Apparatus for control of cryptography implementations in third party applications

US 6,751,735 B1
Filed: 05/26/1999
Issued: 06/15/2004
Est. Priority Date: 03/23/1998
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus, implemented in a computer-readable medium, having modules for executing controlled modular cryptography in a processor of a computer, the apparatus comprising:

a base executable programmed to be executable on the processor, the base executable manufactured under the control of a trusted authority and comprising a loader module for dynamically linking one or more modules with the base executable to operate as an integrated portion of the base executable;

a third party vendor engine module dynamically linkable with the base executable to be executable on the processor to operate selected cryptographic executables for an application operably associated with the computer; and

the loader which utilizes a verification mechanism to verify that the engine module'"'"'s use of cryptographic capability is within a predetermined scope.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic implementation for integration of flexible policy implementations on policy engines, and the like, into a base executable having at least one slot. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy module may be included for use in limiting each module'"'"'s function, access, and potential for modification or substitution. The policy may be implemented organically within a manager layer or may be modularized further in an underlying engine layer as an independent policy, or as a policy created by a policy engine existing in an engine layer. The policy module is subordinate to the manager module in the manager layer in that the manager module calls the policy module when it is needed by the manager module. The policy module is preferably dynamically linkable, providing flexibility, and is layered deeper within the filler module than the manager module.

80 Citations

View as Search Results

14 Claims

1. An apparatus, implemented in a computer-readable medium, having modules for executing controlled modular cryptography in a processor of a computer, the apparatus comprising:
- a base executable programmed to be executable on the processor, the base executable manufactured under the control of a trusted authority and comprising a loader module for dynamically linking one or more modules with the base executable to operate as an integrated portion of the base executable;
  
  a third party vendor engine module dynamically linkable with the base executable to be executable on the processor to operate selected cryptographic executables for an application operably associated with the computer; and
  
  the loader which utilizes a verification mechanism to verify that the engine module'"'"'s use of cryptographic capability is within a predetermined scope.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, wherein the verification mechanism comprises a hierarchal chain of certificates.
  - 3. The apparatus of claim 2, wherein the chain of certificates contains a policy and a unique property verifiable by the base executable, the policy determining the scope of cryptographic capability that may be provided to an application by the engine and verifiable by the unique property.
  - 4. The apparatus of claim 3, wherein the third party vendor engine module comprises a certificate lower in a hierarchy than a certificate of the base executable.
  - 5. The apparatus of claim 1, wherein the verification mechanism comprises a policy associated with the engine module.
  - 6. The apparatus of claim 5, wherein the policy is modular and capable of linking by the loader separate from the third party vendor engine module.
  - 7. The apparatus of claim 1, wherein the verification mechanism comprises a manager module associated with the base executable.
  - 8. The apparatus of claim 7, further comprising a limited interface between the base executable and the third party cryptographic engine module such that the third party cryptographic engine must communicate with the base executable through the manager module, but so that government authorities are provided access to the third party cryptographic engine module through the base executable.
  - 9. The apparatus of claim 1, wherein the verifying mechanism comprises a plurality of certificates, each certificate comprising a policy of differing scope, and wherein the verifying mechanism enforces the policy of the most restrictive scope.
  - 10. The apparatus of claim 1, wherein the third party vendor engine module holds a certificate signed with the trusted authority private key.
  - 11. The apparatus of claim 1, wherein the third party vendor engine module holds a certificate containing the certifying authority public key and wherein thee verifying authority comprises asymmetric key technology.
  - 12. The apparatus of claim 1, further comprising a software development kit distributed to a third party vendor by the trusted authority, the software development kit comprising a certificate and a policy, and wherein the verifying mechanism comprises the certificate and policy.

13. An apparatus, implemented in a computer-readable medium, having modules for executing controlled modular cryptography in a processor of a computer, the apparatus comprising:
- a base executable programmed to be executable on the processor, the base executable manufactured under the control of a trusted authority and comprising a loader module for dynamically linking one or more modules with the base executable to operate as an integrated portion of the base executable;
  
  a third party vendor engine module dynamically linkable with the base executable to be executable on the processor to operate selected cryptographic executables for an application operably associated with the computer; and
  
  the loader which utilizes a hierarchal chain of certificates to verify that the engine module'"'"'s use of cryptographic capability is within a predetermined scope.

14. An apparatus, implemented in a computer-readable medium, having modules for executing controlled modular cryptography in a processor of a computer, the apparatus comprising:
- a base executable programmed to be executable on the processor, the base executable manufactured under the control of a trusted authority and comprising a loader module for dynamically linking one or more modules with the base executable to operate as an integrated portion of the base executable;
  
  a third party vendor engine module dynamically linkable with the base executable to be executable on the processor to operate selected cryptographic executables for an application operably associated with the computer; and
  
  the loader which utilizes a policy to verify that the engine module'"'"'s use of cryptographic capability is within a predetermined scope.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Jueneman, Robert R., Kingdon, Kevin W., Schell, Roger R., Berson, Thomas A.
Primary Examiner(s)
Hua, Ly V.
Assistant Examiner(s)
LEE, CHI CHUNG

Application Number

US09/320,423
Time in Patent Office

1,847 Days
Field of Search

713/189, 717/100, 717/163, 717/166, 706/47, 706/50, 706/919, 706/921, 706/922
US Class Current

713/189
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

Y10S 706/919   Designing, planning, progra...

Y10S 706/921   Layout, e.g. circuit, const...

Y10S 706/922   Computer program preparation

Apparatus for control of cryptography implementations in third party applications

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Apparatus for control of cryptography implementations in third party applications

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others