Automatically generated cryptographic functions for renewable tamper resistant security systems
First Claim
1. A method for creating a cryptographic function comprising the steps of:
- providing a cryptographic function template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the cryptographic function; and
replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique cryptographic function.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure cryptographic function is generated from a template containing static program code that is the same for all mobile agents and dynamic program code which differs for each function. The dynamic code implements a stream cipher encryption algorithm that is used to encrypt messages processed by the function. The dynamic code may also generate a message digest that is attached to each message. The message digest may be a hash function applied to the dynamic code and, optionally, to the message. Each function may be assigned a limited lifetime, either by assigning it a fixed termination time, a maximum number of messages that it may send or, if the cryptographic function is used with a mobile agent, a maximum number of hosts that it may visit. Any received messages that have been processed by the encryption algorithm after the expiration of its lifetime are ignored.
43 Citations
35 Claims
-
1. A method for creating a cryptographic function comprising the steps of:
-
providing a cryptographic function template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the cryptographic function; and
replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique cryptographic function. - View Dependent Claims (2, 3, 4, 7, 8, 9)
-
- 5. A method according to claim 5, wherein the step of generating computer program instructions that produce the message digest includes the step of generating computer program instructions that apply a hash function to at least the dynamically generated code to produce the message digest.
-
10. A method for creating a unique mobile agent comprising the steps of:
-
providing a mobile agent template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the mobile agent; and
replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique mobile agent. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for creating a plurality of unique mobile agents comprising the steps of:
-
providing a mobile agent template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
dynamically generating a plurality of respectively different sets of computer program instructions for the at least one dynamic set of instructions, for the respective plurality of mobile agents; and
replacing the indicators for the at least one dynamic set of instructions with the respective dynamically generated computer program instructions to generate the plurality of unique mobile agents. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A method of monitoring a mobile agent migrating among consumer host computers in a network to detect possibly malicious host computers, the method comprising the steps of:
-
assigning a limited lifetime of the mobile agent;
registering the mobile agent with an agent monitoring system (AMS);
establishing communication between the mobile and the AMS to determine a sequence of the host computers visited by the mobile agent; and
identifying a last one of the host computers on the network to which the agent migrated as possibly malicious if the AMS is not able to communicate with the mobile agent during the limited lifetime of the mobile agent. - View Dependent Claims (29, 30, 31)
-
-
32. A method of monitoring a mobile agent migrating among consumer host computers in a network to detect possibly malicious host computers, the method comprising the steps of:
-
specifying a unique encryption algorithm to the mobile agent;
registering the mobile agent with an agent monitoring system (AMS);
establishing communication between the mobile and the AMS to determine a sequence of the host computers visited by the mobile agent; and
identifying a last one of the host computers on the network to which the agent migrated as possibly malicious if the AMS receives an improperly encrypted message from the mobile agent.
-
-
33. A computer readable carrier including computer program instructions that cause a computer to implement a method for creating a cryptographic function, the method comprising the steps of:
-
providing a cryptographic function template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
dynamically generating computer program instructions for the at least one dynamic set of instructions, the dynamically generated instructions being unique to the cryptographic function; and
replacing the indicators for the at least one dynamic set of instructions with the dynamically generated computer program instructions to form the unique cryptographic function.
-
-
34. A computer readable carrier including computer program instructions that cause a computer to implement a method for creating a plurality of unique mobile agents, the method comprising the steps of:
-
providing a mobile agent template having at least one static set of instructions and indicators for at least one dynamic set of instructions;
dynamically generating a plurality of respectively different sets of computer program instructions for the at least one dynamic set of instructions, for the respective plurality of mobile agents; and
replacing the indicators for the at least one dynamic set of instructions with the respective dynamically generated computer program instructions to generate the plurality of unique mobile agents.
-
-
35. A computer readable carrier including computer program instructions that cause a computer to implement a method of monitoring a mobile agent migrating among consumer host computers in a network to detect possibly malicious host computers, the method comprising the steps of:
-
specifying a unique encryption algorithm to the mobile agent;
registering the mobile agent with an agent monitoring system (AMS);
establishing communication between the mobile and the AMS to determine a sequence of the host computers visited by the mobile agent; and
identifying a last one of the host computers on the network to which the agent migrated as possibly malicious if the AMS receives an improperly encrypted message from the mobile agent.
-
Specification