CN101458748B - Method for loading into kernel component to establish computing environment - Google Patents

Method for loading into kernel component to establish computing environment Download PDF

Info

Publication number
CN101458748B
CN101458748B CN2008101897184A CN200810189718A CN101458748B CN 101458748 B CN101458748 B CN 101458748B CN 2008101897184 A CN2008101897184 A CN 2008101897184A CN 200810189718 A CN200810189718 A CN 200810189718A CN 101458748 B CN101458748 B CN 101458748B
Authority
CN
China
Prior art keywords
kernel
written
application program
assembly
frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008101897184A
Other languages
Chinese (zh)
Other versions
CN101458748A (en
Inventor
S·N·巴德
J·D·舒沃茨
R·J·库恩
A·V·格里格罗维奇
K·A·德比齐
C·B·诺尔顿
J·M·奥尔科弗
G·T·顿巴
M·J·吉尔
M·马
C·D·尤佩得亚
A·A·舍尔瓦尼
A·U·基什安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/116,598 external-priority patent/US20060242406A1/en
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN101458748A publication Critical patent/CN101458748A/en
Application granted granted Critical
Publication of CN101458748B publication Critical patent/CN101458748B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.

Description

Be written into kernel component to create the method for secured computing environment
Patented claim of the present invention is that international application no is PCT/US2005/030490; international filing date is on August 26th, 2005; entering the China national phase application number is 2000580049553.5, and name is called the dividing an application of application for a patent for invention of " protected computing environment ".
The cross reference of related application
The U.S. Provisional Patent Application No.60/673 that the application statement was submitted to Friday on April 22nd, 2005, the right of priority of 979 (lawyer's cases number 313361.01).
Technical field
The application relates to or the multinomial technology that is used to create protected computing environment.
Background technology
Fig. 1 is the block diagram that is illustrated in the conventional media application 105 of the processing media content 106 of operation in the conventional computing environment 100, wherein has the indication to the attack 107 of system 101.Conventional computing environment 100 can be provided by personal computer (" PC ") that can comprise operating system (" OS ") 102 or consumer appliances (" CE ") equipment 101.Typical operating system usually is divided into its operation user model 103 and kernel mode 104.User model 103 and kernel mode 104 can be used by one or more application programs 105.Application program 105 can be used to handle media content 106, and this media content 106 can be via being sent to equipment 101 such as some mechanism such as CD ROM driver, the Internet connections.An example of content 106 will be the media file that can be used to duplicate Voice ﹠ Video information.
Computing environment 100 can comprise usually is convenient to the operating system (" OS ") 102 of application program 105 together with the operation of one or more CPU (central processing unit) (" CPU ").Many operating systems 102 can allow the operation of a plurality of user capture CPU.A plurality of users can have common scope and be the access privileges from the typical user to keeper.The keeper has the access privileges scope to the application program of moving 105, user model 103 and kernel 104 usually in system.This computing environment 100 is easy to be subjected to all kinds of attacks 107.Attack and not only can comprise and want access means 101 and the outsider of content 106 on it, and comprise the assailant who has the administration authority of equipment 101, or have other class user of any access rights of authorizing it.
Summary of the invention
One of them aspect according to the present invention provides a kind of kernel component that is written into to create the method for a secured computing environment, and this method comprises: the kernel safety notice is loaded in the kernel of operating system of computing equipment; Described kernel safety label is set to true state; Inspection is to determine whether to have in the described operating system debugged program outside kernel; And check whether there is the debugging voucher that is associated with described debugged program.
Description of drawings
These and other feature and advantage of this example obtain better understanding from following detailed description of consulting accompanying drawing, in the accompanying drawings:
Fig. 1 is the block diagram that is illustrated in the conventional media application of the processing media content that moves in the conventional computing environment, wherein has the indication to the attack of system.
Fig. 2 illustrates to handle media content and utilize the block diagram that tends to the trusted application program of attacking resistive protected environment.
Fig. 3 is the block diagram that the example components of the trusted application program that can be included in the protected environment is shown.
Fig. 4 illustrates the block diagram of system of service provider download digital media content that is used for utilizing from use an exemplary trusted application program of protected environment.
Fig. 5 is that illustrate can be by attempting access media content in mode without permission and other is normally present on the user of the data in the computing environment or the block diagram of the exemplary attack vector that mechanism is utilized.
