Automatically generated cryptographic functions for renewable tamper resistant security systems

US 20040083373A1
Filed: 10/28/2002
Published: 04/29/2004
Est. Priority Date: 10/28/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for creating a cryptographic function comprising the steps of:

providing a cryptographic function template having at least one static set of instructions and indicators for at least one dynamic set of instructions;

dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the cryptographic function; and

replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique cryptographic function.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure cryptographic function is generated from a template containing static program code that is the same for all mobile agents and dynamic program code which differs for each function. The dynamic code implements a stream cipher encryption algorithm that is used to encrypt messages processed by the function. The dynamic code may also generate a message digest that is attached to each message. The message digest may be a hash function applied to the dynamic code and, optionally, to the message. Each function may be assigned a limited lifetime, either by assigning it a fixed termination time, a maximum number of messages that it may send or, if the cryptographic function is used with a mobile agent, a maximum number of hosts that it may visit. Any received messages that have been processed by the encryption algorithm after the expiration of its lifetime are ignored.

43 Citations

View as Search Results

35 Claims

1. A method for creating a cryptographic function comprising the steps of:
- providing a cryptographic function template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
  
  dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the cryptographic function; and
  
  replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique cryptographic function.
- View Dependent Claims (2, 3, 4, 7, 8, 9)
- - 2. A method according to claim 1, further comprising the step of assigning a unique identifier to the unique cryptographic function.
  - 3. A method according to claim 2, wherein the step of dynamically generating computer program instructions includes the step of selecting a plurality of functions from a predetermined set of functions wherein the stream cipher algorithm sequentially applies the selected functions to encrypt data.
  - 4. A method according to claim 1, wherein the step of dynamically generating computer program instructions includes generating computer program instructions that produce a message digest which is provided with at least one message processed using the unique cryptographic function.
  - 7. A method according to claim 1, further comprising the step of assigning a limited lifetime to the unique cryptographic function.
  - 8. A method according to claim 7, wherein the step of assigning a limited lifetime to the unique cryptographic function assigns a predetermined termination time to the agent.
  - 9. A method according to claim 7, wherein the step of assigning a limited lifetime to the unique cryptographic function assigns a maximum number of messages that may be processed using the function.

5. A method according to claim 5, wherein the step of generating computer program instructions that produce the message digest includes the step of generating computer program instructions that apply a hash function to at least the dynamically generated code to produce the message digest.
- View Dependent Claims (6)
- - 6. A method according to claim 5, wherein the hash function is a stream cipher algorithm and the step of generating computer program instructions that apply the hash function to at least the dynamically generated code includes the step of selecting a plurality of functions from a predetermined set of functions wherein the stream cipher algorithm sequentially applies the selected functions to implement the hash function.

10. A method for creating a unique mobile agent comprising the steps of:
- providing a mobile agent template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
  
  dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the mobile agent; and
  
  replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique mobile agent.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. A method according to claim 10, further comprising the step of assigning a unique identifier to the unique mobile agent.
  - 12. A method according to claim 10, wherein the dynamic set of instructions implement an encryption algorithm.
  - 13. A method according to claim 12, wherein the encryption algorithm is a stream cipher algorithm and the step of dynamically generating computer program instructions includes the step of selecting a plurality of functions from a predetermined set of functions wherein the stream cipher algorithm sequentially applies the selected functions to encrypt data.
  - 14. A method according to claim 10, wherein the step of dynamically generating computer program instructions includes generating computer program instructions that produce a message digest which is provided with at least one message sent processed using the unique cryptographic function.
  - 15. A method according to claim 14, wherein the step of generating computer program instructions that produce the message digest includes the step of generating computer program instructions that apply a hash function to at least the dynamically generated code to produce the message digest.
  - 16. A method according to claim 15, wherein the hash function is a stream cipher algorithm and the step of generating computer program instructions that apply the hash function to at least the dynamically generated code includes the step of selecting a plurality of functions from a predetermined set of functions wherein the stream cipher algorithm sequentially applies the selected functions to implement the hash function.
  - 17. A method according to claim 10, further comprising the step of assigning a limited lifetime to the unique mobile agent.
  - 18. A method according to claim 17, wherein the step of assigning a limited lifetime to the unique mobile agent assigns a predetermined termination time to the agent.
  - 19. A method according to claim 17, wherein the step of assigning a limited lifetime to the unique mobile agent assigns a maximum number of messages that may be sent by the unique mobile agent.
  - 20. A method according to claim 17, wherein the step of assigning a limited lifetime to the unique mobile agent assigns a maximum number of host computers that the unique mobile agent may visit.

21. A method for creating a plurality of unique mobile agents comprising the steps of:
- providing a mobile agent template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
  
  dynamically generating a plurality of respectively different sets of computer program instructions for the at least one dynamic set of instructions, for the respective plurality of mobile agents; and
  
  replacing the indicators for the at least one dynamic set of instructions with the respective dynamically generated computer program instructions to generate the plurality of unique mobile agents.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. A method according to claim 21, further comprising the step of assigning a respectively different identifier to each of the plurality of unique mobile agents.
  - 23. A method according to claim 21, wherein the each of the plurality of dynamic sets of instructions implements a respectively different encryption algorithm.
  - 24. A method according to claim 23, wherein each of the respectively different encryption algorithms is a stream cipher algorithm and the step of dynamically generating computer program instructions includes the step of selecting a respectively different plurality of functions from a predetermined set of functions wherein the stream cipher algorithm sequentially applies the selected functions to encrypt data.
  - 25. A method according to claim 24, wherein the static set of instructions for each unique mobile agent includes instructions which apply the respective encryption algorithm to at least one message sent by the unique mobile agent.
  - 26. A method according to claim 24, wherein the static set of instructions for each unique mobile agent includes instructions which apply the respective encryption algorithm to produce a message digest which is sent with at least one message sent by the unique mobile agent.
  - 27. A method according to claim 21, further comprising the step of assigning a respectively different limited lifetime to each of the plurality of unique mobile agents.

28. A method of monitoring a mobile agent migrating among consumer host computers in a network to detect possibly malicious host computers, the method comprising the steps of:
- assigning a limited lifetime of the mobile agent;
  
  registering the mobile agent with an agent monitoring system (AMS);
  
  establishing communication between the mobile and the AMS to determine a sequence of the host computers visited by the mobile agent; and
  
  identifying a last one of the host computers on the network to which the agent migrated as possibly malicious if the AMS is not able to communicate with the mobile agent during the limited lifetime of the mobile agent.
- View Dependent Claims (29, 30, 31)
- - 29. A method according to claim 28, wherein the step of assigning a limited lifetime to the mobile agent assigns a maximum number of messages that the mobile agent may send to the AMS
  - 30. A method according to claim 28, wherein the step of assigning a limited lifetime to the mobile agent assigns a maximum number of hosts that the mobile agent may visit.
  - 31. A method according to claim 30, wherein the step of assigning a limited lifetime to the mobile agent assigns a time at which the mobile agent will expire.

32. A method of monitoring a mobile agent migrating among consumer host computers in a network to detect possibly malicious host computers, the method comprising the steps of:
- specifying a unique encryption algorithm to the mobile agent;
  
  registering the mobile agent with an agent monitoring system (AMS);
  
  establishing communication between the mobile and the AMS to determine a sequence of the host computers visited by the mobile agent; and
  
  identifying a last one of the host computers on the network to which the agent migrated as possibly malicious if the AMS receives an improperly encrypted message from the mobile agent.

33. A computer readable carrier including computer program instructions that cause a computer to implement a method for creating a cryptographic function, the method comprising the steps of:
- providing a cryptographic function template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
  
  dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the cryptographic function; and
  
  replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique cryptographic function.

34. A computer readable carrier including computer program instructions that cause a computer to implement a method for creating a plurality of unique mobile agents, the method comprising the steps of:
- providing a mobile agent template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
  
  dynamically generating a plurality of respectively different sets of computer program instructions for the at least one dynamic set of instructions, for the respective plurality of mobile agents; and
  
  replacing the indicators for the at least one dynamic set of instructions with the respective dynamically generated computer program instructions to generate the plurality of unique mobile agents.

35. A computer readable carrier including computer program instructions that cause a computer to implement a method of monitoring a mobile agent migrating among consumer host computers in a network to detect possibly malicious host computers, the method comprising the steps of:
- specifying a unique encryption algorithm to the mobile agent;
  
  registering the mobile agent with an agent monitoring system (AMS);
  
  establishing communication between the mobile and the AMS to determine a sequence of the host computers visited by the mobile agent; and
  
  identifying a last one of the host computers on the network to which the agent migrated as possibly malicious if the AMS receives an improperly encrypted message from the mobile agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
He, Zhijun, Perkins, Gregory M.

Application Number

US10/282,648
Publication Number

US 20040083373A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/54   by adding security routines...

G06F 21/552   involving long-term monitor...

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

G06F 21/6272   by registering files or doc...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/065   Encryption by serially and ...

H04L 9/3236   using cryptographic hash fu...

Automatically generated cryptographic functions for renewable tamper resistant security systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically generated cryptographic functions for renewable tamper resistant security systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links