Host system elements for an international cryptography framework
First Claim
1. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
- a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications to said cryptographic unit;
wherein said trust relation is established by a plurality of validation checks which guard interaction between said one or more applications and said cryptographic unit by providing a combination of several schemes which, while individually are weak, are in combination difficult to bypass without detection, said validation checks comprising;
a mechanism in which said one or more applications passes randomly selected pieces of a code image to said cryptographic service provider.
2 Assignments
0 Petitions
Accused Products
Abstract
An international cryptography framework (ICF) is provided that allows manufacturers to comply with varying national laws governing the distribution of cryptographic capabilities. In particular, such a framework makes it possible to ship worldwide cryptographic capabilities in all types of information processing devices (e.g. printers, palm-tops). The ICF comprises a set of service elements which allow applications to exercise cryptographic functions under the control of a policy. The four core elements of the ICF architecture, i.e. the host system, cryptographic unit, policy activation token, and network security server, comprise an infrastructure that provides cryptographic services to applications. Applications that request cryptographic services from various service elements within the ICF are identified through a certificate to protect against misuse of a granted level of cryptography. The host system comprises a set of system programs and services which provide the application with an execution environment. The host system'"'"'s role within the ICF is twofold. First, the host system provides services to the application in the form of programming interfaces to access the functions offered by the cryptographic unit. Second, the host system provides support for the cryptographic unit in building trust relationships to the host system elements, such as the cryptographic programming interfaces, operating systems drivers, and memory management subsystems.
122 Citations
31 Claims
-
1. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications to said cryptographic unit;
wherein said trust relation is established by a plurality of validation checks which guard interaction between said one or more applications and said cryptographic unit by providing a combination of several schemes which, while individually are weak, are in combination difficult to bypass without detection, said validation checks comprising;
a mechanism in which said one or more applications passes randomly selected pieces of a code image to said cryptographic service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
a series of strictly monotonically increasing sequence numbers which are passed with each request for communication between said one or more applications and said cryptographic unit, wherein a failure in communication is assumed if either said one or more applications or said cryptographic service provider detects a number out of sequence in the montonically increasing sequence.
-
-
4. The apparatus of claim 1, said validation checks comprising:
challenge tokens that are passed along with each request for communication between said one or more applications and said cryptographic service provider, wherein said challenge token requires computation by both said one or more applications and said cryptographic service provider; and
wherein said computation relies on a previous value to detect sequence failures.
-
5. The apparatus of claim 1, said validation checks comprising:
a timer which determines a preestablished service time boundary to detect anomalies in processing or events.
-
6. The apparatus of claim 1, wherein part of said one or more applications is executed inside a trust boundary of said cryptographic unit.
-
7. The apparatus of claim 1, further comprising:
a signature validation mechanism that is applied to a module to verify that said module has been signed by a trusted entity, wherein said module is allowed to run inside a prescribe environment of a virtual machine.
-
8. The apparatus of claim 1, further comprising:
a plurality of application level Touch Points which secure said one or more applications from unauthorized use.
-
9. The apparatus of claim 1, wherein said one or more applications is certified by a certificate containing the identity of the one or more applications and those classes of service assigned thereto, wherein said certificate is used by said cryptographic unit to identify said one or more applications and determine the level of access to cryptographic services that can be granted thereto.
-
10. The apparatus of claim 9, wherein said one or more applications identity is authenticated by a signature over a hash sum of said one or more applications code image.
-
11. The apparatus of claim 10, wherein said authentication mechanism further comprises:
control options for an update process.
-
12. The apparatus of claim 1, further comprising:
fixed policy activation tokens which activate a cryptographic unit for a particular application.
-
13. The apparatus of claim 12, wherein said one or more applications have a unique identifier;
- and wherein a class of service constraint binds said unique identifier to said class of service.
-
14. The apparatus of claim 13, wherein a class of service comprises:
a class of service identifier and a descriptive part which contains an identifier of an associated method and constraints which must be evaluated before access to said method is granted.
-
15. The apparatus of claim 14, wherein said descriptive part is signed by an authority to assure its authenticity and integrity.
-
16. The apparatus of claim 13, wherein one or more applications pass a class of service identifier to said cryptographic unit with a request for cryptographic services.
