Parameterized hash functions for access control

US 5,940,513 A
Filed: 10/30/1997
Issued: 08/17/1999
Est. Priority Date: 08/25/1995
Status: Expired due to Term

First Claim

Patent Images

1. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:

performing a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and

performing an encryption algorithm on the executable program using the signature component as a second key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for access control in a computer system are disclosed. A storage unit receives a block of data having an encrypted executable image and a signature component. A separation unit coupled to the storage unit separates the signature component from the encrypted executable image. A decryption unit coupled to the separation unit decrypts the encrypted executable image using the signature component as a key. This yields an decrypted executable program. An identification unit coupled to the decryption unit locates an identification mark in the decrypted executable program and identifies a composite key assigned to the identification mark. A signature generation unit coupled to the identification unit performs a keyed cryptographic hash algorithm on the decrypted executable program using the composite key as a key. A verification unit coupled to the signature generation unit compares the signature component with the computed keyed cryptographic hash value to verify the source of the block of data and to determine whether it has been modified. If the signature matches the keyed cryptographic hash value, a rights assignment unit coupled to the verification unit assigns appropriate access rights to the decrypted executable program and allows it to be executed by a computer system.

114 Citations

25 Claims

1. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
- performing a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and
  
  performing an encryption algorithm on the executable program using the signature component as a second key.
- View Dependent Claims (2)
- - 2. The computer-readable medium of claim 1, wherein the step of performing the cryptographic keyed hash function comprises performing a data encryption standard cipher block chaining algorithm.

3. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
- separating a signature component from an executable image in a block of data;
  
  decrypting the executable image into an executable program using the signature component;
  
  computing a cryptographic keyed hash value of the executable program using a key; and
  
  verifying a source of the block of data by comparing the signature component with the cryptographic keyed hash value.
- View Dependent Claims (4, 5)
- - 4. The computer-readable medium of claim 3 further comprising instructions which when executed by the processor causes the processor to perform the steps of:
    - finding an identification mark in the executable program; and
      
      looking up the key corresponding to the identification mark for performing a cryptographic keyed hash function on the executable program.
  - 5. The computer-readable medium of claim 3 further comprising instructions which when executed by the processor causes the processor to perform the step of assigning rights to the executable program according to rights associated with the key.

6. A computer system, comprising:
- a bus;
  
  a memory coupled to the bus;
  
  a processor coupled to the bus; and
  
  an encoder capable of producing a signature component using a first key having an associated set of access rights assigned to an executable program, and of encrypting the executable program using the signature component as a second key.
- View Dependent Claims (7, 8)
- - 7. The computer system of claim 6, wherein the encoder includesa signature generation unit for performing a cryptographic keyed hash function to produce the signature component;
    - anda first encryption unit coupled to the signature generation unit.
  - 8. The computer system of claim 7, wherein the signature generation unit further comprises a computation unit and a second encryption unit that performs a data encryption standard cipher block chaining algorithm.

9. A method for generating an encoded executable image, comprising:
- generating a signature component using a first key having an associated set of access rights assigned to an executable program; and
  
  encrypting the executable program using the signature component as a second key.

10. A method for access control, comprising:
- decrypting an executable image into an executable program using a signature component;
  
  computing a cryptographic keyed hash value of the executable program using a key; and
  
  comparing the signature component with the cryptographic keyed hash value.
- View Dependent Claims (11)
- - 11. The method of claim 10 further comprising assigning rights to the executable program according to rights associated with the key.

12. A device for encoding an executable program, comprising:
- a signature generation unit for generating a signature component using a first key having an associated set of access rights assigned to digital information; and
  
  a first encryption unit, coupled to the signature generation unit, for encrypting the digital information using the signature component as a second key.
- View Dependent Claims (13)
- - 13. The device of claim 12, wherein the digital information is an executable program.

14. A decoder comprising:
- a decryption unit for decrypting an encrypted executable program using a signature component, the signature component produced by a key pre-assigned with a set of access rights; and
  
  circuitry for assigning the access rights to the decrypted executable program.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The decoder of claim 14, wherein the circuitry comprises a rights assignment unit including a look-up table matching the key to the set of access rights.
  - 16. The decoder of claim 15 further comprising:
    - circuitry for computing a cryptographic keyed hash value of the decrypted executable program.
  - 17. The decoder of claim 16, wherein the circuitry for computing comprises:
    - an identification unit for identifying the key; and
      
      a signature generation unit for computing the cryptographic keyed hash value.
  - 18. The decoder of claim 16 further comprising:
    - a verification circuit for checking whether the cryptographic keyed hash value is equivalent to the signature component and for signaling the rights assignment unit when the cryptographic keyed hash value is equivalent to the signature component.

19. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
- generating a signature component using a first key having an associated set of access rights assigned to an executable program; and
  
  encrypting the executable program using the signature component as a second key.
- View Dependent Claims (20, 21)
- - 20. The computer-readable medium of claim 19, wherein the generation of the signature component includes performing a cryptographic keyed hash function on the executable program.
  - 21. The method of claim 20, wherein the cryptographic keyed hash function comprises a data encryption standard cipher block chaining algorithm.

22. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
- decrypting an executable image into an executable program using a signature component;
  
  computing a cryptographic keyed hash value of the executable program using a key; and
  
  comparing the signature component with the cryptographic keyed hash value.
- View Dependent Claims (23, 24, 25)
- - 23. The computer-readable medium of claim 22, further comprising instructions which when executed by the processor causes the processor to perform the steps of separating the signature component from the executable image in a block of data prior to decrypting the executable image.
  - 24. The computer-readable medium of claim 23 further comprising instructions which when executed by the processor causes the processor to perform the steps of:
    - finding an identification mark in the executable program; and
      
      determining the key corresponding to the identification mark for performing a cryptographic keyed hash function on the executable program.
  - 25. The method of claim 22 further comprising instructions which when executed by the processor causes the processor to perform the steps of assigning rights to the executable program according to rights associated with the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Knauerhase, Robert C., Aucsmith, David W.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/960,834
Time in Patent Office

656 Days
Field of Search

380/4, 380/25, 395/186
US Class Current

713/187
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 2211/007   Encryption, En-/decode, En-...

Parameterized hash functions for access control

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Parameterized hash functions for access control

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links