Electrical computers and digital processing systems: support – Data processing protection using cryptography – Computer instruction/address encryption
Reexamination Certificate
1999-03-05
2004-01-06
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Computer instruction/address encryption
C713S194000, C380S277000, C380S278000, C380S279000, C380S044000
Reexamination Certificate
active
06675297
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to the implementation of an encryption mechanism for accessing sensitive information in a computer, computerized device, or system containing a central processing unit (CPU).
2. Background
Encryption is useful to protect information from unauthorized others. However, encryption technology, no matter how good, will not protect against attacks directed toward flawed implementations of the technology. Encryption technologies use computer-implemented algorithms that use a key to process the information that is to be encrypted or decrypted. No matter how strong the encryption algorithm, or how large the key, if the key is predictable, or if the key can be determined, the protection sought to be provided by the encryption will fail.
Encryption techniques are well known in the art. Implementation of encryption techniques is difficult and often subject to indirect attacks (that is, attacks directed not at the encryption algorithm or encrypted data, but rather at the encryption key).
One approach attackers use when attacking an encryption schema is that the attacker will attempt to interrupt the execution of the encryption algorithm by using breakpoints or execution trace mechanisms. The attacker is then able to determine the encryption algorithm and the techniques used to generate the key. For example, an attacker using these methods will easily find the key if the key is stored in a database (such as the Windows registry or the Macintosh desktop), or if the key is stored in the encryption algorithm itself.
This problem increases the risk to providers of proprietary programming because their proprietary programming can often be discovered (reverse engineered) and disseminated to others thus affecting the revenue potential of owner of the proprietary programming.
Other complementary approaches to increase the resilience of encryption code to an attack is to execute the encryption code on the stack, to write the encryption code as self modifying code, and other known techniques. These techniques can be used with the invention. Thus, it would be advantageous to increase the difficulty associated with determining the encryption key for an encryption algorithm.
SUMMARY OF THE INVENTION
The present invention increases the difficulty of reverse engineering sensitive information protected by an encryption algorithm by increasing the difficulty associated with tracing the code that generates the key or applies the encryption algorithm. This is accomplished by generating the key, used to encrypt and decrypt the sensitive information, as a function of the program instruction values of the procedures used to generate the key and/or perform the decryption of the sensitive information. Thus, if the key generation code or the decryption code is modified (such as (but without limitation) by placement of a breakpoint, a trace function, or a halt instruction in the code) the resulting key will be different from the key used to encrypt the sensitive information and the decryption attempt will fail.
One aspect of the invention is a computer controlled method for encrypting sensitive information with a tamper-resistant key. The method includes a step for determining the tamper-resistant key responsive to program instruction values. These program instruction values are to be included within at least one key domain. The program instruction values are to be executed when decrypting the sensitive information. Another step is that of encrypting the sensitive information using the tamper-resistant key to create an encrypted version of the sensitive information. Yet another step, is that of storing the encrypted version and the program instruction values. The encrypted version is decrypted when access is needed to the sensitive information.
Another aspect of the invention is a computer controlled method for decrypting sensitive information with a tamper-resistant key. One step of the method is that of determining the tamper-resistant key by executing program instruction values included within at least one key domain. The tamper-resistant key is a function of the program instruction values executed to determine the tamper-resistant key. Another step is that of decrypting an encrypted version of the sensitive information using the tamper-resistant key so determined.
Yet another aspect of the invention, is an apparatus that includes a CPU and memory. This apparatus includes a key determination mechanism used to determine the tamper-resistant key as a function of the program instruction values in at least one key domain. The instruction values are to be executed when decrypting the sensitive information. The apparatus also includes an encryption mechanism that encrypts the sensitive information using the tamper-resistant key to create an encrypted version of the sensitive information. In addition, the apparatus also includes a storage mechanism used to store the encrypted version and the program instruction values.
Yet another aspect of the invention, is a computer program product that includes a computer usable storage medium having computer readable code embodied therein for causing for causing a computer to encrypt sensitive information with a tamper-resistant key. When executed on a computer, the computer readable code causes the computer to effect a key determination mechanism, an encryption mechanism, and a storage mechanism. Each of these mechanisms having the same functions as the corresponding mechanisms for the previously described apparatus.
Still another aspect of the invention is an apparatus for decrypting the sensitive information using a tamper-resistant key. The apparatus includes a key determination mechanism for determining the tamper-resistant key by executing program instructions included within at least one key domain. The tamper-resistant key is a function of the program instruction values. The apparatus also includes a decryption mechanism that decrypts an encrypted version of the sensitive information using the tamper-resistant key.
Yet another aspect of the invention, is a computer program product that includes a computer usable storage medium having computer readable code embodied therein for causing for causing a computer to for causing a computer to decrypt sensitive information with a tamper-resistant key. When executed on a computer, the computer readable code causes the computer to effect a key determination mechanism, and a decryption mechanism. Each of these mechanisms having the same functions as the corresponding mechanisms for the previously described apparatus.
REFERENCES:
patent: 4562305 (1985-12-01), Gaffney, Jr.
patent: 4675612 (1987-06-01), Adams et al.
patent: 4713621 (1987-12-01), Nakamura et al.
patent: 4823260 (1989-04-01), Imel et al.
patent: 4876660 (1989-10-01), Owen et al.
patent: 5142380 (1992-08-01), Sakagami et al.
patent: 5412723 (1995-05-01), Canetti et al.
patent: 5528309 (1996-06-01), Nguyen
patent: 5574572 (1996-11-01), Malinowski et al.
patent: 5590200 (1996-12-01), Nachman et al.
patent: 5638130 (1997-06-01), Linzer
patent: 5650824 (1997-07-01), Huang
patent: 5719511 (1998-02-01), Le Cornec et al.
patent: 5832120 (1998-11-01), Prabhakar et al.
patent: 5892899 (1999-04-01), Aucsmith et al.
patent: 5905799 (1999-05-01), Ganesan
patent: 5982459 (1999-11-01), Fandrianto et al.
patent: 5991399 (1999-11-01), Graunke et al.
patent: WO 9210911 (1992-06-01), None
Bruce Schneier, Appled cryptography 1996, Katherine Schowalter, second edition, pp. 447-454.*
Tsai Y T: “Color Image Compression for Single-Chip Cameras” IEEE Transactions on Electron Devices, vol. 38, No. 5, May 1, 1991, pp. 1226-1232, XP000200683, see abstract; figures 1,6.
Barrón Gilberto
Sigma Designs, Inc.
Swernofsky Law Group PC
Zand Kambiz
LandOfFree
Method and apparatus for generating and using a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for generating and using a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for generating and using a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3267632