Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms

US 9,710,658 B2
Filed: 03/06/2015
Issued: 07/18/2017
Est. Priority Date: 11/30/2009
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a trusted entity including a non-volatile memory including instructions which, when executable by a hardware processor, cause the computing system to;

manage a set of modes of operation of the trusted entity;

associate, for each mode of operation, a set of cryptographic protocols from a plurality of cryptographic protocols available to the trusted entity;

associate, for each cryptographic protocol, a set of associated parameters from a plurality of associated parameters;

receive a request from an application to enact an operation, the request including a desired mode, a first cryptographic protocol from the set of cryptographic protocols and a first set of associated parameters from the plurality of associated parameters;

determine whether the first cryptographic protocol and the first set of associated parameters match the desired mode based on a mode list table stored in a non-transitory storage of the trusted entity; and

responsive to determining that the first cryptographic protocol and the first set of associated parameters match the desired mode, perform the requested operation.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

25 Citations

20 Claims

1. A computing system comprising:
- a trusted entity including a non-volatile memory including instructions which, when executable by a hardware processor, cause the computing system to;
  
  manage a set of modes of operation of the trusted entity;
  
  associate, for each mode of operation, a set of cryptographic protocols from a plurality of cryptographic protocols available to the trusted entity;
  
  associate, for each cryptographic protocol, a set of associated parameters from a plurality of associated parameters;
  
  receive a request from an application to enact an operation, the request including a desired mode, a first cryptographic protocol from the set of cryptographic protocols and a first set of associated parameters from the plurality of associated parameters;
  
  determine whether the first cryptographic protocol and the first set of associated parameters match the desired mode based on a mode list table stored in a non-transitory storage of the trusted entity; and
  
  responsive to determining that the first cryptographic protocol and the first set of associated parameters match the desired mode, perform the requested operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing system according to claim 1, wherein determining whether the first cryptographic protocol and the first set of associated parameters match the desired mode comprises:
    - comparing the first cryptographic protocol and the first set of associated parameters with a desired set of cryptographic protocols and a desired set of associated parameters stored in association with the desired mode in the mode table.
  - 3. The computing system according to claim 2, further comprising:
    - responsive to determining that the desired set of cryptographic protocols includes the first cryptographic protocol and the desired set of associated parameters includes the first set of associated parameters, determining whether the desired mode matches a current mode stored in a current mode register of a set of mode registers of the trusted entity.
  - 4. The computing system according to claim 3, further comprising:
    - responsive to determining that the desired mode matches the current mode, indicating that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 5. The computing system according to claim 4, further comprising:
    - responsive to determining that the desired mode does not match the current mode, updating the set of mode registers of the trusted entity.
  - 6. The computing system according to claim 5, wherein updating the set of mode registers comprises:
    - storing information about the desired mode in the current mode register;
      
      generating a new random nonce to store in a mode nonce register of the set of mode registers;
      
      determining whether the desired mode includes a trusted mode; and
      
      indicating that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 7. The computing system according to claim 6, further comprising:
    - responsive to determining that the desired mode includes the trusted mode;
      
      setting a trusted mode register to true;
      
      generating a second new random nonce to store in a trusted mode none register; and
      
      storing the second new random nonce in the trusted mode nonce register of the set of mode registers.
  - 8. The computing system according to claim 7, wherein determining whether the desired mode includes the trusted mode comprises:
    - responsive to determining that the desired mode does not include the trusted mode;
      
      setting a trusted mode register to false;
      
      generating a third new random nonce to store in a trusted mode none register; and
      
      storing the third new random nonce in the trusted mode nonce register of the set of mode registers.
  - 9. The computing system according to claim 1, wherein the trusted entity includes the non-volatile memory including instructions which, when executed by the hardware processor, cause the computing system to:
    - permit the computing device to be locked to operate in a subset of modes of operation.

10. A hardware trusted component including non-volatile memory executable by a hardware processor to:
- manage a set of modes of operation of the trusted entity;
  
  associate, for each mode of operation, a set of cryptographic protocols from a plurality of cryptographic protocols available to the trusted entity;
  
  associate, for each cryptographic protocol, a set of associated parameters from a plurality of associated parameters;
  
  receive a request from an application to enact an operation, the request including a desired mode, a first cryptographic protocol from the set of cryptographic protocols and a first set of associated parameters from the plurality of associated parameters;
  
  determine whether the first cryptographic protocol and the first set of associated parameters match the desired mode based on a mode list table stored in a non-transitory storage of the trusted entity; and
  
  responsive to determining that the first cryptographic protocol and the first set of associated parameters match the desired mode, perform the requested operation.
- View Dependent Claims (11, 12, 13)
- - 11. The hardware trusted component according to claim 10, wherein determining whether the first cryptographic protocol and the first set of associated parameters match the desired mode comprises:
    - comparing the first cryptographic protocol and the first set of associated parameters with a desired set of cryptographic protocols and a desired set of associated parameters stored in association with the desired mode in the mode table;
      
      responsive to determining that the desired set of cryptographic protocols includes the first cryptographic protocol and the desired set of associated parameters includes the first set of associated parameters, determining whether the desired mode matches a current mode stored in a current mode register of a set of mode registers of the trusted entity; and
      
      responsive to determining that the desired mode matches the current mode, indicating that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 12. The hardware trusted component according to claim 11, wherein the non-volatile memory is executable by the hardware processor to:
    - responsive to determining that the desired mode does not match the current mode, updating the set of mode registers of the trusted entity, wherein updating the set of mode registers comprises;
      
      storing information about the desired mode in the current mode register;
      
      generating a new random nonce to store in a mode nonce register of the set of mode registers;
      
      determining whether the desired mode includes a trusted mode; and
      
      indicating that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 13. The hardware trusted component according to claim 12, wherein determining whether the desired mode includes the trusted mode comprises:
    - responsive to determining that the desired mode includes the trusted mode;
      
      setting a trusted mode register to true;
      
      generating a second new random nonce to store in a trusted mode nonce register; and
      
      storing the new random nonce in the trusted mode nonce register of the set of mode registers; and
      
      responsive to determining that the desired mode does not include the trusted mode;
      
      setting a trusted mode register to false;
      
      generating a third new random nonce to store in the trusted mode none register; and
      
      storing the third new random nonce in a trusted mode nonce register of the set of mode registers.

