Secure repository with layers of tamper resistance and system and method for providing same

US 7,539,875 B1
Filed: 06/27/2000
Issued: 05/26/2009
Est. Priority Date: 06/27/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of generating a computer program storable on a computer-readable medium, said method comprising the acts of:

identifying a set of actions that are performed in the course of using a cryptographic algorithm to apply a cryptographic key to first data;

identifying attributes of said cryptographic key corresponding to said set of actions;

generating a first set of computer-executable instructions which includes instructions to perform actions functionally equivalent to said set of actions using said attributes but not said cryptographic key;

including said first set of computer-executable instructions in said computer program, wherein said computer program is operable to perform said functionally equivalent actions without access to, storing in memory, or exposing a whole or segment of said cryptographic key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries.

117 Citations

View as Search Results

21 Claims

1. A method of generating a computer program storable on a computer-readable medium, said method comprising the acts of:
- identifying a set of actions that are performed in the course of using a cryptographic algorithm to apply a cryptographic key to first data;
  
  identifying attributes of said cryptographic key corresponding to said set of actions;
  
  generating a first set of computer-executable instructions which includes instructions to perform actions functionally equivalent to said set of actions using said attributes but not said cryptographic key;
  
  including said first set of computer-executable instructions in said computer program, wherein said computer program is operable to perform said functionally equivalent actions without access to, storing in memory, or exposing a whole or segment of said cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein said cryptographic algorithm is a public/private-key algorithm.
  - 3. The method of claim 2, wherein said cryptographic key is the private key of an asymmetric key pair.
  - 4. The method of claim 1, further comprising the act of receiving second data which in some way identifies or relates to a computing device on which said computer program runs, and wherein said first set of computer-executable instructions is based on said second data.
  - 5. The method of claim 4, wherein said second data comprises or is based on one or more of the following:
    - a CPUID associated with a processor of said computing device;
      
      a serial number associated with said processor; and
      
      third data which identifies a hard disk associated with said computing device, said third data being assigned to said hard disk by a manufacturer or distributor of said hard disk.
  - 6. The method of claim 4, wherein said first set of computer-executable instructions comprises one or more instructions which depend for their correct execution on retrieval, during execution, of said second data.
  - 7. The method of claim 1, further comprising the act of randomly or pseudo-randomly generating a number, wherein said first set of computer-executable instructions is based on said number.
  - 8. The method of claim 1, further comprising the acts of:
    - generating a diversionary second set of computer-executable instructions which perform one or more second actions; and
      
      including said second set of computer-executable instructions in said computer program.
  - 9. The method of claim 8, further comprising the act of retrieving said diversionary second set of computer-executable instructions from a database of stored code.
  - 10. The method of claim 8, wherein said computer program does not rely on performance of said second actions to apply said cryptographic key to said first data.
  - 11. The method of claim 1, further comprising the act of generating a second set of computer-executable instructions which detects modification or deletion of at least a portion of code contained in said computer program, and which restores said portion if said portion has been deleted or modified.
  - 12. The method of claim 1, further comprising the act of reorganizing at least some code contained in said computer program.
  - 13. The method of claim 1, further comprising the acts of:
    - delimiting a segment of at least some code contained in said computer program;
      
      obtaining a first hash of the code inside the delimited segment;
      
      including said first hash of the delimited segment within said computer program;
      
      creating a second set of computer-executable instructions which obtains a second hash of the delimited segment and which compares said second hash with said first hash; and
      
      including said second set of computer-executable instructions in said computer program.
  - 14. The method of claim 1, further comprising the acts of:
    - encrypting at least a portion of said first set of computer-executable instructions; and
      
      creating a second set of computer-executable instructions which decrypts said portion.
  - 15. The method of claim 1, wherein said act of creating said first set of computer-executable instructions comprises the acts of:
    - creating instructions in a source-level language; and
      
      compiling said source-level-language instructions.
  - 16. The method of claim 15, further comprising the act of postprocessing the compiled instructions after said compiling act, wherein said postprocessing act comprises one or more of the following:
    - encrypting at least a portion of the compiled instructions, and hashing at least a portion of the compiled instructions.
  - 17. The method of claim 1, further comprising the acts of:
    - receiving, from a computing device, a request for said computer program via a network; and
      
      providing said computer program to said computer device via said network.
  - 18. The method of claim 17, wherein said network comprises the Internet.
  - 19. The method of claim 17, wherein said receiving act occurs contemporaneously with said providing act.
  - 20. The method of claim 1, wherein said generating act comprises retrieving instructions from a database of stored code.
  - 21. A computer-readable medium encoded with a third set of computer-executable instructions to perform the method of claim 1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Krishnaswamy, Vinay, Jakubowski, Mariusz H., Marr, Michael David, Manferdelli, John L.
Primary Examiner(s)
Brown; Christopher J

Application Number

US09/604,174
Time in Patent Office

3,255 Days
Field of Search

713/189, 380/255, 380/277
US Class Current

713/189
CPC Class Codes

G06F 21/1066   Hiding content

G06F 21/14   against software analysis o...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

Secure repository with layers of tamper resistance and system and method for providing same

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure repository with layers of tamper resistance and system and method for providing same

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links