METHOD AND APPARATUS FOR AUTHENTICATING APPLICATIONS TO SECURE SERVICES
First Claim
1. A method for an electronic device to protect stored data, the method comprising:
- computing a fingerprint of an application requesting access to the stored data;
comparing the fingerprint of the requesting application to the fingerprint of a storing application that generated the stored data; and
allowing the requesting application access to the stored data if the fingerprint of the requesting application matches the fingerprint of storing application.
1 Assignment
0 Petitions
Accused Products
Abstract
During a first time interval, an authentication system produces a fingerprint of a first application, encrypts it and stores the encrypted fingerprint in a memory. In second time interval the authentication system produces a fingerprint of a second application, and retrieves the encrypted fingerprint of the first application from the memory. The encrypted fingerprint of the first application is decrypted to recover the fingerprint of the first application. The second application is authenticated if the fingerprint of the first application is equal to the fingerprint of the second application. The fingerprint may include a hash value of the program of computer instructions of the application. The fingerprint of the first application may be encrypted using an embedded secret key of the authentication system.
60 Citations
23 Claims
-
1. A method for an electronic device to protect stored data, the method comprising:
-
computing a fingerprint of an application requesting access to the stored data; comparing the fingerprint of the requesting application to the fingerprint of a storing application that generated the stored data; and allowing the requesting application access to the stored data if the fingerprint of the requesting application matches the fingerprint of storing application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authenticating an application to a Secure Service of a processor, the method comprising:
-
in a first time interval; producing a fingerprint of a first application; encrypting the fingerprint of the first application; and storing the encrypted fingerprint of the first application in a memory; and in a second time interval; producing a fingerprint of a second application; retrieving the encrypted fingerprint of the first application from the memory; decrypting the encrypted fingerprint of the first application to recover the fingerprint of a first application; and authenticating the second application if the fingerprint of the first application is equal to the fingerprint of the second application. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An authentication system, comprising:
-
a computer readable medium operable to store a first application comprising a first program of computer instructions and a second application comprising a second program of computer instructions; a fingerprint unit operable to produce a fingerprint of the first application in a first time interval and a fingerprint of the second application in a second time interval, subsequent to the first time interval; a memory operable to store the fingerprint of the first application; and a comparison unit operable to compare the fingerprint of the first application and the fingerprint of the second application and produce an output indicative of whether the fingerprint of the first application is equal to the fingerprint of the second application, wherein the second application is authenticated if the fingerprint of the first application is equal to the fingerprint of the second application. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
wherein the memory is operable to store the encrypted fingerprint of the first application.
-
-
18. A system in accordance with claim 16, wherein the fingerprint of the first application comprises a hash value of the first program of computer instructions and the fingerprint of the second application comprises a hash value of the second program of computer instructions.
-
19. A system in accordance with claim 16, wherein the fingerprint of the first application further comprises an identifier of the authentication system.
-
20. A system in accordance with claim 16, further comprising:
-
an embedded secret key; and an encryption unit operable to encrypt the fingerprint of the first application using the embedded secret key.
-
-
21. A system in accordance with claim 20, wherein the encryption unit is further operable to encrypt an application key in the first time interval using the embedded secret key, and wherein the memory is further operable to store the encrypted application key.
-
22. A system in accordance with claim 21, wherein the memory is further operable to store encrypted data of the first application, encrypted using the application key, and wherein the second application is allowed to access the data if the fingerprint of the first application is equal to the fingerprint of the second application.
-
23. A system in accordance with claim 20, wherein the memory is further operable to store an application key identifier corresponding to the fingerprint of the first application.
Specification