Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms

US 9,026,803 B2
Filed: 11/30/2009
Issued: 05/05/2015
Est. Priority Date: 11/30/2009
Status: Active Grant

First Claim

Patent Images

1. A computing platform comprising:

a trusted entity including,a non-transitory memory that stores mode of operation information, the mode of operation information comprising;

a mode list table that identifies a set of operating modes, a first operating mode of the set of operating modes comprising a mode name and characteristics of cryptographic algorithms, wherein the characteristics of each of the cryptographic algorithms comprise;

the cryptographic algorithm, parameters associated with the cryptographic algorithm; and

a name of the cryptographic algorithm, the name of the cryptographic algorithm including a statistically unique identifier based on the parameters associated with the cryptographic algorithm, wherein the mode name includes a second statistically unique identifier cryptographically derived from characteristics of the first operating mode; and

a hardware controller that;

receives a request including a desired operating mode, a desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm;

compares the desired operating mode, the desired cryptographic algorithm, and the desired parameters associated with the desired cryptographic algorithm, with the algorithms and parameters associated with the names of the cryptographic algorithms in the mode list table;

determines, in response to the comparison, whether the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table; and

responsive to a determination that the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table, implements cryptographic operations using the desired cryptographic algorithm.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

22 Citations

16 Claims

1. A computing platform comprising:
- a trusted entity including,a non-transitory memory that stores mode of operation information, the mode of operation information comprising;
  
  a mode list table that identifies a set of operating modes, a first operating mode of the set of operating modes comprising a mode name and characteristics of cryptographic algorithms, wherein the characteristics of each of the cryptographic algorithms comprise;
  
  the cryptographic algorithm, parameters associated with the cryptographic algorithm; and
  
  a name of the cryptographic algorithm, the name of the cryptographic algorithm including a statistically unique identifier based on the parameters associated with the cryptographic algorithm, wherein the mode name includes a second statistically unique identifier cryptographically derived from characteristics of the first operating mode; and
  
  a hardware controller that;
  
  receives a request including a desired operating mode, a desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm;
  
  compares the desired operating mode, the desired cryptographic algorithm, and the desired parameters associated with the desired cryptographic algorithm, with the algorithms and parameters associated with the names of the cryptographic algorithms in the mode list table;
  
  determines, in response to the comparison, whether the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table; and
  
  responsive to a determination that the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table, implements cryptographic operations using the desired cryptographic algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing platform of claim 1, wherein the mode of operation information further comprises:
    - a trusted mode value;
      
      a trusted mode change indicator value,wherein the mode list table further comprises an individual trusted mode flag associated with each operating mode of the set of operating modes, the trusted mode flag indicating whether the associated operating mode is recommended by a trusted party; and
      
      wherein the hardware controller;
      
      determines whether the desired operating mode is recommended by the trusted party based on the trusted mode flag listed in the mode list table for the desired operating mode;
      
      in response to a determination that the desired operating mode is recommended by the trusted party, sets the trusted mode value to indicate that the desired operating mode is recommended by the trusted party; and
      
      sets the trusted mode change indicator value to a random value generated responsive to the trusted mode value changing.
  - 3. The computing platform of claim 1, wherein the trusted entity stores data resulting from the cryptographic operation and seals the stored data based upon mode of operation information.
  - 4. The computing platform of claim 3, wherein the trusted entity either releases or use the stored data in response to a determination that a new operating mode is compatible with the mode of operation information based upon which the stored data was sealed.
  - 5. The computing platform of claim 4, wherein the new operating mode is determined to be compatible responsive to a determination that the new operating mode comprises at least one of the following characteristics:
    - is a trusted mode of operation;
      
      has not changed since the data was stored;
      
