SOFTWARE ROOT OF TRUST
First Claim
1. A software system that transforms an original application into an STPM enabled application and runs the STPM enabled application, the software system comprising:
- an anti-tamper tool used at protect time for accepting an original application and creating the STPM enabled application, the anti-tamper tool initially implementing anti-tamper techniques on the original application to create a guarded application;
a security wrapper created at protect time by the anti-tamper tool in accordance with a policy file specifying security and usage restrictions for the original application, the security wrapper wrapping the guarded application to create the STPM enabled application;
a trusted service provider inserted at protect time by the anti-tamper tool at the entry point of the STPM enabled application;
a set of core services made accessible to the STPM enabled application through the trusted service provider; and
an STPM device driver implementing trusted platform module functionality, the STPM device driver being protected by anti-tamper techniques;
wherein at runtime the trusted service provider creates a TSP thread and passes a security file based on the policy file to the STPM device driver, the TSP thread actively monitoring the enabled application and interacting with the STPM device driver through the set of core services.
4 Assignments
0 Petitions
Accused Products
Abstract
A software system that transforms an original application into an STPM enabled application and runs the enabled application. At protect time, an anti-tamper tool accepts the original application, uses anti-tamper techniques to create a guarded application, creates a security wrapper according to a policy file, and wraps the guarded application to create the STPM enabled application. A trusted service provider is inserted at the entry point of the enabled application. A set of core services is made accessible to the enabled application through the trusted service provider. At runtime the trusted service provider creates a TSP thread and passes a security file to an STPM device driver implementing TPM functionality and protected by anti-tamper techniques. The TSP thread actively monitors the enabled application and interacts with the STPM device driver through the set of core services.
112 Citations
20 Claims
-
1. A software system that transforms an original application into an STPM enabled application and runs the STPM enabled application, the software system comprising:
-
an anti-tamper tool used at protect time for accepting an original application and creating the STPM enabled application, the anti-tamper tool initially implementing anti-tamper techniques on the original application to create a guarded application;
a security wrapper created at protect time by the anti-tamper tool in accordance with a policy file specifying security and usage restrictions for the original application, the security wrapper wrapping the guarded application to create the STPM enabled application;
a trusted service provider inserted at protect time by the anti-tamper tool at the entry point of the STPM enabled application;
a set of core services made accessible to the STPM enabled application through the trusted service provider; and
an STPM device driver implementing trusted platform module functionality, the STPM device driver being protected by anti-tamper techniques;
wherein at runtime the trusted service provider creates a TSP thread and passes a security file based on the policy file to the STPM device driver, the TSP thread actively monitoring the enabled application and interacting with the STPM device driver through the set of core services. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of transforming an original application into an STPM enabled application and executing the STPM enabled application in a software system, the method comprising at protect time:
-
accepting the original application and a policy file specifying security and usage restrictions;
analyzing the original application with an anti-tamper tool;
protecting the original application using anti-tamper techniques;
generating a public key and private key pair;
encrypting the wrapped application and the policy file using the public key; and
wrapping the encrypted application and policy file in a security wrapper;
inserting trusted service provider functionality at the entry point of the wrapped application to create the STPM enabled application; and
the method further comprising at runtime;
creating a trusted service provider thread;
passing the encrypted policy file to an STPM device driver;
decrypting the policy file and processing its contents in the STPM device driver;
loading the encrypted STPM enabled application;
executing the STPM enabled application in accordance with the policy file. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification