Protecting software environment in isolated execution
First Claim
Patent Images
1. An apparatus comprising:
- a key generator to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and
a usage protector coupled to the key generator to protect usage of a subset of a software environment using the OSNK;
the key generator to generate the OSNK based at least in part on a master binding key (BK0) of the platform and an identification of the OS nub;
wherein the usage protector performs at least one operation selected from the group consisting of;
encrypting a value while operating in isolated execution mode; and
decrypting an encrypted value while operating in isolated execution mode.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a method and apparatus to protect a subset of a software environment. A key generator generates an operating system nub key (OSNK). The OSNK is unique to an operating system (OS) nub. The OS nub is part of an operating system in a secure platform. A usage protector uses the OSNK to protect usage of a subset of the software environment.
247 Citations
40 Claims
-
1. An apparatus comprising:
-
a key generator to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and a usage protector coupled to the key generator to protect usage of a subset of a software environment using the OSNK; the key generator to generate the OSNK based at least in part on a master binding key (BK0) of the platform and an identification of the OS nub; wherein the usage protector performs at least one operation selected from the group consisting of; encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 38)
-
-
10. A method comprising:
-
generating an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run in a software environment on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and protecting usage of a subset of the software environment using the OSNK; wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of; encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode; and wherein the operation of generating an OSNK comprises generating the OSNK based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 39)
-
-
19. A computer program product comprising:
-
a computer usable medium having computer program code embodied therein, the computer program product having; computer readable program code to generate an operating system nub key (OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating system to run in a software environment on a platform comprising a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and computer readable program code to protect usage of a subset of the software environment using the OSNK; wherein the computer readable program code to generate the OSNK comprises computer readable program code to generate the OSNK based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform; and wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of; encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 40)
-
-
28. A system comprising:
-
a processor capable of operating in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; storage response to the processor, the storage storing at least a subset of a software environment to run on the system; an operating system (OS) nub; a key generator to generate an operating system nub key (OSNK) unique to the OS nub, based at least in part on an identification of the OS nub and a master binding key (BK0) of the system; and a usage protector coupled to the key generator to protect usage of a subset of the software environment using the OSNK; wherein the operation of protecting usage of a subset of the software environment comprises at least one operation selected from the group consisting of; encrypting a value while operating in isolated execution mode; and decrypting an encrypted value while operating in isolated execution mode. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification