SECURE PROCESSOR ARCHITECTURE FOR USE WITH A DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM ON A COMPUTING DEVICE

US 20070226492A1
Filed: 05/29/2007
Published: 09/27/2007
Est. Priority Date: 03/27/1999
Status: Active Grant

First Claim

Patent Images

1. A secure processor for a computing device, the processor being operable in a normal mode and a preferred mode, the processor including a security kernel for being instantiated on the processor when the processor enters into the preferred mode and a security key accessible by the instantiated security kernel when the processor is operating in the preferred mode, the security kernel employing the accessed security key during the preferred mode to authenticate a secure application on the computing device, wherein the security kernel allows the processor to be trusted to keep hidden a secret of the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure processor is operable in normal and preferred modes, and includes a security kernel instantiated when the processor enters into preferred mode and a security key accessible by the security kernel during preferred mode. The security kernel employs the accessed security key to authenticate a secure application, and allows the processor to be trusted to keep hidden a secret of the application. To instantiate the application, the processor enters preferred mode where the security key is accessible, and instantiates and runs the security kernel. The security kernel accesses the security key and applies same to decrypt a key for the application, stores the decrypted key in a location where the application will expect same, and instantiates the application. The processor then enters the normal mode, where the security key is not accessible.

38 Citations

View as Search Results

20 Claims

1. A secure processor for a computing device, the processor being operable in a normal mode and a preferred mode, the processor including a security kernel for being instantiated on the processor when the processor enters into the preferred mode and a security key accessible by the instantiated security kernel when the processor is operating in the preferred mode, the security kernel employing the accessed security key during the preferred mode to authenticate a secure application on the computing device, wherein the security kernel allows the processor to be trusted to keep hidden a secret of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The processor of claim 1 in combination with the application.
  - 3. The processor of claim 2 wherein the application is selected from a group consisting of a digital rights management (DRM) system and a banking/financial system.
  - 4. The processor of claim 1 wherein the security kernel automatically authenticates a particular application.
  - 5. The processor of claim 1 wherein the security kernel initially authenticates a chooser application that allows a user to select from at least one available applications on the computing device.
  - 6. The processor of claim 1 wherein the security kernel employs the accessed security key during the preferred mode to decrypt at least one encrypted key for the application.
  - 7. The processor of claim 1 in combination with the computing device.
  - 8. The processor of claim 7 wherein the computing device is a portable computing device.
  - 9. The processor of claim 1 further comprising a storage space, the security kernel being permanently stored in the storage space.
  - 10. The processor of claim 1 further comprising a storage space, the security key being permanently stored in the storage space.
  - 11. The processor of claim 1 wherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof.
  - 12. The processor of claim 11 wherein the security kernel performs a hash/MAC (message authentication code) over at least a portion of the application and then compares the hash/MAC to a hash/MAC corresponding to the application.
  - 13. The processor of claim 1 wherein such processor enters preferred mode whenever a predefined initializing processor action is performed.
  - 14. The processor of claim 13 wherein such processor enters preferred mode whenever a CPU reset is performed.

15. A method for a secure processor to instantiate a secure application thereon, the method comprising:
- instantiating a first security kernel which employs symmetric cryptography;
  
  instantiating by way of the instantiated first security kernel a second security kernel which employs asymmetric cryptography; and
  
  authenticating by way of the instantiated second security kernel the secure application.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 wherein the security key of the processor is a symmetric key and the second security kernel is instantiated by the first security kernel from a code image including a main body and a header including:
    - KCPU (KMAN) KMAN encrypted according to KCPU KMAN (KCODE) KCODE encrypted according to KMAN
      
      where KCPU is a security key of the processor, KMAN is a device key independent of the security key, and KCODE is the private key of the second security kernel, and wherein the first security kernel applies the security key to decrypt the private key of the second security kernel during instantiation thereof by;
      
      applying KCPU to KCPU (KMAN) to produce KMAN; and
      
      applying KMAN to KMAN (KCODE) to produce KCODE.
  - 17. The method of claim 15 wherein the application is instantiated by the second security kernel from a code image including a main body and a header including:
    - public key (KCODE) KCODE encrypted according to the public key
      
      where KCODE is the secret of the application, and wherein the second security kernel applies the private key to decrypt the secret of the application during authentication thereof.

18. A computer-readable medium having stored thereon computer-executable instructions implementing a method for a secure processor to instantiate a secure application thereon, the method comprising:
- instantiating a first security kernel which employs symmetric cryptography;
  
  instantiating by way of the instantiated first security kernel a second security kernel which employs asymmetric cryptography; and
  
  authenticating by way of the instantiated second security kernel the secure application.
- View Dependent Claims (19, 20)
- - 19. The medium of claim 18 wherein the security key of the processor is a symmetric key and the second security kernel is instantiated by the first security kernel from a code image including a main body and a header including:
    - KCPU (KMAN) KMAN encrypted according to KCPU KMAN (KCODE) KCODE encrypted according to KMAN
      
      where KCPU is a security key of the processor, KMAN is a device key independent of the security key, and KCODE is the private key of the second security kernel, and wherein the first security kernel applies the security key to decrypt the private key of the second security kernel during instantiation thereof by;
      
      applying KCPU to KCPU (KMAN) to produce KMAN; and
      
      applying KMAN to KMAN (KCODE) to produce KCODE.
  - 20. The medium of claim 18 wherein the application is instantiated by the second security kernel from a code image including a main body and a header including:
    - public key (KCODE) KCODE encrypted according to the public key
      
      where KCODE is the secret of the application, and wherein the second security kernel applies the private key to decrypt the secret of the application during instantiation thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus

Granted Patent

US 8,065,521 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/71   to assure secure computing ...

G06F 2221/2105   Dual mode as a secondary as...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0442   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/0897   involving additional device...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

SECURE PROCESSOR ARCHITECTURE FOR USE WITH A DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM ON A COMPUTING DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SECURE PROCESSOR ARCHITECTURE FOR USE WITH A DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEM ON A COMPUTING DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others