Fig. 6 illustrates to be used to create and to safeguard the process flow diagram that tends to limit to the process of the protected environment of the unauthorized access of media content and other data.
Fig. 7 illustrates to be used to create the exemplary kernel component of an exemplary secured computing environment and the block diagram of other assembly.
Fig. 8 and Fig. 9 illustrate to be used to be written into the process flow diagram of kernel component with an example process of creating an exemplary secured computing environment.
Figure 10 illustrates an application program is written into an exemplary protected environment to form usually the block diagram to the secured computing environment of attacking resistive trusted application program.
Figure 11 illustrates to be used to create a protected environment and application program is written into the process flow diagram that this is subjected to an example process of write-protect environment.
Figure 12 is the block diagram that an exemplary trusted application program of the safe condition that utilizes an exemplary protected environment periodically to check secured computing environment is shown.
Figure 13 is the process flow diagram that an example process of the safe condition of periodically checking secured computing environment is shown.
Figure 14 is the block diagram that the example calculation environment that wherein can realize being used to set up the process that comprises protected environmentAL safety computing environment, system and method is shown.
Similarly reference number is used to indicate similar elements in the accompanying drawings.
Embodiment
The detailed description that provides below in conjunction with accompanying drawing is intended to as the description that has example now, and is not the unique form that is intended to represent to make up or to utilize existing example.The series of steps that this description has been set forth the function of these examples and has been used to make up and operate these examples in conjunction with example.Yet different examples can realize identical or equivalent function and sequence.
Although being described and illustrated as in computer operating system in this article, existing example realizes that described system is described to an example and unrestricted.As skilled in the art to understand, existing example is suitable for using in various dissimilar computer systems.
Introduce
Fig. 2 illustrates to handle media content 106 and utilize the block diagram that tends to the trusted application program 202 of attacking resistive protected environment 203.Term " trusted application program " can be defined as when using in this article using the process of in protected environment, moving make they tend to attack 205 have resistibility, and restriction to a kind of application program of the unauthorized access of any media content 106 of handling or other data.Thereby the assembly or the element of the application program of moving in protected environment are regarded as " trust " usually, because they tend to limit unauthorized access and tend to that attack is had resistibility.Such application program 202 can be considered to be trusted application program itself, and perhaps it can use another trusted application program to protect the part of its process and/or data.
For example, trusted media player 202 and can be designed to playing media content 106, this media content 106 only could use after securing permission usually so that this media content 106 can not be visited in mode without permission.Media content 106 can be operated and/or handle to 202 of this trusted application programs when computing environment 200 can provide required level of security (such as by providing attacking 205 resistive protected environment 203).
When using in this article, term " process " can be defined as residing at arbitrary other space of kernel spacing, user's space and/or operating system and/or computing environment and/or an example of the program (comprising executable code, machine instruction, variable, data, status information etc.) of operation therein.
Digital right management system 204 grades can be used with protected environment 204.Use digital right management system 204 only to provide, and can not use with protected environment or secured computing environment as an example.Usually the digital right management system using tendency is in making expensive and can influencing the tamper-resistant software (" TRS ") of calculated performance negatively.Using trusted application program 202 to make provides the amount that strengthens the required TRS function of protection to minimize.
Various mechanism known in those skilled in the art is replaceable, additional or use together with typical digital right management system.These mechanism can include but not limited to encrypt/decrypt, key change, password, licence etc.Thereby, can be as separating the crammed encrypted media, using password to visit data or the simple mechanism of other anti-tamper mechanism when Digital Right Management uses in this article.The mechanism of carrying out these tasks can very simply or be completely contained in the trusted application program 202, or can visit via the interface of communicating by letter with the complication system that is different from trusted application program 202.
Fig. 3 is the block diagram that the example components that can be included in the trusted application program 202 in the protected environment 203 is shown.Trusted application program 202 is used for protected environment 203 at least a portion of its sub-component 302-304 usually.Other assembly 301 of trusted application program can not use protected environment.Participate in to handle media content or data, can call to exempt from and attack or the assembly 302-304 of the enhancing protection level of unauthorized access can move in protected environment 203.Protected environment 203 can be by single trusted application program 202 or is used by a plurality of trusted application programs possibly.Replacedly, trusted application program 202 can be used a plurality of protected environment.Trusted application program 202 also can be coupled in and/or use digital right management system 204.
