Securely downloading and executing code from mutually suspicious authorities
First Claim
1. A method for a node'"'"'s authority to download new code into an existing node within a device, said method comprising:
- said authority preparing a command message including the new code, load predicates and trust parameters, where the load predicates specify whether a current environment in said device is a secure environment for said code;
said authority communicating said command message to the device;
said device receiving said message;
said device verifying that said message originated from said authority, and verifying that the current environment is valid for said load predicates; and
downloading said code if said message is verified to have originated from said authority, and said current execution environment is valid for said load predicates.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus, system and method for secure code-downloading and information exchange, in the full generality of complex code dependencies while considering the implications of mutual distrust and hot-swapping. Included are secure techniques wherein an authority signs code from another party upon which that authority depends in order to establish that a trusted execution environment, is being preserved. Trusted code is employed to ensure that proprietary data is destroyed, disabled, and/or made unreadable, when a change causes the trusted execution environment to cease holding to a certain security level. A carefully constructed key structure is employed to ensure that communications allegedly from particular code in a particular environment can be authenticated as such. Authenticity of code that decides the authenticity of public-key signatures, and/or the authenticity of other code is cared for. In particular, the loading code that performs these tasks may itself be reloadable. Authenticity is maintained in physically secure coprocessors with multiple levels of dependent software that is independently downloadable by mutually suspicious authorities, and in physically secure coprocessors whose software has sufficient richness and complexity so as to be certainly permeable. Recoverability is provided for physically secure coprocessors from code of arbitrary evil running at arbitrary privilege.
256 Citations
61 Claims
-
1. A method for a node'"'"'s authority to download new code into an existing node within a device, said method comprising:
-
said authority preparing a command message including the new code, load predicates and trust parameters, where the load predicates specify whether a current environment in said device is a secure environment for said code; said authority communicating said command message to the device; said device receiving said message; said device verifying that said message originated from said authority, and verifying that the current environment is valid for said load predicates; and downloading said code if said message is verified to have originated from said authority, and said current execution environment is valid for said load predicates. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for an authority over a parent node in a device to create a child node of said parent node, said method comprising:
-
said parent authority preparing a create child command for said device, said command including command predicates; said authority sending said command to said device; said device receiving said create child command; said device verifying a source of said command; said device creating said child if the predicates are satisfied and said source is said parent authority. - View Dependent Claims (19, 20)
-
-
21. A method for a node authority to send a command to an existing node in a device, said method comprising:
-
said node authority preparing the command for the device, said command including command predicates; said node authority sending the command to the device; said device receiving the command; said device verifying a source of said command; said device verifying that the command predicates are valid for a current execution environment of said node; and implementing said command if said source is verified to be said node authority and if the predicates are satisfied. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method for a device having a security dependency graph to regenerate an outgoing authentication key for a first node said first node having at least one ancestor having public-key ability, said method comprising:
-
said device generating a new keypair for said first node; said device selecting said ancestor for its outgoing authentication technique; said device composing a certificate for a new outgoing public key of said first node, said certificate includes the new outgoing public key of said first node, identifying an authority over each descendent node in said security dependency graph, and identifying code currently held in the descendent node; signing said certificate with a current outgoing private key of the ancestor; saving the new public key for the said first node and saving the certificate in an appropriate memory; and making the new keypair the active pair for the first node while deleting the old private key.
-
-
28. A method for a device to ensure that a first message received from a first node before a change in an execution environment of said first node occurs, is distinguishable from a second message from said first node received after said change occurs, said method comprising:
-
selecting a pre-existing ancestor of said first node; composing a second message whenever the first node needs outgoing authentication of the first message; said second message including said first message; said second message including a first identity of the authority over said first node, and a second identity of the authority over a second node; said second message including a first identity of the code currently in said first node, and a second identity of the code currently in said second node; for each node between said first node and said second node in a security dependency graph of said device, said second message includes a first identity of the authority over said third node, and a second identity of the code in said third node; authenticating said second message with a current outgoing authentication technique of said second node.
-
-
29. A method for a device to respond to a first command, said device having a NODE-A and a NODE-B, said NODE-A under the control of a NODE-A authority, said NODE-B under the control of a NODE-B authority, wherein said NODE-A is an ancestor of said NODE-B, and said first command is a request made by said NODE-A authority, said method comprising:
-
said NODE-B authority; selecting a command authentication technique, generating new incoming authentication secrets, and communicating at least part of said secrets and/or keys to said NODE-A authority; and said NODE-A authority; authenticating that said step of communicating originated with NODE-B authority, preparing an emergency certificate which includes a first identification of said NODE-B authority, the selected command authentication technique, and at least a part of said secrets, and communicating said emergency certificate to the device to enable said device to respond to said first command. - View Dependent Claims (30, 31, 32)
-
-
33. A method for a device to create a child NODE-C of an existing NODE-B, by an authority over NODE-B;
- said method comprising;
the NODE-B authority preparing and sending a create-child command to the device, said command includes a name of the new child, a name of the child'"'"'s authority; and
command predicatessaid NODE-B authority sending the create-child command to the device; said device receiving the create-child command, verifying that the command came from the NODE-B authority, and verifying that the command predicates are valid for a current execution environment of NODE-B; creating said child if both steps of verifying are successful, otherwise not creating the child. - View Dependent Claims (34)
- said method comprising;
-
35. A method for securely downloading dependent code from a loading device to a node, said loading device controlled by a first authority, said node controlled by a second authority, said method comprising:
-
said first authority providing an incoming authentication key of said second authority and an outgoing authentication key for said device; said second authority allowing said downloading executed in a fashion trusted by said second authority; and said second authority signing said dependent code.
-
-
36. A computer system comprising:
-
a processor; a memory for storing instructions and data for the processor; a communication channel for exchanging message signals between the processor and external devices; an authenticator for determining whether incoming message signals to the processor are authorized by a trusted authority; a loader for loading programs into the memory; a security manager for authorizing the loader to load a new program into the memory only if the authenticator determines that the new program is authorized by a trusted authority; an operating system or application program in the memory said operating system or application program being "dependent" on both the loader and the operating system or application program, and wherein said trusted authority includes a first influence of a first authority over the loader and a second influence of a second authority over the operating system or application program.
-
-
37. A computer system comprising:
-
a processor; a port for exchanging message signals between the processor and external devices; a first memory for storing a loader program executable by the processor, said loader program possessing a first cryptographic key for decoding incoming message signals from a first trusted authority over the loader program, and possessing a second cryptographic key for encoding outgoing message signals from the loader program; a second memory for storing instructions and data for the processor, and for storing a first child program which calls one or more of the functions provided by the loader program, said first child program possessing a first child cryptographic key for decoding incoming message signals from a second trusted authority over the first child program, and possessing a second child cryptographic key for encoding outgoing message signals from the first child program. - View Dependent Claims (38, 39, 40, 41)
-
-
42. A computer system comprising:
-
a processor; a communication channel for exchanging message signals between the processor and external devices; a first memory storing a loader program executable by the processor, said loader program possessing a first cryptographic key for authenticating incoming message signals from a first trusted authority over the loader program, and possessing a second cryptographic key for authenticating outgoing message signals from the loader program; a second memory for storing instructions and data for the processor, said second memory storing a first child program which depends upon the loader program, said first child program possessing a first child cryptographic key for decoding incoming message signals from a second trusted authority over the first child program, and possessing a second child cryptographic key for encoding outgoing message signals from the first child program.
-
-
43. An apparatus for downloading new code into an existing node within a secure device, said apparatus comprising:
-
a receiver for receiving a download command message from an authority, said message including the new code, load predicates and trust parameters; a verifying subdevice for verifying that the message is valid for said load predicates and for verifying that the message originated with the authority.
-
-
44. A secure device having an existing node and comprising:
-
a receiver for receiving a first command message from an outside source directed to the existing node, said message including first command actions, load predicates and trust parameters; a verifying subdevice for verifying that the first command message is valid for said load predicates, and for verifying that the outside source is an authority over the existing node; and a processor to implement the first command actions when the first command message is verified successfully. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A device comprising:
-
a NODE-A under the control of a NODE-A authority; a NODE-B under the control of a NODE-B authority, wherein NODE-A is an ancestor of said NODE-B; a NODE-B receiver for receiving a first command from the NODE-A authority, and for receiving an emergency certification from the NODE-A authority indicating the NODE-A authority authenticated that at least one of NODE-B secrets originated from the NODE-B authority; a NODE-B responder for responding to the first command upon receiving permission from the NODE-B authority to prepare and send to the NODE-A authority a first response, where said first response includes at least part of NODE-B secrets, thereby enabling the NODE-A authority to generate and send to NODE-B the emergency certificate. - View Dependent Claims (57)
-
-
58. A method for regenerating an outgoing authentication key for a NODE-B, if NODE-B or an ancestor of NODE-B has public-key ability, and if a previous version of the code at NODE-B was trusted, said method comprising the device:
-
generating a new keypair for NODE-B which includes a new outgoing public key of NODE-B; composing a new certificate for the new outgoing public key of NODE-B; signing the new certificate with a current outgoing private key of NODE-B; saving both the new public key for NODE-B and the certificate in a memory; making the new keypair to be an active pair for NODE-B; and deleting an old private key. - View Dependent Claims (59, 60)
-
-
61. A method for maintaining the security of a first node controlled by a first authority, said first node dependent on a second node controlled by a second authority, when said second authority issues a command for said second node, where said command changes an execution environment of said first node, said method comprising:
-
said first authority explicitly counter-authenticating said command from said second authority as acceptable for said first node; destroying said first node and/or deleting its sensitive data when said command arrives without said counter-authentication.
-
Specification