Signing a library file to verify a callback function
First Claim
Patent Images
1. A method of operating a computer to provide access to a stored secret, the stored secret being stored on a non-transitory computer-readable medium, the method comprising:
- as part of an initialization process, (1) calculating and storing a signature of a trusted library file containing a trusted function usable to generate stable system values (SSVs) of the computer, and (2) calculating and storing a first value based on an initial set of SSVs generated by the trusted function, the first value to be used by an access control function to enable the access to the stored secret; and
as part of a use process, (1) calculating a signature of a loaded library file containing an untrusted function used to generate a current set of SSVs, (2) comparing the respective signatures of the trusted library file and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permitting an access-granting output of the access control function to enable the access to the stored secret.
9 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for providing access to a stored secret using a callback function that generates stable system values. The callback function, which is stored in a library file, is verified by securely storing a signature of the library file and later generating another signature of the library file. Access to the stored secret using the callback function is only permitted when the callback function is verified.
-
Citations
19 Claims
-
1. A method of operating a computer to provide access to a stored secret, the stored secret being stored on a non-transitory computer-readable medium, the method comprising:
-
as part of an initialization process, (1) calculating and storing a signature of a trusted library file containing a trusted function usable to generate stable system values (SSVs) of the computer, and (2) calculating and storing a first value based on an initial set of SSVs generated by the trusted function, the first value to be used by an access control function to enable the access to the stored secret; and as part of a use process, (1) calculating a signature of a loaded library file containing an untrusted function used to generate a current set of SSVs, (2) comparing the respective signatures of the trusted library file and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permitting an access-granting output of the access control function to enable the access to the stored secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising a non-transitory computer-readable medium storing computer code, which, upon execution by a computer, causes the computer to:
-
as part of an initialization process, (1) calculate and store a signature of a trusted library file containing a trusted function usable to generate stable system values (SSVs) of the computer, and (2) calculate and store a first value based on an initial set of SSVs generated by the trusted function, the first value to be used by an access control function to enable access to a stored secret; and as part of a use process, (1) calculate a signature of a loaded library file containing an untrusted function used to generate a current set of SSVs, (2) compare the respective signatures of the trusted library file and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permit an access-granting output of the access control function to enable the access to the stored secret. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus comprising:
-
a user-interface; memory, the memory storing stable values; and a controller, the controller being configured to; as part of an initialization process, (1) calculate and store in memory a signature of a trusted library file from memory containing a trusted function usable to generate stable system values (SSVs) of the computer based on the stable values stored in memory, and (2) calculate and store in memory a first value based on an initial set of SSVs generated by the trusted function, the first value and a second value to be used by an access control function to enable access to a stored secret stored in memory; and as part of a use process, (1) calculate a signature of a loaded library file from memory containing an untrusted function used to generate a current set of SSVs, (2) compare the respective signatures of the trusted library file from memory and the loaded library file to generate a comparison result signal, and (3) only when the comparison result signal indicates a successful comparison, permit an access-granting output of the access control function to enable the access to the stored secret in memory.
-
Specification