      orhas not been un-trusted in a current boot cycle of the computer platform.
  - 6. The computing platform of claim 1, wherein the hardware controller reports the desired operating mode.
  - 7. The computing platform of claim 1, wherein the trusted entity permits locking, by an authenticated party of the trusted entity, operation of the trusted entity into trusted modes of operation, wherein the trusted modes of operation comprise modes recommended and defined by the trusted party.
  - 8. The computing platform of claim 1, wherein the mode of operation information further comprises:
    - a current mode register that stores a current operating mode of the trusted entity; and
      
      a mode change indicator value; and
      
      wherein the hardware controller further;
      
      determines whether the desired operating mode is stored in the current mode register in response to a determination that the desired operating mode is in the mode list table; and
      
      stores the desired operating mode in the current mode register and sets the mode change indicator value to a random value in response to a determination that the desired operating mode is not stored in the current mode register.

9. A hardware trusted component comprising:
- a non-transitory memory that stores mode of operation information, comprising;
  
  a mode list table that identifies a set of operating modes, a first operating mode of the set of operating modes comprising a mode name and characteristics of cryptographic algorithms, wherein the characteristics of each of the cryptographic algorithms comprise;
  
  the cryptographic algorithm, parameters associated with the cryptographic algorithm; and
  
  a name of the cryptographic algorithm, the name of the cryptographic algorithm including a statistically unique identifier based on the parameters associated with the cryptographic algorithm, wherein the mode name includes a second statistically unique identifier cryptographically derived from characteristics of the first operating mode; and
  
  a hardware controller that;
  
  receives a request including a desired operating mode, the desired operating mode including a desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm;
  
  compares the desired operating mode, the desired cryptographic algorithm, and the desired parameters associated with the desired cryptographic algorithm, with the algorithms and parameters associated with the names of the cryptographic algorithms in the mode list table;
  
  determines, in response to the comparison, whether the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table; and
  
  responsive to a determination that the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table, implements cryptographic operations using the desired cryptographic algorithm.
- View Dependent Claims (10)
- - 10. The hardware trusted component of claim 9, wherein the mode of operation information further comprises:
    - a current mode register that stores a current operating mode of the trusted entity; and
      
      a mode change indicator value; and
      
      wherein the hardware controller further;
      
      determines whether the desired operating mode is stored in the current mode register in response to a determination that the desired operating mode is in the mode list table; and
      
      stores the desired operating mode in the current mode register and set the mode change indicator value to a random value in response to a determination that the desired operating mode is not stored in the current mode register.

11. A non-transitory computer readable storage medium comprising instructions recorded thereon that, when executed by a processor, perform cryptographic operations and cause the processor to:
- store in a memory, mode of operation information comprising;
  
  a mode list table that identifies a set of operating modes, a first operating mode of the set of operating modes comprising a mode name and characteristics of cryptographic algorithms, wherein the characteristics of each of the cryptographic algorithms comprise;
  
  the cryptographic algorithm, parameters associated with the cryptographic algorithm; and
  
  a name of the cryptographic algorithm, the name of the cryptographic algorithm including a statistically unique identifier based on the parameters associated with the cryptographic algorithm, wherein the mode name includes a second statistically unique identifier cryptographically derived from characteristics of the first operating mode;
  
  receive a request for a desired operating mode, the desired operating mode including a mode name, a cryptographic algorithm, and parameters associated with the desired cryptographic algorithm;
  
  compare the desired operating mode, the desired cryptographic algorithm, and the desired parameters associated with the desired cryptographic algorithm, with the algorithms and parameters associated with the names of the cryptographic algorithms in the mode list table;
  
  determine, responsive to the comparison, whether the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table; and
  
  responsive to a determination that the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table, implements cryptographic operations using the desired cryptographic algorithm.
- View Dependent Claims (12, 13)
- - 12. The non-transitory computer readable storage medium of claim 11,wherein the cryptographic operations are performed within a trusted entity and the mode of operation information further comprises:
    - a trusted mode value;
      
      a trusted mode change indicator value, andthe mode list table further comprises a trusted mode flag associated with each of the at least one operating mode, the trusted mode flag indicating whether the associated operating mode is recommended by a trusted party; and
      
      wherein the instructions are further to cause the processor to;
      
      determine whether the desired operating mode is recommended by a trusted party based on the trusted mode flag corresponding to the desired operating mode in the mode list table;
      
      in response to a determination that the desired operating mode is recommended by a trusted party, set the trusted mode value to indicate that the desired operating mode is recommended by a trusted party; and
      
      set the trusted mode change indicator value to a random value generated each time the trusted mode value changes.
  - 13. The non-transitory computer readable storage medium of claim 11, wherein the mode of operation information further comprises:
    - a current mode register that stores a current operating mode of the trusted entity; and
      
      a mode change indicator value; and
      
      the instructions are to further cause the processor to;
      
      determine whether the desired operating mode is stored in the current mode register in response to a determination that the desired operating mode is in the mode list table; and
      
      store the desired operating mode in the current mode register and set the mode change indicator value to a random value in response to a determination that the desired operating mode is not stored in the current mode register.

14. A method of operating a computing platform incorporating a trusted entity, the method comprising:
- storing in a memory, mode of operation information comprising;
  
  a mode list table that identifies a set of operating modes, a first operating mode of the set of operating modes comprising a mode name and characteristics of cryptographic algorithms, wherein the characteristics of each of the cryptographic algorithms comprise;
  
  the cryptographic algorithm, parameters associated with the cryptographic algorithm; and
  
  a name of the cryptographic algorithm, the name of the cryptographic algorithm including a statistically unique identifier based on the parameters associated with the cryptographic algorithm, wherein the mode name includes a second statistically unique identifier cryptographically derived from characteristics of the first operating mode;
  
  receiving, by a hardware controller, a request including a desired operating mode, a desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm;
  
  comparing the desired operating mode, the desired cryptographic algorithm, and the desired parameters associated with the desired cryptographic algorithm, with the algorithms and parameters associated with the names of the cryptographic algorithms in the mode list table;
  
  determining, responsive to the comparing, whether the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table; and
  
  responsive to a determination that the desired operating mode, desired cryptographic algorithm, and desired parameters associated with the desired cryptographic algorithm, are listed in the mode list table, implementing cryptographic operations using the desired cryptographic algorithm.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, wherein the mode of operation information further comprises:
    - a trusted mode value;
      
      a trusted mode change indicator value,wherein the mode list table further comprises an individual trusted mode flag associated with each operating mode of the set of operating modes, the trusted mode flag indicating whether the associated operating mode is recommended by a trusted party; and
      
      the method further comprising;
      
      determining whether the desired operating mode is recommended by the trusted party based on the trusted mode flag listed in the mode list table for the desired operating mode;
      
      setting, in response to a determination that the desired operating mode is recommended by the trusted party, the trusted mode value to indicate that the desired operating mode is recommended by the trusted party; and
      
      setting the trusted mode change indicator value to a random value responsive to the trusted mode value changing.
  - 16. The method of claim 14, wherein the mode of operation information further comprises:
    - a current mode register that stores a current operating mode of the trusted entity; and
      
      a mode change indicator value; and
      
      wherein the method further comprises;
      
      determining whether the desired operating mode is stored in the current mode register in response to determining that the desired operating mode is in the mode list table; and
      
      storing the desired operating mode in the current mode register and setting the mode change indicator value to a random value in response to determining that the desired operating mode is not stored in the current mode register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Ali, Valiuddin Y., Proudler, Graeme John
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US12/627,500
Publication Number

US 20110131420A1
Time in Patent Office

1,982 Days
Field of Search

713/189
US Class Current

713/189
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 21/74   operating in dual or compar...

G06F 9/44505   Configuring for program ini...

H04L 2209/127   Trusted platform modules [TPM]

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/14   using a plurality of keys o...

Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links