and wherein the authentication server stores a cryptographic variable for the application container data structure;
an application running on the identified device that performs an authentication method including the steps of a) unsealing the application container data structure that stores the credentials, b) modifying the credentials;
c) resealing the application container data structure;
d) sending identifying information and at least a portion of the resealed AppContainer to the authentication server;
wherein at least part of the resealing operation takes place during an SMI on the same CPU that executes the code of the application; and
wherein the authentication server a) receives the identifying information and at least a portion of the application container data structure, b) uses the identifying information to lookup or compute a cryptographic variable to unseal the application container data structure, c) if the unsealed application container has acceptable values then the specific application on a specific device is considered to be authenticated; and
d) stores a key associated with the application container data structure.
-
-
24. A method for creating and utilizing one or more virtual tokens on a device for the purpose of authentication, privacy, integrity, authorization, auditing, or digital rights management, the method comprising:
-
an application for each kind of virtual token;
an application container for each virtual token of a specific kind;
a cryptographic gatekeeping component that computes an cryptographic transformation of a calling application that is requesting cryptographic services of a cryptographic processing component;
wherein the cryptographic gatekeeping component knows one or more long-lived symmetric keys;
wherein the cryptographic processing component is accessed via the CryptoGate component;
wherein the cryptographic processing component knows one or more long-lived symmetric keys and one or more long-lived public keys; and
wherein the cryptographic processing component performs cryptographic sealing and unsealing of application container data structures, where a portion of the cryptographic operations are performed during a system management interrupt (SMI);
wherein the cryptographic processing component checks the integrity of the calling application by checking a digital signature of a portion of the application'"'"'s code or static data, using a public key that has been loaded into the CryptoEngine and a cryptographic transformation value;
wherein the cryptographic transformation value includes a recently computed cryptographic hash of a portion of the calling application'"'"'s in-memory image;
wherein the cryptographic gatekeeping and cryptographic processing component a) derive a key for unsealing the application container data structure from the master key and cryptographic transformation, b) use the derived key to check the message authentication code on the application container data structure, and returns an error if the message authentication code is correct, and c) use the derived key to decrypt the data in the application container data structure and return it to the application.
-
-
25. A method of securely associating a private key with an application associated with a device, comprising:
creating an application container that contains private keys secured by a symmetric key associated with the device.
Specification