Data processing systems
First Claim
6. A data processing system comprising:
- a processor;
a memory connected to the processor; and
detection logic connected to the processor and the memory, the detection logic, in use;
providing an initial secret;
binding the initial secret to data indicative of an initial state of the system via a cryptographic function;
recording state changing administrative actions performed on the system in a log;
prior to performing each state changing administrative action, generating a new secret by performing the cryptographic function on a combination of data indicative of the administrative action and the previous secret, and erasing the previous secret;
evolving the initial secret based on the log to produce an evolved secret;
comparing the evolved secret with the new secret;
determining that the system is uncorrupted if the comparison indicates a match between the evolved secret and the new secret; and
determining that the system in corrupted if the comparison indicate a mismatch between the evolved secret and the new secret.
2 Assignments
0 Petitions
Accused Products
Abstract
Detection of an attack on a data processing system. An example method comprising, in the data processing system: providing an initial secret; binding the initial secret to data indicative of an initial state of the system via a cryptographic function; recording state changing administrative actions performed on the system in a log; prior to performing each state changing administrative action, generating a new secret by performing the cryptographic function on a combination of data indicative of the administrative action and the previous secret, and erasing the previous secret; evolving the initial secret based on the log to produce an evolved secret; comparing the evolved secret with the new secret; determining that the system is uncorrupted if the comparison indicates a match between the evolved secret and the new secret; and, determining that the system in corrupted if the comparison indicate a mismatch between the evolved secret and the new secret.
-
Citations
22 Claims
-
6. A data processing system comprising:
-
a processor;
a memory connected to the processor; and
detection logic connected to the processor and the memory, the detection logic, in use;
providing an initial secret;
binding the initial secret to data indicative of an initial state of the system via a cryptographic function;
recording state changing administrative actions performed on the system in a log;
prior to performing each state changing administrative action, generating a new secret by performing the cryptographic function on a combination of data indicative of the administrative action and the previous secret, and erasing the previous secret;
evolving the initial secret based on the log to produce an evolved secret;
comparing the evolved secret with the new secret;
determining that the system is uncorrupted if the comparison indicates a match between the evolved secret and the new secret; and
determining that the system in corrupted if the comparison indicate a mismatch between the evolved secret and the new secret. - View Dependent Claims (7, 8, 9, 10, 14)
-
-
15. A method for cryptographic entangling of state and administration in a data processing system, the method comprising:
-
initializing the system by generating an initial secret releasing binding data;
binding the binding data to the initial secret;
updating the initial secret in advance of an administrative action by computing a new secret;
erasing the initial secret together with any information from which the initial secret might be derived;
recording data indicative of the administrative action;
permitting execution of the administrative action;
offering a proof that the new secret corresponds to the initial secret as it has evolved according to a record of administrative actions. - View Dependent Claims (1, 2, 3, 4, 5, 11, 12, 13, 16, 17, 18, 19, 20, 21, 22)
-
-
20-1. A method as recited in claim 15, wherein the step of computing the new secret includes applying a one way function to a combination of a previous secret and data indicative of the administrative action.
Specification