Systems and methods using cryptography to protect secure computing environments
DCFirst Claim
1. A method performed by an electronic appliance comprising at least one protected processing environment, the method comprising the steps of:
- receiving a first load module and an associated first digital signature;
receiving a second load module and an associated second digital signature;
authenticating the first digital signature using a first cryptographic key;
authenticating the second digital signature using a second cryptographic key;
conditionally executing the first load module in a first processing environment of the electronic appliance based at least in part on a result of the step of authenticating the first digital signature, wherein the first processing environment has a first assurance level; and
conditionally executing the second load module in a second processing environment of the electronic appliance based at least in part on a result of the step of authenticating the second digital signature, wherein the second processing environment has a second assurance level that is different from the first assurance level;
wherein the protected processing environment is operable to impede tampering by a user of the electronic appliance with at least the step of authenticating the first digital signature and the step of authenticating the second digital signature.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.
-
Citations
26 Claims
-
1. A method performed by an electronic appliance comprising at least one protected processing environment, the method comprising the steps of:
-
receiving a first load module and an associated first digital signature; receiving a second load module and an associated second digital signature; authenticating the first digital signature using a first cryptographic key; authenticating the second digital signature using a second cryptographic key; conditionally executing the first load module in a first processing environment of the electronic appliance based at least in part on a result of the step of authenticating the first digital signature, wherein the first processing environment has a first assurance level; and conditionally executing the second load module in a second processing environment of the electronic appliance based at least in part on a result of the step of authenticating the second digital signature, wherein the second processing environment has a second assurance level that is different from the first assurance level; wherein the protected processing environment is operable to impede tampering by a user of the electronic appliance with at least the step of authenticating the first digital signature and the step of authenticating the second digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
an electronic appliance comprising at least one protected processing environment; means for receiving a first load module and an associated first digital signature; means for receiving a second load module and an associated second digital signature; means for authenticating the first digital signature using a first cryptographic key; means for authenticating the second digital signature using a second cryptographic key; means for conditionally executing the first load module in a first processing environment of the electronic appliance based at least in part on an output of the means for authenticating the first digital signature; and means for conditionally executing the second load module in a second processing environment of the electronic appliance based at least in part on an output of the means for authenticating the second digital signature, wherein the first processing environment has a first assurance level and the second processing environment has a second assurance level that is different from the first assurance level; wherein the protected processing environment is operable to impede tampering by a user of the electronic appliance with at least the means for authenticating the first digital signature and the means for authenticating the second digital signature. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification