Support for multiple security policies on a unified authentication architecture

US 8,166,304 B2
Filed: 10/02/2007
Issued: 04/24/2012
Est. Priority Date: 10/02/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of processing data, the method comprising:

decrypting, by a computer, using initialization hardware, an encrypted copy of a secure operating system kernel for storage into memory accessible to a processor datapath of the computer, wherein the secure operating system kernel contains a secure kernel cryptographic key; and

executing, by the computer, the secure kernel accessed from said memory, wherein the executing includes;

providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors;

determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors;

responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring;

responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring;

validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and

validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair'"'"'s public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.

Citations

20 Claims

1. A computer-implemented method of processing data, the method comprising:
- decrypting, by a computer, using initialization hardware, an encrypted copy of a secure operating system kernel for storage into memory accessible to a processor datapath of the computer, wherein the secure operating system kernel contains a secure kernel cryptographic key; and
  
  executing, by the computer, the secure kernel accessed from said memory, wherein the executing includes;
  
  providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors;
  
  determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors;
  
  responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring;
  
  responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring;
  
  validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and
  
  validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the application-associated cryptographic key is stored in conjunction with the software application.
  - 3. The method of claim 1, wherein the initialization hardware operates independently from the processor datapath.
  - 4. The method of claim 1, further comprising:
    - determining if validation of the application-associated cryptographic key was successful; and
      
      responsive to determining the validation of the application-associated cryptographic key was successful, generating a new signature of the application-associated cryptographic key using a signing cryptographic key associated with the secure kernel.
  - 5. The method of claim 4, wherein the signing cryptographic key is a private key in a key pair in which said secure kernel cryptographic key is a corresponding public key.
  - 6. The method of claim 1, further comprising:
    - verifying a digital signature of the software application using the application-associated cryptographic key.
  - 7. The method of claim 1, further comprising:
    - executing the software application only if said validating of the digital signature of the application-associated cryptographic key using the key-ring cryptographic key succeeds.

8. A computer program product comprising a computer-readable device with code thereon for execution by a computer having a memory, a processor datapath, and dedicated initialization hardware, the computer program product code comprising:
- an encrypted kernel, wherein the encrypted kernel is adapted to be decrypted into a decrypted form by the dedicated initialization hardware and executed in the decrypted form by the processor datapath, the encrypted kernel including a secure kernel cryptographic key and instructions executing on the encrypted kernel for;
  
  providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors;
  
  determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors;
  
  responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring;
  
  responsive to determining that only software from approved sources should be executed-excluding the global public key in the key ring;
  
  validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and
  
  validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the application-associated cryptographic key is stored in conjunction with the software application.
  - 10. The computer program product of claim 8, wherein the initialization hardware operates independently from the processor datapath.
  - 11. The computer program product of claim 8, the encrypted kernel further comprising instructions for:
    - determining if validation of the application-associated cryptographic key was successful; and
      
      responsive to determining that the validation of the application-associated cryptographic key was successful, generating a new signature of the application-associated cryptographic key using a signing cryptographic key associated with the secure kernel.
  - 12. The computer program product of claim 11, wherein the signing cryptographic key is a private key in, a key pair in which said secure kernel cryptographic key is a corresponding public key.
  - 13. The computer program product of claim 8, further comprising:
    - instructions for verifying a digital signature of the software application using the application-associated cryptographic key.
  - 14. The computer program product of claim 8, the encrypted kernel further comprising instructions for:
    - initiating execution of the software application only if said validating of the digital signature of the application-associated cryptographic key using the key-ring cryptographic key succeeds.

15. A data processing system comprising:
- initialization hardware;
  
  a processor datapath;
  
  memory accessible to the processor datapath and the initialization hardware; and
  
  non-volatile storage containing an encrypted copy of a secure kernel having one or more sensitive portions, wherein the initialization hardware decrypts the encrypted copy into the memory, the processor datapath executes the secure kernel from the memory to perform actions that include;
  
  providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors;
  
  determining, from an option setting, whether it is desired for the data processing system to execute only software from approved vendors;
  
  responsive to determining that it is not desired for the data processing system to execute only software from approved vendors, including a global public key in the key ring;
  
  responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring;
  
  validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and
  
  validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The data processing system of claim 15, wherein the application-associated cryptographic key is stored in conjunction with the software application.
  - 17. The data processing system of claim 15, wherein the initialization hardware operates independently from the processor datapath.
  - 18. The data processing system of claim 15, wherein the processor datapath executes the secure kernel from the memory to perform additional actions of:
    - determining if validation of the application-associated cryptographic key was successful; and
      
      responsive to determining the validation of the application-associated cryptographic key was successful, generating a new signature of the application-associated cryptographic key using a signing cryptographic key associated with the secure kernel.
  - 19. The data processing system of claim 18, wherein the signing cryptographic key is a private key in a key pair in which said secure kernel cryptographic key is a corresponding public key.
  - 20. The data processing system of claim 15, wherein the processor datapath executes the secure kernel from the memory to perform additional actions of:
    - verifying a digital signature of the software application using the application-associated cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Murase, Masana, Plouffe, Wilfred E. Jr., Shimizu, Kanna, Zbarsky, Vladimir
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Rahman, Mahfuzur

Application Number

US11/866,020
Publication Number

US 20090086974A1
Time in Patent Office

1,666 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

G06F 21/51   at application loading time...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0836   using tree structure or hie...

H04L 9/3247   involving digital signatures

Support for multiple security policies on a unified authentication architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Support for multiple security policies on a unified authentication architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links