Systems and methods using cryptography to protect secure computing environments
2 Assignments
0 Petitions
Accused Products
Abstract
Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.
-
Citations
47 Claims
-
1-43. -43. (canceled)
-
44. A method including the following:
-
at a certification authority, receiving an executable program generated by a party independent of the certification authority;
at the certification authority, testing the executable program and, based on the results of the testing, generating a specification describing the actual operation of the executable program;
at the certification authority, generating a digital certificate certifying that the executable program operates in the manner described in the specification;
receiving the executable program at a user site;
receiving the digital certificate at the user site, the digital certificate specifying a security level;
at the user site, evaluating the digital certificate to determine (a) if the digital certificate is associated with the executable program, and (b) whether to execute the executable program, said evaluation including comparing the security level to a required security level; and
at the user site, executing the executable program, the execution being dependent on the evaluation of the digital certificate;
wherein the user site includes a tamper-resistant execution space, the tamper-resistant execution space being operable to protect against tampering, by a user at the user site, with the performance of said step of evaluating the digital certificate.
-
-
45. A method including the following:
-
at a certification authority, receiving an executable program generated by a party independent of the certification authority;
at the certification authority, testing the executable program and, based on the results of the testing, generating a specification describing the actual operation of the executable program;
at the certification authority, generating a digital certificate certifying that the executable program operates in the manner described in the specification;
receiving the executable program at a user site;
receiving the digital certificate at the user site;
at the user site, evaluating the digital certificate to determine (a) if the digital certificate is associated with the executable program, and (b) whether to execute the executable program, said evaluation including comparing a hash value stored in the digital certificate to a hash of at least a portion of the executable program; and
at the user site, executing the executable program, the execution being dependent on the evaluation of the digital certificate;
wherein the user site includes a tamper-resistant execution space, the tamper-resistant execution space being operable to protect against tampering, by a user at the user site, with the performance of said step of evaluating the digital certificate. - View Dependent Claims (46)
-
-
47. A method including the following:
-
at a certification authority, receiving an executable program generated by a party independent of the certification authority;
at the certification authority, testing the executable program and, based on the results of the testing, generating a specification describing the actual operation of the executable program;
at the certification authority, generating a digital certificate certifying that the executable program operates in the manner described in the specification;
receiving the executable program at a user site;
receiving the digital certificate at the user site;
at the user site, evaluating the digital certificate to determine (a) if the digital certificate is associated with the executable program, and (b) whether to execute the executable program; and
at the user site, executing the executable program, the execution being dependent on the evaluation of the digital certificate;
wherein the user site includes a tamper-resistant execution space, the tamper-resistant execution space being operable to protect against tampering, by a user at the user site, with the performance of said step of evaluating the digital certificate, and wherein the digital certificate includes the specification, and the step of evaluating the digital certificate includes evaluating the specification.
-
Specification