METHOD FOR CONTROLLING SECURITY FUNCTION EXECUTION WITH A FLEXIBLE, ENTENDABLE, AND NON-FORGABLE BLOCK
First Claim
1. A data structure comprising instructions that are cryptographically protected against alteration or misuse, wherein said instructions further comprise a trusted block that defines specific key management policies that are permitted when applications employ said trusted block to generate, import, or export symmetric cryptographic keys, and wherein said applications comprise:
- application programming interfaces (API);
embedded firmware;
operating system code;
and hardware configured operations; and
wherein said applications further comprise;
a Trusted_Block_Create (TBC) function;
a Remote_Key_Export (RKX) function; and
wherein said TBC function creates said trusted block; and
wherein said RKX function uses said Trusted Block to generate, import or export symmetric keys according to a set of parameters in said Trusted Block; and
wherein said RKX function creates a RKX token; and
wherein said RKX token encases said keys; and
wherein said trusted block has zero or more fields containing rules that provide an ability to limit how said trusted block is used, thereby reducing the risk of said trusted block being employed in unintended ways or with unintended keys; and
wherein said rules are created and approved by a cryptographic module under the control of at least two separate individuals;
wherein said trusted block is created with integrity protection by a message authentication code (MAC); and
wherein said MAC is calculated over the contents of said trusted block; and
wherein said trusted block comprises a randomly generated MAC key that is used to achieve said trusted blocks integrity protection; and
wherein said MAC key and a prepended confounder is encrypted under a variant of said cryptographic modules master key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, article, and system for providing an effective implementation of data structures, and application programming interface (API) functions that allow secure execution of functions behind a secure boundary. The controlling mechanism is a flexible, extendable, and non-forgeable block that details how values and parameters behind the secure boundary can be changed. The invention allows for one entity to execute a security function that will normally require extensive authorizations or dual or multiple control. The method and system comprise instructions that are cryptographically protected against alteration or misuse, wherein the instructions further comprise a trusted block that defines security policies that are permitted when an application program employs the trusted block in APIs. The trusted block has a number of fields containing rules that provide an ability to limit how the trusted block is used, thereby reducing the risk of the trusted block being employed in unintended ways. This trusted block controls the critical values or parameters behind the secure boundary. Cryptographically secured data structures are provided that allow for breaking up the instructions in the trusted blocks in a number of steps without reducing the level of security. Systems that make use of the trusted block must provide two API functions; one that encapsulates the block under at least dual control, and one that process the instructions or rules in the trusted block. In particular the invention provides a method, article, and system for the effective implementation for securely transferring symmetric encryption keys to remote devices, such as Automated Teller Machines (ATMs), PIN entry devices, and point of sale terminals. It may also be used to exchange symmetric keys with another cryptographic system of any type, such as a Host Security Module (HSM) in a computer server.
108 Citations
20 Claims
-
1. A data structure comprising instructions that are cryptographically protected against alteration or misuse, wherein said instructions further comprise a trusted block that defines specific key management policies that are permitted when applications employ said trusted block to generate, import, or export symmetric cryptographic keys, and wherein said applications comprise:
-
application programming interfaces (API); embedded firmware; operating system code; and hardware configured operations; and
wherein said applications further comprise;a Trusted_Block_Create (TBC) function; a Remote_Key_Export (RKX) function; and wherein said TBC function creates said trusted block; and wherein said RKX function uses said Trusted Block to generate, import or export symmetric keys according to a set of parameters in said Trusted Block; and wherein said RKX function creates a RKX token; and wherein said RKX token encases said keys; and wherein said trusted block has zero or more fields containing rules that provide an ability to limit how said trusted block is used, thereby reducing the risk of said trusted block being employed in unintended ways or with unintended keys; and wherein said rules are created and approved by a cryptographic module under the control of at least two separate individuals; wherein said trusted block is created with integrity protection by a message authentication code (MAC); and wherein said MAC is calculated over the contents of said trusted block; and
wherein said trusted block comprises a randomly generated MAC key that is used to achieve said trusted blocks integrity protection; andwherein said MAC key and a prepended confounder is encrypted under a variant of said cryptographic modules master key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for securely transferring symmetric cryptographic keys to other devices, wherein said method utilizes a data structure comprising instructions that are cryptographically protected against alteration or misuse, wherein said instructions further comprise a trusted block that defines specific key management policies that are permitted when applications employ said trusted block to generate, import, or export said symmetric cryptographic keys, and wherein said applications comprise:
-
application programming interfaces (API); embedded firmware; operating system code; and hardware configured operations; and
wherein said applications further comprise;a Trusted_Block_Create (TBC) function; a Remote_Key_Export (RKX) function; wherein said TBC function creates said trusted block; and wherein said RKX function uses said Trusted Block to generate, import, or export symmetric keys according to a set of parameters in said Trusted Block; and wherein said trusted block has a number of fields containing rules that provide an ability to limit how said trusted block is used, thereby reducing the risk of said trusted block being employed in unintended ways or with unintended keys; and wherein said method comprises; at least two separate individuals cooperating to create said trusted block under multiple control. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A storage medium encoded with machine-readable computer code for a processor to implement an instruction set of instructions designed to securely transfer symmetric cryptographic keys to other devices;
- and
wherein said instructions are cryptographically protected against alteration or misuse; and wherein said instructions further comprise a trusted block that defines specific key management policies that are permitted when applications employ said trusted block to generate, import, or export said symmetric cryptographic keys, and wherein said applications comprise; application programming interfaces (API); embedded firmware; operating system code; and hardware configured operations; and
wherein said applications further comprise;a Trusted_Block_Create (TBC) function; a Remote_Key_Export (RKX) function; wherein said TBC function creates said trusted block; and wherein said RKX function uses said Trusted Block to generate, import, or export symmetric keys according to a set of parameters in said Trusted Block; and wherein said trusted block has a number of fields containing rules that provide an ability to limit how said trusted block is used, thereby reducing the risk of said trusted block being employed in unintended ways or with unintended keys.
- and
Specification