Systems and methods using cryptography to protect secure computing environments

US 7,761,916 B2
Filed: 08/20/2007
Issued: 07/20/2010
Est. Priority Date: 08/12/1996
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method utilizing a system comprising a processor and a memory encoded with program instructions that, when executed by the processor, cause the processor to perform the method, the method comprising:

receiving a load module and an associated specification;

verifying that the load module performs as specified by the specification;

determining that the load module does not include harmful functionality;

conditionally digitally signing the load module based at least in part on results of the verifying and determining steps; and

distributing, to a remote protected processing environment, a digital signature generated by the step of digitally signing the load module, the remote protected processing environment being operable to perform an authentication step on the digital signature using a public key, and to conditionally execute the load module based at least in part on a result of the authentication step,wherein the remote protected processing environment is resistant to tampering by an owner of an electronic appliance upon which the remote protected processing environment is running and is operable to maintain the public key as a secret from the owner of the electronic appliance.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.

41 Citations

View as Search Results

11 Claims

1. A method utilizing a system comprising a processor and a memory encoded with program instructions that, when executed by the processor, cause the processor to perform the method, the method comprising:
- receiving a load module and an associated specification;
  
  verifying that the load module performs as specified by the specification;
  
  determining that the load module does not include harmful functionality;
  
  conditionally digitally signing the load module based at least in part on results of the verifying and determining steps; and
  
  distributing, to a remote protected processing environment, a digital signature generated by the step of digitally signing the load module, the remote protected processing environment being operable to perform an authentication step on the digital signature using a public key, and to conditionally execute the load module based at least in part on a result of the authentication step,wherein the remote protected processing environment is resistant to tampering by an owner of an electronic appliance upon which the remote protected processing environment is running and is operable to maintain the public key as a secret from the owner of the electronic appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - securely distributing the public key to the remote protected processing environment.
  - 3. The method of claim 1, in which the load module, when executed by the electronic appliance, is configured to enable the electronic appliance to play a piece of electronic content.
  - 4. The method of claim 1, in which the load module, when executed by the electronic appliance, is configured to cause the electronic appliance to charge a user a fee for viewing a piece of electronic content.
  - 5. The method of claim 1, in which the load module, when executed by the electronic appliance, is configured to cause the electronic appliance to enable the electronic appliance to perform a financial transaction.
  - 6. The method of claim 1, in which the load module, when executed by the electronic appliance, is configured to cause the electronic appliance to prevent a user from making a copy of a piece of electronic content.
  - 7. The method of claim 1, in which the load module, when executed by the electronic appliance, is configured to cause the electronic appliance to record an aspect of usage of a piece of electronic content.

8. A non-transitory computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform steps comprising:
- verifying that a load module performs as specified by a specification associated with the load module;
  
  determining that the load module does not include harmful functionality; and
  
  conditionally digitally signing the load module based at least in part on results of the verifying and determining stepsdistributing, to a remote protected processing environment, a digital signature generated by the step of digitally singing the load module; and
  
  securely distributing a cryptographic key to the remote protected processing environment, the cryptographic key being configured for use in authenticating the digital signature.
- View Dependent Claims (9)
- - 9. The non-transitory computer-readable medium of claim 8, in which the cryptographic key comprises a public key.

10. A system comprising a processor and a non-transitory computer-readable medium encoded with program instructions that, when executed by the processor,cause the processor to perform a method comprising:
- receiving a load module and an associated specification;
  
  verifying that the load module performs as specified by the specification;
  
  determining that the load module does not include harmful functionality; and
  
  conditionally digitally signing the load module based at least in part on a result of the verifying and determining steps;
  
  distributing, to a remote protected processing environment, a digital signature generated by the digital signing step; and
  
  securely distributing a cryptographic key to the remote protected processing environment, the cryptographic key being configured for use in authenticating the digital signature.
- View Dependent Claims (11)
- - 11. The system of claim 10, in which the cryptographic key comprises a public key.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Sibert, W. Olin, Shear, Victor H., Van Wie, David M.
Primary Examiner(s)
Pyzocha; Michael
Assistant Examiner(s)
Callahan; Paul

Application Number

US11/841,600
Publication Number

US 20080031457A1
Time in Patent Office

1,065 Days
Field of Search

705/54, 713/156, 713/175, 713/190, 726/22, 717/178
US Class Current

726/22
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/10   Protecting distributed prog...

G06F 21/51   at application loading time...

G06F 2211/007   Encryption, En-/decode, En-...

G06Q 20/02   involving a neutral party, ...

G06Q 20/085   involving remote charge det...

G06Q 20/12   specially adapted for elect...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/3674   involving authentication

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/401   Transaction verification

G11B 20/00086   Circuits for prevention of ...

G11B 20/00159   Parental control systems

G11B 20/00173   wherein the origin of the c...

G11B 20/00188   involving measures which re...

G11B 20/00195   using a device identifier a...

G11B 20/0021   involving encryption or dec...

G11B 20/00543   wherein external data is en...

G11B 20/00557   wherein further management ...

G11B 20/00688 : said measures preventing th...

G11B 20/0071 : involving a purchase action

G11B 20/00768 : wherein copy control inform...

G11B 2220/216 : Rewritable discs

G11B 2220/218 : Write-once discs

G11B 2220/2562 : DVDs [digital versatile dis...

G11B 2220/2575 : DVD-RAMs

G11B 27/031 : Electronic editing of digit...

G11B 27/329 : on a disc [VTOC]

H04L 12/40104 : Security; Encryption; Conte...

H04L 12/40117 : Interconnection of audio or...

View All

Systems and methods using cryptography to protect secure computing environments

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

41 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods using cryptography to protect secure computing environments

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links