14. A non-transitory computer readable medium including machine readable instructions that when executed by a physical processor cause the processor to:
- manage a set of modes of operation of the trusted entity;
  
  associate, for each mode of operation, a set of cryptographic protocols from a plurality of cryptographic protocols available to the trusted entity;
  
  associate, for each cryptographic protocol, a set of associated parameters from a plurality of associated parameters;
  
  receive a request from an application to enact an operation, the request including a desired mode, a first cryptographic protocol from the set of cryptographic protocols and a first set of associated parameters from the plurality of associated parameters;
  
  determine whether the first cryptographic protocol and the first set of associated parameters match the desired mode based on a mode list table stored in a non-transitory storage of the trusted entity; and
  
  responsive to determining that the first cryptographic protocol and the first set of associated parameters match the desired mode, perform the requested operation.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer readable medium of claim 14, wherein the machine readable instructions to determine whether the first cryptographic protocol and the first set of associated parameters match the desired mode comprise:
    - instructions to compare the first cryptographic protocol and the first set of associated parameters with a desired set of cryptographic protocols and a desired set of associated parameters stored in association with the desired mode in the mode table;
      
      instructions to, responsive to determining that the desired set of cryptographic protocols includes the first cryptographic protocol and the desired set of associated parameters includes the first set of associated parameters, determine whether the desired mode matches a current mode stored in a current mode register of a set of mode registers of the trusted entity; and
      
      instructions to, responsive to determining that the desired mode matches the current mode, indicate that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 16. The non-transitory computer readable medium of claim 14, further comprising:
    - instructions to, responsive to determining that the desired mode does not match the current mode, update the set of mode registers of the trusted entity, wherein updating the set of mode registers comprises;
      
      storing information about the desired mode in the current mode register;
      
      generating a new random nonce to store in a mode nonce register of the set of mode registers;
      
      determining whether the desired mode includes a trusted mode; and
      
      determining that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 17. The non-transitory computer readable medium of claim 16, wherein the machine readable instructions to determine whether the desired mode includes the trusted mode comprise:
    - instructions to, responsive to determining that the desired mode includes the trusted mode;
      
      set a trusted mode register to true;
      
      generate a second new random nonce to store in the trusted mode nonce register; and
      
      store the second new random nonce in the trusted mode nonce register of the set of mode registers; and
      
      instructions to, responsive to determining that the desired mode does not include the trusted mode;
      
      set a trusted mode register to false;
      
      generate a third new random nonce to store in the trusted mode nonce register; and
      
      store the third new random nonce in the trusted mode nonce register of the set of mode registers.

18. A method of operating a computing system comprising:
- managing, using a trusted entity executable by a hardware processor, a set of modes of operation of the trusted entity;
  
  associating, using the trusted entity, for each mode of operation, a set of cryptographic protocols from a plurality of cryptographic protocols available to the trusted entity;
  
  associating, using the trusted entity, for each cryptographic protocol, a set of associated parameters from a plurality of associated parameters;
  
  receiving, using the trusted entity, a request from an application to enact an operation, the request including a desired mode, a first cryptographic protocol from the set of cryptographic protocols and a first set of associated parameters from the plurality of associated parameters;
  
  determining, using the trusted entity, whether the first cryptographic protocol and the first set of associated parameters match the desired mode based on a mode list table stored in a non-transitory storage of the trusted entity; and
  
  responsive to determining that the first cryptographic protocol and the first set of associated parameters match the desired mode, performing, using the trusted entity, the requested operation.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein determining whether the first cryptographic protocol and the first set of associated parameters match the desired mode comprises:
    - comparing the first cryptographic protocol and the first set of associated parameters with a desired set of cryptographic protocols and a desired set of associated parameters stored in association with the desired mode in the mode table;
      
      responsive to determining that the desired set of cryptographic protocols includes the first cryptographic protocol and the desired set of associated parameters includes the first set of associated parameters, determining whether the desired mode matches a current mode stored in a current mode register of a set of mode registers of the trusted entity; and
      
      responsive to determining that the desired mode matches the current mode, indicating that the first cryptographic protocol and the first set of associated parameters match the desired mode.
  - 20. The method of claim 19, further comprising:
    - responsive to determining that the desired mode does not match the current mode, updating the set of mode registers of the trusted entity, wherein updating the set of mode registers comprises;
      
      storing information about the desired mode in the current mode register;
      
      generating a new random nonce to store in a mode nonce register of the set of mode registers;
      
      determining whether the desired mode includes a trusted mode; and
      
      indicating that the first cryptographic protocol and the first set of associated parameters match the desired mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Ali, Valiuddin Y., Proudler, Graeme John
Primary Examiner(s)
CHANG, KENNETH W

Application Number

US14/640,730
Publication Number

US 20160042186A1
Time in Patent Office

865 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 21/74   operating in dual or compar...

G06F 9/44505   Configuring for program ini...

H04L 2209/127   Trusted platform modules [TPM]

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/14   using a plurality of keys o...

Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links