SYSTEMS AND METHODS FOR USING CRYPTOGRAPHY TO PROTECT SECURE AND INSECURE COMPUTING ENVIRONMENTS
0 Assignments
0 Petitions
Accused Products
Abstract
Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application. To verify the application, a trusted element can issue challenges based on different parts of the authenticated credential that the trusted element selects in an unpredictable (e.g., random) way, and deny service (or take other appropriate action) if the responses do not match the authenticated credential.
-
Citations
55 Claims
-
1-27. -27. (canceled)
-
28. A trusted element for use with a computer system including an insecure arrangement for using an application, the trusted element comprising:
-
a challenge generator that selects, based at least in part on a credential associated with the application, at least one predetermined portion of the application, the predetermined portion of the application including at least some executable software code, and issues a challenge requesting a response from the application, the response providing a computation of at least one value based on the selected predetermined portion of the application; and a response checker that checks the response against the credential. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. In an electronic appliance including a secure execution space and an insecure execution space, a method for permitting an application executing within the insecure execution space to request one or more services from a trusted element executing in the secure execution space, the method comprising:
-
issuing a challenge from the trusted element to the application executing within the insecure execution space, the challenge being based at least in part on randomly selected parts of an authenticated credential, the challenge requesting the application to compute at least one value based on one or more portions of the application, the one or more portions of the application including at least some executable software code; sending, from the application to the trusted element, the at least one value; comparing, at the trusted element, information provided by the authenticated credential with said at least one value; and denying the application access to said one or more services if the at least one value does not correspond with the information provided by the authenticated credential. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. A computer readable medium storing a computer program, the computer program including instructions that, when executed by a processor of an electronic appliance, are operable to cause the electronic appliance to take actions comprising:
-
issuing a challenge from a trusted element executing in a secure execution space to an application executing in an insecure execution space, the challenge being based at least in part on randomly selected parts of an authenticated credential, the challenge requesting the application to compute at least one value based on one or more portions of the application, the one or more portions of the application including at least some executable software code; receiving, from the application, the at least one value; comparing information provided by the authenticated credential with the at least one value; and denying the application access to said one or more services if the at least one value does not correspond with the information provided by the authenticated credential. - View Dependent Claims (44, 46, 47, 48, 49)
-
-
45. A computer readable medium 43, in which the issuing, sending, and comparing steps are performed multiple times during execution of the application.
-
50. An electronic appliance comprising:
-
a secure execution space; an insecure execution space; and a trusted element operable to execute within the secure execution space, the trusted element being operable to; issue a challenge to an application executing in the insecure execution space, the challenge being based at least in part on randomly selected parts of an authenticated credential, the challenge requesting the application to computer at least one value based on one or more portions of the application, the one or more portions of the application including at least some executable software code; receive, from the application or agent, said at least one value; compare information provided by the authenticated credential with said at least one value; and deny the application access to one or more services provided by an application executing in the secure execution space if the at least one value does not correspond with the information provided by the authenticated credential. - View Dependent Claims (51, 52, 53, 54, 55)
-
Specification