Patent Number: 6,167,521

Title: Securely downloading and executing code from mutually suspicious authorities

Abstract: An apparatus, system and method for secure code-downloading and information exchange, in the full generality of complex code dependencies while considering the implications of mutual distrust and hot-swapping. Included are secure techniques wherein an authority signs code from another party upon which that authority depends in order to establish that a trusted execution environment, is being preserved. Trusted code is employed to ensure that proprietary data is destroyed, disabled, and/or made unreadable, when a change causes the trusted execution environment to cease holding to a certain security level. A carefully constructed key structure is employed to ensure that communications allegedly from particular code in a particular environment can be authenticated as such. Authenticity of code that decides the authenticity of public-key signatures, and/or the authenticity of other code is cared for. In particular, the loading code that performs these tasks may itself be reloadable. Authenticity is maintained in physically secure coprocessors with multiple levels of dependent software that is independently downloadable by mutually suspicious authorities, and in physically secure coprocessors whose software has sufficient richness and complexity so as to be certainly permeable. Recoverability is provided for physically secure coprocessors from code of arbitrary evil running at arbitrary privilege.

Inventors: Smith; Sean William (Cornwall, NY), Weingart; Steve Harris (Boca Raton, FL)

Assignee: International Business Machines Corporation

International Classification: G06F 21/00 (20060101); G06F 011/30 ()

Expiration Date: 12/26/2017