METHOD AND SYSTEM FOR CONTROL OF CODE EXECUTION ON A GENERAL PURPOSE COMPUTING DEVICE AND CONTROL OF CODE EXECUTION IN A RECURSIVE SECURITY PROTOCOL
First Claim
1. A method for controlling the execution of code on an endpoint device comprising:
- receiving a first bitstream at a device;
obtaining a first key corresponding to the first bitsteam, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;
authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secure mode, wherein authenticating the first bitstream comprises;
hashing the first bitstream;
generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption;
comparing the generated second key with the first key; and
if the second key and the first key match, executing the first bitstream on the processor in secured mode.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.
-
Citations
17 Claims
-
1. A method for controlling the execution of code on an endpoint device comprising:
-
receiving a first bitstream at a device; obtaining a first key corresponding to the first bitsteam, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream; authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secure mode, wherein authenticating the first bitstream comprises; hashing the first bitstream; generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption; comparing the generated second key with the first key; and if the second key and the first key match, executing the first bitstream on the processor in secured mode. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for controlling the execution of code, comprising:
-
a device, comprising; a processor; first hardware for storing a first secret key; second hardware operable to;
access the first secret key when the processor is executing in secured mode, and implement an encryption algorithm using the first secret keya computer readable storage media comprising instructions executable by the processor for; receiving a first bitstream at the device; obtaining a first key corresponding to the first bitsteam, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream; authenticating the first bitstream using the second hardware at the device wherein authenticating the first bitstream comprises; hashing the first bitstream; generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the second hardware of the device and the second hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption; comparing the generated second key with the first key; and if the second key and the first key match, executing the first bitstream on the processor in secured mode. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable media, comprising instructions executable by a processor for controlling the execution of code on an endpoint device, including instructions executable for:
-
receiving a first bitstream at a device; obtaining a first key corresponding to the first bitsteam, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream; authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secure mode, wherein authenticating the first bitstream comprises; hashing the first bitstream; generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption; comparing the generated second key with the first key; and if the second key and the first key match, executing the first bitstream on the processor in secured mode. - View Dependent Claims (16, 17)
-
Specification