Signing a library file to verify a callback function

US 8,499,357 B1
Filed: 09/28/2010
Issued: 07/30/2013
Est. Priority Date: 08/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method of operating a computer to provide access to a stored secret, the stored secret being stored on a non-transitory computer-readable medium, the method comprising:

as part of an initialization process, (1) calculating and storing a signature of a trusted library file containing a trusted function usable to generate stable system values (SSVs) of the computer, and (2) calculating and storing a first value based on an initial set of SSVs generated by the trusted function, the first value to be used by an access control function to enable the access to the stored secret; and

as part of a use process, (1) calculating a signature of a loaded library file containing an untrusted function used to generate a current set of SSVs, (2) comparing the respective signatures of the trusted library file and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permitting an access-granting output of the access control function to enable the access to the stored secret.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for providing access to a stored secret using a callback function that generates stable system values. The callback function, which is stored in a library file, is verified by securely storing a signature of the library file and later generating another signature of the library file. Access to the stored secret using the callback function is only permitted when the callback function is verified.

Citations

19 Claims

1. A method of operating a computer to provide access to a stored secret, the stored secret being stored on a non-transitory computer-readable medium, the method comprising:
- as part of an initialization process, (1) calculating and storing a signature of a trusted library file containing a trusted function usable to generate stable system values (SSVs) of the computer, and (2) calculating and storing a first value based on an initial set of SSVs generated by the trusted function, the first value to be used by an access control function to enable the access to the stored secret; and
  
  as part of a use process, (1) calculating a signature of a loaded library file containing an untrusted function used to generate a current set of SSVs, (2) comparing the respective signatures of the trusted library file and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permitting an access-granting output of the access control function to enable the access to the stored secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the method further comprises, within the initialization process, (3) receiving the trusted function from an application, and (4) receiving the stored secret from the application.
  - 3. The method of claim 2 wherein the application is an encrypted storage application and the stored secret is an encryption key used by the encrypted storage application.
  - 4. The method of claim 1 wherein:
    - calculating and storing the first value includes encrypting a master encryption key using the initial set of SSVs to generate the first value, wherein the master encryption key is used to encrypt the stored secret; and
      
      permitting the access-granting output of the access control function to enable the access to the stored secret includes;
      
      decrypting the first value using the current set of SSVs to generate a second value; and
      
      decrypting the stored secret using the second value.
  - 5. The method of claim 4 wherein:
    - encrypting the master encryption key includes processing the master encryption key through an M of N Bloom-Shamir split secret algorithm using the initial set of SSVs, wherein N represents the number of elements in the initial set of SSVs and M is less than N; and
      
      decrypting the first value includes providing M values from the current set of SSVs that match respective values from the initial set of SSVs.
  - 6. The method of claim 4 wherein:
    - calculating and storing the first value further includes further encrypting the master encryption key using a secret key known only to the access control function; and
      
      permitting the access-granting output of the access control function to enable the access to the stored secret further includes further decrypting the first value using the secret key.
  - 7. The method of claim 6 wherein calculating and storing the signature includes cryptographically hashing the trusted library file with the secret key to generate the signature.
  - 8. The method of claim 1 wherein the method further comprises:
    - within the initialization process, (3) storing a pointer to the trusted library file in a configuration file, (4) generating a signature of the configuration file, (5) encrypting the signature of the configuration file to generate an encrypted signature of the configuration file, and (6) storing the encrypted signature of the configuration file; and
      
      within the use process, (4) validating the configuration file by;
      
      decrypting the encrypted signature of the configuration file to generate a regenerated signature of the library file;
      
      generating a current signature of the configuration file;
      
      comparing the current signature of the configuration file to the regenerated signature of the configuration file; and
      
      if the comparison fails, then refraining from decrypting the secret, otherwise proceeding to generate the comparison result signal.
  - 9. The method of claim 1 wherein:
    - calculating and storing the first value includes encrypting a master encryption key using the initial set of SSVs to generate the first value, wherein the master encryption key is used to encrypt the stored secret; and
      
      only when the comparison result signal indicates a successful comparison, permitting the access-granting output of the access control function to enable the access to the stored secret includes;
      
      if the comparison result signal does not indicate a successful comparison, then refraining from enabling the access to the stored secret; and
      
      if the comparison result signal indicates a successful comparison, then;
      
      generating the current set of SSVs using the untrusted function;
      
      decrypting the first value using the current set of SSVs to generate a master encryption key candidate; and
      
      decrypting the stored secret using the master encryption key candidate, the decrypting only being successful if the master encryption key candidate is equal to the master encryption key.
  - 10. The method of claim 9 wherein:
    - encrypting the master encryption key includes processing the master encryption key through an M of N split secret algorithm using the initial set of SSVs, wherein N represents the number of elements in the initial set of SSVs and M is less than N; and
      
      decrypting the first value includes providing M values from the current set of SSVs that match respective values from the initial set of SSVs.