-
17. The apparatus of claim 13, further comprising:
-
one or more security domain authorities; and
predefined class of service identifiers which are unique across every security domain authority.
-
-
18. The apparatus of claim 13, further comprising:
-
one or more application domain authorities;
one or more security domain authorities; and
negotiated class of service identifiers which are the result of an interaction between said application domain authority and said security domain authority.
-
-
19. The apparatus of claim 13, further comprising:
random class of service identifiers which accommodate one or more applications need to request a class of service dynamically for an operation created ad hoc during execution.
-
20. The apparatus of claim 13, further comprising:
a predefined class of service which is signed by a domain authority and in which said identifier is passed separately from a descriptive part which contains an identifier of an associated method and constraints which must be evaluated before access to a method is granted.
-
21. The apparatus of claim 13, wherein said class of service comprises invariant attributes which define a class of service attribute value that cannot be changed or overridden once said class of service is created and signed.
-
22. The apparatus of claim 13, wherein said class of service comprises variant attributes which define a class of service attribute that has a range of valid values defined for said attribute and an attribute value which is assigned by default, wherein the number and type of attributes is defined at creation time and cannot be changed at a later point of time.
-
23. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein said trust relation is established by a plurality of validation checks which guard interaction between said one or more applications and said cryptographic unit by providing a combination of several schemes which, while individually are weak, are in combination difficult to bypass without detection, said validation checks comprising;
a mechanism in which said cryptographic unit requests randomly selected pieces of a code image to ensure that a request to said cryptographic service provider cannot be issued by a malicious application.
-
-
24. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein said trust relation is established by a plurality of validation checks which guard interaction between said one or more applications and said cryptographic unit by providing a combination of several schemes which, while individually are weak, are in combination difficult to bypass without detection, said validation checks comprising;
a mechanism in which said one or more applications in said cryptographic unit request randomly selected pieces of a code image using a chained hash mechanism to render guessing by an attacker more difficult and to render detection of said attack trivial.
-
-
25. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein replacing a present version of said one or more applications by a next version thereof requires an authentication mechanism for said cryptographic unit to validate the origin of said next version before it is used;
wherein said one or more applications next version is only accepted if its signing identity is the same as that used in signing said present version.
-
-
26. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein replacing a present version of said one or more applications by a next version thereof requires an authentication mechanism for said cryptographic unit to validate the origin of said next version before it is used;
wherein said one or more applications next version is only accepted if it contains information about said present version and its signature.
-
-
27. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein replacing a present version of said one or more applications by a next version thereof requires an authentication mechanism for said cryptographic unit to validate the origin of said next version before it is used;
wherein said cryptographic unit only accepts an immediate predecessor of said next version.
-
-
28. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein replacing a present version of said one or more applications by a next version thereof requires an authentication mechanism for said cryptographic unit to validate the origin of said next version before it is used;
wherein said cryptographic unit accepts any one or more applications in a chain of previous applications.
-
-
29. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications; and
a cryptographic service provider that provides access for said one or more applications or operating systems to said cryptographic unit;
wherein replacing a present version of said one or more applications by a next version thereof requires an authentication mechanism for said cryptographic unit to validate the origin of said next version before it is used;
wherein said present one or more applications may specify options which influence the acceptance of successor applications.
-
-
30. An apparatus for establishing a trust relation that provides one or more degrees of trust within one or more applications by expanding a level of trust provided by elements of an international cryptography framework, wherein said international cryptography framework comprises a cryptographic unit, said apparatus comprising:
-
a host system, said host system providing an execution environment that supports execution of said one or more applications;
a cryptographic service provider that provides access for said one or more applications to said cryptographic unit; and
fixed policy activation tokens which activate a cryptographic unit for a particular application;
wherein said one or more applications have a unique identifier; and
wherein a class of service constraint binds said unique identifier to said class of service;
wherein a class of service comprises a class of service identifier and a descriptive part which contains an identifier of an associated method and constraints which must be evaluated before access to said method is granted; and
wherein class of service identifiers are distributed through a different channel than that of said descriptive part. - View Dependent Claims (31)
-
Specification