METHOD AND APPARATUS FOR AUTHENTICATING APPLICATIONS TO SECURE SERVICES

US 20080072066A1
Filed: 08/21/2006
Published: 03/20/2008
Est. Priority Date: 08/21/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for an electronic device to protect stored data, the method comprising:

computing a fingerprint of an application requesting access to the stored data;

comparing the fingerprint of the requesting application to the fingerprint of a storing application that generated the stored data; and

allowing the requesting application access to the stored data if the fingerprint of the requesting application matches the fingerprint of storing application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

During a first time interval, an authentication system produces a fingerprint of a first application, encrypts it and stores the encrypted fingerprint in a memory. In second time interval the authentication system produces a fingerprint of a second application, and retrieves the encrypted fingerprint of the first application from the memory. The encrypted fingerprint of the first application is decrypted to recover the fingerprint of the first application. The second application is authenticated if the fingerprint of the first application is equal to the fingerprint of the second application. The fingerprint may include a hash value of the program of computer instructions of the application. The fingerprint of the first application may be encrypted using an embedded secret key of the authentication system.

60 Citations

View as Search Results

23 Claims

1. A method for an electronic device to protect stored data, the method comprising:
- computing a fingerprint of an application requesting access to the stored data;
  
  comparing the fingerprint of the requesting application to the fingerprint of a storing application that generated the stored data; and
  
  allowing the requesting application access to the stored data if the fingerprint of the requesting application matches the fingerprint of storing application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method in accordance with claim 1, wherein the electronic device comprises a memory and a processor with an embedded secret key, the method further comprising:
    - calculating the fingerprint of the storing application;
      
      encrypting the fingerprint of the storing application using the embedded secret key of the processor; and
      
      storing the encrypted fingerprint of the storing application in the memory, wherein comparing the fingerprint of the requesting application to the fingerprint of a storing application that generated the stored data comprises decrypting, with the embedded secret key of the processor, an encrypted fingerprint of the storing application.
  - 3. A method in accordance with claim 1, wherein the electronic device comprises a memory and a processor with an embedded secret key, the method further comprising:
    - generating an application key;
      
      encrypting the application data using the application key to produce the stored data;
      
      encrypting the application key using the embedded secret key of the processor; and
      
      storing the encrypted application key in the memory.
  - 4. A method in accordance with claim 3, wherein allowing the requesting application access to the stored data comprises:
    - retrieving the encrypted application key from the memory;
      
      decrypting the encrypted application key to recover the application key; and
      
      decrypting the stored data using the application key.
  - 5. A method in accordance with claim 3, further comprising:
    - receiving an application key identifier from the requesting application; and
      
      selecting the fingerprint of the storing application from a registry in the memory in accordance with the application key identifier,wherein the registry contains fingerprints and corresponding application key identifiers.
  - 6. A method in accordance with claim 1, wherein computing a fingerprint of an application requesting access to the stored data comprises calculating a hash value of the application.
  - 7. A method in accordance with claim 6, wherein computing a fingerprint of an application requesting access to the stored data further comprises combining the hash value of the application with an identifier of the electronic device.
  - 8. A computer readable medium containing program instructions that, when executed on a processor, perform the method of claim 1.
  - 9. An electronic device operable to perform the method of claim 1.

10. A method for authenticating an application to a Secure Service of a processor, the method comprising:
- in a first time interval;
  
  producing a fingerprint of a first application;
  
  encrypting the fingerprint of the first application; and
  
  storing the encrypted fingerprint of the first application in a memory; and
  
  in a second time interval;
  
  producing a fingerprint of a second application;
  
  retrieving the encrypted fingerprint of the first application from the memory;
  
  decrypting the encrypted fingerprint of the first application to recover the fingerprint of a first application; and
  
  authenticating the second application if the fingerprint of the first application is equal to the fingerprint of the second application.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A method in accordance with claim 10, wherein the first application comprises a program of computer instructions and wherein producing a fingerprint of a first application comprises computing a hash value of the program of computer instructions.
  - 12. A method in accordance with claim 11, wherein producing a fingerprint of the first application further comprises combining the hash value with an identifier of the processor.
  - 13. A method in accordance with claim 10, wherein encrypting the fingerprint of the first application comprises encrypting the fingerprint of the first application using an embedded secret key of the processor.
  - 14. A computer readable medium containing program instructions that, when executed on a processor, perform the method of claim 10.
  - 15. An electronic device operable to perform the method of claim 10.

16. An authentication system, comprising:
- a computer readable medium operable to store a first application comprising a first program of computer instructions and a second application comprising a second program of computer instructions;
  
  a fingerprint unit operable to produce a fingerprint of the first application in a first time interval and a fingerprint of the second application in a second time interval, subsequent to the first time interval;
  
  a memory operable to store the fingerprint of the first application; and
  
  a comparison unit operable to compare the fingerprint of the first application and the fingerprint of the second application and produce an output indicative of whether the fingerprint of the first application is equal to the fingerprint of the second application,wherein the second application is authenticated if the fingerprint of the first application is equal to the fingerprint of the second application.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. A system in accordance with claim 16, further comprising:
    - an encryption unit operable to encrypt the fingerprint of the first application in the first time interval; and
      
      a decryption unit operable to decrypt the fingerprint of the first application in the second time interval;
18. A system in accordance with claim 16, wherein the fingerprint of the first application comprises a hash value of the first program of computer instructions and the fingerprint of the second application comprises a hash value of the second program of computer instructions.
19. A system in accordance with claim 16, wherein the fingerprint of the first application further comprises an identifier of the authentication system.
20. A system in accordance with claim 16, further comprising:
- an embedded secret key; and
  
  an encryption unit operable to encrypt the fingerprint of the first application using the embedded secret key.
21. A system in accordance with claim 20, wherein the encryption unit is further operable to encrypt an application key in the first time interval using the embedded secret key, and wherein the memory is further operable to store the encrypted application key.
22. A system in accordance with claim 21, wherein the memory is further operable to store encrypted data of the first application, encrypted using the application key, and wherein the second application is allowed to access the data if the fingerprint of the first application is equal to the fingerprint of the second application.
23. A system in accordance with claim 20, wherein the memory is further operable to store an application key identifier corresponding to the fingerprint of the first application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Buskey, Ronald F., Vogler, Dean H.

Application Number

US11/465,964
Publication Number

US 20080072066A1
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06F 21/31   User authentication

G06F 21/62   Protecting access to data v...

G06F 21/64   Protecting data integrity, ...

METHOD AND APPARATUS FOR AUTHENTICATING APPLICATIONS TO SECURE SERVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR AUTHENTICATING APPLICATIONS TO SECURE SERVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links