System and method for interfacing a software process to secure repositories
First Claim
1. A method of facilitating the use of a software process with one of a plurality of secure repositories, said method comprising the acts of:
- providing an interface, said interface being callable by said software process;
if said one of said plurality of secure repositories is said first of said plurality of secure repositories, providing a first set of computer-executable instructions which are invocable by said callable interface; and
if said one of said plurality of secure repositories is said second of said plurality of secure repositories, providing a second set of computer-executable instructions which are invocable by said callable interface, said second set of computer-executable instructions being different from said first set of computer-executable instructions, wherein said first of said plurality of secure repositories comprises a software module that uses a cryptographic algorithm to apply a cryptographic key to data without said cryptographic key being accessible to said cryptographic algorithm applied by said first of said plurality of secure repositories, and wherein said second of said plurality of secure repositories comprises a hardware module that uses said cryptographic algorithm to apply said cryptographic key to data, said hardware module further comprising hardware that resists or prevent divulgence of said cryptographic key outside of said hardware module.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries.
215 Citations
39 Claims
-
1. A method of facilitating the use of a software process with one of a plurality of secure repositories, said method comprising the acts of:
-
providing an interface, said interface being callable by said software process; if said one of said plurality of secure repositories is said first of said plurality of secure repositories, providing a first set of computer-executable instructions which are invocable by said callable interface; and if said one of said plurality of secure repositories is said second of said plurality of secure repositories, providing a second set of computer-executable instructions which are invocable by said callable interface, said second set of computer-executable instructions being different from said first set of computer-executable instructions, wherein said first of said plurality of secure repositories comprises a software module that uses a cryptographic algorithm to apply a cryptographic key to data without said cryptographic key being accessible to said cryptographic algorithm applied by said first of said plurality of secure repositories, and wherein said second of said plurality of secure repositories comprises a hardware module that uses said cryptographic algorithm to apply said cryptographic key to data, said hardware module further comprising hardware that resists or prevent divulgence of said cryptographic key outside of said hardware module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of communicating between a software process and a one of a plurality of secure repositories, said method comprising the acts of:
-
said software process issuing a first interface call which authenticates said software process to said one of said plurality of secure repositories; and said software process issuing a second interface call which requests performance of an action by said secure repository for said software process; wherein said software process issues said first and second interface calls without regard to whether said one of said plurality of secure repositories is a first of said plurality of secure repositories or a second of said plurality of secure repositories, wherein said first of said plurality of secure repositories comprises a software module that uses a cryptographic algorithm to apply a cryptographic key to data without said cryptographic key being stored in a memory accessible to said cryptographic algorithm. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A secure repository comprising:
-
a first set of computer-executable instructions which converts encrypted data into decrypted data by applying a cryptographic key to said encrypted data without said cryptographic key being accessible to said first set of computer-executable instructions during the time that said first set of computer-executable instructions applies said cryptographic key; and a second set of computer-executable instructions which provides said decrypted data to a software process if said secure repository trusts said software process; wherein said secure repository establishes trust of said software process at least in part by establishing trust with an intermediate object, said intermediate object comprising a third set of computer-executable instructions dynamically linked to said software process. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A method of communicating with one of a plurality of secure repositories, said method comprising the acts of:
-
issuing a first interface call without regard to whether said one of said plurality of secure repositories is a first of said plurality of secure repositories or a second of said plurality of secure repositories; if said one of said plurality of secure repositories is said first of said plurality of secure repositories, dynamically linking with a first set of computer-executable instructions invocable by said first interface call; and if said one of said plurality of secure repositories is said second of said plurality of secure repositories, dynamically linking with a second set of computer-executable instructions invocable by said first interface call, said second said of computer-executable instructions being different from said first set of computer-executable instructions, wherein said first of said plurality of secure repositories comprises a software module that uses a cryptographic algorithm to apply a cryptographic key to data without said cryptographic key being accessible to said cryptographic algorithm. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A method of authenticating a first software process to a second software process, said method comprising the acts of:
-
establishing to said second software process the authenticity of an intermediary object; and using said intermediary object to establish to said second software process the authenticity of said first software process; wherein said second software process converts encrypted data to decrypted data by using a cryptographic algorithm to apply a cryptographic key to said encrypted data without said cryptographic key being accessible to said second software process during a time that said second software process is applying said cryptographic key, and wherein said first software process performs an operation on said decrypted data. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification