PARAMETERIZED HASH FUNCTIONS FOR ACCESS CONTROL
 Inventors: David W. Aucsmith, Portland; Robert C. Knauerhase, Hillsboro, both of Oreg.
 Assignee: Intel Corporation, Santa Clara, Calif.
[ * ] Notice: This patent is subject to a terminal disclaimer.
 Appl. No.: 08/960,834  Filed: Oct. 30, 1997
Related U.S. Application Data
 Continuation of application No. 08/519,307, Aug. 25, 1995, Pat. No. 5,757,915.
 Int. CI. 11041. 9/32
 U.S. CI 380/25; 380/4
 Field of Search 380/4, 25; 395/186
 References Cited
U.S. PATENT DOCUMENTS
5,052,040 9/1991 Preston et al 380/4
5,097,504 3/1992 Camion et al 380/23
5,224,160 6/1993 Paulini et al 380/4
5,311,591 5/1994 Fischer 380/4
5,343,527 8/1994 Moore 380/4
5,412,718 5/1995 Narasimhalu et al 380/4
A method and apparatus for access control in a computer system are disclosed. A storage unit receives a block of data having an encrypted executable image and a signature component. A separation unit coupled to the storage unit separates the signature component from the encrypted executable image. A decryption unit coupled to the separation unit decrypts the encrypted executable image using the signature component as a key. This yields an decrypted executable program. An identification unit coupled to the decryption unit locates an identification mark in the decrypted executable program and identifies a composite key assigned to the identification mark. A signature generation unit coupled to the identification unit performs a keyed cryptographic hash algorithm on the decrypted executable program using the composite key as a key. A verification unit coupled to the signature generation unit compares the signature component with the computed keyed cryptographic hash value to verify the source of the block of data and to determine whether it has been modified. If the signature matches the keyed cryptographic hash value, a rights assignment unit coupled to the verification unit assigns appropriate access rights to the decrypted executable program and allows it to be executed by a computer system.
25 Claims, 7 Drawing Sheets
RECEIVE AN EXECUTABLE PROGRAM
PERFORM A KEYED CRYPTOGRAPHIC HASH ALGORITHM ON THE EXECUTABLE PROGRAM
ENCRYPT THE EXECUTABLE PROGRAM
SEND THE ENCRYPTED EXECUTABLE PROGRAM AND THE SIGNATURE COMPONENT TO A COMPUTER SYSTEM TO BE PROCESSED AND EXECUTED 605