Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent
6157721
Shear , ; et al.
December 5, 2000
Title
Systems and methods using cryptography to protect secure computing environments
Abstract
Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority--which may be a trusted independent third party--tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)--allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.
Inventors:
Shear; Victor H.
(Bethesda,
MD
)
, Sibert; W. Olin
(Lexington,
MA
)
, Van Wie; David M.
(Sunnyvale,
CA
)
Assignee:
InterTrust Technologies Corp.
(Santa Clara,
CA
)
Appl. No.:
689754
Filed:
August 12, 1996
Current U.S. Class:
380/255
380/287
713/155
713/176
713/180
713/182
713/194
380/251
Field of Search:
380/4,23,25,49,30,255,287,251 713/150-152,155,156,164-170,175-182,189-191,193,200,201,194
U.S. Patent Documents
3573747
April 1971
Adams et al.
3609697
September 1971
Blevins
3796830
March 1974
Smith
3798359
March 1974
Feistel
3798360
March 1974
Feistel
3798605
March 1974
Feistel
3806882
April 1974
Clarke
3829833
August 1974
Freeny, Jr.
3906448
September 1975
Henriques
3911397
October 1975
Freeny, Jr.
3924065
December 1975
Freeny, Jr.
3931504
January 1976
Jacoby
3946220
March 1976
Brobeck et al.
3956615
May 1976
Anderson et al.
3958081
May 1976
Ehrsam et al.
3970992
July 1976
Boothroyd et al.
4048619
September 1977
Forman, Jr. et al.
4071911
January 1978
Mazur
4112421
September 1978
Freeny, Jr.
4120030
October 1978
Johnstone
4163280
July 1979
Mori et al.
4168396
September 1979
Best
4196310
April 1980
Forman et al.
4200913
April 1980
Kuhar et al.
4209787
June 1980
Freeny, Jr.
4217588
August 1980
Freeny, Jr.
4220991
September 1980
Hamano et al.
4232193
November 1980
Gerard
4232317
November 1980
Freeny, Jr.
4236217
November 1980
Kennedy
4253157
February 1981
Kirschner et al.
4262329
April 1981
Bright et al.
4265371
May 1981
Desai et al.
4270182
May 1981
Asija
4278837
July 1981
Best
4305131
December 1981
Best
4306289
December 1981
Lumley
4309569
January 1982
Merkle
4319079
March 1982
Best
4323921
April 1982
Guillou
4328544
May 1982
Baldwin et al.
4337483
June 1982
Guillou
4361877
November 1982
Dyer et al.
4375579
March 1983
Davida et al.
4433207
February 1984
Best
4434464
February 1984
Suzuki et al.
4442486
April 1984
Mayer
4446519
May 1984
Thomas
4454594
June 1984
Heffron et al.
4458315
July 1984
Uchenick
4462076
July 1984
Smith, III
4462078
July 1984
Ross
4465901
August 1984
Best
4471163
September 1984
Donald et al.
4484217
November 1984
Block et al.
4494156
January 1985
Kadison et al.
4513174
April 1985
Herman
4528588
July 1985
Lofberg
4528643
July 1985
Freeny, Jr.
4553252
November 1985
Egendorf
4558176
December 1985
Arnold et al.
4558413
December 1985
Schmidt et al.
4562306
December 1985
Chou et al.
4562495
December 1985
Bond et al.
4577289
March 1986
Comerford et al.
4584641
April 1986
Guglielmino
4588991
May 1986
Atalla
4589064
May 1986
Chiba et al.
4593183
June 1986
Fukatsu
4593353
June 1986
Pickholtz
4593376
June 1986
Volk
4595950
June 1986
Lofberg
4597058
June 1986
Izumi et al.
4634807
January 1987
Chorley et al.
4644493
February 1987
Chandra et al.
4646234
February 1987
Tolman et al.
4652990
March 1987
Pailen et al.
4658093
April 1987
Hellman
4670857
June 1987
Rackman
4672572
June 1987
Alsberg
4677434
June 1987
Fascenda
4680731
July 1987
Izumi et al.
4683553
July 1987
Mollier
4685056
August 1987
Barnsdale et al.
4688169
August 1987
Joshi
4691350
September 1987
Kleijne et al.
4696034
September 1987
Wiedemer
4701846
October 1987
Ikeda et al.
4712238
December 1987
Gilhousen et al.
4713753
December 1987
Boebert et al.
4740890
April 1988
William
4747139
May 1988
Taaffe
4757533
July 1988
Allen et al.
4757534
July 1988
Matyas et al.
4768087
August 1988
Taub et al.
4791565
December 1988
Dunham et al.
4796181
January 1989
Wiedemer
4799156
January 1989
Shavit et al.
4807288
February 1989
Ugon et al.
4817140
March 1989
Chandra et al.
4823264
April 1989
Deming
4827508
May 1989
Shear
4858121
August 1989
Barber et al.
4864494
September 1989
Kobus
4868877
September 1989
Fischer
4903296
February 1990
Chandra et al.
4924378
May 1990
Hershey et al.
4930073
May 1990
Cina, Jr.
4949187
August 1990
Cohen
4977594
December 1990
Shear
4999806
March 1991
Chernow et al.
5001752
March 1991
Fischer
5005122
April 1991
Griffin et al.
5005200
April 1991
Fischer
5010571
April 1991
Katznelson
5023907
June 1991
Johnson et al.
5047928
September 1991
Wiedemer
5048085
September 1991
Abraham et al.
5050213
September 1991
Shear
5091966
February 1992
Bloomberg et al.
5103392
April 1992
Mori
5103476
April 1992
Waite et al.
5111390
May 1992
Ketcham
5119493
June 1992
Janis et al.
5126936
June 1992
Champion et al.
5128525
July 1992
Stearns et al.
5136643
August 1992
Fischer
5136646
August 1992
Haber et al.
5136647
August 1992
Haber et al.
5136716
August 1992
Harvey et al.
5146575
September 1992
Nolan, Jr.
5148481
September 1992
Abraham et al.
5155680
October 1992
Wiedemer
5168147
December 1992
Bloomberg
5185717
February 1993
Mori
5201046
April 1993
Goldberg et al.
5201047
April 1993
Maki et al.
5208748
May 1993
Flores et al.
5214702
May 1993
Fischer
5216603
June 1993
Flores et al.
5221833
June 1993
Hecht
5222134
June 1993
Waite et al.
5224160
June 1993
Paulini et al.
5224163
June 1993
Gasser et al.
5235642
August 1993
Wobber et al.
5241671
August 1993
Reed et al.
5245165
September 1993
Zhang
5247575
September 1993
Sprague et al.
5260999
November 1993
Wyman
5263158
November 1993
Janis
5265164
November 1993
Matyas et al.
5276735
January 1994
Boebert et al.
5280479
January 1994
Mary
5285494
February 1994
Sprecher et al.
5301231
April 1994
Abraham et al.
5311591
May 1994
Fischer
5319705
June 1994
Halter et al.
5335169
August 1994
Chong
5337360
August 1994
Fischer
5341429
August 1994
Stringer et al.
5343527
August 1994
Moore
5347579
September 1994
Blandford
5351293
September 1994
Michener et al.
5355474
October 1994
Thuraisngham et al.
5373440
December 1994
Cohen et al.
5373561
December 1994
Haber et al.
5390247
February 1995
Fischer
5390330
February 1995
Talati
5392220
February 1995
van den Hamer et al.
5392390
February 1995
Crozier
5394469
February 1995
Nagel et al.
5410598
April 1995
Shear
5412717
May 1995
Fischer
5418713
May 1995
Allen
5421006
May 1995
Jablon
5422953
June 1995
Fischer
5428606
June 1995
Moskowitz
5438508
August 1995
Wyman
5442645
August 1995
Ugon
5444779
August 1995
Daniele
5449895
September 1995
Hecht et al.
5449896
September 1995
Hecht et al.
5450493
September 1995
Maher
5453601
September 1995
Rosen
5453605
September 1995
Hecht et al.
5455407
October 1995
Rosen
5455861
October 1995
Faucher et al.
5455953
October 1995
Russell
5457746
October 1995
Dolphin
5458494
October 1995
Krohn et al.
5463565
October 1995
Cookson et al.
5473687
December 1995
Lipscomb et al.
5473692
December 1995
Davis
5479509
December 1995
Ugon
5485622
January 1996
Yamaki
5491800
February 1996
Goldsmith et al.
