Cryptographic system enabling ownership of a secure process
First Claim
1. A cryptographic system enabling ownership of a secure process that includes one or more of secure distributing, loading and running of programs, comprising:
- a memory having capacity for holding an imported program; and
a cryptographic processor configured to hold securely one or more seed values, the cryptographic processor includinga physical security circuit configured to hold one of the seed values and a public key,a read only memory configured to hold a second one of the seed values and a program to be used by the cryptographic system for authenticating the imported program, anda random access memory configured to hold a third one of the seed values and a cryptographic key created from the seed values,wherein the cryptographic key is used by the cryptographic processor for decrypting the imported program, and wherein the public key is used by the cryptographic processor for authenticating the imported program.
12 Assignments
0 Petitions
Accused Products
Abstract
Ownership of a secure process is enabled with a cryptographic system. Methods initializing and operating the cryptographic system transfer control from the loading program to the loaded program and, in essence from the cryptographic system vendor to its end-user. As a result, ownership of the secure process can be relinquished to the end-user so that it alone can subsequently use the cryptographic system to control the secure process of loading and running its user-programs. The cryptographic system and methods allow for secure operations and protect against tampering with application software. The application program is retrieved from an encrypted file in external memory and authenticated by the cryptographic system before being executed.
-
Citations
56 Claims
-
1. A cryptographic system enabling ownership of a secure process that includes one or more of secure distributing, loading and running of programs, comprising:
-
a memory having capacity for holding an imported program; and a cryptographic processor configured to hold securely one or more seed values, the cryptographic processor including a physical security circuit configured to hold one of the seed values and a public key, a read only memory configured to hold a second one of the seed values and a program to be used by the cryptographic system for authenticating the imported program, and a random access memory configured to hold a third one of the seed values and a cryptographic key created from the seed values, wherein the cryptographic key is used by the cryptographic processor for decrypting the imported program, and wherein the public key is used by the cryptographic processor for authenticating the imported program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, performed by a cryptographic system in a computer system, for enabling ownership of a secure process that includes one or more of secure distribution, loading and running of programs, comprising:
-
generating a cryptographic key from seed values held securely by the cryptographic processor; decrypting, using the cryptographic key, a packet that includes an imported program, a hash and a signature in encrypted form; and authenticating the imported program each time before it is to be loaded into or executed by the computer system, using also a public key to decrypt the signature and verify it against the hash value produced from the packet decryption, the signature resulting from previously signing the hash by a private key that corresponds to the public key and is known only to the provider of the imported program in order to maintain ownership over its distribution, loading and execution, wherein the cryptographic processor executes a red-boot program for performing these steps each time it is powered-off or reset, the red-boot program requiring the public key for authenticating each imported program, the red-boot program transferring control to the imported program only if the imported program is successfully authenticated. - View Dependent Claims (13)
-
-
14. A method comprising:
-
each time a cryptographic system having a secure mode and a non-secure mode is initialized upon power up, if the system is initialized in the secure mode, generating cryptographic keys, including a first cryptographic key, from seed values held securely in the cryptographic system; loading a first encrypted program packet into the system from an external memory; decrypting the first encrypted program packet with the first cryptographic key to provide a first program file and a first digital signature; authenticating the first digital signature prior to each execution of the first program file; and only when the first digital signature is authentic, executing the first program file. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A method of initializing a secure system comprising:
-
loading a first encrypted program packet with a header into a system from an external memory; each time the cryptographic system is initialized upon power up, if the system is initialized in a secure mode, generating cryptographic keys, including a first cryptographic key from seed values held securely in the system; decrypting the first encrypted program packet with the first cryptographic key to provide a first program file, a hash value, and a first digital signature; prior to each execution of the first program file, determining the first program file is not authentic if the header is not of an expected format; calculating an expected hash value from the first program file; determining the first program file is not authentic if the expected hash value is not equal to the hash value; decrypting the digital signature using an RSA public key to produce a decrypted digital signature value; and determining the first program file is not authentic if the decrypted digital signature value does not equal the hash value; and when the program file is not authentic, erasing the first cryptographic key, otherwise, executing the first program file. - View Dependent Claims (35, 36)
-
-
37. A computer software product including executable code stored on a computer readable storage medium causing a processor to:
-
load a first encrypted program packet into a cryptographic system from an external memory, the cryptographic system having a secure mode and a non-secure mode; each time the cryptographic system is initialized upon power up, if the system is initialized in the secure mode, generating cryptographic keys, including a first cryptographic key, from seed values held securely in the cryptographic system; decrypt the first encrypted program packet with the first cryptographic key to provide a first program file and a first digital signature; authenticate the first digital signature prior to execution of the first program file; and only when the first digital signature is authentic, execute the first program file. - View Dependent Claims (38, 39)
-
-
40. A cryptographic system comprising:
