Systems and methods using cryptography to protect secure computing environments
First Claim
1. A security method comprising:
- (a) digitally signing a first load module with a first digital signature designating the first load module for use by a first device class;
(b) digitally signing a second load module with a second digital signature different from the first digital signature, the second digital signature designating the second load module for use by a second device class having a tamper resistance and/or work factor substantially different from the tamper resistance and/or work factor of the first device class;
(c) distributing the first load module for use by at least one device in the first device class; and
(d) distributing the second load module for use by at least one device in the second device class.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm.
-
Citations
14 Claims
-
1. A security method comprising:
-
(a) digitally signing a first load module with a first digital signature designating the first load module for use by a first device class;
(b) digitally signing a second load module with a second digital signature different from the first digital signature, the second digital signature designating the second load module for use by a second device class having a tamper resistance and/or work factor substantially different from the tamper resistance and/or work factor of the first device class;
(c) distributing the first load module for use by at least one device in the first device class; and
(d) distributing the second load module for use by at least one device in the second device class.
-
-
2. A method including the following:
-
generating an executable program;
providing the program to a certification authority;
at the certification authority;
creating a first hash based on at least a portion of the program, the hash being based on a hashing algorithm;
selecting a security level, the security level being based on an attribute of the program or of the environment in which at least a portion of the program was modified or tested;
based at least in part on the selected security level, choosing a set of keys;
using a first key from the set of keys to digitally encrypt the hash so as to create a first digital signature;
using a second key from the set of keys to digitally encrypt the hash so as to create a second digital signature, the second key being different from the first key;
associating the first digital signature and the second digital signature with the program;
providing the program to a first electronic appliance, the first electronic appliance having a security level;
at the first electronic appliance;
determining whether the security level used by the certification authority for choosing the key set is compatible with the security level present at the first electronic appliance;
if the security level used by the certification authority is compatible with the first electronic appliance security level, using a third key stored at the first electronic appliance to decrypt the first digital signature, thereby retrieiving the first hash, the third key being a copy of or otherwise associated with the first key;
using the hashing algorithm to create a second hash of at least a portion of the program;
comparing the first hash to the second hash; and
if the first hash and the second hash are identical, then proceeding with a use of the program. - View Dependent Claims (3, 4, 5, 6, 7, 8)
generating a specification which at least in part describes the functioning of the program;
providing the specification to the certification authority;
at the certification authority, prior to the step of creating the first hash, comparing the program to the specification;
if the comparison fails, generating an indication that the program does not match the specification, and ending the process without creating the first hash or performing other steps; and
if the comparison succeeds, proceeding with the step of creating the first hash.
-
-
4. A method as in claim 3, further including:
-
at the certification authority;
using the hashing algorithm to create a third hash, the third hash being based on at least a portion of the specification, prior to the use of the first key set to encrypt the first hash, combining the first hash and the third hash, so that the encryption steps apply to both the first hash and the third hash;
the step of providing the program to the first electronic appliance further includes providing the specification to the first electronic appliance; and
at the first electronic appliance;
the step of retrieving the first hash includes also retrieving the third hash;
using the hashing algorithm to create a fourth hash of at least a portion of the specification, and comparing the third hash and the second hash.
-
-
5. A method as in claim 2, further including:
-
providing the program to a second electronic appliance, the second electronic appliance having a security level;
at the second electronic appliance;
determining whether the security level used by the certification authority for choosing the key set is compatible with the security level present at the second electronic appliance;
if the security level used by the certification authority is compatible with the second electronic appliance security level, using a fourth key stored at the first electronic appliance to decrypt the second digital signature, thereby retrieiving the first hash, the fourth key being a copy of or otherwise associated with the second key;
using the hashing algorithm to create a second hash of at least a portion of the program, comparing the first hash to the second hash; and
if the first hash and the second hash are identical, then proceeding with a use of the program.
-
-
6. A method as in claim 2, further including:
providing the third key to the first electronic appliance, the third key being provided independently from the first digital signature.
-
7. A method as in claim 6, further including:
at the first electronic appliance, storing the third key in a tamper-proof manner such that the third key is at least somewhat protected from inspection by a user of the first electronic appliance.
-
8. A method as in claim 2, further including:
generating the third key at the first electronic appliance, the third key generation being based on a seed present at the first electronic appliance.
-
9. A method including the following:
-
generating a computer program;
providing the computer program to a first certification authority;
at the first certification authority;
generating a first digital certificate containing information relating to the computer program, associating the first digital certificate with the computer program, and providing the computer program to a second certification authority;
at the second certification authority;
generating a second digital certificate containing information relating to the computer program, and associating the second digital certificate with the computer program;
providing the computer program to an electronic appliance; and
at the electronic appliance;
selecting whether to use the first digital certificate or the second digital certificate, the selection resulting in a decision to use the first digital certificate, processing the first digital certificate to recover information relating to the computer program, and using the first digital certificate information to determine whether to make a use of the computer program. - View Dependent Claims (10, 11, 12, 13, 14)
generating the first digital certificate includes incorporating information relating to a security level associated with the computer program.
-
-
11. A method as in claim 10, in which:
-
the information recovered by the electronic appliance in the processing step includes the security level information, and the use made of the recovered information by the electronic appliance includes determining whether the recovered security level information is consistent with a security level required by the electronic appliance or by a process running on the electronic appliance.
-
-
12. A method as in claim 9, in which:
generating the first digital certificate includes incorporating information about the first certification authority.
-
13. A method as in claim 12, in which:
-
the information recovered by the electronic appliance in the processing step includes the information about the first certification authority, and the use made of the recovered information by the electronic appliance includes determining the extent to which the electronic appliance is authorized to accept digital certificates from the first certification authority.
-
-
14. A method as in claim 9, in which:
-
the step of determining whether to make a use of the computer program results in a negative determination, and the electronic appliance then selects the second digital certificate and processes the second digital certificate to recover information relating to the computer program.
-
Specification