Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
G06F-021/10
G06F-021/12
G06F-021/51
H04L-009/14
H04L-029/06
출원번호
US-0855142
(2013-04-02)
등록번호
US-9705677
(2017-07-11)
발명자
/ 주소
Oxford, William V.
출원인 / 주소
Rubicon Labs, Inc.
대리인 / 주소
Sprinkle IP Law Group
인용정보
피인용 횟수 :
0인용 특허 :
54
초록▼
Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanis
Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.
대표청구항▼
1. A method for controlling the execution of code on an endpoint device comprising: receiving a first bitstream at a device, wherein the first bitstream comprises a first encryption engine;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the fi
1. A method for controlling the execution of code on an endpoint device comprising: receiving a first bitstream at a device, wherein the first bitstream comprises a first encryption engine;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible only when the device is executing in secured mode, wherein the device enters an unsecured mode on reset and can only enter the secured mode based on an output of hardware of the device and authenticating the first bitstream comprises: hashing the first bitstream;generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption;comparing the generated second key with the first key; andif the second key and the first key match, executing the first bitstream on the device in the secured mode, wherein executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secure mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted and if the first bitstream is encrypted;obtaining a second bitstream;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware, wherein authenticating the second bitstream comprises:obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream;hashing the second bitstream;generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption;comparing the generated fourth key with the third key: andif the fourth key and the third key match, executing the second bitstream on the device in secured mode. 2. The method of claim 1, wherein the second bitstream comprises a second encryption engine, and executing the second bitstream comprises decrypting both the first bitstream and the encrypted digital content with the second encryption engine using the first secret key specific to the device, wherein the execution of the second bitstream is done in secure mode. 3. The method of claim 2, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 4. The method of claim 3, further comprising authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 5. The method of claim 4, wherein the first bitstream, second bitstream, encrypted digital content, first key and third key were received in a message, the message generated by: encrypting the digital content with the first encryption engine of the first bitstream;generating the first key by hashing the first bitstream and encrypting the hashed first bitstream with the first secret key specific to the device;associating the first key, first bitstream and encrypted digital content;encrypting the associated the first key, first bitstream and encrypted digital content with the second encryption engine of the second bitstream;generating the third key by hashing the second bitstream and encrypting the hashed second bitstream with the first secret key specific to the device; associating the first decryption algorithm with the first encrypted bitstream; and associating the third key, second bitstream and encrypted associated first key, first bitstream and encrypted digital content. 6. A system for controlling the execution of code, comprising: a device, comprising:a processor;first hardware for storing a first secret key, wherein the first secret key is accessible only when the processor is executing in secured mode;second hardware operable to: access the first secret key when the processor is executing in secured mode, and implement an encryption algorithm using the first secret key, wherein the processor enters an unsecured mode on reset and can only enter the secured mode based on an output of hardware of the device; anda computer readable storage media comprising instructions executable by the processor for:receiving a first bitstream at the device, wherein the first bitstream comprises a first encryption engine;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using the second hardware at the device wherein authenticating the first bitstream comprises: hashing the first bitstream;generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the second hardware of the device and the second hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption;comparing the generated second key with the first key; andif the second key and the first key match, executing the first bitstream on the processor in the secured mode, wherein executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secure mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted and if the first bitstream is encrypted;obtaining a second bitstream;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware, wherein authenticating the second bitstream comprises:obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream;hashing the second bitstream;generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption;comparing the generated fourth key with the third key; andif the fourth key and the third key match, executing the second bitstream on the processor in secured mode. 7. The system of claim 6, wherein the second bitstream comprises a second encryption engine, and executing the second bitstream comprises decrypting both the first bitstream and the encrypted digital content with the second encryption engine using the first secret key specific to the device, wherein the execution of the second bitstream is done in secure mode. 8. The system of claim 7, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 9. The system of claim 8, wherein the instructions are operable for authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 10. The system of claim 9, wherein the first bitstream, second bitstream, encrypted digital content, first key and third key were received in a message, the message generated by: encrypting the digital content with the first encryption engine of the first bitstream;generating the first key by hashing the first bitstream and encrypting the hashed first bitstream with the first secret key specific to the device;associating the first key, first bitstream and encrypted digital content;encrypting the associated the first key, first bitstream and encrypted digital content with the second encryption engine of the second bitstream;generating the third key by hashing the second bitstream and encrypting the hashed second bitstream with the first secret key specific to the device;associating the first decryption algorithm with the first encrypted bitstream; andassociating the third key, second bitstream and encrypted associated first key, first bitstream and encrypted digital content. 11. A non-transitory computer readable media, comprising instructions executable by a processor for controlling the execution of code on an endpoint device, including instructions executable for: receiving a first bitstream at a device, wherein the first bitstream comprises a first encryption engine;obtaining a first key corresponding to the first bitstream, wherein the first key was created by hashing the first bitstream and encrypting the hashed first bitstream;authenticating the first bitstream using hardware at the device operable to access a first secret key specific to the device which is stored in the hardware of the device and is accessible only when the device is executing in secured mode, wherein the device enters an unsecured mode on reset and can only enter the secured mode based on an output of hardware of the device and authenticating the first bitstream comprises: hashing the first bitstream;generating a second key by encrypting the hashed first bitstream, wherein the encryption of the hashed first bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of the access in the encryption;comparing the generated second key with the first key; andif the second key and the first key match, executing the first bitstream on the device in the secured mode, wherein executing the first bitstream comprises decrypting encrypted digital content associated with the first bitstream using the first encryption engine and the first secret key specific to the device and the execution of the first bitstream is done in secure mode; andif the second key and the first key do not match, determining if the first bitstream is encrypted and if the first bitstream is encrypted;obtaining a second bitstream;authenticating the second bitstream using the hardware at the device operable to access the first secret key specific to the device which is stored in the hardware, wherein authenticating the second bitstream comprises:obtaining a third key corresponding to the second bitstream, wherein the third key was created by hashing the second bitstream and encrypting the hashed second bitstream;hashing the second bitstream;generating a fourth key by encrypting the hashed second bitstream, wherein the encryption of the hashed second bitstream is done in the hardware of the device and the hardware attempts to access the first secret key specific to the device and uses the result of this access in the encryption;comparing the generated fourth key with the third key; andif the fourth key and the third key match, executing the second bitstream on the device in secured mode. 12. The computer readable media of claim 11, wherein the second bitstream comprises a second encryption engine, and executing the second bitstream comprises decrypting both the first bitstream and the encrypted digital content with the second encryption engine using the first secret key specific to the device, wherein the execution of the second bitstream is done in secure mode. 13. The computer readable media of claim 12, wherein the authentication of the second bitstream and execution of the second bitstream is done before the execution of the first bitstream. 14. The computer readable media of claim 13, further comprising authenticating the first bitstream after the execution of the second bitstream and before the execution of the first bitstream. 15. The computer readable media of claim 14, wherein the first bitstream, second bitstream, encrypted digital content, first key and third key were received in a message, the message generated by: encrypting the digital content with the first encryption engine of the first bitstream;generating the first key by hashing the first bitstream and encrypting the hashed first bitstream with the first secret key specific to the device;associating the first key, first bitstream and encrypted digital content;encrypting the associated the first key, first bitstream and encrypted digital content with the second encryption engine of the second bitstream;generating the third key by hashing the second bitstream and encrypting the hashed second bitstream with the first secret key specific to the device; associating the first decryption algorithm with the first encrypted bitstream; and associating the third key, second bitstream and encrypted associated first key, first bitstream and encrypted digital content.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (54)
Onishi Katsuyoshi (Yokohama JPX) Takada Osamu (Sagamihara JPX) Kimura Koichi (Yokohama JPX) Yamaga Mitsuhiro (Kawasaki JPX) Ogura Toshihiko (Ebina JPX) Shibata Yasushi (Hadano JPX), Address filter unit for carrying out address filter processing among plurality of networks and method thereof.
Childs Matthew H. (Arlington TX) Norcross Thomas M. (Arlington TX), Automatic data generation for self-test of cryptographic hash algorithms in personal security devices.
Hideya Akashi JP; Toshio Okochi IE; Toru Shonai JP; Masamori Kashiyama JP, Cache memory control circuit including summarized cache tag memory summarizing cache tag information in parallel processor system.
Steven T. Ansell ; Andrew R. Cherenson ; Mark E. Paley ; Steven B. Katz ; John Michael Kelsey, Jr. ; Bruce Schneier, Copy security for portable music players.
Jakubowski Mariusz H. ; Venkatesan Ramarathnam, Cryptographic technique that provides fast encryption and decryption and assures integrity of a ciphertext message through use of a message authentication code formed through cipher block chaining of.
Baum Richard I. (Poughkeepsie NY) Brent Glen A. (Fishkill NY) Gibson Donald H. (Salt Point NY) Lindquist David B. (Poughkeepsie NY), Database sort and merge apparatus with multiple memory arrays having alternating access.
Mills Robert A. (Gambrills MD) Unkenholz Mark R. (Eldersburg MD) Wilson Mark W. (Columbia MD) Burroughs John E. (Annapolis MD), Device for and method of cryptography that allows third party access.
Rasmussen Harry R. (Tacoma WA) LaBounty Jack D. (Bellevue WA) Rosenow Michael J. (Issaquah WA) Hoskinson John D. (Pacific WA) Maurin Joseph G. (Puyallup WA), Encrypted communication system.
Clifford P. Van Dyke ; Peter T. Brundrett ; Michael M. Swift ; Praerit Garg ; Richard B. Ward, Extensible security system and method for controlling access to objects in a computing environment.
Oxford, William V., Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol.
Flusche Frederick O. (Hyde Park NY) Tan Kwang G. (Poughkeepsie NY) Wright Ralph W. (Pleasant Valley NY), Reconfigurable key-in-storage means for protecting interleaved main storage.
Bright Michael W. (Arlington Heights IL) Ziolko Eric F. (Schaumburg IL) Wilson Alan L. (Hoffman Estates IL) Bray Michelle M. (Schaumburg IL) Hennen Harry A. (Woodstock IL) Weiss David L. (Roselle IL), Secure communication system.
Ishibashi,Yoshihito; Oishi,Tateo; Muto,Akihiro; Kitahara,Jun; Shirai,Taizou, Systems and methods for content distribution using one or more distribution keys.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Johnson, Simon P.; Savagaonkar, Uday R.; Scarlata, Vincent R.; McKeen, Francis X.; Rozas, Carlos V., Technique for supporting multiple secure enclaves.
Scarlata, Vincent R.; Johnson, Simon P.; Beker, Vladimir; Walker, Jesse; Rozas, Carlos V.; Santoni, Amy L.; Anati, Ittai; Makaram, Raghunandan; McKeen, Francis X.; Savagaonkar, Uday R., Using authenticated manifests to enable external certification of multi-processor platforms.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.