-
a memory unit, the memory unit containing encrypted program file with which a hash value in encrypted form is associated; a cryptographic processor device, the cryptographic processor device including a processor; an engine capable of using a cryptographic key for decrypting the encrypted program file into a decrypted program file, the cryptographic key being generated from seed values held securely in the cryptographic system each time the cryptographic system is initialized in a secure mode upon power up; a hashing engine for determining the hash value of the decrypted program file; and a public key cryptography engine for decrypting a digital signature provided with the encrypted program file to produce a decrypted digital signature value that corresponds to the hash value in decrypted form, wherein prior to each execution the processor retrieves from the memory unit the encrypted file in order to obtain therefrom and authenticate the decrypted digital signatures. - View Dependent Claims (41)
-
-
42. A secure digital system, comprising:
-
a processor; a cryptography unit residing on the same substrate as the processor, the cryptography unit being coupled to the processor by a first data bus, the first data bus being protected from external probing; and a destination unit, the destination unit residing on a different substrate than the processor, the destination unit being coupled to the processor by a second data bus, wherein the processor directs data to the cryptography unit on the first data bus to produce encrypted data using a cryptographic key that is generated from seed values held securely in the secure digital system, wherein the processor directs the encrypted data to the destination unit on the second data bus and wherein the processor retrieves the encrypted data from the destination unit on the second data bus and directs the encrypted data to the cryptography unit to reproduce the data wherein the reproduced data is executed by the processor, but each time before its execution the reproduced data is verified and authenticated. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A method of operating a cryptographic system in a secure manner, comprising:
-
loading by a processor in the cryptographic system a first encrypted packet with a first program file; decrypting the first encrypted packet with a first decryption key created from seed values held securely in the cryptographic system, the decryption creating a decrypted first program file; authenticating the decrypted first program file using a first authentication key provided in the cryptographic system; if the first program file is authenticated, executing the first program file to load a second encrypted packet with a second program file containing a key/option table with a second authentication key, wherein the second authentication key can be customized for a user of the cryptographic system so that the second authentication key is known only to that user; decrypting the second encrypted packet to create a decrypted second program file using a second decryption key generated from the seed values; before execution of the decrypted second program file, authenticating the decrypted second program file using the second authentication key.
-
-
52. A method for enabling ownership of a secure process in a computer system with a cryptographic system, comprising:
-
decrypting, by the cryptographic system using a cryptographic key created from seed values held securely in the cryptographic system, an encrypted packet with a load program to create an original load program; authenticating and validating the original load program using a public key of a public/private key pair the private key being maintained and known only to a provider of the cryptographic system; and if the original load program is determined to be a secure load file and is authenticated, placing the cryptographic system in a secure mode, and authenticating a secondary loader program, wherein the secondary loader program can be customized for a user by placing a personalized public key in a table, the personalized public key corresponding to a personalized private key known only to the user, and wherein the secondary loader program is configured, in response to a load command from the cryptographic system, to allow a user program to be loaded and stored in memory if the user program is authenticated, using the personalized public key, the user program being signed by the personalized private key, and in response to a start command from the cryptographic system, to execute the stored user program if it is authenticated.
-
-
53. A cryptographic system, comprising:
-
means for loading a first encrypted packet with a first program file; means for decrypting the first encrypted packet with a first decryption key created from seed values held securely in the cryptographic system, the decryption creating a decrypted first program file; means for authenticating the decrypted first program file using a first authenticating key provided in the cryptographic system; means for causing the first program file, if the first program file is authenticated, to load a second encrypted packet with a second program file containing a key/option table with a second authentication key, wherein the second authentication key can be customized for a user of the cryptographic system so that the second authentication key is known only to that user; means for decrypting the second encrypted packet with a second decryption key generated from the seed values to create a decrypted second program file; and means for authenticating the decrypted second program file using the second authentication key before execution of the decrypted second program file.
-
-
54. A cryptographic system, comprising:
-
means for decrypting an encrypted packet with a load program to create an original load program; means for authenticating and validating the original load program using a key provided in the cryptographic system, the key corresponding to a private key known only to a provider of the cryptographic system, the private key being used to sign the load program; and if the original load program is determined to be a secure load file and is authenticated, means for placing the cryptographic system in a secure mode, and means for authenticating a secondary loader program, wherein the secondary loader program can be customized for a user by placing a personalized public key in a table, and wherein the secondary program is configured, in response to a load command from the cryptographic system, to allow a user program to be loaded and stored in memory if the user program is authenticated, the user program being signed by a private key corresponding to the personalized public key that is known only to the user, and in response to a start command from the cryptographic system, to execute the stored user program if it is authenticated via the personalized public key. - View Dependent Claims (55, 56)
-
Specification