Controlled secure code authentication
First Claim
1. A non-transitory computer-readable storage medium having instructions stored thereon which, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- transmitting, from a host device, a request to a client device, the request including a challenge for a property of a code stored within the client device that is to be authorized by the host device, wherein the host device has a security capability greater than the client device and is configured to control secure authorization of the code stored within the client device;
receiving, at the host device, a response to the request, the response comprising information associated with the property of the code, but without receiving a copy of the code from the client device;
verifying, by the host device, correctness of the response based on the received information associated with the property of the code stored within the client device that is to be authorized by the host device and information of an authorized code that is stored in a secure storage associated with the host device before the request is transmitted from the host device to the client device; and
determining, by the host device and based on the verifying of the correctness of the response, that the code stored within the client device is authorized,wherein the host device comprises the secure storage configured to store the information of the authorized code, and wherein the information of the authorized code comprises at least one of a copy of the authorized code, a digest of the authorized code, a signature of the authorized code, and a message authentication code (MAC) of the authorized code.
15 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, circuits and computer-readable mediums for controlled secure code authentication are provided. In one aspect, a method performed by a host device includes transmitting a request to a client device, the request including a challenge for a property of a code stored within the client device, receiving a response to the request, the response comprising information associated with the property of the code, verifying correctness of the response based on the received information, and based on the verifying of the correctness of the response, determining that the code is an authorized code.
89 Citations
21 Claims
-
1. A non-transitory computer-readable storage medium having instructions stored thereon which, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
transmitting, from a host device, a request to a client device, the request including a challenge for a property of a code stored within the client device that is to be authorized by the host device, wherein the host device has a security capability greater than the client device and is configured to control secure authorization of the code stored within the client device; receiving, at the host device, a response to the request, the response comprising information associated with the property of the code, but without receiving a copy of the code from the client device; verifying, by the host device, correctness of the response based on the received information associated with the property of the code stored within the client device that is to be authorized by the host device and information of an authorized code that is stored in a secure storage associated with the host device before the request is transmitted from the host device to the client device; and determining, by the host device and based on the verifying of the correctness of the response, that the code stored within the client device is authorized, wherein the host device comprises the secure storage configured to store the information of the authorized code, and wherein the information of the authorized code comprises at least one of a copy of the authorized code, a digest of the authorized code, a signature of the authorized code, and a message authentication code (MAC) of the authorized code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A host device controller comprising:
-
a processor; and one or more storage media coupled to the processor and storing logic configured to cause the processor, when executed by the processor, to; transmit a request to a client device, the request including a challenge for a property of a code stored within the client device that is to be authorized by the host device controller, wherein the host device controller has a security capability greater than the client device and is configured to control secure authorization of the code stored within the client device; receive a response to the request, the response comprising information associated with the property of the code, but without receiving a copy of the code from the client device; verify correctness of the response based on the received information associated with the property of the code stored within the client device that is to be authorized by the host device and information of an authorized code stored in a secure storage associated with the host device controller before the request is transmitted from the host device to the client device; and based on the verifying of the correctness of the response, determine that the code stored within the client device is authorized, wherein the host device controller comprises the secure storage configured to store the information of the authorized code, and wherein the information of the authorized code comprises at least one of a copy of the authorized code, a digest of the authorized code, a signature of the authorized code, and a message authentication code (MAC) of the authorized code. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
transmitting, by a host device, a request to a client device, the request including a challenge for a property of a code stored within the client device that is to be authorized by the host device, wherein the host device has a security capability greater than the client device and is configured to control secure authorization of the code stored within the client device; receiving, by the host device, a response to the request, the response comprising information associated with the property of the code, but without receiving a copy of the code from the client device; verifying, by the host device, correctness of the response based on the received information associated with the property of the code stored within the client device that is to be authorized by the host device and information of an authorized code stored in a secure storage associated with the host device before the request is transmitted from the host device to the client device; and based on the verifying of the correctness of the response, determining, by the host device, that the code stored within the client device is authorized, wherein the host device comprises the secure storage configured to store the information of the authorized code, and wherein the information of the authorized code comprises at least one of a copy of the authorized code, a digest of the authorized code, a signature of the authorized code, and a message authentication code (MAC) of the authorized code.
-
Specification