Systems and methods using cryptography to protect secure computing environments

US 7,590,853 B1
Filed: 08/20/2007
Issued: 09/15/2009
Est. Priority Date: 08/12/1996
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method performed by an electronic appliance comprising at least one protected processing environment, the method comprising the steps of:

receiving a first load module and an associated first digital signature;

receiving a second load module and an associated second digital signature;

authenticating the first digital signature using a first cryptographic key;

authenticating the second digital signature using a second cryptographic key;

conditionally executing the first load module in a first processing environment of the electronic appliance based at least in part on a result of the step of authenticating the first digital signature, wherein the first processing environment has a first assurance level; and

conditionally executing the second load module in a second processing environment of the electronic appliance based at least in part on a result of the step of authenticating the second digital signature, wherein the second processing environment has a second assurance level that is different from the first assurance level;

wherein the protected processing environment is operable to impede tampering by a user of the electronic appliance with at least the step of authenticating the first digital signature and the step of authenticating the second digital signature.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.

Citations

26 Claims

1. A method performed by an electronic appliance comprising at least one protected processing environment, the method comprising the steps of:
- receiving a first load module and an associated first digital signature;
  
  receiving a second load module and an associated second digital signature;
  
  authenticating the first digital signature using a first cryptographic key;
  
  authenticating the second digital signature using a second cryptographic key;
  
  conditionally executing the first load module in a first processing environment of the electronic appliance based at least in part on a result of the step of authenticating the first digital signature, wherein the first processing environment has a first assurance level; and
  
  conditionally executing the second load module in a second processing environment of the electronic appliance based at least in part on a result of the step of authenticating the second digital signature, wherein the second processing environment has a second assurance level that is different from the first assurance level;
  
  wherein the protected processing environment is operable to impede tampering by a user of the electronic appliance with at least the step of authenticating the first digital signature and the step of authenticating the second digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, in which the first cryptographic key is securely associated with the first processing environment and in which the second cryptographic key is securely associated with the second processing environment.
  - 3. The method of claim 1, in which authenticating the first digital signature using the first cryptographic key comprises:
    - computing a first cryptographic hash of the first load module;
      
      decrypting the first digital signature using the first cryptographic key;
      
      obtaining a second cryptographic hash from the decrypted first digital signature; and
      
      comparing the first cryptographic hash with the second cryptographic hash.
  - 4. The method of claim 1, in which the protected processing environment is operable to maintain the first cryptographic key as a secret from the user of the electronic appliance.
  - 5. The method of claim 4, in which the first cryptographic key comprises a public key.
  - 6. The method of claim 1, further comprising the step of:
    - authenticating a third digital signature associated with the first load module;
      
      wherein the step of conditionally executing the first load module is further based, at least in part, on a result of the step of authenticating the third digital signature.
  - 7. The method of claim 6, in which the first digital signature is associated with a first portion of the first load module and the third digital signature is associated with a second portion of the first load module that is different, at least in part, from the first portion of the first load module.
  - 8. The method of claim 6, in which the first digital signature is associated with a first entity and the third digital signature is associated with a second entity.
  - 9. The method of claim 8, in which the first entity comprises a first verifying authority and in which the second entity comprises a second verifying authority.
  - 10. The method of claim 1, further comprising the steps of:
    - receiving a third digital signature associated with the first load module; and
      
      determining that a key needed to authenticate the third digital signature is unavailable.
  - 11. The method of claim 1, in which conditionally executing the first load module comprises conditionally executing the first load module to record an aspect of usage of a piece of electronic content.
  - 12. The method of claim 1, in which conditionally executing the first load module comprises conditionally executing the first load module to prevent a user from making a copy of a piece of electronic content.
  - 13. The method of claim 1, in which conditionally executing the first load module comprises conditionally executing the first load module to charge a user a fee for viewing a piece of electronic content.
  - 14. The method of claim 1, in which conditionally executing the first load module comprises conditionally executing the first load module to enable the electronic appliance to play a piece of electronic content.
  - 15. The method of claim 1, in which conditionally executing the first load module comprises conditionally executing the first load module to enable the electronic appliance to perform a financial transaction.
  - 16. The method of claim 1, further comprising:
    - distributing the first load module to a second electronic appliance, the second electronic appliance comprising a protected processing environment that is resistant to tampering by a user of the second electronic appliance, the second electronic appliance being operable to authenticate the first digital signature and to conditionally execute the first load module.

17. A system comprising:
- an electronic appliance comprising at least one protected processing environment;
  
  means for receiving a first load module and an associated first digital signature;
  
  means for receiving a second load module and an associated second digital signature;
  
  means for authenticating the first digital signature using a first cryptographic key;
  
  means for authenticating the second digital signature using a second cryptographic key;
  
  means for conditionally executing the first load module in a first processing environment of the electronic appliance based at least in part on an output of the means for authenticating the first digital signature; and
  
  means for conditionally executing the second load module in a second processing environment of the electronic appliance based at least in part on an output of the means for authenticating the second digital signature, wherein the first processing environment has a first assurance level and the second processing environment has a second assurance level that is different from the first assurance level;
  
  wherein the protected processing environment is operable to impede tampering by a user of the electronic appliance with at least the means for authenticating the first digital signature and the means for authenticating the second digital signature.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The system of claim 17, in which the protected processing environment is operable to maintain the first cryptographic key as a secret from the user of the electronic appliance.
  - 19. The system of claim 18, in which the first cryptographic key is a public key.
  - 20. The system of claim 17, further comprising:
    - means for authenticating a third digital signature associated with the first load module.
  - 21. The system of claim 17, further comprising:
    - means for receiving a third digital signature associated with the first load module; and
      
      means for determining that a key needed to authenticate the third digital signature is unavailable.
  - 22. The system of claim 17, in which the first cryptographic key is securely associated with the first processing environment and in which the second cryptographic key is securely associated with the second processing environment.
  - 23. The system of claim 20, in which the first digital signature is associated with a first portion of the first load module and the third digital signature is associated with a second portion of the first load module that is different, at least in part, from the first portion of the first load module.
  - 24. The system of claim 20, in which the first digital signature is associated with a first entity and the third digital signature is associated with a second entity.
  - 25. The system of claim 24, in which the first entity comprises a first verifying authority and in which the second entity comprises a second verifying authority.
  - 26. The system of claim 17, further comprising a computer-readable medium storing the first load module, the first load module being operable, when executed by the electronic appliance, to cause the electronic appliance to perform at least one action selected from the group consisting of:
    - recording an aspect of usage of a piece of electronic content, preventing a user of the electronic appliance from making a copy of a piece of electronic content, charging a user of the electronic appliance a fee for viewing a piece of electronic content, enabling the electronic appliance to play a piece of electronic content, and enabling the electronic appliance to perform a financial transaction.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Sibert, W. Olin, Shear, Victor H., Van Wie, David M.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US11/894,339
Time in Patent Office

757 Days
Field of Search

705/54, 705/57, 713/1, 713/2, 713/190, 713/194, 713/156, 713/175, 713/176, 713/181, 726/30, 726/31
US Class Current

713/176
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/10   Protecting distributed prog...

G06F 2211/007   Encryption, En-/decode, En-...

G06Q 20/02   involving a neutral party, ...

G06Q 20/12   specially adapted for elect...

G06Q 20/24   Credit schemes, i.e. "pay a...

G11B 20/00173   wherein the origin of the c...

G11B 20/00188   involving measures which re...

G11B 20/00195   using a device identifier a...

G11B 20/0021   involving encryption or dec...

G11B 20/00557   wherein further management ...

G11B 20/0071   involving a purchase action

G11B 2220/216   Rewritable discs

G11B 2220/218   Write-once discs

G11B 2220/2562   DVDs [digital versatile dis...

G11B 2220/2575   DVD-RAMs

G11B 27/031   Electronic editing of digit...

G11B 27/329   on a disc [VTOC]

H04L 12/40104   Security; Encryption; Conte...

H04L 12/40117   Interconnection of audio or...

Systems and methods using cryptography to protect secure computing environments

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods using cryptography to protect secure computing environments

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links