Support for multiple security policies on a unified authentication architecture
First Claim
1. A computer-implemented method of processing data, the method comprising:
- decrypting, by a computer, using initialization hardware, an encrypted copy of a secure operating system kernel for storage into memory accessible to a processor datapath of the computer, wherein the secure operating system kernel contains a secure kernel cryptographic key; and
executing, by the computer, the secure kernel accessed from said memory, wherein the executing includes;
providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors;
determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors;
responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring;
responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring;
validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and
validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair'"'"'s public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.
-
Citations
20 Claims
-
1. A computer-implemented method of processing data, the method comprising:
-
decrypting, by a computer, using initialization hardware, an encrypted copy of a secure operating system kernel for storage into memory accessible to a processor datapath of the computer, wherein the secure operating system kernel contains a secure kernel cryptographic key; and executing, by the computer, the secure kernel accessed from said memory, wherein the executing includes; providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors; determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors; responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring; responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring; validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising a computer-readable device with code thereon for execution by a computer having a memory, a processor datapath, and dedicated initialization hardware, the computer program product code comprising:
an encrypted kernel, wherein the encrypted kernel is adapted to be decrypted into a decrypted form by the dedicated initialization hardware and executed in the decrypted form by the processor datapath, the encrypted kernel including a secure kernel cryptographic key and instructions executing on the encrypted kernel for; providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors; determining, from an option setting, whether it is desired for the computer to execute only software from approved vendors; responsive to determining that it is not desired for the computer to execute only software from approved vendors, including a global public key in the key ring; responsive to determining that only software from approved sources should be executed-excluding the global public key in the key ring; validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A data processing system comprising:
-
initialization hardware; a processor datapath; memory accessible to the processor datapath and the initialization hardware; and non-volatile storage containing an encrypted copy of a secure kernel having one or more sensitive portions, wherein the initialization hardware decrypts the encrypted copy into the memory, the processor datapath executes the secure kernel from the memory to perform actions that include; providing a key ring of cryptographic keys, wherein at least a subset of the cryptographic keys in the key ring are associated with respective software vendors; determining, from an option setting, whether it is desired for the data processing system to execute only software from approved vendors; responsive to determining that it is not desired for the data processing system to execute only software from approved vendors, including a global public key in the key ring; responsive to determining that only software from approved sources should be executed excluding the global public key in the key ring; validating a digital signature of a key-ring cryptographic key using the secure kernel cryptographic key, wherein the key-ring cryptographic key is one of the cryptographic keys in the key ring; and validating a digital signature of an application-associated cryptographic key using the key-ring cryptographic key, wherein the application-associated cryptographic key is associated with a software application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification