Platform and method for assuring integrity of trusted agent communications
First Claim
Patent Images
1. A cryptographic device comprising:
- a processing logic; and
a memory associated with the processing logic, the memory loaded with a first segment of code and a second segment of code, the first segment of code to control execution of cryptographic functions and hash functions and produce a notary digital signature including a combined result of a hash value of the second segment of code and an assertion indicating a purpose of the notary digital signature, the combined result digitally signed by a private key of the cryptographic device.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic device comprising a processing logic and memory associated with the processing logic. The memory is loaded with a first segment of code to control execution of cryptographic functions and hash functions, and a second segment of code to perform cryptographic functions on behalf of a third party having no physical control of hardware employing the cryptographic device.
-
Citations
22 Claims
-
1. A cryptographic device comprising:
-
a processing logic; and
a memory associated with the processing logic, the memory loaded with a first segment of code and a second segment of code, the first segment of code to control execution of cryptographic functions and hash functions and produce a notary digital signature including a combined result of a hash value of the second segment of code and an assertion indicating a purpose of the notary digital signature, the combined result digitally signed by a private key of the cryptographic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A digital platform comprising:
-
a substrate;
a memory coupled to the substrate, the memory including a graphical user interface and content in an encrypted format; and
a cryptographic device coupled to the substrate and in secure communications with the memory, the cryptographic device being loaded with (1) a trusted agent executable to perform content metering on behalf of an entity having no physical control of the digital platform, and (2) a security kernel being code, in communications with the trusted agent executable, that produces a notary digital signature including a combined result that includes at least an assertion indicating a purpose of the notary digital signature. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for ensuring the integrity of data exchanged between a platform and a remotely located content provider, comprising:
-
receiving a selected trusted agent executable by the platform; and
providing a notary digital signature to the content provider, the notary digital signature including a combined result of a hash value of a message, a hash value of the selected trusted agent executable and an assertion to indicate a purpose of the notary digital signature, the combined result digitally signed by a private key associated with the cryptographic device employed within the platform. - View Dependent Claims (16, 17, 18, 19, 20)
providing the message and a device certificate chain to the content provider, the device certificate chain including at least one device certificate having a key associated with the platform for use in recovering the hash value of the message, the hash value of the selected trusted agent executable and the assertion from the notary digital signature.
-
-
17. The method of claim 16 further comprising:
-
recovering the hash value of the message from the notary digital signature;
recovering the hash value of the selected trusted agent executable from the notary digital signature; and
recovering the assertion from the notary digital signature.
-
-
18. The method of claim 17, wherein the message is a copy of a message originally provided from the content provider to the digital platform during configuration.
-
19. The method of claim 16 further comprising:
-
performing a hash operation on a copy of a selected trusted agent executable as provided to the digital platform by the content provider;
comparing a hash value associated with the copy of the selected trusted agent executable with the recovered hash value of the trusted agent executable; and
confirming that the trusted agent executable at the platform has not been modified upon successful comparison between the copy of the selected trusted agent executable and the recovered hash value of the trusted agent executable.
-
-
20. The method of claim 19 further comprising:
providing a content key from the content provider to the digital platform to decrypt preloaded digital information in the platform.
-
21. A machine readable medium having embodied thereon code for processing by a platform including memory containing the code, comprising:
-
a trusted agent executable to perform content metering operations on behalf of an entity or person without physical control of the platform; and
a security kernel in communication with the trusted agent executable, the security kernel to generate a notary digital signature including a hash function of the trusted agent executable and an assertion being data to indicate a purpose of the notary digital signature. - View Dependent Claims (22)
a graphical user interface for controlling the transmission of at least the notary digital signature from the digital platform.
-
Specification