[특허]Systems and methods for using cryptography to protect secure and insecure computing environments

Systems and methods for using cryptography to protect secure and insecure computing environments 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-021/00
출원번호	UP-0805463 (2007-05-22)
등록번호	US-7689827 (2010-04-23)
발명자 / 주소	Sibert, W. Olin
출원인 / 주소	Intertrust Technologies Corp.
대리인 / 주소	Finnegan, Henderson, Farabow, Garrett & Dunner, LLP
인용정보	피인용 횟수 : 6 인용 특허 : 42

초록 ▼

Computation environments are protected from bogus or rogue load modules, executables, and other data elements through use of digital signatures, seals, and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules and/or other items to verify that their corresponding specifications are accurate and complete, and then digitally signs them based on a tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys), allowing one tamper resistance work factor environment to protect itself against load modules from another tamper resistance work factor environment. The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application. To verify the application, a trusted element can issue challenges based on different parts of the authenticated credential that the trusted element selects in an unpredictable (e.g., random) way, and deny service (or take other appropriate action) if the responses do not match the authenticated credential.

대표청구항 ▼

What is claimed is: 1. In an electronic appliance including a secure execution space and an insecure execution space, a method for permitting an application executing within the insecure execution space to request one or more services from a trusted element executing in the secure execution space, the method comprising: (a) issuing a challenge from the trusted element to the application executing within the insecure execution space, the challenge being based at least in part on randomly selected parts of an authenticated credential, the challenge requesting the application to provide one or more cryptographic hashes of one or more portions of the application, the one or more portions of the application including at least some executable software code; (b) sending, from the application to the trusted element, said one or more cryptographic hashes of one or more portions of the application; (c) comparing, at the trusted element, information provided by the authenticated credential with said one or more cryptographic hashes of one or more portions of the application; and (d) denying the application access to said one or more services if the comparison fails. 2. A method as in claim 1, in which steps (a)-(d) are performed multiple times during execution of the application. 3. A method as in claim 1, in which the authenticated credential is digitally signed. 4. A method as in claim 1, in which the authenticated credential is at least in part encrypted. 5. A method as in claim 1, in which the one or more portions of the application include code. 6. A method as in claim 1, in which at least one of the portions of the application overlaps another of the portions of the application. 7. A method as in claim 1, in which at least one of the one or more portions of the application corresponds to a predetermined byte range or virtual path in the application. 8. A computer readable storage medium storing a computer program, the computer program including instructions that, when executed by a processor of an electronic appliance, are operable to cause the electronic appliance to take actions comprising: (a) issuing a challenge from a trusted element executing in a secure execution space to an application executing in an insecure execution space, the challenge being based at least in part on randomly selected parts of an authenticated credential, the challenge requesting the application to provide one or more cryptographic hashes of one or more portions of the application, the one or more portions of the application including at least some executable software code; (b) receiving, from the application, said one or more cryptographic hashes of one or more portions of the application; (c) comparing information provided by the authenticated credential with said one or more cryptographic hashes of one or more portions of the application; and (d) denying the application access to one or more services provided by an application executing in the secure execution space if the comparison fails. 9. A computer readable storage medium as in claim 8, in which the computer program is operable to cause the electronic appliance to perform actions (a)-(d) multiple times during execution of the application. 10. A computer readable storage medium as in claim 8, in which the authenticated credential is digitally signed. 11. A computer readable storage medium as in claim 8, in which the authenticated credential is at least in part encrypted. 12. A computer readable storage medium as in claim 8, in which the one or more portions of the application include code. 13. A computer readable storage medium as in claim 8, in which at least one of the portions of the application overlaps another of the portions of the application. 14. A computer readable storage medium as in claim 8, in which at least one of the one or more portions of the application corresponds to a predetermined byte range or virtual path in the application. 15. An electronic appliance comprising: an insecure execution space; and a protected processing environment comprising a processor having a secure execution space including a trusted element, the trusted element configured to: (a) issue a challenge to an application executing in the insecure execution space, the challenge being based at least in part on randomly selected parts of an authenticated credential, the challenge requesting the application to provide one or more cryptographic hashes of one or more portions of the application, the one or more portions of the application including at least some executable software code; (b) receive, from the application, said one or more cryptographic hashes of one or more portions of the application; (c) compare information provided by the authenticated credential with said one or more cryptographic hashes of one or more portions of the application; and (d) deny the application access to one or more services provided by an application executing in the secure execution space if the comparison fails. 16. An electronic appliance as in claim 15, in which the secure execution space comprises a protected processing environment. 17. An electronic appliance as in claim 15, in which the authenticated credential is digitally signed and at least in part encrypted. 18. An electronic appliance as in claim 15, in which the one or more portions of the application include code. 19. An electronic appliance as in claim 18, in which at least one of the portions of the application overlaps another of the portions of the application. 20. An electronic appliance as in claim 19, in which at least one of the one or more portions of the application corresponds to a predetermined byte range or virtual path in the application. 21. In an electronic appliance including a secure execution space and an insecure execution space, a method for using a trusted element executing in the secure execution space comprising: validating at least one digital signature corresponding to a credential; selecting, based at least in part on the credential, at least one predetermined portion of an application executing in the insecure execution space, the predetermined portion of the application including at least some executable software code, and issuing a challenge requesting a response from the application, the response providing a computation of at least one cryptographic hash of the selected predetermined portion of the application, wherein the predetermined portion of the application has been selected to provide sufficient coverage of a particular component of the application; and checking the response against the credential.

