Data Processing Apparatus And Method

US 20080216147A1
Filed: 06/10/2005
Published: 09/04/2008
Est. Priority Date: 06/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method of certifying compliance with a designated process which is defined by a plurality of rules which are specified in a public template, wherein at least one rule associated with a process includes a certification requirement which requires compliance with that rule to be certified by a rule certifying authority, the method comprising the execution by a processing apparatus in a secure environment of the steps of:

for each rule specified in the template, receiving rule compliance data;

checking the received rule compliance data to verify that all the rules specified in the template have been complied with, including checking that for rules having a certification requirement the associated rule compliance data includes a digital signature signed by a valid rule certifying authority for that rule; and

issuing a process compliance certificate digitally signed by the process certifying authority if the checking step verifies compliance with the rules specified in the template.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is a described a method of certifying compliance with a designated process defined by a plurality of rules which are specified in a public template, wherein at least one rule associated with a process includes a certification requirement which requires compliance with that rule to be certified by a rule certifying authority. A processing apparatus operating in a secure environment receives rule compliance data and checks the received rule compliance data to verify that any certification requirement has been satisfied. If the processing apparatus confirms that all the rules specified in the public template are satisfied, then the processing apparatus issues a process compliance certificate which is digitally signed by the process certifying authority.

130 Citations

View as Search Results

22 Claims

1. A method of certifying compliance with a designated process which is defined by a plurality of rules which are specified in a public template, wherein at least one rule associated with a process includes a certification requirement which requires compliance with that rule to be certified by a rule certifying authority, the method comprising the execution by a processing apparatus in a secure environment of the steps of:
- for each rule specified in the template, receiving rule compliance data;
  
  checking the received rule compliance data to verify that all the rules specified in the template have been complied with, including checking that for rules having a certification requirement the associated rule compliance data includes a digital signature signed by a valid rule certifying authority for that rule; and
  
  issuing a process compliance certificate digitally signed by the process certifying authority if the checking step verifies compliance with the rules specified in the template.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein said processing apparatus comprises a hardware security module, and wherein said method comprises the hardware security module:
    - receiving processor-implementable instructions and an associated digital s signature from a data store external to the hardware security module; and
      
      processing the digital certificate to verify the integrity of the processor implementable instructions.
  - 3. A method according to claim 2, wherein said hardware security module comprises a non-volatile random access memory storing hash value data obtained by applying a one-way encryption algorithm to data stored externally to the hardware security module, and wherein said checking step comprises the hardware security module:
    - retrieving the externally stored data;
      
      applying said one-way encryption algorithm to the externally stored data to generate hash value data; and
      
      comparing the generated hash value data with the hash value data stored in the non-volatile random access memory to check the integrity of the externally stored data.
  - 4. A method according to claim 3, wherein the externally stored data comprises said public template.
  - 5. A method according to claim 3, wherein the externally stored data comprises key resource data.
  - 6. A method according to claim 3, wherein the externally stored data comprises a table of hash values, with each hash value in the table of hash values derived from a corresponding sequence of externally stored data.
  - 7. A method according to claim 1, wherein the externally stored data comprises log data logging operations performed by the hardware security module.
  - 8. A method of digitally signing a data record, wherein said digital signing requires compliance with a designated process which is defined by a plurality of rules, wherein at least one rule associated with the designated process includes a certification requirement which requires compliance with that rule to be certified by a rule certifying authority, the method comprising the method of certifying compliance with a designated process as claimed in claim 1.
  - 9. A method of controlling access to stored data, wherein access to the data requires compliance with a designated process which is defined by a plurality of rules, wherein at least one rule associated with the designated process includes a certification requirement which requires compliance with that rule to be certified by a rule certifying authority, the method comprising the method of certifying compliance with a designated process as claimed in claim 1.
  - 10. A method according to claim 9, wherein following compliance with the designated process, the stored data is decrypted.

11. A method of performing a secure data processing operation, the method comprising the execution by a processing apparatus in a secure environment of the steps of:
- certifying compliance with a designated process which is defined by a plurality of rules which are specified in a public template, the certifying step comprising;
  
  . i) for each rule specified in the template, receiving rule compliance data; and
  
  ii) checking the received rule compliance data to verify that compliance with all the rules specified in the template;
  
  performing the secure data processing operation to provide output data;
  
  digitally signing a data record comprising a process compliance certificate digitally verifying compliance with the rules specified in the template; and
  
  outputting the digitally signed data record.
- View Dependent Claims (12, 13, 14)
- - 12. A method according to claim 11, wherein at least one of the rules specified in the public template includes a certification requirement, and wherein the certifying step comprises checking that for rules having a certification requirement the associated rule compliance data includes a digital signature signed by a valid rule certifying authority for that rule.
  - 13. A method according to claim 11, wherein the secure operation comprises a digital signing operation.
  - 14. A method according to claim 11, wherein the secure operation comprises a decryption operation.

15. A data processing apparatus comprising:
- a secure data store;
  
  a processor operable to carry out a processing operation on data stored in the secure data store, wherein said processor is in a secure environment; and
  
  a controller operable to prevent processing of the data stored in the secure data store unless a plurality of rules specified in a public template associated with said processing operation are complied with, wherein for at least one of the plurality of rules compliance with that rule requires certification by a certifying authority.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. A data processing apparatus according to claim 15, wherein the processor comprises part of a hardware security module.
  - 17. A data processing apparatus according to claim 16, further comprising a data store external to the hardware security module for storing data for processing by the hardware security module.
  - 18. A data processing apparatus according to claim 17, wherein said external data store comprises processor-implementable instructions having an associated digital signature,wherein the data processing apparatus is operable to transfer said processor-implementable instructions to the hardware security module, andwherein the hardware security module comprises a verifier operable to process said digital signature to verify the processor-implementable instructions.
  - 19. A data processing apparatus according to claim 17,wherein said external data store comprises data for processing by said hardware security module,and wherein said hardware security module comprises:
    - non-volatile random access memory storing hash value data associated with data stored in the external data store; and
      
      a verifier operable to verify data stored in the external data store using the hash value data stored in the non-volatile random access memory.
  - 20. A data processing apparatus according to any of claims 18, wherein the secure hardware module stores a cryptographic key resource and is operable to encrypt and decrypt data using the cryptographic key resource so that, after encryption, the data may be securely stored in the external data memory.
  - 21. A storage device storing instructions including instructions for programming a programmable processing apparatus to operate as a data processing apparatus as claimed in claims 15.
  - 22. A signal conveying instructions including instructions for programming a programmable processing apparatus to operate as a data processing apparatus as claimed in claim 15.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genkey Netherlands BV
Original Assignee
Scientific Generics Limited (Science Group Plc)
Inventors
Duffy, Dominic Gavan

Granted Patent

US 8,572,673 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/645 using a third party

G06Q 10/10 Office automation; Time man...

Data Processing Apparatus And Method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Data Processing Apparatus And Method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links