SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT

US 20090038017A1
Filed: 08/02/2007
Published: 02/05/2009
Est. Priority Date: 08/02/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

controlling, by an operating system, operation of a component in a first execution environment;

identifying the component;

partitioning off a portion of the component to control access by the operating system to a portion of the component; and

allowing the component to request lock or unlock service of the portion of the component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

Citations

27 Claims

1. A method comprising:
- controlling, by an operating system, operation of a component in a first execution environment;
  
  identifying the component;
  
  partitioning off a portion of the component to control access by the operating system to a portion of the component; and
  
  allowing the component to request lock or unlock service of the portion of the component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said allowing the component to request lock service of the portion of the component comprises:
    - passing a data blob to a management module that is to be locked in the portion of the component;
      
      deriving an unique key for the portion of the component from the key of the management module;
      
      encrypting the data blob;
      
      storing the encrypted data blob in the portion of the component; and
      
      creating a token to be used by the component to gain access to the encrypted data blob, wherein the token to include a reference to a manifest for verification when unlocking the portion of the component.
  - 3. The method of claim 2, wherein said allowing the component to request unlock service for the portion of the component comprises:
    - passing the encrypted data blob and token to the management module;
      
      if the integrity of the token can be verified, then decrypting the encrypted data blob; and
      
      storing the decrypted data blob in the portion of the component.
  - 4. The method of claim 3, wherein the data blob includes code.
  - 5. The method of claim 2, wherein the component verifies at least one destination component that may unlock the locked data blob.
  - 6. The method of claim 1, wherein said partitioning off the portion of the component comprises:
    - creating a protected page table; and
      
      operating the portion of the component from the protected page table to control access by the operating system to the portion of the component.
  - 7. The method of claim 6, further comprising:
    - operating a portion of the operating system from another page table; and
      
      managing execution flow between the another page table and the protected page table to control access by the operating system to the portion of the component.
  - 8. The method of claim 7, wherein said managing execution flow comprises:
    - verifying, upon an entry to the protected page table, an entry point and/or an entering execution state.
  - 9. The method of claim 8, further comprising:
    - recording, upon an exit from the protected page table, an exit point and/or an exiting execution state;
      
      comparing, upon re-entry to the protected page table, the entry point to the recorded exit point and/or the entering execution state to the recorded exiting execution state; and
      
      verifying the entry point and/or the entering execution state based at least in part on said comparing.

10. A machine-readable medium containing instructions which, when executed by a processing system, cause the processing system to perform a method, the method comprising:
- controlling, by an operating system, operation of a component in a first execution environment;
  
  identifying the component;
  
  partitioning off a portion of the component to control access by the operating system to a portion of the component; and
  
  allowing the component to request lock or unlock service of the portion of the component.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The machine-readable medium of claim 10, wherein said allowing the component to request lock service of the portion of the component comprises:
    - passing a data blob to a management module that is to be locked in the portion of the component;
      
      deriving an unique key for the portion of the component from the key of the management module;
      
      encrypting the data blob;
      
      storing the encrypted data blob in the portion of the component; and
      
      creating a token to be used by the component to gain access to the encrypted data blob, wherein the token to include a reference to a manifest for verification when unlocking the portion of the component.
  - 12. The machine-readable medium of claim 11, wherein said allowing the component to request unlock service for the portion of the component comprises:
    - passing the encrypted data blob and token to the management module;
      
      if the integrity of the token can be verified, then decrypting the encrypted data blob; and
      
      storing the decrypted data blob in the portion of the component.
  - 13. The machine-readable medium of claim 12, wherein the data blob includes code.
  - 14. The machine-readable medium of claim 11, wherein the component verifies at least one destination component that may unlock the locked data blob.
  - 15. The machine-readable medium of claim 10, wherein said partitioning off the portion of the component comprises:
    - creating a protected page table; and
      
      operating the portion of the component from the protected page table to control access by the operating system to the portion of the component.
  - 16. The machine-readable medium of claim 15, further comprising:
    - operating a portion of the operating system from another page table; and
      
      managing execution flow between the another page table and the protected page table to control access by the operating system to the portion of the component.
  - 17. The machine-readable medium of claim 16, wherein said managing execution flow comprises:
    - verifying, upon an entry to the protected page table, an entry point and/or an entering execution state.
  - 18. The machine-readable medium of claim 17, further comprising:
    - recording, upon an exit from the protected page table, an exit point and/or an exiting execution state;
      
      comparing, upon re-entry to the protected page table, the entry point to the recorded exit point and/or the entering execution state to the recorded exiting execution state; and
      
      verifying the entry point and/or the entering execution state based at least in part on said comparing.
  - 19. The machine-readable medium of claim 10, wherein the processing system is implemented in a virtual environment.

20. A system comprising:
- a component configured to be controlled by an operating system to operate within a first execution environment;
  
  a management module configured to identify the component and to partition off a portion of the component and to control access by the operating system to the portion of the component; and
  
  dynamic random access memory coupled to the management module,wherein the component to request lock or unlock service of the portion of the component.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The system of claim 20, wherein the component, when requesting lock service of the portion of the component, is further configured to pass a data blob to the management module that is to be locked in the portion of the component, and wherein the management module is further configured to derive an unique key for the portion of the component from the key of the management module, to encrypt the data blob, to store the encrypted data blob in the portion of the component, and to create a token to be used by the component to gain access to the encrypted data blob, wherein the token to include a reference to a manifest for verification when unlocking the portion of the component.
  - 22. The system of claim 21, wherein the component, when requesting unlock service of the portion of the component, is further configured to pass the encrypted data blob and token to the management module, and wherein the management module is further configured to determine whether the integrity of the token can be verified, and if so, then to decrypt the encrypted data blob and to store the decrypted data blob in the portion of the component.
  - 23. The system of claim 22, wherein the data blob includes code.
  - 24. The system of claim 21, wherein the component verifies at least one destination component that may unlock the locked data blob.
  - 25. The system of claim 20, wherein to partition off the portion of the component comprises the creation of a protected page table and the operation of the portion of the component from the protected page table to control access by the operating system to the portion of the component.
  - 26. The system of claim 25, wherein the management module is further configured to operate a portion of the operating system from another page table and to manage execution flow between the another page table and the protected page table to control access by the operating system to the portion of the component.
  - 27. The system of claim 26, wherein the management module is further configured to verify, upon an entry to the protected page table, an entry point and/or an entering execution state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Blumenthal, Uri, Khosravi, Hormuzd, Long, Men, Durham, David

Granted Patent

US 8,839,450 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1466   Key-lock mechanism

G06F 12/1475   in a virtual system, e.g. w...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/6209   to a single file or object,...

SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links