Controlled modular cryptography apparatus and method
First Claim
1. An apparatus having modules for executing controlled modular cryptography in a processor of a computer, the apparatus comprising:
- a base executable programmed to be executable on the processor, and comprising a loader for dynamically loading and linking a filler, comprising modules, into the base executable, the loader linking the modules to one another to operate as an integrated portion of the base executable;
an engine module dynamically loadable into the base executable to be executable on the processor to operate, in accordance with a controlling policy, selected cryptographic executables for an application operably associated with the computer;
a support module dynamically linkable to interface between the engine module and the base executable;
a library module dynamically linkable to interface between the application and the filler; and
a manager module dynamically linkable to interface between the engine module and the library module.
3 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic filler for integration into a base executable having a "slot" minimizing the interface between the filler and the base executable, and between individual component modules in the filler. Cryptographic engines provide for security (privacy and integrity) of data. The base executable having potential cryptographic capability may rely on an integrated loader to control linking of the filler and its modules according to a controlling policy set by export or import laws. A base executable may be a network operating system having a "slot" for dynamically linking the filler and its modules. Modules may be created by a third party vendor within controls enforced by the loader and a management module in the filler. Asymmetric key cryptography may assure that modules have not been modified, functionally extended, or created by unauthorized sources, and may ensure that keys used in the modules come only from authorized sources. The policy may limit each module'"'"'s function, access, and potential for modification or substitution. The filler and modules, typically representing a relatively small portion of the overall coding required by the base executable, may provide strong controls limiting integration by providing layered access between modules, and excluding direct access to or by them from the base executable or supported applications.
167 Citations
46 Claims
-
1. An apparatus having modules for executing controlled modular cryptography in a processor of a computer, the apparatus comprising:
-
a base executable programmed to be executable on the processor, and comprising a loader for dynamically loading and linking a filler, comprising modules, into the base executable, the loader linking the modules to one another to operate as an integrated portion of the base executable; an engine module dynamically loadable into the base executable to be executable on the processor to operate, in accordance with a controlling policy, selected cryptographic executables for an application operably associated with the computer; a support module dynamically linkable to interface between the engine module and the base executable; a library module dynamically linkable to interface between the application and the filler; and a manager module dynamically linkable to interface between the engine module and the library module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising a digital computer having a processor programmed to execute applications and to execute a plurality of executable modules comprising:
-
a base executable loadable into the computer to perform a base function, the base executable module being provided with a slot adapted to receive a filler module; the filler module containing a unique property recognizable by the base executable, and alterable exclusively by an authorized creator of the filler module; a loader module integral to the base executable, programmed to verify the presence of the unique property, and to dynamically load the filler module only if the unique property verifies correctly. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An article comprising a memory device having blocks for storing executables and data, the article including a first block storing a plurality of executable modules, executable on a processor, the block comprising:
-
a base module loadable into the processor to perform a base function, the base module being provided with a slot adapted to receive a filler module, a loader module integral to the base module, the filler module effective to be executed by a processor, the filler module containing a unique property recognizable by a loader, and unalterable by other than an authorized creator of the filler module, and the loader module programmed to verify the presence of the unique property, and to dynamically load the filler module only if the unique property verifies correctly. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A method for limiting integration of software modules into a base module executable on a processor of a computer, the method comprising:
-
providing a base module executable by the processor, the base module having a slot for receiving a filler module, and having an integrally programmed loader to control loading of the filler module; providing a filler module containing an engine effective to be executed by the processor, the filler containing a unique property recognizable by the loader, and unalterable by other than an authorized creator of the filler module; executing the base module by the processor; executing the loader by the processor; verifying by the loader the presence of the unique property in the filler module; loading dynamically the filler module only after the loader verifies the unique property successfully. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
-
Specification