Secure repository with layers of tamper resistance and system and method for providing same
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04K-001/00
G06F-011/30
H04L-009/00
출원번호
UP-0604174
(2000-06-27)
등록번호
US-7539875
(2009-07-01)
발명자
/ 주소
Manferdelli, John L.
Marr, Michael David
Krishnaswamy, Vinay
Jakubowski, Mariusz H.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Woodcock Washburn LLP
인용정보
피인용 횟수 :
15인용 특허 :
72
초록▼
A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is gener
A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries.
대표청구항▼
What is claimed is: 1. A method of generating a computer program storable on a computer-readable medium, said method comprising the acts of: identifying a set of actions that are performed in the course of using a cryptographic algorithm to apply a cryptographic key to first data; identifying attri
What is claimed is: 1. A method of generating a computer program storable on a computer-readable medium, said method comprising the acts of: identifying a set of actions that are performed in the course of using a cryptographic algorithm to apply a cryptographic key to first data; identifying attributes of said cryptographic key corresponding to said set of actions; generating a first set of computer-executable instructions which includes instructions to perform actions functionally equivalent to said set of actions using said attributes but not said cryptographic key; including said first set of computer-executable instructions in said computer program, wherein said computer program is operable to perform said functionally equivalent actions without access to, storing in memory, or exposing a whole or segment of said cryptographic key. 2. The method of claim 1, wherein said cryptographic algorithm is a public/private-key algorithm. 3. The method of claim 2, wherein said cryptographic key is the private key of an asymmetric key pair. 4. The method of claim 1, further comprising the act of receiving second data which in some way identifies or relates to a computing device on which said computer program runs, and wherein said first set of computer-executable instructions is based on said second data. 5. The method of claim 4, wherein said second data comprises or is based on one or more of the following: a CPUID associated with a processor of said computing device; a serial number associated with said processor; and third data which identifies a hard disk associated with said computing device, said third data being assigned to said hard disk by a manufacturer or distributor of said hard disk. 6. The method of claim 4, wherein said first set of computer-executable instructions comprises one or more instructions which depend for their correct execution on retrieval, during execution, of said second data. 7. The method of claim 1, further comprising the act of randomly or pseudo-randomly generating a number, wherein said first set of computer-executable instructions is based on said number. 8. The method of claim 1, further comprising the acts of: generating a diversionary second set of computer-executable instructions which perform one or more second actions; and including said second set of computer-executable instructions in said computer program. 9. The method of claim 8, further comprising the act of retrieving said diversionary second set of computer-executable instructions from a database of stored code. 10. The method of claim 8, wherein said computer program does not rely on performance of said second actions to apply said cryptographic key to said first data. 11. The method of claim 1, further comprising the act of generating a second set of computer-executable instructions which detects modification or deletion of at least a portion of code contained in said computer program, and which restores said portion if said portion has been deleted or modified. 12. The method of claim 1, further comprising the act of reorganizing at least some code contained in said computer program. 13. The method of claim 1, further comprising the acts of: delimiting a segment of at least some code contained in said computer program; obtaining a first hash of the code inside the delimited segment; including said first hash of the delimited segment within said computer program; creating a second set of computer-executable instructions which obtains a second hash of the delimited segment and which compares said second hash with said first hash; and including said second set of computer-executable instructions in said computer program. 14. The method of claim 1, further comprising the acts of: encrypting at least a portion of said first set of computer-executable instructions; and creating a second set of computer-executable instructions which decrypts said portion. 15. The method of claim 1, wherein said act of creating said first set of computer-executable instructions comprises the acts of: creating instructions in a source-level language; and compiling said source-level-language instructions. 16. The method of claim 15, further comprising the act of postprocessing the compiled instructions after said compiling act, wherein said postprocessing act comprises one or more of the following: encrypting at least a portion of the compiled instructions, and hashing at least a portion of the compiled instructions. 17. The method of claim 1, further comprising the acts of: receiving, from a computing device, a request for said computer program via a network; and providing said computer program to said computer device via said network. 18. The method of claim 17, wherein said network comprises the Internet. 19. The method of claim 17, wherein said receiving act occurs contemporaneously with said providing act. 20. The method of claim 1, wherein said generating act comprises retrieving instructions from a database of stored code. 21. A computer-readable medium encoded with a third set of computer-executable instructions to perform the method of claim 1.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (72)
Rohatgi Pankaj (Sunnyvale CA) Dureau Vincent (Vemas CA), Apparatus and method for authenticating transmitting applications in an interactive TV system.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Mischenko Valentin Alexandrovich,BYX ; Zakharau Uladzimir Uladzimirovich,BYX, Encoding and decoding information using randomization with an alphabet of high dimensionality.
Dutta, Rabindranath, Incremental updates of items and prices on a customer's computer to reduce download times for frequently purchased items in e-commerce transactions in a method, system and program.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Card Stuart K. (Los Altos CA) Casey Michalene M. (Morgan Hill CA) Goldstein Richard J. (San Francisco CA) Lamming Michael G. (Cambridge CA, Interactive contents revealing storage device.
Levergood Thomas Mark ; Stewart Lawrence C. ; Morris Stephen Jeffrey ; Payne Andrew C. ; Treese George Winfield, Internet server access control and monitoring systems.
Hershey Antoinette F. (Acton MA) French Andrew H. (Lexington MA) Boire Christopher P. (Westborough MA), License mangagement system and license storage key.
Khan Raheel Ahmed ; Burleson David Brent ; Filion John Thomas ; Cheek Donald Scott, Method and apparatus for a game delivery service including flash memory and a game back-up module.
Sachs James ; Pomeroy Thomas W. ; Novicov Aleksey ; Conboy Garth ; Walter Erik ; Leshner William S. ; Duga Brady ; Wotiz Richard, Method and apparatus for electronically distributing and viewing digital contents.
White Christopher M. ; Matheny John ; Bonnaure Patrick P. ; Perlman Stephen G., Method and apparatus for providing physical security for a user account and providing access to the user's environment a.
Basani, Vijay R.; Mangiapudi, Krishna; Murach, Lynne M.; Karge, Leroy R.; Revsin, Vitaly S.; Bestavros, Azer; Crovella, Mark E.; LaRosa, Domenic J., Method and apparatus for reliable and scalable distribution of data files in distributed networks.
Lambert, Mark L.; van der Rijn, Daniel J. G.; Kemper, David J.; Verkler, Jay L., Method and apparatus for storing and delivering documents on the internet.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Kenneth L. Nash, System for monitoring the association of digitized information having identification indicia with more than one of uniquely identified computers in a network for illegal use detection.
Saigh Michael M. ; Chang Edward H. ; Brockhouse Douglas B. ; Chang Hsiao-Shih, Systems and apparatus for electronic communication and storage of information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Granger, Mark J.; Smith, Cyrus E.; Hoffman, Matthew I., Use of code obfuscation to inhibit generation of non-use-restricted versions of copy protected software applications.
Cocchi, Ronald P.; Skubiszewski, Matthew A.; Gorman, Michael A.; Carson, Jacob T., Blackbox security provider programming system permitting multiple customer use and in field conditional access switching.
Manferdelli, John L.; Marr, Michael David; Krishnaswamy, Vinay; Jakubowski, Mariusz H., Secure repository with layers of tamper resistance and system and method for providing same.
Davidson, Jack W.; Hiser, Jason D., System, method and computer program product for protecting software via continuous anti-tampering and obfuscation transforms.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.