Systems and methods using cryptography to protect secure computing environments
DCFirst Claim
1. A method performed by an electronic appliance comprising a protected processing environment, the protected processing environment comprising a plurality of processing environments, the method comprising the steps of:
- receiving a first digital signature associated with a first load module;
authenticating the first digital signature using a first key; and
conditionally executing the first load module based at least in part on a result of the authenticating step, including limiting access by the first load module to a first set of resources associated with a first processing environment of the plurality of processing environments;
wherein the protected processing environment is resistant to tampering by a user of the electronic appliance with at least the steps of authenticating the first digital signature and conditionally executing the first load module.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.
-
Citations
20 Claims
-
1. A method performed by an electronic appliance comprising a protected processing environment, the protected processing environment comprising a plurality of processing environments, the method comprising the steps of:
-
receiving a first digital signature associated with a first load module; authenticating the first digital signature using a first key; and conditionally executing the first load module based at least in part on a result of the authenticating step, including limiting access by the first load module to a first set of resources associated with a first processing environment of the plurality of processing environments; wherein the protected processing environment is resistant to tampering by a user of the electronic appliance with at least the steps of authenticating the first digital signature and conditionally executing the first load module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium comprising program code, the program code being operable, when executed by an electronic appliance comprising a protected processing environment that is resistant to tampering by users of the electronic appliance, the protected processing environment comprising a plurality of processing environments, to cause the electronic appliance to perform steps comprising:
-
receiving a first digital signature associated with a first load module; authenticating the first digital signature using a first key; and conditionally executing the first load module based at least in part on a result of the authenticating step, including limiting access by the first load module to a first set of resources associated with a first processing environment of the plurality of processing environments. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
an electronic appliance comprising a protected processing environment, the protected processing environment comprising a plurality of processing environments; means for receiving a first digital signature associated with a first load module; means for authenticating the first digital signature using a first key; and means for conditionally executing the first load module based at least in part on a result generated by the means for authenticating the first digital signature, including means for limiting access by the first load module to a first set of resources associated with a first processing environment of the plurality of processing environments; wherein the protected processing environment is resistant to tampering by a user of the electronic appliance with at least the means for authenticating the first digital signature and the means for conditionally executing the first load module. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification