发明申请
- 专利标题: Application-Specific Secret Generation
- 专利标题(中): 特定应用程序的秘密生成
-
申请号: US11754667申请日: 2007-05-29
-
公开(公告)号: US20080298581A1公开(公告)日: 2008-12-04
- 发明人: Masana Murase , Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
- 申请人: Masana Murase , Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
- 主分类号: H04L9/00
- IPC分类号: H04L9/00
摘要:
A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access are disclosed. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
公开/授权文献
- US08422674B2 Application-specific secret generation 公开/授权日:2013-04-16