Protecting software environment in isolated execution

US 7,082,615 B1
Filed: 09/22/2000
Issued: 07/25/2006
Est. Priority Date: 03/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus comprising:

a key generator to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and

a usage protector coupled to the key generator to protect usage of a subset of a software environment using the OSNK;

the key generator to generate the OSNK based at least in part on a master binding key (BK0) of the platform and an identification of the OS nub;

wherein the usage protector performs at least one operation selected from the group consisting of;

encrypting a value while operating in isolated execution mode; and

decrypting an encrypted value while operating in isolated execution mode.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a method and apparatus to protect a subset of a software environment. A key generator generates an operating system nub key (OSNK). The OSNK is unique to an operating system (OS) nub. The OS nub is part of an operating system in a secure platform. A usage protector uses the OSNK to protect usage of a subset of the software environment.

247 Citations

40 Claims

1. An apparatus comprising:
- a key generator to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and
  
  a usage protector coupled to the key generator to protect usage of a subset of a software environment using the OSNK;
  
  the key generator to generate the OSNK based at least in part on a master binding key (BK0) of the platform and an identification of the OS nub;
  
  wherein the usage protector performs at least one operation selected from the group consisting of;
  
  encrypting a value while operating in isolated execution mode; and
  
  decrypting an encrypted value while operating in isolated execution mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 38)
- - 2. The apparatus of claim 1, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub.
  - 3. The apparatus of claim 1 wherein the usage protector comprises:
    - an encryptor to encrypt the subset of the software environment using the OSNK, the encrypted subset being stored in a storage; and
      
      a decryptor to decrypt the encrypted subset using the OSNK, the encrypted subset being retrieved from the storage.
  - 4. The apparatus of claim 1 wherein the usage protector comprises:
    - an encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      a decryptor to decrypt the encrypted first hash value using the OSNK, the encrypted first hash value being retrieved from the storage; and
      
      a comparator to compare the decrypted first hash value to a second hash value to generate a compared result, the compared result indicating whether the subset of the software environment has been modified.
  - 5. The apparatus of claim 1 wherein the usage protector comprises:
    - a first encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      a second encryptor to encrypt a second hash value using the OSNK; and
      
      a comparator to compare the encrypted second hash value to the encrypted first hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified.
  - 6. The apparatus of claim 1 wherein the usage protector comprises:
    - a decryptor to decrypt a protected private key to generate a private key using the OSNK;
      
      a signature generator coupled to the decryptor to generate a signature of the subset of the software environment using the private key, the signature being stored in a storage; and
      
      a signature verifier to verify the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the subset has been modified.
  - 7. The apparatus of claim 1 wherein the usage protector comprises:
    - a manifest generator to generate a manifest of the subset of the software environment, the manifest describing the subset of the software environment, the manifest being stored in a storage;
      
      a signature generator coupled to the manifest generator to generate a manifest signature using a private key, the private key being decrypted by a decryptor using the OSNK, the manifest signature being stored in the storage;
      
      a signature verifier to verify the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and
      
      a manifest verifier to verify the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested at a test center, the test center generating a pass/fail signal to indicate whether the subset has been modified.
  - 8. The apparatus of claim 1 wherein the subset of the software environment comprises a registry of an operating system.
  - 9. The apparatus of claim 1, wherein the BK0 is generated at random on a first invocation of a processor nub.
  - 38. An apparatus according to claim 1, wherein:
    - the platform comprises a memory responsive to the processor, the memory to include an isolated memory area, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode; and
      
      the isolated memory area operable to receive the OS nub during a boot process.

