IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0788516
(2010-05-27)
|
등록번호 |
US-8726035
(2014-05-13)
|
발명자
/ 주소 |
|
출원인 / 주소 |
- Krimmeni Technologies, Inc.
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
3 인용 특허 :
33 |
초록
▼
Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then
Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.
대표청구항
▼
1. A method for protecting digital content, comprising: receiving a first encrypted bitstream at a target device and a first digital signature associated with the first encrypted bitstream, wherein the target device has a hardware hashing block, a secure instruction cache, a processor configured to
1. A method for protecting digital content, comprising: receiving a first encrypted bitstream at a target device and a first digital signature associated with the first encrypted bitstream, wherein the target device has a hardware hashing block, a secure instruction cache, a processor configured to execute in a secured mode and a first key specific to the target device wherein the first key can be used by the processor only when the processor is executing in the secured mode and the processor can only be placed in the secured mode based on a final result of the hardware hashing block, and wherein the hardware hashing block is configured to execute a hashing function to completion independently of the processor without storing any data other than the final result in any memory accessible from the processor;receiving decryption code associated with the first encrypted bitstream;placing the decryption code in the secure instruction cache, wherein contents of the secure instruction cache are not modifiable and can only subsequently be executed by the processor;receiving a first message digest associated with the decryption code;verifying the decryption code that was placed in the secure instruction cache, wherein verifying the decryption code comprises hashing the decryption code using the hardware hashing block of the target device to produce a second message digest as the final result and comparing the second message digest to the first message digest; andonly if the first message digest matches the second message digest placing the processor of the target device in the secured mode, verifying the first encrypted bitstream using the hardware hashing block and the first digital signature and executing the decryption code in the secure instruction cache to decrypt the first encrypted bitstream using the first key to yield a first decrypted bitstream, wherein the second message digest is produced by the hardware hashing block and compared to the first message digest before the first encrypted bitstream is verified and before the decryption code is executed to decrypt the first encrypted bitstream. 2. The method of claim 1, wherein decrypting the first encrypted bitstream comprises in a first part, decrypting a first device specific compound key using the first key specific to the target device to yield a content specific key and in a second part, decrypting the first encrypted bitstream using the content specific key. 3. The method of claim 2, wherein if the first message digest does not match the second message digest, then the content specific key is not generated by decrypting the first device specific compound key using the first key specific to the target device in the first part, because the decryption code is prevented from executing. 4. The method of claim 2, wherein if the first message digest does not match the second message digest, then the content specific key is not generated correctly when decrypting the first device specific compound key using the first key specific to the target device in the first part because the resultant content specific key is calculated incorrectly by the decryption code. 5. The method of claim 2, wherein the decryption of the first encrypted content is done as an atomic operation such that if an interrupt occurs during decryption of the first encrypted bitstream an error results. 6. The method of claim 1, wherein the first key specific to the target device is stored in hardware of the target device that cannot be accessed unless the processor is executing in secured mode. 7. The method of claim 6, wherein the processor of the target device is placed in the secured mode if the first message digest matches the second message digest. 8. The method of claim 1, wherein the content specific key is stored in a secure location. 9. The method of claim 8, wherein the secure location is only writable during the decryption of the first device specific compound key decryption and only readable during the decryption, wherein the decryption operation is only allowed to execute from within a secured section of an Instruction-Cache associated with the processor. 10. A non-transitory tangible computer readable medium for protecting digital content, comprising instructions for: receiving a first encrypted bitstream at a target device and a first digital signature associated with the first encrypted bitstream, wherein the target device has a hardware hashing block, a secure instruction cache, a processor configured to execute in a secured mode and a first key specific to the target device wherein the first key can be used by the processor only when the processor is executing in the secured mode and the processor can only be placed in the secured mode based on a final result of the hardware hashing block, and wherein the hardware hashing block is configured to execute a hashing function to completion independently of the processor without storing any data other than a final result in any memory accessible from the processor;placing the decryption code in the secure instruction cache, wherein contents of the secure instruction cache are not modifiable and can only subsequently be executed by the processor;receiving decryption code associated with the first encrypted bitstream;receiving a first message digest associated with the decryption code;verifying the decryption code that was placed in the secure instruction cache, wherein verifying the decryption code comprises hashing the decryption code using the hardware hashing block of the target device to produce a second message digest as the final result and comparing the second message digest to the first message digest; andonly if the first message digest matches the second message digest placing the processor of the target device in the secured mode, verifying the first encrypted bitstream using the hardware hashing block and the first digital signature and executing the decryption code in the secure instruction cache to decrypt the first encrypted bitstream using the first key to yield a first decrypted bitstream, wherein the second message digest is produced by the hardware hashing block and compared to the first message digest before the first encrypted bitstream is verified and before the decryption code is executed to decrypt the first encrypted bitstream. 11. The computer readable medium of claim 10, wherein decrypting the first encrypted bitstream comprises in a first part, decrypting a first device specific compound key using the first key specific to the target device to yield a content specific key and in a second part, decrypting the first encrypted bitstream using the content specific key. 12. The computer readable medium of claim 11, wherein if the first message digest does not match the second message digest, then the content specific key is not generated by decrypting the first device specific compound key using the first key specific to the target device in the first part, because the decryption code is prevented from executing. 13. The computer readable medium of claim 11, wherein if the first message digest does not match the second message digest, then the content specific key is not generated correctly when decrypting the first device specific compound key using the first key specific to the target device in the first part because the resultant content specific key is calculated incorrectly by the decryption code. 14. The computer readable medium of claim 11, wherein the decryption of the first encrypted content is done as an atomic operation such that if an interrupt occurs during decryption of the first encrypted bitstream an error results. 15. The computer readable medium of claim 10, wherein the first key specific to the target device is stored in hardware of the target device that cannot be accessed unless the processor is executing in secured mode. 16. The computer readable medium of claim 15, wherein the processor of the target device is placed in the secured mode if the first message digest matches the second message digest. 17. The computer readable medium of claim 10, wherein the content specific key is stored in a secure location. 18. The computer readable medium of claim 17, wherein the secure location is only writeable as a part of the decryption of the first device specific compound key decryption and only readable as a part of the decryption process, which itself is only allowed to execute from within a secured section of the Instruction-Cache of the processor. 19. A device, comprising: a processor configured to execute in secured mode;a processor memory accessible by the processor;a secure instruction cache, wherein contents of the secure instruction cache are not modifiable and can only subsequently be executed by the processor;hardware storing a first key specific to the device wherein the first key can be used by the processor only when the processor is executing in the secured mode; anda hardware hashing block configured to execute a hashing function to completion independently of the processor without storing any data other than a final result in the processor memory and the processor can only be placed in the secured mode based on a final result of the hardware hashing block;wherein the device is configured to:receive a first encrypted bitstream and a first digital signature associated with the first encrypted bitstream,place the decryption code in the secure instruction cachereceive decryption code associated with the first encrypted bitstream, receive a first message digest associated with the decryption code, verify the decryption code that was placed in the secure instruction cache, wherein verifying the decryption code comprises hashing the decryption code using the hardware hashing block of the device to produce a second message digest as the final result and comparing the second message digest to the first message digest, andonly if the first message digest matches the second message digest placing the processor of the device in the secured mode, verifying the first encrypted bitstream using the hardware hashing block and the first digital signature and executing the decryption code in the secure instruction cache to decrypt the first encrypted bitstream using the first key to yield a first decrypted bitstream, wherein the second message digest is produced by the hardware hashing block and compared to the first message digest before the first encrypted bitstream is verified and before the decryption code is executed to decrypt the first encrypted bitstream. 20. The device of claim 19, wherein decrypting the first encrypted bitstream comprises in a first part, decrypting a first device specific compound key using the first key specific to the target device to yield a content specific key and in a second part, decrypting the first encrypted bitstream using the content specific key. 21. The device of claim 20, wherein if the first message digest does not match the second message digest, then the content specific key is not generated by decrypting the first device specific compound key using the first key specific to the target device in the first part, because the decryption code is prevented from executing. 22. The device of claim 20, wherein if the first message digest does not match the second message digest, then the content specific key is not generated correctly when decrypting the first device specific compound key using the first key specific to the target device in the first part because the resultant content specific key is calculated incorrectly by the decryption code. 23. The device of claim 20, wherein the decryption of the first encrypted content is done as an atomic operation such that if an interrupt occurs during decryption of the first encrypted bitstream an error results. 24. The device of claim 19, wherein the device comprises a hardware location for storing the first key specific to the target device and the hardware location cannot be accessed unless the processor is executing in secured mode. 25. The device of claim 24, wherein the processor of the target device is placed in the secured mode if the first message digest matches the second message digest. 26. The device of claim 19, wherein the content specific key is stored in a secure location. 27. The device of claim 26, wherein the secure location is only writeable as a part of the decryption of the first device specific compound key decryption and only readable as a part of the decryption process, which itself is only allowed to execute from within a secured section of the Instruction-Cache of the processor. 28. The device of claim 19, wherein the processor of the device is placed in the secured mode only if the first message digest matches the second message digest produced by the hardware hashing block and the processor is placed in the secured mode before the first encrypted bitstream is verified and before the decryption code is executed to decrypt the first encrypted bitstream. 29. A device, comprising: a processor that enters an unsecured mode when reset and is configured to be placed in a secured mode without a reset;a processor memory accessible by the processor;a secure instruction cache, wherein contents of the secure instruction cache are not modifiable and can only subsequently be executed by the processor;hardware storing a first key specific to the device wherein the first key can be used by the processor only when the processor is executing in the secured mode; anda hardware hashing block configured to execute a hashing function to completion independently of the processor without storing any data other than a final result in the processor memory and the processor does not enter the secured mode when reset and can only be placed in the secured mode based on a final result of the hardware hashing block;wherein the device is configured to:receive a first encrypted bitstream and a first digital signature associated with the first encrypted bitstream,place the decryption code in the secure instruction cachereceive decryption code associated with the first encrypted bitstream, receive a first message digest associated with the decryption code, verify the decryption code that was placed in the secure instruction cache, wherein verifying the decryption code comprises hashing the decryption code using the hardware hashing block of the device to produce a second message digest as the final result and comparing the second message digest to the first message digest, andonly if the first message digest matches the second message digest placing the processor of the device in the secured mode, verifying the first encrypted bitstream using the hardware hashing block and the first digital signature and executing the decryption code in the secure instruction cache to decrypt the first encrypted bitstream using the first key to yield a first decrypted bitstream, wherein the second message digest is produced by the hardware hashing block and compared to the first message digest before the first encrypted bitstream is verified and before the decryption code is executed to decrypt the first encrypted bitstream.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.