Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Page images | Web History | Sign in

Patents

  

United States Patent

[19]

Aucsmith et al.

US005940513A [ii] Patent Number: 5,940,513 [45] Date of Patent: *Aug. 17,1999

[54] PARAMETERIZED HASH FUNCTIONS FOR ACCESS CONTROL

[75] Inventors: David W. Aucsmith, Portland; Robert C. Knauerhase, Hillsboro, both of Oreg.

[73] Assignee: Intel Corporation, Santa Clara, Calif.

[ * ] Notice: This patent is subject to a terminal disclaimer.

[21] Appl. No.: 08/960,834 [22] Filed: Oct. 30, 1997

Related U.S. Application Data

[63] Continuation of application No. 08/519,307, Aug. 25, 1995, Pat. No. 5,757,915.

[51] Int. CI. 11041. 9/32

[52] U.S. CI 380/25; 380/4

[58] Field of Search 380/4, 25; 395/186

[56] References Cited

U.S. PATENT DOCUMENTS

5,052,040 9/1991 Preston et al 380/4

5,097,504 3/1992 Camion et al 380/23

5,224,160 6/1993 Paulini et al 380/4

5,311,591 5/1994 Fischer 380/4

5,343,527 8/1994 Moore 380/4

5,412,718 5/1995 Narasimhalu et al 380/4

[blocks in formation]

A method and apparatus for access control in a computer system are disclosed. A storage unit receives a block of data having an encrypted executable image and a signature component. A separation unit coupled to the storage unit separates the signature component from the encrypted executable image. A decryption unit coupled to the separation unit decrypts the encrypted executable image using the signature component as a key. This yields an decrypted executable program. An identification unit coupled to the decryption unit locates an identification mark in the decrypted executable program and identifies a composite key assigned to the identification mark. A signature generation unit coupled to the identification unit performs a keyed cryptographic hash algorithm on the decrypted executable program using the composite key as a key. A verification unit coupled to the signature generation unit compares the signature component with the computed keyed cryptographic hash value to verify the source of the block of data and to determine whether it has been modified. If the signature matches the keyed cryptographic hash value, a rights assignment unit coupled to the verification unit assigns appropriate access rights to the decrypted executable program and allows it to be executed by a computer system.

25 Claims, 7 Drawing Sheets

RECEIVE AN EXECUTABLE PROGRAM

601

RECEIVE A COMPOSITE KEY

602

PERFORM A KEYED CRYPTOGRAPHIC HASH ALGORITHM ON THE EXECUTABLE PROGRAM

603

ENCRYPT THE EXECUTABLE PROGRAM

604

SEND THE ENCRYPTED EXECUTABLE PROGRAM AND THE SIGNATURE COMPONENT TO A COMPUTER SYSTEM TO BE PROCESSED AND EXECUTED 605

[blocks in formation]
[table][merged small][merged small][merged small][merged small][merged small]
[blocks in formation]
« PreviousContinue »