In the example shown, source 302 and place 303 are shown in the part of the media pipeline 304 of operation in the protected environment 203.Protected environment 203 tends to guarantee: in case received and deciphered protected and/or encrypted content 309, trusted application program 202 and assembly thereof just prevent the unauthorized access to content 309.
Digital Right Management 204 can further provide the guard method of trusted application program 202 and content 309.By the system of licence 308, device certificate 311 and other security mechanism, the content provider can be sure of that usually encrypted content 309 has been transmitted to the suitable equipment that is authorized, and this content 309 is used according to plan.
Fig. 4 illustrates the block diagram that is used for from service supplier 407 digital media content 410 being downloaded to the system of an exemplary trusted application program 202 of using protected environment 203.In the example shown, trusted application program 202 is shown in 401,403 uses of two places.This trusted application program 202 can be used in CE equipment 401 or PC 403.Digital Media 410 can download for trusted application program 202 via ISP 407 and the Internet 405 and use.Replacedly, Digital Media can use the trusted application program via becoming such as other mechanism of network, CD or DVD dish or other medium.In addition, Digital Media 410 can provide by encrypted form 309, thus systems such as the decruption key of word Rights Management System 204 forms of need peeking, licence, certificate.Offer the data of trusted application program or media content 410 can by or can be not protected, promptly encrypt etc.
In an example, trusted application program 202 can be utilized Digital Right Management (" DRM ") system's 204 grades and protected environment 203.In this case, trusted application program 202 is designed to be limited to the usage policy that is used for admitting and deferring to content by the content provider via making of policy authorization by the use with content usually.Realize that this can relate to and carry out usually the inquiry content certificate, make the relevant code of whether a content being taked the judgement of institute's request action subsequently.This function can be provided by digital right management system 204 at least in part.The U.S. Patent application No.09/290 that an example of digital right management system was submitted on April 12nd, 1999,363, the U.S. Patent application No.10/185 that submits to each comfortable on June 28th, 2002,527,10/185,278 and 10/185, provide in 511, these applications all are incorporated into this by reference.
The trusted application program 202 that structure can use in CE equipment 401 or PC 403 can comprise the danger " safety " of trusted application program 202 because of not being subjected to malicious attack of guaranteeing to decipher with contents processing 309.Thereby protected environment 203 is often referred to the environment that is not easy under fire.
As shown in the figure, trusted application program 202 is moved in consumer appliances equipment 401, and this consumer appliances equipment 401 can be periodically synchronous with the PC 403 that a trusted application program also is provided.PC 403 is coupled (404) again to the Internet 405.The Internet connects permission Digital Media 410 to be provided by ISP 407.This ISP 407 can send trusted application program 202 to licence with through encrypted media 406 via the Internet 405.In case sent and decipher through encrypted media, it just is easy to be subjected to various forms of attacks.
Protected environment and possible attack
Protected computing environment tends to provide the environment of restriction hacker acquisition to the unauthorized access of content.The hacker can comprise that pretending is system manager's hacker.The system manager has the comprehensive control to all processes of carrying out in fact on computers usually, but this visit may not cater to the need.For example, if system user has been awarded the licence that uses a media file, it should be unacceptable that the system manager who then is different from the user can visit this media file.The code that protected environment tends to help to create wherein deciphering and contents processing can not give the hacker process to moving under the situation of the access rights of decryption content.Protected environment also can limit such as keeper's superuser and/or otherwise can obtain unauthorized access to any other user of the unauthorized access of protected content.Protection can comprise protection typical user mode process (Fig. 1,103) and kernel mode process (Fig. 1,104) and their handled any data.
The process of moving in kernel is easy under attack.For example, in the kernel of typical operating system, create the object that can allow the unrestricted accessing of keeper, comprised process.Thereby, have addressable in fact all processes of keeper of full powers access privileges usually.
Protected content can comprise the strategy or the analog information that are authorized and use of instruction content.This strategy can be implemented via DRM system or other security mechanism.Usually, but the visit of protected content is authorized by DRM system or other mechanism of implementation strategy.Yet the system manager with system's full access right can change the state of DRM system or mechanism to ignore content strategy.
