[특허]Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol

Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-009/00
출원번호	US-0615843 (2009-11-10)
등록번호	US-8438392 (2013-05-07)
발명자 / 주소	Oxford, William V.
출원인 / 주소	Krimmeni Technologies, Inc.
대리인 / 주소	Sprinkle IP Law Group
인용정보	피인용 횟수 : 8 인용 특허 : 20

초록 ▼

Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.

대표청구항 ▼

1. A method for controlling the execution of code on an endpoint device comprising: receiving a first bitstream at a device;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secured mode, wherein authenticating the first bitstream comprises: hashing the first bitstream,generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption, andcomparing the generated second key with the first key;if the second key and the first key match, executing the first bitstream on the processor in secured mode, wherein the first bitstream comprises a first encryption engine, and executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secured mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted, and if the first bitstream is encrypted: obtaining a second bitstream;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware, wherein authenticating the second bitstream comprises: obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream,hashing the second bitstream, wherein the hashing of the second bitstream utilizes the second key generated from the first bitstream as a seed value,generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption,comparing the generated fourth key with the third key, andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode. 2. The method of claim 1, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 3. The method of claim 2, further comprising authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 4. A method for controlling the execution of code on an endpoint device comprising: receiving a first bitstream at a device;obtaining a first key corresponding to the first bitstream wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secured mode, wherein authenticating the first bitstream comprises: hashing the first bitstream,generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption, andcomparing the generated second key with the first key;if the second key and the first key match, executing the first bitstream on the processor in secured mode, wherein the first bitstream comprises a first encryption engine, and executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secured mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted, and if the first bitstream is encrypted: obtaining a second bitstream, wherein the second bitstream comprises a second encryption engine;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware, wherein authenticating the second bitstream comprises: obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream,hashing the second bitstream,generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption,comparing the generated fourth key with the third key, andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode wherein executing the second bitstream comprises decrypting both the first bitstream and the encrypted digital content with the second encryption engine using the first secret key specific to the device. 5. The method of claim 4, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 6. The method of claim 5, further comprising authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 7. The method of claim 6, wherein the first bitstream, second bitstream, encrypted digital content, first key and third key were received in a message, the message generated by: encrypting the digital content with the first encryption engine of the first bitstream;generating the first key by hashing the first bitstream and encrypting the hashed first bitstream with the first secret key specific to the device;associating the first key, first bitstream and encrypted digital content;encrypting the associated the first key, first bitstream and encrypted digital content with the second encryption engine of the second bitstream;generating the third key by hashing the second bitstream and encrypting the hashed second bitstream with the first secret key specific to the device;associating the first decryption algorithm with the first encrypted bitstream; andassociating the third key, second bitstream and encrypted associated first key, first bitstream and encrypted digital content. 8. A system for controlling the execution of code, comprising: a device, comprising:a processor;first hardware for storing a first secret key;second hardware operable to: access the first secret key when the processor is executing in secured mode, and implement an encryption algorithm using the first secret keya computer readable storage media comprising instructions executable by the processor for:receiving a first bitstream at the device wherein the first bitstream comprises a first encryption engine;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using the second hardware at the device wherein authenticating the first bitstream comprises: hashing the first bitstream,generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the second hardware of the device and the second hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption, andcomparing the generated second key with the first key;if the second key and the first key match, executing the first bitstream on the processor in secured mode wherein executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secured mode;determining if the first bitstream is encrypted and if the first bitstream is encrypted: obtaining a second bitstream;authenticating the second bitstream using the second hardware at the device operable to access the first secret key specific to the device which is stored in the first hardware, wherein authenticating the second bitstream comprises: obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream,hashing the second bitstream, wherein the hashing of the second bitstream utilizes the second key generated from the first bitstream as a seed value,generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the second hardware of the device and the second hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption,comparing the generated fourth key with the third key; andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode. 9. The system of claim 8, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 10. The system of claim 9, wherein the instructions are operable for authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 11. A system for controlling the execution of code, comprising: a device, comprising:a processor;first hardware for storing a first secret key;second hardware operable to: access the first secret key when the processor is executing in secured mode, and implement an encryption algorithm using the first secret keya computer readable storage media comprising instructions executable by the processor for:receiving a first bitstream at the device, wherein the first bitstream comprises a first encryption engine;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using