5497479
March 1996
Hornbuckle
5497491
March 1996
Mitchell et al.
5499298
March 1996
Narasimhalu et al.
5504757
April 1996
Cook et al.
5504818
April 1996
Okano
5504837
April 1996
Griffeth et al.
5508913
April 1996
Yamamoto et al.
5509070
April 1996
Schull
5513261
April 1996
Maher
5530235
June 1996
Stefik et al.
5530752
June 1996
Rubin
5533123
July 1996
Force et al.
5534975
July 1996
Stefik et al.
5535322
July 1996
Hecht
5537526
July 1996
Anderson et al.
5539735
July 1996
Moskowitz
5539828
July 1996
Davis
5550971
August 1996
Brunner et al.
5553282
September 1996
Parrish et al.
5557518
September 1996
Rosen
5563946
October 1996
Cooper et al.
5568552
October 1996
Davis
5572673
November 1996
Shurts
5592549
January 1997
Nagel et al.
5606609
February 1997
Houser et al.
5613004
March 1997
Cooperman et al.
5621797
April 1997
Rosen
5629980
May 1997
Stefik et al.
5633932
May 1997
Davis et al.
5634012
May 1997
Stefik et al.
5636292
June 1997
Rhoads
5638443
June 1997
Stefik
5638504
June 1997
Scott et al.
5640546
June 1997
Gopinath et al.
5655077
August 1997
Jones et al.
5687236
November 1997
Moskowitz et al.
5689587
November 1997
Bender et al.
5692047
November 1997
McManis
5692180
November 1997
Lee
5710834
January 1998
Rhoads
5715403
February 1998
Stefik
5732398
March 1998
Tagawa
5740549
April 1998
Reilly et al.
5745604
April 1998
Rhoads
5748763
May 1998
Rhoads
5748783
May 1998
Rhoads
5748960
May 1998
Fischer
5754849
May 1998
Dyer et al.
5757914
May 1998
McManis
5758152
May 1998
LeTourneau
5765152
June 1998
Erickson
5768426
June 1998
Rhoads
5774872
June 1998
Golden et al.
5819263
October 1998
Bromley et al.
5842173
November 1998
Strum et al.
Foreign Patent Documents
0 370 146
Nov., 1988
EP
0 456 386 A2
Nov., 1991
EP
0 469 864 A2
Feb., 1992
EP
0 565 314 A2
Oct., 1993
EP
0 593 305 A2
Apr., 1994
EP
0 651 554 A1
May., 1995
EP
0 668 695 A2
Aug., 1995
EP
0 695 985 A1
Feb., 1996
EP
0 696 798 A1
Feb., 1996
EP
0 725 376
Aug., 1996
EP
0 778 513 A2
Jun., 1997
EP
0 795 873 A2
Sep., 1997
EP
0 84 441
Jul., 1983
EP
0128672
Dec., 1984
EP
0135422
Mar., 1985
EP
0180460
May., 1986
EP
0399822A2
Nov., 1990
EP
0421409A2
Apr., 1991
EP
0715243A1
Jun., 1996
EP
0715244A1
Jun., 1996
EP
0715245A1
Jun., 1996
EP
0715246A1
Jun., 1996
EP
0715247A1
Jun., 1996
EP
0749081A1
Dec., 1996
EP
1-068835
Mar., 1989
JP
2-242352
Sep., 1990
JP
2-247763
Oct., 1990
JP
2-294855
Dec., 1990
JP
2136175
Sep., 1984
GB
2264796A
Sep., 1993
GB
2294348
Apr., 1996
GB
2295947
Jun., 1996
GB
3803982A1
Jan., 1990
DE
4-369068
Dec., 1992
JP
5-181734
Jul., 1993
JP
5-257783
Oct., 1993
JP
5-268415
Oct., 1993
JP
57-726
May., 1982
JP
6-175794
Jun., 1994
JP
6-215010
Aug., 1994
JP
62-241061
Oct., 1987
JP
6225059
Aug., 1994
JP
64-68835
Mar., 1989
JP
7-056794
Mar., 1995
JP
7-084852
Mar., 1995
JP
7-141138
Jun., 1995
JP
7-200317
Aug., 1995
JP
7-200492
Aug., 1995
JP
7-244639
Sep., 1995
JP
8-137795
May., 1996
JP
8-152990
Jun., 1996
JP
8-185298
Jul., 1996
JP
9 004 79
Dec., 1984
BE
WO 85/03584
Aug., 1985
WO
WO 90/02382
Mar., 1990
WO
WO 92/06438
Apr., 1992
WO
WO 92/22870
Dec., 1992
WO
WO 93/01550
Jan., 1993
WO
WO 94/01821
Jan., 1994
WO
WO 94/03859
Feb., 1994
WO
WO 94/06103
Mar., 1994
WO
WO 94/16395
Jul., 1994
WO
WO 94/18620
Aug., 1994
WO
WO 94/22266
Sep., 1994
WO
WO 94/27406
Nov., 1994
WO
WO 96/00963
Jan., 1996
WO
WO 96/03835
Feb., 1996
WO
WO 96/05698
Feb., 1996
WO
WO 96/06503
Feb., 1996
WO
WO 96/13013
May., 1996
WO
WO 96/21192
Jul., 1996
WO
WO 97/03423
Jan., 1997
WO
WO 97/48203
Dec., 1997
WO
WO A8502310
May., 1985
WO
WO95/14289
May., 1995
WO
WO97/07656
Mar., 1997
WO
WO97/32251
Sep., 1997
WO
Other References
Applications Requirements for Innovative Programming; How to Foster (or Cripple) Program Development Opportunities for Interactive Video Programs Delivered on Optical Media; A Challenge for the Introduction of DVD (Digital Video Disc) (Oct. 19-20, 1995, Sheraton Universal Hotel, Universal City CA). .
Argent Information Q&A Sheet, http://www.digital-watermark.com/, Copyright 1995, The DICE Company, 7 pages. .
Arneke, David, et al., News Release, AT&T, Jan. 9, 1995, AT&T encryption system protects information services, 1 page. .
AT&T Technology, vol. 9, No. 4, New Products, Systems and Services, pp. 16-19. .
Baggett, Claude, Cable's Emerging Role in the Information Superhighway, Cable Labs, 13 slides. .
Barassi, Theodore Sedgwick, Esq., The Cybernotary: Public Key Registration and Certification and Authentication of International Legal Transactions, 4 pages. .
Barnes, Hugh, memo to Henry LaMuth, subject: George Gilder articles, May 31, 1994. .
Bart, Dan, Comments in the Matter of Public Hearing and Request for Comments on the International Aspects of the National Information Infrastructure, Aug. 12, 1994. .
Baum, Michael, Worldwide Electronic Commerce: Law, Policy and Controls Conference, program details, Nov. 11, 1993. .
Bisbey, II et al., Encapsulation: An Approach to Operating System Security, Oct. 1973, pp. 666-675. .
Blom et al., Encryption Methods in Data Networks, Ericsson Technics, No. 2, 1978, Stockholm, Sweden. .
Bruner, Rick E., PowerAgent, NetBot help advertisers reach Internet shoppers, Aug. 1997 (Document from Internet). .
Cable Television and America's Telecommunications Infrastructure, National Cable Television Association, Apr. 1993. .
Caruso, Technology, Digital Commerce 2 plans for watermarks, which can bind proof of authorship to electronic works, New York Times (Aug. 1995). .
CD ROM, Introducing . . . The Workflow CD-ROM Sampler, Creative Networks, MCIMail: Creative Networks, Inc., Pala Alto, California. .
Choudhury, et al., Copyright Protection for Electronic Publishing over Computer Networks, AT&T Bell. .
Laboratores, Murray Hill, New Jersey 07974 (Jun. 1994). .
Clark, Tim, Ad service gives cash back, www.news.com, Aug. 4, 1997, 2 pages (Document from Internet). .
Codercard, Spec Sheet--Basic Coder Subsystem, No date given. .
Communications of the ACM, Intelligent Agents, Jul. 1994, vol. 37, No. 7. .
Communications of the ACM, Jun. 1996, vol. 39, No. 6. .
Computer Systems Policy Project (CSSP), Perspectives on the National Information Infrastructure: Ensuring Interoperability (Feb. 1994), February 1994. .
Cunningham, Donna, et al., News Release, AT&T, Jan. 31, 1995, AT&T, VLSI Technology join to improve info highway security, 3 pages. .
Data Sheet, About the Digital Notary Service, Surety Technologies, Inc., 1994-95, 6 pages. .
Dempsey, et al., D-Lib Magazine, Jul./Aug. 1996 The Warwick Metadata Workshop: A Framework for the Deployment of Resource Description, Jul. 15, 1966. .
Denning et al., Data Security, 11 Computing Surveys No. 3, Sep. 1979. .
Diffie, Whitfield and Martin E. Hellman, IEEE Transactions on Information Theory, vol. 22, No. 6, Nov. 1976, New Directions in Cryptography, pp. 644-651. .
Diffie, Whitfield and Martin E. Hellman, Proceedings of the IEEE, vol. 67, No. 3, Mar. 1979, Privacy and Authentication: An Introduction to Cryptography, pp. 397-427. .
Digest of Papers, VLSI: New Architectural Horizons, Feb. 1980, Preventing Software Piracy With Crypto-Microprocessors, Robert M. Best, pp. 466-469. .
DiscStore (Electronic Publishing Resources 1991). .
Document from Internet, cgi@ncsa.uiuc.edu, CGI Common Gateway Interface, 1 page, 1996. .
DSP56000/DSP56001 Digital Signal Processor User's Manual, Motorola, 1990, pp. 2-2. .
Dusse, Stephen R. and Burton S. Kaliski A Cryptographic Library for the Motorola 56000 in Damgard, I.M., Advances in Cryptology--Proceedings Eurocrypt 90, Springer-Verlag, 1991, pp. 230-244. .
Dyson, Esther, Intellectual Value, Wired Magazine, Jul. 1995, pp. 136-141 and 182-184. .
Effector Online vol. 6 No. 6, A Publication of the Electronic Frontier Foundation, 8 pages, Dec. 6, 1993. .
EIA and TIA White Paper on National Information Infrastructure,published by the Electronic Industries Association and the Telecommunications Industry Association, Washington, D.C., no date. .
Electronic Currency Requirements, XIWT (Cross Industry Working Group), no date. .
Electronic Publishing Resources Inc. Protecting Electronically Published Properties Increasing Publishing Profits (Electronic Publishing Resources 1991). .
Firefly Network, Inc., www.ffly.com, What is Firefly? Firefly revision: 41.4 Copyright 1995, 1996. .
First CII Honeywell Bull International Symposium on Computer Security and Confidentiality, Jan. 26-28, 1981, Conference Text, pp. 1-21. .
Framework for National Information Infrastructure Services, Draft, U.S. Department of Commerce, Jul. 1994. .
Framework for National Information Infrastructure Services, NIST, Jul. 1994, 12 slides. .
Garcia, D. Linda, testimony before a hearing on science, space and technology, May 26, 1994. .
Gleick, James, "Dead as a Dollar" The New York Times Magazine, Jun. 16, 1996, Section 6, pp. 26-30, 35, 42, 50, 54. .
Green paper, Intellectual Property and the National Information Infrastructure, a Preliminary Draft of the Report of the Working Group on Intellectual Property Rights, Jul. 1994. .
Greguras, Fred, Softic Symposium '95, Copyright Clearances and Moral Rights, Nov. 30, 1995 (as updated Dec. 11, 1995), 3 pages. .
Guillou, L.: Smart Cards and Conditional Access, pp. 480-490 Advances in Cryptography, Proceedings of EuroCrypt 84 (Beth et al, Ed., Springer-Verlag 1985). .
Harman, Harry H., Modern Factor Analysis, Third Edition Revised, University of Chicago Press Chicago and London, Third revision published 1976. .
Herzberg, Amir et al., Public Protection of Software, ACM Transactions on Computer Systems, vol. 5, No. 4, Nov. 1987, pp. 371-393. .
Hofmann, Jud, Interfacing the NII to User Homes, Electronic Industries Association, Consumer Electronic Bus Committee, 14 slides, no date. .
Holt, Stannie, Start-up promises user confidentiality in Web marketing service, Info World Electric, Aug. 13, 1997 (Document from Internet). .
IBM Technical Disclosure Bulletin, Multimedia Mixed Object Envelopes Supporting a Graduated Fee Scheme via Encryption, vol. 37, No. 03, Mar. 1994, Armonk, NY. .
IBM Technical Disclosure Bulletin, Transformer Rules for Software Distribution Mechanism--Support Products, vol. 37, No. 04B, Arp. 1994, Armonk, NY. .
IISP Break Out Session Report for Group No. 3, Standards Development and Tracking Systems, no date. .
Information Infrastructure Standards Panel: NII `The Information Superhighway`, Nations Bank--HGDeal--ASC X9, 15 pages. .
Invoice? What is an Invoice? Business Week, Jun. 10, 1996. .
Jiang, et al, A concept-Based Approach to Retrieval from an Electronic Industrialn Directory, International Journal of Electronic Commerce, vol. 1, No. 1, Fall 1996, pp. 51-72. .
Jones, Debra, Top Tech Stories, PowerAgent Introducts First Internet `Infomediary` to Empower and Protect Consumers, Aug. 13, 1997 3 pages (Document from Internet). .
Kelly, Kevin, Whole Earth Review, E-Money,pp. 40-59, Summer 1993. .
Kent, Protecting Externally Supplied Software In Small Computers (MIT/LCS/TR-255 Sep. 1980). .
Kohntopp, M., Sag's durch die Blume, Apr. 1996, marit@schulung.netuse.de. .
Kristol et al., Anonymous Internet Mercantile Protocol, AT&T Bell Laboratories, Murray Hill, New Jersey, Draft: Mar. 17, 1994. .
Lagoze, Carl, D-Lib Magazine, Jul./Aug. 1996, The Warwick Framework, A Container Architecture for Diverse Sets of Metadata. .
Lanza, Mike, electronic mail, George Gilder's Fifth Article--Digital Darkhorse--Newspapers, Feb. 21, 1994. .
Levy, Steven, Wired, E-Money, That's What I Want, 10 pages, Dec. 1994. .
Low et al., Anonymous Credit Cards and its Collusion Analysis, AT&T Bell Laboratories, Murray Hill, New Jersey, Oct. 10, 1994. .
Low et al., Anonymous Credit Cards, AT&T Bell Laboratories, Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, Virginia, Nov. 2-4, 1994. .
Low et al., Document Marking and Identification using both Line and Word Shifting, AT&T Bell Laboratories, Murray Hill, New Jersey, Jul. 29, 1994. .
Maclachlan, Malcolm, PowerAgent Debuts Spam-Free Marketing, TechWire, Aug. 13, 1997, 3 pages (Document from Internet). .
Maxemchuk, Electronic Document Distribution, AT&T Bell Laboratories, Murray Hill, New Jersey 07974. .
Micro Card--Micro Card Technologies, Inc., Dallas, Texas, No date given. .
Milbrandt, E., Stenanography Info and Archive, 1996. .
Mori, Ryoichi and Masaji Kawahara, The Transactions of the EIEICE, V, Superdistribution: The Concept and the Architecture, E73 (Jul. 1990), No. 7, Tokyo, Japan. .
Mossberg, Walter S., Personal Technology, Threats to Privacy On-Line Become More Worrisome, Wall Street Journal, Oct. 24, 1996. .
Negroponte, Electronic Word of Mouth, Wired Oct. 1996, p. 218. .
Negroponte, Nicholas, Telecommunications, Some Thoughts on Likely and expected Communications scenarios: A Rebuttal, pp. 41-42, Jan. 1993. .
Neumann, et al., A Provably Secure Operating System: The System, Its Applications, and Proofs, Computer Science Laboratory Report CSL-116, Second Edition, SRI International (May 1980). .
News Release, Premenos Announces Templar 2.0--Next Generation Software for Secure Internet EDI, webmaster@templar.net, 1 page, Jan. 17, 1996. .
News Release, The Document Company Xerox, Xerox Announces Software Kit for Creating Working Documents with Dataglyphs, Nov. 6, 1995, Minneapolis, MN, 13 pages. .
News Release, The White House, Office of the President, Background on the Administration's Telecommunications Policy Reform Initiative, Jan. 11, 1994. .
NII, Architecture Requirements, XIWT, no date. .
Open System Environment Architectural Framework for National Information Infrastructure Services and Standards, in Support of National Class Distributed Systems, Distributed System Engineering Program Sponsor Group, Draft 1.0, Aug. 5, 1994. .
Pelton, Dr. Joseph N., Telecommunications, Why Nicholas Negroponte is Wrong About the Future of Telecommunication, pp. 35-40, Jan. 1993. .
Portland Software's ZipLock, Internet information, Copyright Portland Software 1996-1997, 12 pages. .
PowerAgent Inc., Proper Use of Consumer Information on the Internet White Paper, Jun. 1997, Document from Internet, 9 pages (Document from Internet). .
PowerAgent Press Releases, What the Experts are Reporting on PowerAgent, Aug. 13, 1997, 6 pages (Document from Internet). .
PowerAgent Press Releases, What the Experts are Reporting on PowerAgent, Aug. 4, 1997, 5 pages (Document from Internet). .
PowerAgent Press Releases, What the Experts are Reporting on PowerAgent, Aug. 13, 1997, 3 pages (Document from Internet). .
Premenos Corp. White Paper: The Future of Electronic Commerce, A Supplement to Midrange Systems, Internet webmaster@premenos.com, 4 pages. .
Press Release, National Semiconductor and EPR Partner For Information Metering/Data Security Cards (Mar. 4, 1994). .
Rankine, G., Thomas--A Complete Single-Chip RSA Device, Advances in Cryptography, Proceedings of Crypto 86, pp. 480-487 (A.M. Odlyzko Ed., Springer-Verlag 1987). .
Reilly, Arthur K., Standards committee T1-Telecommunications, Input to the `International Telecommunications Hearings,` Panel 1: Component Technologies of the NII/GII, no date. .
Resnick, et al., Recommender Systems, Communications of the ACM, vol. 40, No. 3, Mar. 1997, pp. 56-89. .
ROI (Personal Library Software, 1987 or 1988). .
ROI-Solving Critical Electronic Publishing Problems (Personal Library Software, 1987 or 1988). .
Rose, Lance, Cyberspace and the Legal Matrix: Laws or Confusion?, 1991. .
Rosenthal, Steve, New Media, Interactive Network: Viewers Get Involved, pp. 30-31, Dec. 1992. .
Rosenthal, Steve, New Media, Interactive TV: The Gold Rush Is On, pp. 27-29, Dec. 1992. .
Rosenthal, Steve, New Media, Mega Channels, pp. 36-46, Sep. 1993. .
Rothstein, Edward, The New York Times, Technology, Connections, Making th eInternet come to you, through `push` technology.. pp D5, Jan. 20, 1997. .
Rutkowski, Ken, PowerAgent Introduces First Internet `Infomediary` to Empower and Protect Consumers, Tech Talk News Story, Aug. 4, 1997 (Document from Internet). .
Sager, Ira (Edited by), Bits & Bytes, Business Week, Sep. 23, 1996, p. 142E. .
Schlossstein, Steven, International Economy, America: The G7's Comeback Kid, Jun./Jul. 1993. .
Schurmann, Jurgen, Pattern Classification, A Unified View of Statistical and Neural Approaches, John Wiley & Sons, Inc., 1996. .
Scnaumueller-Bichi et al., A Method of Software Protection Based on the Use of Smart Cards and Cryptographic Techniques, No date given. .
Serving the Community: A Public-Interest Vision of the National Information Infrastructure, Computer Professionals for Social Responsibility, Executive Summary, no date. .
Shear, Solutions for CD-ROM Pricing and Data Security Problems, pp. 530-533, CD ROM Yearbook 1988-1989) (Microsoft Press 1988 or 1989). .
Smith et al., Signed Vector Timestamps: A Secure Protocol for Partial Order Time, CMU-93-116, School of Computer Science Carnegie Mellon University, Pittsburgh, Pennsylvania, Oct. 1991; version of February 1993. .
Special Report, The Internet:Fulfulling the Promise The Internet: Bring Order From Chaos; Lynch, Clifford, Search the Internet; Resnick, Paul, Filtering Information on the Internet; Hearst, Marti A., Interfaces for Searching the Web; Stefik, Mark, Trusted Systems; Scientific American, Mar. 1997, pp. 49-56, 62-64, 68-72, 78-81. .
Stefik, Internet Dreams: Archetypes, Myths, and Metaphors, Letting Loose the Light: Igniting Commerce in Electronic Publication, pp. 219-253, (1996) Massachusetts Institute of Technology. .
Stefik, Mark, Introduction to Knowledge Systems, Chapter 7, Classification, pp 543-607, 1995 by Morgan Kaufmann Publishers, Inc. .
Stefik, Mark, Letting Loose the Light, Igniting Commerce in Electronic Publication, (1994, 1995) Pala Alto, California. .
Stephenson, Tom, Advanced Imaging, The Info Infrastructure Initiative: Data Superhighways and You, pp. 73-74, May 1993. .
Sterling, Bruce, Literary freeware: Not for Commercial Use, remarks at Computers, Freedom and Privacy Conference IV, Chicago, Mar. 26, 1994. .
Struif, Bruno The Use of Chipcards for Electronic Signatures and Encryption in: Proceedings for the 1989 Conference on VSLI and Computer Peripherals, IEEE Computer Society Press, 1989, pp. 4/155-4/158. .
Suida, Karl, Mapping New Applications Onto New Technologies, Security Services in Telecommunications Networks, Mar. 8-10, 1988, Zurich. .
Templar Overview,: Premenos, Internet info@templar.net, 4 pages. .
Templar Software and Services: Secure, Reliable, Standards-Based EDI Over the Internet, Prementos, Internet info@templar.net, 1page. .
The 1.1 Future of the Electronic Marketplace: Return to a Hunting and Gathering Society, 2 pages no date. .
The Benefits of ROI For Database Protection and Usage Based Billing (Personal Library Software, 1987 or 1988). .
The New Alexandria No. 1, Alexandria Institute, pp. 1-12, Jul.-Aug. 1986. .
Tygar et al., Cryptography: It's Not Just For Electronic Mail Anymore, CMU-CS-93-107, School of Computer Science Carnegie Mellon University, Pittsburgh, Pennsylvania, Mar. 1, 1993. .
Tygar et al., Dyad: A System Using Physically Secure Coprocessors, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213 (undated). .
Tygar et al., Dyad: A System for Using Physically Secure Coprocessors, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213 (May. 1991). .
Valovic T., Telecommunications, The Role of Computer Networking in the Emerging Virtual Marketplace, pp. 40-44. .
Voight, Joan, Beyond the Banner, Wired, Dec. 1996, pp. 196, 200, 204. .
Vonder Haar, Steven, PowerAgent Launches Commercial Service, Inter@ctive Week, Aug. 4, 1997 (Document from Internet). .
Weber, Dr. Robert, Digital Rights Management Technologies, A Report to the International Federation of Reproduction Rights Organisations, Oct. 1995,pp 1-49. .
Weber, Dr. Robert, Digital Rights Management Technologies, Oct. 1995, 21 pages. .
Weber, Metering Technologies for Digital Intellectual Property, A Report to the International Federation of Reproduction Rights Organisations, pp 1-29; Oct. 1994, Boston, MA, USA. .
Weber, Adele, Life on the InfoHighway, 4 pages, no date. .
Weingart, Physical Security for the :ABYSS System, IBM Thomas J. Watson Research Center, Yorktown Heights, New York 10598 (1987). .
Weitzner, Daniel J., A Statement on EFF's Open Platform Campaign as of Nov., 1993, 3 pages. .
WEPIN Store, Stenography (Hidden Writing) (Common Law 1995). .
White, ABYSS: A Trusted Architecture for Software Protection, IBM Thomas J. Watson Research Center, Yorktown Heights, New York 10598 (1987). .
Wired 1.02, Is Advertising Really dead?, Part 2, 1994. .
World Wide Web FAQ, How can I put an access counter on my home page?, 1 page, 1996. .
XIWT Cross Industry Working Team, 5 pages, Jul. 1994. .
Yee, Using Secure Coprocessors, CMU-CS-94-149, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA15213..~
Primary Examiner:
Buczinski; Stephen C.
Attorney, Agent or Firm:
Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P.
Parent Case Text
CROSS REFERENCE TO RELATED APPLICATION
This application is related to commonly assigned copending application Ser. No. 08/388,107 of Ginter et al., filed Feb. 13, 1995, entitled "SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION". We incorporate by reference, into this application, the entire disclosure of this prior-filed Ginter et al. patent application just as if its entire written specification and drawings were expressly set forth in this application.
Claims
We claim:
1. A security method comprising:
(a) digitally signing a first load module with a first digital signature designating the first load module for use by a first device class;
(b) digitally signing a second load module with a second digital signature different from the first digital signature, the second digital signature designating the second load module for use by a second device class having at least one of tamper resistance and security level different from the at least one of tamper resistance and security level of the first device class;
(c) distributing the first load module for use by at least one device in the first device class; and
(d) distributing the second load module for use by at least one device in the second device class.
2. A method as in claim 1 further including the step of using the first and second digital signatures to prevent the tamper resistances or security levels of the first and second device classes from becoming equal.
3. A method as in claim 1 further including the step of conditionally executing, based at least in part on authenticating the first digital signature, the first load module with a first electronic appliance within the first device class.
4. A method as in claim 3 further including the step of conditionally executing, based at least in part on authenticating the second digital signature, the second load module with a second electronic appliance different from the first electronic appliance, the second electronic appliance being within the second device class.
5. A software verifying method comprising:
(a) testing a load module having at least one specification associated therewith, the specification describing one or more functions performed by the load module;
(b) verifying that the load module satisfies the specification; and
(c) issuing at least one digital certificate attesting to the results of the verifying step.
6. A method of authenticating a load module comprising:
(a) authenticating a first digital signature associated with some or all of the load module, including the step of employing a first one-way hash algorithm, a first decryption algorithm, and a first public key key, the first public key secured behind a tamper resistant barrier and therefore hidden from the user; and
(b) authenticating a second digital signature associated with the same portion of the load module as the first digital signature is associated with, including the step of employing at least one of:
(i) a second one-way hash algorithm that is different from the first one-way hash algorithm,
(ii) a second decryption algorithm that is different from the first decryption algorithm, and
(iii) a second public key that is different from the first public key.
7. A method as in claim 6 further including the step of randomly selecting one of step (a) and step (b) prior to executing the load module.
8. A method as in claim 6 wherein:
(i) step (a) is performed by a first electronic appliance, and
(ii) step (b) is performed by a second electronic appliance different from the first electronic appliance.
9. A method of distinguishing between trusted and untrusted load modules comprising:
(a) receiving a load module,
(b) determining whether the load module has an associated digital signature,
(c) if the load module has an associated digital signature, authenticating the digital signature using at least one public key secured behind a tamper resistant barrier and therefore hidden from the user; and
(d) conditionally executing the load module based at least in part on the results of authenticating step (c).
10. A method of increasing the security of a virtual distribution environment comprising plural interoperable protected processing environments having different security levels, the method comprising:
(a) classifying the plural protected processing environments based on security level,
(b) distributing different verification public keys to different protected processing environments having different security level classifications, and
(c) using the distributed verification public keys to authenticate load modules, including the step of preventing protected processing environments having different security level classifications from executing the same load module.
11. A method as in claim 10 further including the step of maintaining the distributed verification public keys within tamper resistant barriers.
12. A method as in claim 10 further including the step of digitally signing each load module with at least two different, independent techniques.
13. A method as in claim 10 further including the step of testing whether the load module satisfies at least one specification describing one or more functions of the load module, and digitally signing the load module and the associated specification if the testing step reveals the specification is satisfied.
14. A first protected processing environment comprising:
a first tamper resistant barrier having a first security level, and
at least one arrangement within the first tamper resistant barrier that prevents the first protected processing environment from executing the same load module accessed by a second protected processing environment having a second tamper resistant barrier with a second security level different from the first security level.
15. A protected processing environment as in claim 14 wherein the preventing arrangement includes a digital signature authenticating circuit.
16. A protected processing environment as in claim 14 wherein the preventing arrangement includes first and second digital signature authenticating circuits applying different digital signature authenticating techniques.
17. A protected processing environment as in claim 14 wherein the preventing arrangement comprises means for randomly selecting between first and second, different digital signature authentication techniques.
18. A method for protecting a first computing arrangement surrounded by a first tamper resistant barrier having a first security level, the method including:
preventing the first computing arrangement from using the same software module accessible by a second computing arrangement having a second tamper resistant barrier with a second security level different from the first security level.
19. A method as in claim 19 wherein the preventing step comprises:
authenticating at least one digital signature associated with the first computing arrangement as corresponding to the first security level.
20. A method of protecting computing arrangements comprising:
(a) associating plural digital signatures with a load module;
(b) authenticating a first subset of the plural digital signatures with a first tamper resistant computing arrangement; and
(c) authenticating a second subset of the plural digital signatures with a second tamper resistant computing arrangement different from the first computing arrangement.
21. A computer security method comprising:
digitally signing, using a first digital signing technique, a first executable designating the first executable for use by a first device class; and
digitally signing, using a second digital signing technique different from the first digital signing technique, a second executable designating the second executable for use by a second device class having at least one of tamper resistance and security level different from the at least one tamper resistance and security level of the first device class.
22. A method as in claim 21 further including the step of using the first and second digital signatures to prevent the tamper resistances or security levels of the first and second device classes from collapsing into one another.
23. A method as in claim 21 further including the step of conditionally executing the first executable based at least in part on authenticating the first executable with a first electronic appliance within the first device class.
24. A method as in claim 23 further including the step of conditionally executing the second executable with a second electronic appliance different from the first electronic appliance, the second electronic appliance being within the second device class.
25. A software verifying method comprising:
testing an executable having at least one specification associated therewith, the specification describing one or more functions of the load module;
verifying that the executable satisfies the specification; and
issuing at least one digital certificate attesting to the results of the verifying step.
26. A method of authenticating an executable comprising:
(a) authenticating a first digital signature associated with some or all of the executable, including the step of employing a first one-way hash algorithm, a first decryption algorithm, and a first public key, the first public key secured behind a tamper resistant barrier and therefore hidden from the user; and
(b) authenticating a second digital signature associated with the same portion of the executable as the first digital signature is associated with, including the step of employing at least one of:
(i) a second one-way hash algorithm that is different from the first one-way hash algorithm,
(ii) a second decryption algorithm that is different from the first decryption algorithm, and
(iii) a second public key that is different from the first public key.
27. A method as in claim 26 further including the step of randomly selecting one of step (a) and step (b) prior to executing the executable.
28. A method as in claim 26 wherein:
(i) step (a) is performed by a first electronic appliance, and
(ii) step (b) is performed by a second electronic appliance different from the first electronic appliance.
29. A method of distinguishing between trusted and untrusted executables comprising:
(a) receiving a executable,
(b) determining whether the executable has an associated digital signature,
(c) if the executable has an associated digital signature, authenticating the digital signature using at least one public key secured behind a tamper resistant barrier and therefore hidden from the user; and
(d) conditionally executing the executable based at least in part on the results of authenticating step (c).
30. A method of increasing the security of plural interoperable secure execution spaces having different security levels, the method comprising:
(a) classifying the plural secure execution spaces based on security level,
(b) distributing different verification public keys to different secure execution spaces having different security level classifications, and
(c) using the distributed verification public keys to authenticate executables, including the step of preventing secure execution spaces having different security level classifications from executing the same executable.
31. A method as in claim 30 further including the step of maintaining the distributed verification public keys within tamper resistant enclosures.
32. A method as in claim 30 further including the step of digitally signing each executable with at least two different, independent techniques or by different verifying authorities.
33. A method as in claim 30 further including the step of testing whether the executable satisfies at least one specification at least in part describing the executable operation, and digitally signing the executable and associated specification if the testing step reveals the executable satisfies the specification.
34. A protected processing environment comprising:
a first tamper resistant barrier having a first security level,
a first secure execution space, and
at least one arrangement within the first tamper resistant barrier that prevents the first secure execution space from executing the same executable accessed by a second secure execution space having a second tamper resistant barrier with a second security level different from the first security level.
35. A secure execution space as in claim 34 wherein the preventing arrangement includes a digital signature authenticating circuit.
36. A secure execution space as in claim 35 wherein the preventing arrangement includes first and second digital signature authenticating circuits applying different digital signature authenticating techniques.
37. A secure execution space as in claim 34 wherein the preventing arrangement comprises means for randomly selecting between first and second, different digital signature authentication techniques.
38. A method for protecting a first computing arrangement surrounded by a first tamper resistant barrier having a first security level, the method including:
preventing the first computing arrangement from using the same software module accessed by a second computing arrangement having a second tamper resistant barrier with a second security level different from the first security level.
39. A method as in claim 38 wherein the preventing step comprises authenticating at least one digital signature associated with the first computing arrangement as corresponding to the first security level.
40. A method of protecting computing arrangements comprising:
(a) associating plural digital signatures with an executable;
(b) authenticating a first subset of the plural digital signatures with a first tamper resistant computing arrangement; and
(c) authenticating a second subset of the plural digital signatures with a second tamper resistant computing arrangement different from the first environment.
41. A method as in claim 40 wherein the associating step (a) comprises digitally signing the executable with first and second, different verifying authorities within a web of trust.
Description
FIELD OF THE INVENTION(S)
This invention relates to computer security, and more particularly to secure and/or protected computer execution environments. Still more specifically, the present invention relates to computer security techniques based at least in part on cryptography, that protect a computer processing environment against potentially harmful computer executables, programs and/or data; and to techniques for certifying load modules such as executable computer programs or fragments thereof as being authorized for use by a protected or secure processing environment.
BACKGROUND AND SUMMARY OF THE INVENTION(S)
Computers have become increasingly central to business, finance and other important aspects of our lives. It is now more important than ever to protect computers from "bad" or harmful computer programs. Unfortunately, since many of our most critical business, financial and governmental tasks now rely heavily on computers, dishonest people have a great incentive to use increasingly sophisticated and ingenious computer attacks.
Imagine, for example, if a dishonest customer of a major bank could reprogram the bank's computer so it adds to instead of subtracts from the customer's account--or diverts a penny to the customer's account from anyone else's bank deposit in excess of $10,000. If successful, such attacks would not only allow dishonest people to steal, but could also undermine society's confidence in the integrity and reliability of the banking system.
Terrorists can also try to attack us through our computers. We cannot afford to have harmful computer programs destroy the computers driving the greater San Francisco metropolitan air traffic controller network, the New York Stock Exchange, the life support systems of a major hospital, or the Northern Virginia metropolitan area fire and paramedic emergency dispatch service.
There are many different kinds of "bad" computer programs, which in general are termed "Trojan horses"--programs that cause a computer to act in a manner not intended by its operator, named after the famous wooden horse of Troy that delivered an attacking army disguised as an attractive gift. One of the most notorious kinds is so-called "computer viruses"--"diseases" that a computer can "catch" from another computer. A computer virus is a computer program that instructs the computer to do harmful or spurious things instead of useful things--and can also replicate itself to spread from one computer to another. Since the computer does whatever its instructions tell it to do, it will carry out the bad intent of a malicious human programmer who wrote the computer virus program--unless the computer is protected from the computer virus program. Special "anti-virus" protection software exists, but it unfortunately is only partially effective--for example, because new viruses can escape detection until they become widely known and recognized, and because sophisticated viruses can escape detection by masquerading as tasks the computer is supposed to be performing.
Computer security risks of all sorts--including the risks from computer viruses--have increased dramatically as computers have become increasingly connected to one another over the Internet and by other means. Increased computer connectivity provides increased capabilities, but also creates a host of computer security problems that haven't been fully solved. For example, electronic networks are an obvious path for spreading computer viruses. In October 1988, a university student used the Internet (a network of computer networks connected to millions of computers worldwide) to infect thousands of university and business computers with a self-replicating "worm" virus that took over the infected computers and caused them to execute the computer virus instead of performing the tasks they were supposed to perform. This computer virus outbreak (which resulted in a criminal prosecution) caused widespread panic throughout the electronic community.
Computer viruses are by no means the only computer security risk made even more significant by increased computer connectivity. For example, a significant percentage of the online electronic community has recently become committed to a new "portable" computer language called Java.TM. developed by Sun Microsystems of Mountain View, Calif. Java was designed to allow computers to interactively and dynamically download computer program code fragments (called "applets") over an electronic network such as the internet, and execute the downloaded code fragments locally. Java's "download and execute" capability is valuable because it allows certain tasks to be performed locally on local equipment using local resources. For example, a user's computer could run a particularly computationally or data-intensive routine--relieving the provider's computer from having to run the task and/or eliminating the need to transmit large amounts of data over the communications path.
While Java's "download and execute" capability has great potential, it raises significant computer security concerns. For example, Java applets could be written to damage hardware, software or information on the recipient computer, make the computer unstable by depleting its resources, and/or access confidential information on the computer and send it to someone else without first getting the computer owner's permission. People have expended lots of time and effort trying to solve Java's security problems. To alleviate some of these concerns, Sun Microsystems has developed a Java interpreter providing certain built-in security features such as:
a Java verifier that will not let an applet execute until the verifier verifies the applet doesn't violate certain rules,
a Java class loader that treats applets originating remotely differently from those originating locally,
a Java security manager that controls access to resources such as files and network access, and
promised to come soon--the use of digital signatures for authenticating applets.
Numerous security flaws have been found despite these techniques. Moreover, a philosophy underlying this overall security design is that a user will have no incentive to compromise the security of her own locally installed Java interpreter--and that any such compromise is inconsequential from a system security standpoint because only the user's own computer (and its contents) are at risk. This philosophy--which is typical of many security system designs--is seriously flawed in many useful electronic commerce contexts for reasons described below in connection with the above-referenced Ginter et al. patent specification.
The Ginter et al. specification describes a "virtual distribution environment" comprehensively providing overall systems and wide arrays of methods, techniques, structures and arrangements that enable secure, efficient electronic commerce and rights management, including on the Internet or other "Information Super Highway."
The Ginter et al. patent disclosure describes, among other things, techniques for providing a secure, tamper resistant execution spaces within a "protected processing environment" for computer programs and data. The protected processing environment described in Ginter et al. may be hardware-based, software-based, or a hybrid. It can execute computer code the Ginter et al. disclosure refers to as "load modules." See, for example, Ginter et al. FIG. 23 and corresponding text. These load modules--which can be transmitted from remote locations within secure cryptographic wrappers or "containers"--are used to perform the basic operations of the "virtual distribution environment." Load modules may contain algorithms, data, cryptographic keys, shared secrets, and/or other information that permits a load module to interact with other system components (e.g., other load modules and/or computer programs operating in the same or different protected processing environment). For a load module to operate and interact as intended, it must execute without unauthorized modification and its contents may need to be protected from disclosure.
Unlike many other computer security scenarios, there may be a significant incentive for an owner of a Ginter et al. type protected processing environment to attack his or her own protected processing environment. For example:
the owner may wish to "turn off" payment mechanisms necessary to ensure that people delivering content and other value receive adequate compensation; or
the owner may wish to defeat other electronic controls preventing him or her from performing certain tasks (for example, copying content without authorization); or
the owner may wish to access someone else's confidential information embodied within electronic controls present in the owner's protected processing environment; or
the owner may wish to change the identity of a payment recipient indicated within controls such that they receive payments themselves, or to interfere with commerce; or
the owner may wish to defeat the mechanism(s) that disable some or all functions when budget has been exhausted, or audit trails have not been delivered.
Security experts can often be heard to say that to competently do their job, they must "think like an attacker." For example, a successful home security system installer must try to put herself in the place of a burglar trying to break in. Only by anticipating how a burglar might try to break into a house can the installer successfully defend the house against burglary. Similarly, computer security experts must try to anticipate the sorts of attacks that might be brought against a presumably secure computer system.
From this "think like an attacker" viewpoint, introducing a bogus load module is one of the strongest possible forms of attack (by a protected processing environment user or anyone else) on the virtual distribution environment disclosed in the Ginter et al. patent specification. Because load modules have access to internal protected data structures within protected processing environments and also (at least to an extent) control the results brought about by those protected processing environments, bogus load modules can (putting aside for the moment additional possible local protections such as addressing and/or ring protection and also putting aside system level fraud and other security related checks) perform almost any action possible in the virtual distribution environment without being subject to intended electronic controls. Especially likely attacks may range from straightforward changes to protected data (for example, adding budget, billing for nothing instead of the desired amount, etc.) to wholesale compromise (for example, using a load module to expose a protected processing environment's cryptographic keys). For at least these reasons, the methods for validating the origin and soundness of a load module are critically important.
The Ginter et al. patent specification discloses important techniques for securing protected processing environments against inauthentic load modules introduced by the computer owner, user, or any other party, including for example:
Encrypting and authenticating load modules whenever they are shared between protected processing environments via a communications path outside of a tamper-resistant barrier and/or passed between different virtual distribution environment participants;
Using digital signatures to determine if load module executable content is intact and was created by a trusted source (i.e., one with a correct certificate for creating load modules);
Strictly controlling initiation of load module execution by use of encryption keys, digital signatures and/or tags;
Carefully controlling the process of creating, replacing, updating or deleting load modules; and
Maintaining shared secrets (e.g., cryptographic keys) within a tamper resistant enclosure that the owner of the electronic appliance cannot easily tamper with.
Although the Ginter et al. patent specification comprehensively solves a host of load module (and other) security related problems, any computer system--no matter how secure--can be "cracked" if enough time, money and effort is devoted to the project. Therefore, even a very secure system such as that disclosed in Ginter et al. can be improved to provide even greater security and protection against attack.
The present invention provides improved techniques for protecting secure computation and/or execution spaces (as one important but non-limiting example, the protected processing environments as disclosed in Ginter et al) from unauthorized (and potentially harmful) load modules or other "executables" or associated data. In one particular preferred embodiment, these techniques build upon, enhance and/or extend in certain respects, the load module security techniques, arrangements and systems provided in the Ginter et al. specification.
In accordance with one aspect provided by the present invention, one or more trusted verifying authorities validate load modules or other executables by analyzing and/or testing them. A verifying authority digitally "signs" and "certifies" those load modules or other executables it has verified (using a public key based digital signature and/or certificate based thereon, for example).
Protected execution spaces such as protected processing environments can be programmed or otherwise conditioned to accept only those load modules or other executables bearing a digital signature/certificate of an accredited (or particular) verifying authority. Tamper resistant barriers may be used to protect this programming or other conditioning. The assurance levels described below are a measure or assessment of the effectiveness with which this programming or other conditioning is protected.
A web of trust may stand behind a verifying authority. For example, a verifying authority may be an independent organization that can be trusted by all electronic value chain participants not to collaborate with any particular participant to the disadvantage of other participants. A given load module or other executable may be independently certified by any number of authorized verifying authority participants. If a load module or other executable is signed, for example, by five different verifying authority participants, a user will have (potentially) a higher likelihood of finding one that they trust. General commercial users may insist on several different certifiers, and government users, large corporations, and international trading partners may each have their own unique "web of trust" requirements. This "web of trust" prevents value chain participants from conspiring to defraud other value chain participants.
In accordance with another aspect provided by this invention, each load module or other executable has specifications associated with it describing the executable, its operations, content, and functions. Such specifications could be represented by any combination of specifications, formal mathematical descriptions that can be verified in an automated or other well-defined manner, or any other forms of description that can be processed, verified, and/or tested in an automated or other well-defined manner. The load module or other executable is preferably constructed using a programming language (e.g., languages such as Java and Python) and/or design/implementation methodology (e.g., Gypsy, FDM) that can facilitate automated analysis, validation, verification, inspection, and/or testing.
A verifying authority analyzes, validates, verifies, inspects, and/or tests the load module or other executable, and compares its results with the specifications associated with the load module or other executable. A verifying authority may digitally sign or certify only those load modules or other executables having proper specifications--and may include the specifications as part of the material being signed or certified.
A verifying authority may instead, or in addition, selectively be given the responsibility for analyzing the load module and generating a specification for it. Such a specification could be reviewed by the load module's originator and/or any potential users of the load module.
A verifying authority may selectively be given the authority to generate an additional specification for the load module, for example by translating a formal mathematical specification to other kinds of specifications. This authority could be granted, for example, by a load module originator wishing to have a more accessible, but verified (certified), description of the load module for purposes of informing other potential users of the load module.
Additionally, a verifying authority may selectively be empowered to modify the specifications to make it accurate--but may refuse to sign or certify load modules or other executables that are harmful or dangerous irrespective of the accuracy of their associated specifications. The specifications may in some instances be viewable by ultimate users or other value chain participants--providing a high degree of assurance that load modules or other executables are not subverting the system and/or the legitimate interest of any participant in an electronic value chain the system supports.
In accordance with another aspect provided by the present invention, an execution environment protects itself by deciding--based on digital signatures, for example--which load modules or other executables it is willing to execute. A digital signature allows the execution environment to test both the authenticity and the integrity of the load module or other executables, as well permitting a user of such executables to determine their correctness with respect to their associated specifications or other description of their behavior, if such descriptions are included in the verification process.
A hierarchy of assurance levels may be provided for different protected processing environment security levels. Load modules or other executables can be provided with digital signatures associated with particular assurance levels. Appliances assigned to particular assurance levels can protect themselves from executing load modules or other executables associated with different assurance levels. Different digital signatures and/or certificates may be used to distinguish between load modules or other executables intended for different assurance levels. This strict assurance level hierarchy provides a framework to help ensure that a more trusted environment can protect itself from load modules or other executables exposed to environments with different work factors (e.g., less trusted or tamper resistant environments). This can be used to provide a high degree of security compartmentalization that helps protect the remainder of the system should parts of the system become compromised.
For example, protected processing environments or other secure execution spaces that are more impervious to tampering (such as those providing a higher degree of physical security) may use an assurance level that isolates it from protected processing environments or other secure execution spaces that are relatively more susceptible to tampering (such as those constructed solely by software executing on a general purpose digital computer in a non-secure location).
A verifying authority may digitally sign load modules or other executables with a digital signature that indicates or implies assurance level. A verifying authority can use digital signature techniques to distinguish between assurance levels. As one example, each different digital signature may be encrypted using a different verification key and/or fundamentally different encryption, one-way hash and/or other techniques. A protected processing environment or other secure execution space protects itself by executing only those load modules or other executables that have been digitally signed for its corresponding assurance level.
The present invention may use a verifying authority and the digital signatures it provides to compartmentalize the different electronic appliances depending on their level of security (e.g., work factor or relative tamper resistance). In particular, a verifying authority and the digital signatures it provides isolate appliances with significantly different work factors--preventing the security of high work factor appliances from collapsing into the security of low work factor appliances due to free exchange of load modules or other executables.
Encryption can be used in combination with the assurance level scheme discussed above to ensure that load modules or other executables can be executed only in specific environments or types of environments. The secure way to ensure that a load module or other executable can't execute in a particular environment is to ensure that the environment doesn't have the key(s) necessary to decrypt it. Encryption can rely on multiple public keys and/or algorithms to transport basic key(s). Such encryption protects the load module or other executable from disclosure to environments (or assurance levels of environments) other than the one it is intended to execute in.
In accordance with another aspect provided by this invention, a verifying authority can digitally sign a load module or other executable with several different digital signatures and/or signature schemes. A protected processing environment or other secure execution space may require a load module or other executable to present multiple digital signatures before accepting it. An attacker would have to "break" each (all) of the several digital signatures and/or signature schemes to create an unauthorized load module or other executable that would be accepted by the protected processing environment or other secure execution space. Different protected processing environments (secure execution spaces) might examine different subsets of the multiple digital signatures--so that compromising one protected processing environment (secure execution space) will not compromise all of them. As an optimization, a protected processing environment or other secure execution space might verify only one of the several digital signatures (for example, chosen at random each time an executable is used)--thereby speeding up the digital signature verification while still maintaining a high degree of security.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features and advantages provided in accordance with this invention may be better and more completely understood by referring to the following detailed description of example preferred embodiments in conjunction with the drawings, of which:
FIG. 1 illustrates how defective or bogus load modules can wreak havoc in the electronic community;
FIG. 2 shows an example verification authority that protects the electronic community from unauthorized load modules;
FIG. 3 shows how a protected processing environment can distinguish between load modules that have been approved by a verifying authority and those that have not been approved;
FIG. 4 shows an example process a verifying authority may perform to authenticate load modules;
FIG. 5 shows how a verifying authority can create a certifying digital signature;
FIG. 6 shows how a protected processing environment can securely authenticate a verifying authority's digital signature to guarantee the integrity of the corresponding load module;
FIG. 7 shows how several different digital signatures can be applied to the same load module;
FIG. 8 shows how a load module can be distributed with multiple digital signatures;
FIG. 8A shows how key management can be used to compartmentalize protected processing environments;
FIGS. 9 shows how a load module can be segmented and each segment protected with a different digital signature;
FIGS. 10A-10C show how different assurance level electronic appliances can be provided with different cryptographic keys for authenticating verifying authority digital signatures;
FIGS. 11A-11C show how a verifying authority can use different digital signatures to designate the same or different load modules as being appropriate for execution by different assurance level electronic appliances;
FIGS. 12, 13 and 13A show how assurance level digital signatures can be used to isolate electronic appliances or appliance types based on work factor and/or tamper resistance to reduce overall security risks; and
FIG. 14 shows example overall steps that may be performed within an electronic system (such as, for example, a virtual distribution environment) to test, certify, distribute and use executables.
DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
FIG. 1 shows how defective, bogus and/or unauthorized computer information can wreak havoc within an electronic system 50. In this example, provider 52 is authorized to produce and distribute "load modules" 54 for use by different users or consumers 56. FIG. 1 shows "load module" 54 as a complicated looking machine part for purposes of illustration only; the load module preferably comprises one or more computer instructions and/or data elements used to assist, allow, prohibit, direct, control or facilitate at least one task performed at least in part by an electronic appliance such as a computer. For example, load module 54 may comprise all or part of an executable computer program and/or associated data ("executable"), and may constitute a sequence of instructions or steps that bring about a certain result within a computer or other computation element.
FIG. 1 shows a number of electronic appliances 61 such as, for example, a set top box or home media player 58, a personal computer 60, and a multi-media player 62. Each of appliances 58, 60, 62 may include a secure execution space. One particular example of a secure execution space is a "protected processing environment" 108 of the type shown in Ginter et al. (see FIGS. 6-12) and described in associated text. Protected processing environments 108 provide a secure execution environment in which appliances 58, 60, 62 may securely execute load modules 54 to perform useful tasks. For example:
Provider 52 might produce a load module 54a for use by the protected processing environment 108A within set top box or home media player 58. Load module 54a could, for example, enable the set top box/home media player 58 to play a movie, concert or other interesting program, charge users 56a a "pay per view" fee, and ensure that the fee is paid to the appropriate rights holder (for example, the film studio, concert promoter or other organization that produced the program material).
Provider 52 might produce another load module 54b for delivery to personal computer 60's protected processing environment 108B. The load module 54b might enable personal computer 60 to perform a financial transaction, such as, for example, home banking, a stock trade or an income tax payment or reporting.
Provider 52 could produce a load module 54c for delivery to multi-media player 62's protected processing environment 108c. This load module 54c might allow user 56c to view a particular multi-media presentation while preventing the user from making a copy of the presentation--or it could control a portion of a transaction (e.g. a meter that records usage, and is incorporated into a larger transaction involving other load modules associated with interacting with a multi-media piece). (As described in the Ginter et al. specification, load modules associated with the financial portion of a transaction, for example, may often be self contained and independent).
FIG. 1 also shows an unauthorized and/or disreputable load module provider 64. Unauthorized provider 64 knows how to make load modules that look a lot like the load modules produced by authorized load module provider 52--but are defective or even destructive. Unless precautions are taken, the unauthorized load module 54d made by unauthorized producer 64 will be able to run on protected processing environments 108 within appliances 58, 60 and 62, and may cause serious harm to users 56 and/or to the integrity of system 50. For example:
unauthorized provider 64 could produce a load module 54d that is quite similar to authorized load module 54a intended to be us ed by set top box or home media player 58. The unauthorized load module 54d might allow protected processing environment 108A within set top box/home media player 58 to present the very same program material--but divert some or all of the user's payment to unauthorized producer 64--thereby defrauding the rights holders in the program material the users watch.
Unauthorized provider 64 might produce an unauthorized version of load module 54b that could, if run by personal computer 60's protected processing environment 108b, disclose the user 64b's bank and credit card account numbers to unauthorized provider 64 and/or divert electronic or other funds to the unauthorized provider.
Unauthorized provider 64 could produce an unauthorized version of load module 54c that could damage the protected processing environment 108c within multi media player 62--erasing data it needs for its operation and making it unusable. Alternatively, an unauthorized version of load module 54c could defeat the copy protection provided by multi media player 62's protected processing environment, causing the makers of multi media programs to lose substantial revenues through unauthorized copying--or defeat or alter the part of the transaction provided by the load module (e.g., billing, metering, maintaining an audit trail, etc.)
FIG. 2 shows how a verifying authority 100 can prevent the problems shown in FIG. 1. In this example, authorized provider 52 submits load modules 54 to verifying authority 100. Verifying authority 100 carefully analyzes the load modules 54 (see
102), testing them to make sure they do what they are supposed to do and do not compromise or harm system 50. If a load module 54 passes the tests verifying authority 100 subjects it to, a verifying authority may affix a digital "seal of approval" (see
104) to the load module.
Protected processing environments 108 can use this digital "seal of approval" 106 (which may comprise one or more "digital signatures") to distinguish between authorized and unauthorized load modules 54. FIG. 3 illustrates how an electronic protected processing environment 108 can use and rely on a verifying authority's digital seal of approval 106. In this example, the protected processing environment 108 can distinguish between authorized and unauthorized load modules 54 by examining the load module to see whether it bears the seal of verifying authority 100. Protected processing environment 108 will execute the load module 54a with its processor 110 only if the load module bears a verifying authority's seal 106. Protected processing environment 108 discards and does not use any load module 54 that does not bear this seal 106. In this way, protected processing environment 108 securely protects itself against unauthorized load modules 54 such as, for example, the defective load module 54d made by disreputable load module provider 64.
FIG. 4 shows the analysis and digital signing steps 102, 104 performed by verifying authority 100 in this example. Provider 54 may provide, with each load module 54, associated specifications 110 identifying the load module and describing the functions the load module performs. In this example, these specifications 110 are illustrated as a manufacturing tag, but preferably comprises a data file associated with and/or attached to the load module 54.
Verifying authority 100 uses an analyzing tool(s) 112 to analyze and test load module 54 and determine whether it performs as specified by its associated specifications 110--that is, whether the specifications are both accurate and complete. FIG. 4 illustrates an analysis tool 112 as a magnifying glass; verifying authority 100 may not rely on visual inspection only, but instead preferably uses one or more computer-based software testing techniques and/or tools to verify that the load module performs as expected, matches specifications 110, is not a "virus," and includes no significant detectable "bugs" or other harmful functionality. See for example Pressman, Software Engineering: A Practitioner's Approach (3d Ed., McGraw-Hill 1992) at chapters 18 and 19 ("Software Testing Techniques") (pages 595-661) and the various books and papers referenced there. Although it has been said that "testing can show only the presence of bugs, not their absence," such testing (in addition to ensuring that the load module 54 satisfies its specifications 110) can provide added degrees of assurance that the load module isn't harmful and will work as it is supposed to.
Verifying authority 100 is preferably a trusted, independent third party such as an impartial, well respected independent testing laboratory. Therefore, all participants in an electronic transaction involving load module 54 can trust a verifying authority 100 as performing its testing and analysis functions competently and completely objectively and impartially. As described above, there may be several different verifying authorities 100 that together provide a "web of trust". Several different verifying authorities may each verify and digitally sign the same load module--increasing the likelihood that a particular value chain participant will trust one of them and decreasing the likelihood of collusion or fraud. Electronic value chain participants may rely upon different verifying authorities 100 to certify different types of load modules. For example, one verifying authority 100 trusted by and known to financial participants might verify load modules relating to financial aspects of a transaction (e.g., billing), whereas another verifying authority 100' trusted by and known to participants involved in using the "information exhaust" provided by an electronic transaction might be used to verify load modules relating to usage metering aspects of the same transaction.
Once verifying authority 100 is satisfied with load module 54, it affixes its digital "seal of approval" 106 to the load module. FIG. 4 illustrates the digital sealing process as being performed by a stamp 114--but in the preferred embodiment the digital sealing process is actually performed by creating a "digital signature" using a well known process.
There exist many well known processes for creating digital signatures. One example is the Digital Signature Algorithm (DSA). DSA uses a public-key signature scheme that performs a pair of transformations to generate and verify a digital value called a "signature." DSA uses the parameters, p, q, g, x, and y, such that:
p=a prime number L bits long, wherein L ranges from 512 to 1024 and is a multiple of 64;
q=a 160-bit prime factor of p-1;
g=h.sup.(P-1)/q mod p, where h is any number less than p-1 such that h.sup.(P-1)/q mod p is greater than 1;
x=a number less than q; and
y=g.sup.x mod p.
The algorithm also makes use of a one-way hash function, H(m), such as, for example, the Secure Hash Algorithm. The first three parameters, p, q, and g, are public and may be shared across a network of users. The private key is x; the public key is y. To sign a message, m, using DSA, a signer generates a random number, k, less than q. The signer also generates: