Parameterized hash functions for access control
First Claim
1. A method for generating an encoded executable image, comprising:
- performing a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and
performing an encryption algorithm on the executable program using the signature component as a second key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for access control in a computer system are disclosed. A storage unit receives a block of data having an encrypted executable image and a signature component. A separation unit coupled to the storage unit separates the signature component from the encrypted executable image. A decryption unit coupled to the separation unit decrypts the encrypted executable image using the signature component as a key. This yields an decrypted executable program. An identification unit coupled to the decryption unit locates an identification mark in the decrypted executable program and identifies a composite key assigned to the identification mark. A signature generation unit coupled to the identification unit performs a keyed cryptographic hash algorithm on the decrypted executable program using the composite key as a key. A verification unit coupled to the signature generation unit compares the signature component with the computed keyed cryptographic hash value to verify the source of the block of data and to determine whether it has been modified. If the signature matches the keyed cryptographic hash value, a rights assignment unit coupled to the verification unit assigns appropriate access rights to the decrypted executable program and allows it to be executed by a computer system.
149 Citations
12 Claims
-
1. A method for generating an encoded executable image, comprising:
-
performing a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and performing an encryption algorithm on the executable program using the signature component as a second key. - View Dependent Claims (2)
-
-
3. A method for access control, comprising
separating a signature component from an executable image in a block of data; -
decrypting the executable image into a executable program using the signature component; computing a cryptographic keyed hash value of the executable program using a key; verifying a source of the block of data by comparing the signature component with the cryptographic keyed hash value. - View Dependent Claims (4, 5)
-
-
6. A device for encoding an executable program, comprising:
-
a signature generation unit that performs a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and a first encryption unit, coupled to the signature generation unit, that encrypts the executable program using the signature component as a second key. - View Dependent Claims (7)
-
-
8. An access controller, comprising:
-
a separation unit that separates a signature component, derived from performing a keyed hash function on a first executable program, from an encrypted executable image in a block of data; a decryption unit, coupled to the separation unit, the decrypts the encrypted executable image into a second executable program with the signature component; a signature generation unit, coupled to the decryption unit, that computes a cryptographic keyed hash value of the second executable program using a key; and a verification unit, coupled to the signature generation unit, that compares the cryptographic keyed hash value with the signature component. - View Dependent Claims (9, 10, 11)
-
-
12. A computer system, comprising:
-
a bus; a memory, coupled to the bus; and a separation unit that separates a signature component from an encrypted executable image in a block of data, a decryption unit, coupled to the separation unit, the decrypts the encrypted executable image into an executable program with the signature component, a signature generation unit, coupled to the decryption unit, that computes a cryptographic keyed hash value of the executable program using a key, and a verification unit, coupled to the signature generation unit, that compares the cryptographic keyed hash value with the signature component.
-
Specification