the second hardware at the device wherein authenticating the first bitstream comprises: hashing the first bitstream,generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the second hardware of the device and the second hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption, andcomparing the generated second key with the first key;if the second key and the first key match, executing the first bitstream on the processor in secured mode wherein executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secured mode;determining if the first bitstream is encrypted and if the first bitstream is encrypted: obtaining a second bitstream, wherein the second bitstream comprises a second encryption engine,authenticating the second bitstream using the second hardware at the device operable to access the first secret key specific to the device which is stored in the first hardware, wherein authenticating the second bitstream comprises: obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream,hashing the second bitstream,generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the second hardware of the device and the second hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption,comparing the generated fourth key with the third key; andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode wherein executing the second bitstream comprises decrypting both the first bitstream and the encrypted digital content with the second encryption engine using the first secret key specific to the device. 12. The system of claim 11, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 13. The system of claim 12, wherein the instructions are operable for authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 14. The system of claim 13, wherein the first bitstream, second bitstream, encrypted digital content, first key and third key were received in a message, the message generated by: encrypting the digital content with the first encryption engine of the first bitstream;generating the first key by hashing the first bitstream and encrypting the hashed first bitstream with the first secret key specific to the device;associating the first key, first bitstream and encrypted digital content;encrypting the associated the first key, first bitstream and encrypted digital content with the second encryption engine of the second bitstream;generating the third key by hashing the second bitstream and encrypting the hashed second bitstream with the first secret key specific to the device;associating the first decryption algorithm with the first encrypted bitstream; andassociating the third key, second bitstream and encrypted associated first key, first bitstream and encrypted digital content. 15. A non-transitory computer readable media, comprising instructions executable by a processor for controlling the execution of code on an endpoint device, including instructions executable for: receiving a first bitstream at a device;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secured mode, wherein authenticating the first bitstream comprises: hashing the first bitstream,generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption, andcomparing the generated second key with the first key;if the second key and the first key match, executing the first bitstream on the processor in secured mode, wherein the first bitstream comprises a first encryption engine, and executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secured mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted, and if the first bitstream is encrypted: obtaining a second bitstream;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware wherein authenticating the second bitstream comprises: obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream,hashing the second bitstream, wherein the hashing of the second bitstream utilizes the second key generated from the first bitstream as a seed value,generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption,comparing the generated fourth key with the third key, andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode. 16. The non-transitory computer readable media of claim 15, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 17. The non-transitory computer readable media of claim 16, further comprising authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 18. A non-transitory computer readable media, comprising instructions executable by a processor for controlling the execution of code on an endpoint device, including instructions executable for: receiving a first bitstream at a device;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible when the device is executing in secured mode, wherein authenticating the first bitstream comprises: hashing the first bitstream,generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption, andcomparing the generated second key with the first key;if the second key and the first key match, executing the first bitstream on the processor in secured mode, wherein the first bitstream comprises a first encryption engine, and executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secured mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted, and if the first bitstream is encrypted: obtaining a second bitstream, wherein the second bitstream comprises a second encryption engine;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware, wherein authenticating the second bitstream comprises: obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream,hashing the second bitstream,generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption,comparing the generated fourth key with the third key, andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode wherein executing the second bitstream comprises decrypting both the first bitstream and the encrypted digital content with the second encryption engine using the first secret key specific to the device. 19. The non-transitory computer readable media of claim 18, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 20. The non-transitory computer readable media of claim 19, further comprising authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 21. The non-transitory computer readable media of claim 20, wherein the first bitstream, second bitstream, encrypted digital content, first key and third key were received in a message, the message generated by: encrypting the digital content with the first encryption engine of the first bitstream;generating the first key by hashing the first bitstream and encrypting the hashed first bitstream with the first secret key specific to the device;associating the first key, first bitstream and encrypted digital content;encrypting the associated the first key, first bitstream and encrypted digital content with the second encryption engine of the second bitstream;generating the third key by hashing the second bitstream and encrypting the hashed second bitstream with the first secret key specific to the device;associating the first decryption algorithm with the first encrypted bitstream; andassociating the third key, second bitstream and encrypted associated first key, first bitstream and encrypted digital content.

이 특허에 인용된 특허 (20)

Onishi Katsuyoshi (Yokohama JPX) Takada Osamu (Sagamihara JPX) Kimura Koichi (Yokohama JPX) Yamaga Mitsuhiro (Kawasaki JPX) Ogura Toshihiko (Ebina JPX) Shibata Yasushi (Hadano JPX), Address filter unit for carrying out address filter processing among plurality of networks and method thereof.
상세보기
Childs Matthew H. (Arlington TX) Norcross Thomas M. (Arlington TX), Automatic data generation for self-test of cryptographic hash algorithms in personal security devices.
상세보기
Steven T. Ansell ; Andrew R. Cherenson ; Mark E. Paley ; Steven B. Katz ; John Michael Kelsey, Jr. ; Bruce Schneier, Copy security for portable music players.
상세보기
Jakubowski Mariusz H. ; Venkatesan Ramarathnam, Cryptographic technique that provides fast encryption and decryption and assures integrity of a ciphertext message through use of a message authentication code formed through cipher block chaining of.
상세보기
Baum Richard I. (Poughkeepsie NY) Brent Glen A. (Fishkill NY) Gibson Donald H. (Salt Point NY) Lindquist David B. (Poughkeepsie NY), Database sort and merge apparatus with multiple memory arrays having alternating access.
상세보기
England Paul ; DeTreville John D. ; Lampson Butler W., Digital rights management operating system.
상세보기
Clifford P. Van Dyke ; Peter T. Brundrett ; Michael M. Swift ; Praerit Garg ; Richard B. Ward, Extensible security system and method for controlling access to objects in a computing environment.
상세보기
George Gregory Gruse ; Marco M. Hurtado ; Kenneth Louis Milsted ; Jeffrey B. Lotspiech, Key management system for digital content player.
상세보기
England Paul ; DeTreville John D. ; Lampson Butler W., Loading and identifying a digital rights management operating system.
상세보기
Buer Mark Leonard, Method and apparatus for performing a secure operation.
상세보기
Oxford,William V., Method and system for a recursive security protocol for digital copyright control.
상세보기
Oxford,William V., Method and system for a recursive security protocol for digital copyright control.
상세보기
Morten,Glenn A.; Rassool,Reza P.; Claeys,Tom E.; Baker,Brian Andrew, Method and system for end to end securing of content for video on demand.
상세보기
Thatcher ; Jr. William B. (Atlanta GA), Methods and apparatus for scrambling and unscrambling compressed data streams.
상세보기
Thoone,Martin; Drijfhout,Theo, Motor vehicle navigation system having a protected storage medium.
상세보기
Bright Michael W. (Arlington Heights IL) Ziolko Eric F. (Schaumburg IL) Wilson Alan L. (Hoffman Estates IL) Bray Michelle M. (Schaumburg IL) Hennen Harry A. (Woodstock IL) Weiss David L. (Roselle IL), Secure communication system.
상세보기
Peinado,Marcus; England,Paul, Secure processor architecture for use with a digital rights management (DRM) system on a computing device.
상세보기
Liu Larry Lingnan, Source data compression and decompression in code symbol printing and decoding.
상세보기
Spies Terence R. ; Simon Daniel R., System and method for secure purchase and delivery of video content programs.
상세보기
Spurgeon Loren J., System for exchanging health care insurance information.
상세보기

이 특허를 인용한 특허 (8)

Hunter, Rian, Encrypting globally unique identifiers at communication boundaries.
상세보기
Oxford, William V., Method and system for a recursive security protocol for digital copyright control.
상세보기
Oxford, William V., Method and system for a recursive security protocol for digital copyright control.
상세보기
Oxford, William V., Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol.
상세보기
Oxford, William V., Method and system for process working set isolation.
상세보기
Falk, Rainer, Method and system for transmitting control data in a manner that is secured against manipulation.
상세보기
Singh, Awadhesh Pratap; Paulraj, Samson; Ramasamy, Suki, Robotic process automation system for functional evaluation and improvement of back end instructional constructs.
상세보기
Ghose, Kanad, System and method for validating program execution at run-time using control flow signatures.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (20)

이 특허를 인용한 특허 (8)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (20)

이 특허를 인용한 특허 (8)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트