Secure processor architecture for use with a digital rights management (DRM) system on a computing device

US 7,225,333 B2
Filed: 06/27/2001
Issued: 05/29/2007
Est. Priority Date: 03/27/1999
Status: Active Grant

First Claim

Patent Images

1. A method for a secure processor to instantiate and authenticate a secure application thereon by way of a security kernel, the method comprising:

powering on into a normal mode;

receiving an instruction to instantiate the application after being powered on and while being in the normal mode;

after receiving the instruction to instantiate the application, transitioning from the normal mode to a preferred mode upon a non-power-up executed CPU reset, where a security key of the processor is accessible while in the preferred mode;

instantiating and running a security kernel while in the preferred mode, the security kernel;

accessing the security key;

applying the accessed security key to decrypt at least one encrypted key for the application;

storing the decrypted key(s) in a location where the application will expect the key(s) to be found; and

authenticating the application on the processor;

instantiating the application while in the preferred mode and only after the security kernel has authenticated such application; and

transitioning from the preferred mode to the normal mode after the security kernel authenticates the application and the application has been instantiated, where the security key is not accessible while in the normal mode, the application as instantiated during the preferred mode being available for use during the transitioned-to normal mode;

wherein the security kernel allows the processor to be trusted to keep hidden the security key(s) of the application, andwherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure processor is operable in normal and preferred modes, and includes a security kernel instantiated when the processor enters into preferred mode and a security key accessible by the security kernel during preferred mode. The security kernel employs the accessed security key to authenticate a secure application, and allows the processor to be trusted to keep hidden a secret of the application. To instantiate the application, the processor enters preferred mode where the security key is accessible, and instantiates and runs the security kernel. The security kernel accesses the security key and applies same to decrypt a key for the application, stores the decrypted key in a location where the application will expect same, and instantiates the application. The processor then enters the normal mode, where the security key is not accessible.

151 Citations

18 Claims

1. A method for a secure processor to instantiate and authenticate a secure application thereon by way of a security kernel, the method comprising:
- powering on into a normal mode;
  
  receiving an instruction to instantiate the application after being powered on and while being in the normal mode;
  
  after receiving the instruction to instantiate the application, transitioning from the normal mode to a preferred mode upon a non-power-up executed CPU reset, where a security key of the processor is accessible while in the preferred mode;
  
  instantiating and running a security kernel while in the preferred mode, the security kernel;
  
  accessing the security key;
  
  applying the accessed security key to decrypt at least one encrypted key for the application;
  
  storing the decrypted key(s) in a location where the application will expect the key(s) to be found; and
  
  authenticating the application on the processor;
  
  instantiating the application while in the preferred mode and only after the security kernel has authenticated such application; and
  
  transitioning from the preferred mode to the normal mode after the security kernel authenticates the application and the application has been instantiated, where the security key is not accessible while in the normal mode, the application as instantiated during the preferred mode being available for use during the transitioned-to normal mode;
  
  wherein the security kernel allows the processor to be trusted to keep hidden the security key(s) of the application, andwherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the security kernel performs a hash/MAC (message authentication code) over at least a portion of the application and then compares the hash/MAC to a hash/MAC corresponding to the application.
  - 3. The method of claim 1 wherein the security key of the processor is a symmetric key and the application is instantiated from a code image including a main body and a header including:
    - KCPU (KMAN) KMAN encrypted according to KCPU KMAN (KCODE) KCODE encrypted according to KMAN
      
      where KCPU is the security key, KMAN is a device key of the portable device independent of the security key, and KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises;
      
      applying KCPU to KCPU (KMAN) to produce KMAN; and
      
      applying KMAN to KMAN (KCODE) to produce KCODE.
  - 4. The method of claim 3 wherein the security key of the processor is a symmetric key and the application is instantiated from a code image including a main body and a header including:
    - KCPU (KMAN) KMAN encrypted according to KCPU MAC (main body, KMAN) message authentication code of the main body under KMAN KMAN (KCODE) KCODE encrypted according to KMAN
      
      where KCPU is the security key, KMAN is a device key of the portable device independent of the security key, and KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises;
      
      applying KCPU to KCPU (KMAN) to produce KMAN;
      
      computing MAC (main body, KMAN);
      
      comparing the computed MAC to MAC (main body, KMAN) from the header to determine if the code image has been changed; and
      