10. A method comprising:
- generating an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run in a software environment on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and
  
  protecting usage of a subset of the software environment using the OSNK;
  
  wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of;
  
  encrypting a value while operating in isolated execution mode; and
  
  decrypting an encrypted value while operating in isolated execution mode; and
  
  wherein the operation of generating an OSNK comprises generating the OSNK based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 39)
- - 11. The method of claim 10, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub.
  - 12. The method of claim 10 wherein protecting usage comprises:
    - encrypting the subset of the software environment using the OSNK;
      
      storing the encrypted subset in a storage; and
      
      decrypting the encrypted subset from the storage using the OSNK.
  - 13. The method of claim 10 wherein protecting usage comprises:
    - encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      decrypting the encrypted first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being retrieved from the storage; and
      
      comparing the decrypted first hash value to a second hash value to generate a compared result, the decrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified.
  - 14. The method of claim 10 wherein protecting usage comprises:
    - encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      encrypting a second hash value using the OSNK; and
      
      comparing the encrypted first hash value to the encrypted second hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified.
  - 15. The method of claim 10 wherein protecting usage comprises:
    - decrypting a protected private key to generate a private key using the OSNK;
      
      generating a signature of the subset of the software environment using the private key, the signature being stored in a storage; and
      
      verifying the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the subset of the software environment has been modified.
  - 16. The method of claim 10 wherein detecting comprises:
    - generating a manifest of the subset of the software environment, the manifest describing the subset of the software environment, the manifest being stored in a storage;
      
      generating a manifest signature of the manifest using a private key, the private key being decrypted using the OSNK, the manifest signature being stored in the storage;
      
      verifying the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and
      
      verifying the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested at a test center, the test center generating a pass/fail signal, the pass/fail signal indicating whether the subset of the software environment has been modified.
  - 17. The method of claim 10 wherein the subset of the software environment comprises a registry of the operating system.
  - 18. The method of claim 10, wherein the BK0 is generated at random on a first invocation of a processor nub.
  - 39. A method according to claim 10, wherein:
    - the platform comprises a memory responsive to the processor, the memory to include an isolated memory area, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode; and
      
      the method further comprises loading the OS nub into the isolated memory area during a boot process for the platform.

19. A computer program product comprising:
- a computer usable medium having computer program code embodied therein, the computer program product having;
  
  computer readable program code to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run in a software environment on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and
  
  computer readable program code to protect usage of a subset of the software environment using the OSNK;
  
  wherein the computer readable program code to generate the OSNK comprises computer readable program code to generate the OSNK based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform; and
  
  wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of;
  
  encrypting a value while operating in isolated execution mode; and
  
  decrypting an encrypted value while operating in isolated execution mode.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 40)
- - 20. The computer program product of claim 19, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub.
  - 21. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises:
    - computer readable program code for encrypting the subset of the software environment using the OSNK;
      
      computer readable program code for storing the encrypted subset; and
      
      computer readable program code for decrypting the encrypted subset from the storage using the OSNK.
  - 22. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises:
    - computer readable program code for encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      computer readable program code for decrypting the encrypted first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being retrieved from the storage; and
      
      computer readable program code for comparing the decrypted first hash value to a second hash value to generate a compared result, the decrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified.
  - 23. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises:
    - computer readable program code for encrypting a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      computer readable program code for encrypting a second hash value using the OSNK; and
      
      computer readable program code for comparing the encrypted first hash value to the encrypted second hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified.
  - 24. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises:
    - computer readable program code for decrypting a protected private key to generate a private key using the OSNK;
      
      computer readable program code for generating a signature of the subset of the software environment using the private key, the signature being stored in a storage; and
      
      computer readable program code for verifying the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the software environment has been modified.
  - 25. The computer program product of claim 19 wherein the computer readable program code for protecting usage comprises:
    - computer readable program code for generating a manifest of the subset of the software environment, the manifest being stored in a storage;
      
      computer readable program code for generating a manifest signature of the manifest using a private key, the private key being decrypted using the OSNK, the manifest signature being stored in the storage;
      
      computer readable program code for verifying the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and
      
      computer readable program code for verifying the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested at a test center, the test center generating a pass/fail signal, the pass/fail signal indicating whether the subset of the software environment has been modified.
  - 26. The computer program product of claim 19 wherein the subset of the software environment comprises a registry of an operating system.
  - 27. The computer program product of claim 19, wherein the BK0 is generated at random on a first invocation of a processor nub.
  - 40. A computer program product according to claim 19, comprising:
    - computer readable program code to load the OS nub into an isolated memory area of the platform during a boot process for the platform, the isolated memory area to reside in a memory responsive to the processor, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode.

28. A system comprising:
- a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode;
  
  storage response to the processor, the storage storing at least a subset of a software environment to run on the system;
  
  an operating system (OS) nub;
  
  a key generator to generate an operating system nub key (OSNK) unique to the OS nub, based at least in part on an identification of the OS nub and a master binding key (BK0) of the system; and
  
  a usage protector coupled to the key generator to protect usage of a subset of the software environment using the OSNK;
  
  wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of;
  
  encrypting a value while operating in isolated execution mode; and
  
  decrypting an encrypted value while operating in isolated execution mode.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. The system of claim 28, wherein the identification comprises a hash value of at least one item selected from the group consisting of the OS nub and a certificate representing the OS nub.
  - 30. The system of claim 28 wherein the usage protector comprises:
    - an encryptor to encrypt the subset of the software environment using the OSNK, the encrypted subset being stored in a storage; and
      
      a decryptor to decrypt the encrypted subset using the OSNK, the encrypted subset being retrieved from the storage.
  - 31. The system of claim 28 wherein the usage protector comprises:
    - an encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      a decryptor to decrypt the encrypted first hash value using the OSNK, the encrypted first hash value being retrieved from the storage; and
      
      a comparator to compare the decrypted first hash value to a second hash value to generate a compared result, the compared result indicating whether the subset of the software environment has been modified.
  - 32. The system of claim 28 wherein the usage protector comprises:
    - a first encryptor to encrypt a first hash value of the subset of the software environment using the OSNK, the encrypted first hash value being stored in a storage;
      
      a second encryptor to encrypt a second hash value using the OSNK; and
      
      a comparator to compare the encrypted second hash value to the encrypted first hash value to generate a compared result, the encrypted first hash value being retrieved from the storage, the compared result indicating whether the subset of the software environment has been modified.
  - 33. The system of claim 28 wherein the usage protector comprises:
    - a decryptor to decrypt a protected private key to generate a private key using the OSNK;
      
      a signature generator coupled to the decryptor to generate a signature of the subset of the software environment using the private key, the signature being stored in a storage; and
      
      a signature verifier to verify the signature to generate a modified/not modified flag using a public key, the signature being retrieved from the storage, the modified/not modified flag indicating whether the subset of the software environment has been modified.
  - 34. The system of claim 28 wherein the usage protector comprises:
    - a manifest generator to generate a manifest of the subset of the software environment, the manifest describing the subset of the software environment, the manifest being stored in a storage;
      
      a signature generator coupled to the manifest generator to generate a manifest signature of the manifest using a private key, the private key being decrypted using the OSNK, the manifest signature being stored in the storage;
      
      a signature verifier to verify the manifest signature to generate a signature verified flag using a public key, the manifest signature being retrieved from the storage; and
      
      a manifest verifier to verify the manifest to generate a manifest verified flag, the manifest being retrieved from the storage, the manifest verified flag and the signature verified flag being tested by a test center, the test center generating a pass/fail signal indicating whether the subset has been modified.
  - 35. The system of claim 28 wherein the subset of the software environment comprises a registry of an operating system.
  - 36. The system of claim 28, wherein the BK0 is generated at random on a first invocation of a processor nub.
  - 37. The system of claim 28, further comprising:
    - a memory responsive to the processor, the memory to include an isolated memory area, the isolated memory area to be accessible to the processor in the isolated execution mode and inaccessible to the processor in the normal execution mode; and
      
      the isolated memory area operable to receive the OS nub during a boot process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Mittal, Millind, Reneris, Ken, Lin, Derrick C., McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A.
Primary Examiner(s)
Revak, Christopher
Assistant Examiner(s)
ABRISHAMKAR, KAVEH

Application Number

US09/668,610
Time in Patent Office

2,132 Days
Field of Search

713/2, 713/165, 713/170, 713/190, 713/200, 713/164, 380/44, 380/45, 711/163, 726/26
US Class Current

726/26
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/562   Static detection

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 2221/2105   Dual mode as a secondary as...

G06F 9/468   Specific access rights for ...

Protecting software environment in isolated execution

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

247 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting software environment in isolated execution

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

247 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links