11. A computer program product comprising a non-transitory computer-readable medium storing computer code, which, upon execution by a computer, causes the computer to:
- as part of an initialization process, (1) calculate and store a signature of a trusted library file containing a trusted function usable to generate stable system values (SSVs) of the computer, and (2) calculate and store a first value based on an initial set of SSVs generated by the trusted function, the first value to be used by an access control function to enable access to a stored secret; and
  
  as part of a use process, (1) calculate a signature of a loaded library file containing an untrusted function used to generate a current set of SSVs, (2) compare the respective signatures of the trusted library file and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permit an access-granting output of the access control function to enable the access to the stored secret.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer program product of claim 11 wherein the code, upon execution by the computer, causes the computer to, within the initialization process, (3) receive the trusted function from an application, and (4) receive the stored secret from the application.
  - 13. The computer program product of claim 12 wherein the application is an encrypted storage application and the stored secret is an encryption key used by the encrypted storage application.
  - 14. The computer program product of claim 11 wherein the code, upon execution by the computer:
    - when calculating and storing the first value, causes the computer to encrypt a master encryption key using the initial set of SSVs to generate the first value, wherein the master encryption key is used to encrypt the stored secret; and
      
      when permitting the access-granting output of the access control function to enable the access to the stored secret, causes the computer to;
      
      decrypt the first value using the current set of SSVs to generate a second value; and
      
      decrypt the stored secret using the second value.
  - 15. The computer program product of claim 14 wherein the code, upon execution by the computer:
    - when encrypting the master encryption key, causes the computer to process the master encryption key through an M of N Bloom-Shamir split secret algorithm using the initial set of SSVs, wherein N represents the number of elements in the initial set of SSVs and M is less than N; and
      
      when decrypting the first value, causes the computer to provide M values from the current set of SSVs that match respective values from the initial set of SSVs.
  - 16. The computer program product of claim 14 wherein the code, upon execution by the computer:
    - when calculating and storing the first value, further causes the computer to further encrypt the master encryption key using a secret key known only to the access control function; and
      
      when permitting the access-granting output of the access control function to enable the access to the stored secret, further causes the computer to further decrypt the first value using the secret key.
  - 17. The computer program product of claim 16 wherein the code, upon execution by the computer, when calculating and storing the signature, causes the computer to cryptographically hash the trusted library file with the secret key to generate the signature.
  - 18. The computer program product of claim 11 wherein the code, upon execution by the computer, further causes the computer to:
    - within the initialization process, (3) store a pointer to the trusted library file in a configuration file, (4) generate a signature of the configuration file, (5) encrypt the signature of the configuration file to generate an encrypted signature of the configuration file, and (6) store the encrypted signature of the configuration file; and
      
      within the use process, (4) validate the configuration file by;
      
      decrypting the encrypted signature of the configuration file to generate a regenerated signature of the library file;
      
      generating a current signature of the configuration file;
      
      comparing the current signature of the configuration file to the regenerated signature of the configuration file; and
      
      if the comparison fails, then refraining from decrypting the secret, otherwise proceeding to generate the comparison result signal.

19. An apparatus comprising:
- a user-interface;
  
  memory, the memory storing stable values; and
  
  a controller, the controller being configured to;
  
  as part of an initialization process, (1) calculate and store in memory a signature of a trusted library file from memory containing a trusted function usable to generate stable system values (SSVs) of the computer based on the stable values stored in memory, and (2) calculate and store in memory a first value based on an initial set of SSVs generated by the trusted function, the first value and a second value to be used by an access control function to enable access to a stored secret stored in memory; and
  
  as part of a use process, (1) calculate a signature of a loaded library file from memory containing an untrusted function used to generate a current set of SSVs, (2) compare the respective signatures of the trusted library file from memory and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permit an access-granting output of the access control function to enable the access to the stored secret in memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Juvekar, Prashant R.
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US12/892,417
Time in Patent Office

1,036 Days
Field of Search

None
US Class Current

726/27
CPC Class Codes

G06F 21/54 by adding security routines...

Signing a library file to verify a callback function

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Signing a library file to verify a callback function

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links