Parameterized hash functions for access control
First Claim
1. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
- performing a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and
performing an encryption algorithm on the executable program using the signature component as a second key.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for access control in a computer system are disclosed. A storage unit receives a block of data having an encrypted executable image and a signature component. A separation unit coupled to the storage unit separates the signature component from the encrypted executable image. A decryption unit coupled to the separation unit decrypts the encrypted executable image using the signature component as a key. This yields an decrypted executable program. An identification unit coupled to the decryption unit locates an identification mark in the decrypted executable program and identifies a composite key assigned to the identification mark. A signature generation unit coupled to the identification unit performs a keyed cryptographic hash algorithm on the decrypted executable program using the composite key as a key. A verification unit coupled to the signature generation unit compares the signature component with the computed keyed cryptographic hash value to verify the source of the block of data and to determine whether it has been modified. If the signature matches the keyed cryptographic hash value, a rights assignment unit coupled to the verification unit assigns appropriate access rights to the decrypted executable program and allows it to be executed by a computer system.
114 Citations
25 Claims
-
1. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
-
performing a cryptographic keyed hash function on an executable program to generate a signature component using a first key having an associated set of access rights assigned to the executable program; and performing an encryption algorithm on the executable program using the signature component as a second key. - View Dependent Claims (2)
-
-
3. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
-
separating a signature component from an executable image in a block of data; decrypting the executable image into an executable program using the signature component; computing a cryptographic keyed hash value of the executable program using a key; and verifying a source of the block of data by comparing the signature component with the cryptographic keyed hash value. - View Dependent Claims (4, 5)
-
-
6. A computer system, comprising:
-
a bus; a memory coupled to the bus; a processor coupled to the bus; and an encoder capable of producing a signature component using a first key having an associated set of access rights assigned to an executable program, and of encrypting the executable program using the signature component as a second key. - View Dependent Claims (7, 8)
-
-
9. A method for generating an encoded executable image, comprising:
-
generating a signature component using a first key having an associated set of access rights assigned to an executable program; and encrypting the executable program using the signature component as a second key.
-
-
10. A method for access control, comprising:
-
decrypting an executable image into an executable program using a signature component; computing a cryptographic keyed hash value of the executable program using a key; and comparing the signature component with the cryptographic keyed hash value. - View Dependent Claims (11)
-
-
12. A device for encoding an executable program, comprising:
-
a signature generation unit for generating a signature component using a first key having an associated set of access rights assigned to digital information; and a first encryption unit, coupled to the signature generation unit, for encrypting the digital information using the signature component as a second key. - View Dependent Claims (13)
-
-
14. A decoder comprising:
-
a decryption unit for decrypting an encrypted executable program using a signature component, the signature component produced by a key pre-assigned with a set of access rights; and circuitry for assigning the access rights to the decrypted executable program. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
-
generating a signature component using a first key having an associated set of access rights assigned to an executable program; and encrypting the executable program using the signature component as a second key. - View Dependent Claims (20, 21)
-
-
22. A computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions which, when executed by a processor, causes the processor to perform the steps of:
-
decrypting an executable image into an executable program using a signature component; computing a cryptographic keyed hash value of the executable program using a key; and comparing the signature component with the cryptographic keyed hash value. - View Dependent Claims (23, 24, 25)
-
Specification