System and method for security of computing devices

US 20040039924A1
Filed: 01/14/2003
Published: 02/26/2004
Est. Priority Date: 04/09/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of sending a secure message between a first application program and a second application program by restricting the use of a cryptographic key to the first application program and the second application program, said first application program and the second application program running on a device, comprising:

providing a first key known to a cryptographic processing module;

providing an application container data structure that contains a cryptographically sealed form of the data for the first application program and second application program to access;

performing a cryptographic gatekeeping function that computes a cryptographic digest of a portion of an in-memory image of at least one of the first application program and second application program;

performing an integrity-check by the cryptographic processing module by examining the application container data structure, the cryptographic digest, and the first key to determine if at least one of the first application program and second application program is allowed to unseal the cryptographically sealed form of the data; and

authenticating, by the first application program, the secure message sent by the second application using the application container data structure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for securing a computing device using a master cryptographic key that is bound to the device. The master key is used to derive sensitive data that is transferred to storage that is only accessible in a restricted mode of operation. The master key is used to derive one or more application keys that are used to secure data that is specific to an application/device pair. Non-privileged programs can request functions that run in a more restricted mode to use these application keys. The restricted mode program checks the integrity of the non-privileged calling program to insure that it has the authority and/or integrity to perform each requested operation. One or more device authority servers may be used to issue and manage both master and application keys.

358 Citations

20 Claims

1. A method of sending a secure message between a first application program and a second application program by restricting the use of a cryptographic key to the first application program and the second application program, said first application program and the second application program running on a device, comprising:
- providing a first key known to a cryptographic processing module;
  
  providing an application container data structure that contains a cryptographically sealed form of the data for the first application program and second application program to access;
  
  performing a cryptographic gatekeeping function that computes a cryptographic digest of a portion of an in-memory image of at least one of the first application program and second application program;
  
  performing an integrity-check by the cryptographic processing module by examining the application container data structure, the cryptographic digest, and the first key to determine if at least one of the first application program and second application program is allowed to unseal the cryptographically sealed form of the data; and
  
  authenticating, by the first application program, the secure message sent by the second application using the application container data structure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising performing a privacy operation by the cryptographic processing module that encrypts or decrypts the cryptographically sealed form of the data in the application container data structure using a key derived from at least the first key and cryptographic digest, and when the cryptographically sealed form of the data is to be encrypted, the crytographic processing module adds to the application container data structure the cryptographic digest before the encryption is performed.
  - 3. The method of claim 1 further comprising providing an authorization buffer that specifies the result of the integrity-check, and wherein the cryptographic gatekeeping function confirms that the at least one of the first application program and second application program is allowed to unseal the cryptographically sealed form of the data.
  - 4. The method of claim 1 wherein the integrity-check includes:
    - deriving a cryptographic variable from the cryptographic digest and the first key; and
      
      using the cryptographic variable to check a message authentication code that is stored in the application container data structure.
  - 5. The method of claim 1 wherein the integrity-check includes:
    - decrypting data derived from the application container data structure using a key derived from the first key to create a resulting value and comparing the resulting value to data derived from the cryptographic digest; and
      
      allowing access to the cryptographically sealed form of the data if the resulting value is the same as the data derived from the cryptographic digest.
  - 6. The method of claim 2 wherein the privacy operation includes:
    - deriving a cryptographic variable from the cryptographic digest and the first key, wherein the cryptographic variable is used to decrypt or encrypt a portion of the application container data structure.
  - 7. The method of claim 1 wherein the first key is stored in a secure database indexed by a key ID.
  - 8. The method of claim 1 wherein the device is one of an encryption/decryption hardware device and a limited access server.

9. A system for sending a secure message between a first application program and a second application program by restricting the use of a cryptographic key to the first application program and the second application program running on a device of said system, comprising:
- a memory containing instruction sequences, a first key that is known to a cryptographic processing module, and an application container data structure that contains a cryptographically sealed form of the data for the first application program and second application program to access; and
  
  , a processor, coupled to the memory, said processor to execute the cryptographic processing module, said instruction sequences to cause the processor to;
  
  compute a cryptographic digest of a portion of an in-memory image of at least one of the first application program and second application program;
  
  perform an integrity-check by the cryptographic processing module by examining the application container data structure, the cryptographic digest, and the first key to determine if at least one of the first application program and second application program is allowed to unseal the cryptographically sealed form of the data; and
  
  authenticate, by the first application program, the secure message sent by the second application using the application container data structure.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9 wherein said instruction sequences further cause the processor to perform a privacy operation by the cryptographic processing module that encrypts or decrypts the cryptographically sealed form of the data in the application container data structure using a key derived from at least the first key and cryptographic digest, and when the cryptographically sealed form of the data is to be encrypted, the crytographic processing module adds to the application container data structure the cryptographic digest before the encryption is performed.
  - 11. The system of claim 9 further comprising an authorization buffer that specifies the result of the integrity-check, and wherein the system confirms that the at least one of the first application program and second application program is allowed to unseal the cryptographically sealed form of the data.
  - 12. The system of claim 9 wherein said processor, in performing the integrity-check, further:
    - derives a cryptographic variable from the cryptographic digest and the first key; and
      
      uses the cryptographic variable to check a message authentication code that is stored in the application container data structure.

13. A system of authenticating a device and an application program that is running on the device, said system comprising:
- a hidden storage containing a first key;
  
  a memory for storing instruction sequences; and
  
  a processor, coupled to the hidden storage and the memory, said instruction sequences to cause the processor to;
  
  execute a cryptographic gatekeeper module that runs in a restricted mode and computes a cryptographic digest of a portion of the application program; and
  
  authenticate the device and the application program using the first key and the cryptographic digest.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the application program is part of an operating system kernel.
  - 15. The system of claim 13, wherein the application program and device are authenticated before the application program is allowed to access sensitive data.
  - 16. The system of claim 13, wherein the first key is a shared key for use in a symmetric key cryptosystem.
  - 17. The system of claim 13, wherein firmware controls the system during a system initialization process that begins in response to a power-on or reset signal.
  - 18. The system of claim 13, wherein:
    - the hidden storage is in a system management random access memory which is not accessible by any program running in a normal operating mode of the system; and
      
      the restricted operating mode is a system management mode in which access to the system management random access memory is permitted.
  - 19. The system of claim 13, wherein the first key is generated in cooperation with a shared server that computes application keys to be shared with at least one other system.
  - 20. The system of claim 13, wherein the shared server shares said application keys with the at least one other system to authenticate devices and device-bound applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kinglite Holdings Inc.
Original Assignee
Kinglite Holdings Inc.
Inventors
Wang, Kai, Barr, John D., Kotla, Pannaga, Williams, Stephen D., Pitard, David, Baldwin, Robert W., Casillas, Jose A., Abgrall, Jean-Paul, Jablon, David P., Markey, Timothy J.

Application Number

US10/342,709
Publication Number

US 20040039924A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/73   by creating or determining ...

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

G06F 21/86   Secure or tamper-resistant ...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2147   Locking files

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

H04L 2209/20   Manipulating the length of ...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/061   applying further key deriva...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123 : received data contents, e.g...

H04L 9/0844 : with user authentication or...

H04L 9/0891 : Revocation or update of sec...

H04L 9/0894 : Escrow, recovery or storing...

View All

System and method for security of computing devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

358 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for security of computing devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

358 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links