Platform and method for assuring integrity of trusted agent communications

US 6,389,537 B1
Filed: 04/23/1999
Issued: 05/14/2002
Est. Priority Date: 04/23/1999
Status: Active Grant

First Claim

Patent Images

1. A cryptographic device comprising:

a processing logic; and

a memory associated with the processing logic, the memory loaded with a first segment of code and a second segment of code, the first segment of code to control execution of cryptographic functions and hash functions and produce a notary digital signature including a combined result of a hash value of the second segment of code and an assertion indicating a purpose of the notary digital signature, the combined result digitally signed by a private key of the cryptographic device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic device comprising a processing logic and memory associated with the processing logic. The memory is loaded with a first segment of code to control execution of cryptographic functions and hash functions, and a second segment of code to perform cryptographic functions on behalf of a third party having no physical control of hardware employing the cryptographic device.

Citations

22 Claims

1. A cryptographic device comprising:
- a processing logic; and
  
  a memory associated with the processing logic, the memory loaded with a first segment of code and a second segment of code, the first segment of code to control execution of cryptographic functions and hash functions and produce a notary digital signature including a combined result of a hash value of the second segment of code and an assertion indicating a purpose of the notary digital signature, the combined result digitally signed by a private key of the cryptographic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The cryptographic device of claim 1, wherein the second segment of code performs operations on behalf of a third party having no physical control of hardware employing the cryptographic device.
  - 3. The cryptographic device of claim 1 wherein the memory further includes a public key of the cryptographic device, the private key of the cryptographic device and a digital certificate chain including at least one device certificate.
  - 4. The cryptographic device of claim 3, wherein the memory includes an on-chip memory situated on a chip with the processing logic and an off-chip memory.
  - 5. The cryptographic device of claim 4 further comprising a package containing the off-chip memory, the processing logic and the on-chip memory.
  - 6. The cryptographic device of claim 1, wherein the first segment of code of code is running at ring 0.
  - 7. The cryptographic device of claim 1, wherein a hash value of a message, a hash value of the second segment of code and the assertion are concatenated to produce the combined result.
  - 8. The cryptographic device of claim 7, wherein the second segment of code passes the message, the notary digital signature and a digital certificate chain to a graphical user interface.
  - 9. The cryptographic device of claim 1, wherein the hash value of the message, the hash value of the second segment of code and the assertion undergo modular addition to produce the combined result.

10. A digital platform comprising:
- a substrate;
  
  a memory coupled to the substrate, the memory including a graphical user interface and content in an encrypted format; and
  
  a cryptographic device coupled to the substrate and in secure communications with the memory, the cryptographic device being loaded with (1) a trusted agent executable to perform content metering on behalf of an entity having no physical control of the digital platform, and (2) a security kernel being code, in communications with the trusted agent executable, that produces a notary digital signature including a combined result that includes at least an assertion indicating a purpose of the notary digital signature.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The digital platform of claim 10, wherein the trusted agent executable to also preserve the integrity of data transmitted from and received by the digital platform.
  - 12. The digital platform of claim 11, wherein the combined result of the notary digital signature produced by the cryptographic device includes at least a hash value of a message and a hash value of the trusted agent executable digitally signed by a private key of the cryptographic device.
  - 13. The digital platform of claim 12, wherein the memory is provided with a content key from a remote source after transmission of the combined result.
  - 14. The digital platform of claim 10, wherein a hash value of a message, a hash value of the trusted agent executable and the assertion are concatenated to produce the combined result.

15. A method for ensuring the integrity of data exchanged between a platform and a remotely located content provider, comprising:
- receiving a selected trusted agent executable by the platform; and
  
  providing a notary digital signature to the content provider, the notary digital signature including a combined result of a hash value of a message, a hash value of the selected trusted agent executable and an assertion to indicate a purpose of the notary digital signature, the combined result digitally signed by a private key associated with the cryptographic device employed within the platform.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 further comprising:
17. The method of claim 16 further comprising:
- recovering the hash value of the message from the notary digital signature;
  
  recovering the hash value of the selected trusted agent executable from the notary digital signature; and
  
  recovering the assertion from the notary digital signature.
18. The method of claim 17, wherein the message is a copy of a message originally provided from the content provider to the digital platform during configuration.
19. The method of claim 16 further comprising:
- performing a hash operation on a copy of a selected trusted agent executable as provided to the digital platform by the content provider;
  
  comparing a hash value associated with the copy of the selected trusted agent executable with the recovered hash value of the trusted agent executable; and
  
  confirming that the trusted agent executable at the platform has not been modified upon successful comparison between the copy of the selected trusted agent executable and the recovered hash value of the trusted agent executable.
20. The method of claim 19 further comprising:
- providing a content key from the content provider to the digital platform to decrypt preloaded digital information in the platform.

21. A machine readable medium having embodied thereon code for processing by a platform including memory containing the code, comprising:
- a trusted agent executable to perform content metering operations on behalf of an entity or person without physical control of the platform; and
  
  a security kernel in communication with the trusted agent executable, the security kernel to generate a notary digital signature including a hash function of the trusted agent executable and an assertion being data to indicate a purpose of the notary digital signature.
- View Dependent Claims (22)
- - 22. The machine readable medium of claim 21, further comprising:

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Herbert, Howard C., Davis, Derek L.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Smithers, Matthew

Application Number

US09/298,360
Time in Patent Office

1,117 Days
Field of Search

713/176, 713/190, 713/191, 713/187
US Class Current

713/187
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06F 21/72   in cryptographic circuits

G06F 2221/2115   Third party

Platform and method for assuring integrity of trusted agent communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and method for assuring integrity of trusted agent communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links