      if the MACs match, applying KMAN to KMAN (KCODE) to produce KCODE.
  - 5. The method of claim 1 wherein the security key of the processor is a private key of a public key—
    - private key pair and the application is instantiated from a code image including a main body and a header including;
      
      public key (KCODE) KCODE encrypted according to the public key
      
      where KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises applying the security key as the private key to public key (KCODE) to produce KCODE.
  - 6. The method of claim 5 wherein the security key of the processor is a private key of a public key—
    - private key pair and the application is instantiated from a code image including a main body and a header including;
      
      public key (HASH (main body), Hash of the main body and KCODE, KCODE) both encrypted according to the public key
      
      where KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises;
      
      computing HASH (main body);
      
      applying the private key to public key (HASH (main body), KCODE) to produce HASH (main body) and KCODE;
      
      comparing the computed HASH to the produced HASH to determine if the code image has been changed;
      
      ; and
      
      if the HASHs match, employing the produced KCODE as appropriate.

7. A method for a secure processor to instantiate one of a plurality of available secure applications thereon by way of a security kernel, the method comprising:
- setting a chooser value to a value corresponding to a chooser application upon power-up;
  
  entering a preferred mode upon a first power-up CPU reset and instantiating and running the security kernel while in a preferred mode, the security kernel determining that the chooser value corresponds to the chooser application and therefore authenticating same, the chooser application being instantiated by the security kernel while in the preferred mode and only after being authenticated;
  
  transitioning from the preferred mode to a normal mode after the chooser application is instantiated and leaving same to run while in the normal mode, the chooser application while in the normal mode presenting the plurality of available applications for selection by a user;
  
  receiving a selection of one of the presented applications to be instantiated;
  
  setting the chooser value to a value corresponding to the selected application;
  
  transitioning from the normal mode to the preferred mode upon a second non-power-up executed CPU reset after setting the chooser value to the value corresponding to the selected application, and thereafter again instantiating and running the security kernel while in the preferred mode, the security kernel determining that the chooser value corresponds to the selected application and therefore authenticating same, the selected application being instantiated by the security kernel while in the preferred mode and only after being authenticated;
  
  transitioning from the preferred mode to the normal mode after the selected application is instantiated and leaving same to run while in the normal mode, the selected application as instantiated during the preferred mode being available for use during the transitioned-to normal mode;
  
  wherein the security kernel allows the processor to be trusted to keep hidden a secret of the chooser application and a secret of the selected application.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7 further comprising setting the chooser value to the value corresponding to the chooser application upon the selected application being authenticated by the security kernel, wherein upon execution of a CPU reset, the security kernel determines that the chooser value corresponds to the chooser application and therefore authenticates same.
  - 9. The method of claim 7 further comprising storing the chooser value in a memory location not affected by a CPU reset so that the stored chooser value is available after same.

10. A computer-readable medium having stored thereon computer-executable instructions implementing a method for a secure processor to instantiate a secure application thereon by way of a security kernel, the method comprising:
- powering on into a normal mode;
  
  receiving an instruction to instantiate the application after being powered on and while being in the normal mode;
  
  after receiving the instruction to instantiate the application, transitioning from the normal mode to a preferred mode upon a non-power-up executed CPU reset, where a security key of the processor is accessible while in the preferred mode;
  
  instantiating and running a security kernel while in the preferred mode, the security kernel;
  
  accessing the security key;
  
  applying the accessed security key to decrypt at least one encrypted key for the application;
  
  storing the decrypted key(s) in a location where the application will expect the key(s) to be found; and
  
  authenticating the application on the processor;
  
  instantiating the application while in the preferred mode and only after the security kernel has authenticated such application; and
  
  transitioning from the preferred mode to the normal mode after the security kernel authenticates the application and the application has been instantiated, where the security key is not accessible while in the normal mode, the application as instantiated during the preferred mode being available for use during the transitioned-to normal mode;
  
  wherein the security kernel allows the processor to be trusted to keep hidden the key(s) of the application, andwherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The medium of claim 10 wherein the security kernel performs a hash/MAC (message authentication code) over at least a portion of the application and then compares the hash/MAC to a hash/MAC corresponding to the application.
  - 12. The medium of claim 10 wherein the security key of the processor is a symmetric key and the application is instantiated from a code image including a main body and a header including:
    - KCPU (KMAN) KMAN encrypted according to KCPU KMAN (KCODE) KCODE encrypted according to KMAN
      
      where KCPU is the security key, KMAN is a device key of the portable device independent of the security key, and KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises;
      
      applying KCPU to KCPU (KMAN) to produce KMAN; and
      
      applying KMAN to KMAN (KCODE) to produce KCODE.
  - 13. The medium of claim 12 wherein the security key of the processor is a symmetric key and the application is instantiated from a code image including a main body and a header including:
    - KCPU (KMAN) KMAN encrypted according to KCPU MAC (main body, KMAN) message authentication code of the main body under KMAN KMAN (KCODE) KCODE encrypted according to KMAN
      
      where KCPU is the security key, KMAN is a device key of the portable device independent of the security key, and KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises;
      
      applying KCPU to KCPU (KMAN) to produce KMAN;
      
      computing MAC (main body, KMAN);
      
      comparing the computed MAC to MAC (main body, KMAN) from the header to determine if the code image has been changed; and
      
      if the MACs match, applying KMAN to KMAN (KCODE) to produce KCODE.
  - 14. The medium of claim 10 wherein the security key of the processor is a private key of a public key—
    - private key pair and the application is instantiated from a code image including a main body and a header including;
      
      public key (KCODE) KCODE encrypted according to the public key
      
      where KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises applying the security key as the private key to public key (KCODE) to produce KCODE.
  - 15. The medium of claim 14 wherein the security key of the processor is a private key of a public key—
    - private key pair and the application is instantiated from a code image including a main body and a header including;
      
      public key (HASH (main body), Hash of the main body and KCODE, KCODE) both encrypted according to the public key
      
      where KCODE is the secret of the application, and wherein the security kernel applying the accessed security key to decrypt at least one encrypted key for the application comprises;
      
      computing HASH (main body);
      
      applying the private key to public key (HASH (main body), KCODE) to produce HASH (main body) and KCODE;
      
      comparing the computed HASH to the produced HASH to determine if the code image has been changed; and
      
      if the HASHs match, employing the produced KCODE as appropriate.

16. A computer-readable medium having computer-executable instructions thereon implementing a method for a secure processor to instantiate one of a plurality of available secure applications thereon by way of a security kernel, the method comprising:
- setting a chooser value to a value corresponding to a chooser application upon power-up;
  
  entering a preferred mode upon a first power-up CPU reset and instantiating and running the security kernel while in a preferred mode, the security kernel determining that the chooser value corresponds to the chooser application and therefore authenticating same, the chooser application being instantiated by the security kernel while in the preferred mode and only after being authenticated;
  
  transitioning from the preferred mode to a normal mode after the chooser application is instantiated and leaving same to run while in the normal mode, the chooser application while in the normal mode presenting the plurality of available applications for selection by a user;
  
  receiving a selection of one of the presented applications to be instantiated;
  
  setting the chooser value to a value corresponding to the selected application;
  
  transitioning from the normal mode to the preferred mode upon a second non-power-up executed CPU reset after setting the chooser value to the value corresponding to the selected application, and thereafter again instantiating and running the security kernel while in the preferred mode, the security kernel determining that the chooser value corresponds to the selected application and therefore authenticating same, the selected application being instantiated by the security kernel while in the preferred mode and only after being authenticated;
  
  transitioning from the preferred mode to the normal mode after the selected application is instantiated and leaving same to run while in the normal mode, the selected application as instantiated during the preferred mode being available for use during the transitioned-to normal mode;
  
  wherein the security kernel allows the processor to be trusted to keep hidden a secret of the chooser application and a secret of the selected application.
- View Dependent Claims (17, 18)
- - 17. The medium of claim 16 wherein the method further comprises setting the chooser value to the value corresponding to the chooser application upon the selected application being authenticated by the security kernel, wherein upon execution of a CPU reset, the security kernel determines that the chooser value corresponds to the chooser application and therefore authenticates same.
  - 18. The medium of claim 16 wherein the method further comprises storing the chooser value in a memory location not affected by a CPU reset so that the stored chooser value is available after same.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
SHIFERAW, ELENI A

Application Number

US09/892,329
Publication Number

US 20020007456A1
Time in Patent Office

2,162 Days
Field of Search

713/164, 713/1, 713/2
US Class Current

713/164
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/71   to assure secure computing ...

G06F 2221/2105   Dual mode as a secondary as...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0442   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/0897   involving additional device...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

Secure processor architecture for use with a digital rights management (DRM) system on a computing device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

151 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Secure processor architecture for use with a digital rights management (DRM) system on a computing device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

151 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others