이 특허에 인용된 특허 (42)

Fieres Helmut ; Merkling Roger ; Klemba Keith, Application certification for an international cryptography framework.
상세보기
Gopinath Bhaskarpillai (Watchung NJ) Kurshan David (Sea Bright NJ), Composition of systems of objects by interlocking coordination, projection, and distribution.
상세보기
Benson Glenn,DEX, Computer system for protecting software and a method for protecting software.
상세보기
Talati Kirit K. (207 Sun Ray La. Sunnyvale TX 75102), Control system and method for direct execution of software application information models without code generation.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Hannah, Eric C., Digital content protection using a secure booting method and apparatus.
상세보기
Lauren Ann Cotugno ; Thien Huu Pham, Digital signaturing method and system for packaging specialized native files for open network transport and for burning onto CD-ROM.
상세보기
Deming Gilbert R. (7853 25th Ave. Kenosha WI 53140), Electronic funds transfer system.
상세보기
Moore James W. (Potomac MD), Hybrid encryption method and system for protecting reusable software components.
상세보기
Takeuchi, Akikazu; Nanba, Shinji, Information processing apparatus and method and recording medium.
상세보기
Shavit Eyal (New York NY) Teichner Lester (Chicago IL), Interactive market management system.
상세보기
Griswold Gary N., Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a.
상세보기
Mirov Russell Norman ; Onufer Gregory Charles, Method and apparatus for firmware authentication.
상세보기
Fischer Addison M., Method and apparatus for validating travelling object-oriented programs with digital signatures.
상세보기
Halter Bernard J. (Longmont CO) Bracco Alphonse M. (Reston VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak ; deceased Rostislaw (late of Dumfries VA , Method and system for multimedia access control enablement.
상세보기
Herzberg Amir ; Krawczyk Hugo Mario ; Kutten Shay ; Le An Van ; Matyas Stephen Michael ; Yung Marcel Mordechay, Method and system for the secured distribution of multimedia titles.
상세보기
Gasser Morrie (Saugus MA) Goldstein Andrew C. (Hudson MA) Kaufman Charles W. (Northborough MA) Lampson Butler W. (Cambridge MA), Method for delegating authorization from one entity to another through the use of session encryption keys.
상세보기
Cronce, Paul A., Method for runtime code integrity validation using code block checksums.
상세보기
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
상세보기
Reisinger Frank,DEX ; Turner Olaf,DEX, Method for statistics mode reloading and for statistical acquisition according to statistics classes in the storing of a dataset.
상세보기
Cina ; Jr. Vincent J. (Spring Valley NY), Method to prevent use of incorrect program version in a computer system.
상세보기
Rabin,Michael O.; Shasha,Dennis E., Methods and apparatus for protecting information.
상세보기
Trostle Jonathan, Networked workstation intrusion detection system.
상세보기
Goldsmith Amy M. (Los Gatos CA) Goldsmith David B. (Los Gatos CA) Pettus Christopher E. (San Francisco CA), Object-oriented remote procedure call networking system.
상세보기
Derek L. Davis ; Howard C. Herbert, Platform and method for assuring integrity of trusted agent communications.
상세보기
Merkle Ralph C., Protected shareware.
상세보기
Alsberg Peter (Urbana IL), Protector system for computer access and use.
상세보기
Shavit Nir N., Secure software system and related techniques.
상세보기
Waite David P. (Fairfax VA) Riddell Horace G. (Chantilly VA), Secure system for activating personal computer software at remote locations.
상세보기
Ketcham Larry R. (Laguna Niguel CA), Software security system for maintaining integrity of compiled object code by restricting users ability to define compil.
상세보기
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
상세보기
McManis Charles E. (Sunnyvale CA), System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources.
상세보기
McManis Charles E., System and method for protecting use of dynamically linked executable modules.
상세보기
McManis Charles E., System and method for protecting use of dynamically linked executable modules.
상세보기
Bodrov, Dmitry, System and method of verifying the authenticity of dynamically connectable executable images.
상세보기
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Shear Victor H. ; Sibert W. Olin ; Van Wie David M., Systems and methods using cryptography to protect secure computing environments.
상세보기
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
상세보기

이 특허를 인용한 특허 (6)

Rogers, Jr., Cleon L.; Logan, Glen T., Method of identifying and protecting the integrity of a set of source data.
상세보기
Boccon-Gibod, Gilles; Ellison, Gary, Secure processing systems and methods.
상세보기
Boccon-Gibod, Gilles; Ellison, Gary F., Secure processing systems and methods.
상세보기
Boccon-Gibod, Gilles; Ellison, Gary F., Secure processing systems and methods.
상세보기
Webb, Peter Hartwell, System and method for verifying the integrity of read-only components in deployed mixed-mode applications.
상세보기
Webb, Peter Hartwell, System and method for verifying the integrity of read-only components in deployed mixed-mode applications.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Systems and methods for using cryptography to protect secure and insecure computing environments 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (42)

이 특허를 인용한 특허 (6)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Systems and methods for using cryptography to protect secure and insecure computing environments 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (42)

이 특허를 인용한 특허 (6)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트