Protected environment tends to provide a protected space, and the restriction of this protected space is to the visit that is not authorized of the media content handled (even also be like this to the highly privileged user such as the keeper).When using together with digital right management system etc., protected environment can create the trusted application program; the content provider can feel to provide the abundant security that makes Digital Media exempt from unauthorized access in this trusted application program, also can make content strategy and can exempt from any other data, key or the protection mechanism that this media content is associated to distort.
Attack vector
Current operating system (" OS ") architecture presents several any digital media contents that may attack vector and handle that can endanger media application usually.For the purpose of this example, the attack that can take place in OS is divided into two classes attacks, and they are that kernel mode is attacked and user model is attacked.
It is that kernel mode is attacked that the first kind is attacked.Kernel mode is considered to be is usually trusted based on operating system.Operating system kernel and most systems and peripheral driver available core mode operation.Any another Codabar code that the common any Codabar code that moves in kernel is easy to be moved in kernel is invaded, and then is not this situation for user model.In addition, usually all user mode processes basically had access right with the code of kernel mode operation.CPU also can provide and provide privilege level to various type of codes.The kernel mode code divides the privilege that is equipped with highest level by such CPU usually, gives its full powers visit to system usually.
It is that user model is attacked that second class is attacked.Can be depending on the privilege level that it is assigned to and can or cannot be considered as untrusted code with the code of user model operation by system.This privilege level can be determined according to user environment that is moved or account.But other code that the user mode code full powers of moving in Admin Account's environment visit moves in this system.In addition, can be cut apart with the code of user model operation to prevent another user's of user capture process.
These attacks can be resolved into the particular attack vector further.Protected environment is designed to exempt from unauthorized access usually, otherwise can attack these unauthorized access of one or more acquisitions of vector by these.Protected environment can exempt from attack vector destruction and be protected, and these vectors can comprise: process creation, malicious user pattern are used, malicious code are written into a process, malice kernel code, invalid trusted right delegation and external attack vector.
Process creation is a possible attack vector.Operating system generally includes " establishment process " mechanism that allows parent process to create subprocess.The malice parent process can come the subprocess of creating is made unwarranted change by change establishment process code or by changing the data that it creates.This can cause endangering the Digital Media that can be handled by the subprocess that the malice parent process is created.
Malicious user pattern application program is a possible attack vector.Operating system generally includes the supervisor level privilege.The process of moving with supervisor privilege can have unrestricted access right to many operating system mechanism and all processes of almost moving on computers.Thereby in Windows for example, the malicious user pattern application program of moving with supervisor privilege can obtain many access rights of other processes of operation on computers, and endangers Digital Media thus.Similarly, any malicious process that can be moved in equivalent environment of the process of moving in any user environment is attacked.
It is a possible attack vector that malicious code is written into a security procedure.Malicious code is added or adds in the process is possible.This harm process that is subjected to can not be established trust, and can obtain this unauthorized access through the handled any media content of change process or other data.
Malice kernel mode code is a possible attack vector.Operating system generally includes the privilege of " system level ".For example, in Windows, all codes that move with kernel mode move as system usually, and therefore can have maximum privilege.Common result can have with the driver that kernel mode moves to attack for example main chance of Any user pattern application program.The attack of this malice kernel mode code can endanger Digital Media.
Invalid trust authority (TA) is a possible attack vector.TA can participate in the checking of media license, and the content of " unlatching " Digital Media subsequently.TA can be exclusively used in a medium type or form, and realizes by medium supplier or its copartner.Like this, TA can insert and/or can be provided as dynamic link library (" DLL ") etc.DLL can be written into by the executable code that comprises malicious code.In order to make TA guarantee that these medium are accurately used, it need guarantee that the process that it moves therein is safe.Otherwise Digital Media can be endangered.
External attack is another possible attack vector.There is one group of attack not needing malicious code in system, to move to attack it.For example, debugged program is additional to a process or with a kernel debugger be additional to seek in machine, on the table the binary file sensitive data etc. all be seek and the process of harm Digital Media or addressable Digital Media may mechanism.
Fig. 5 is that illustrate can be by attempting access media content in mode without permission and other is normally present on the block diagram of the user or the exemplary attack vector 507-510 that mechanism is utilized of the data 500 in the computing environment 100.Protected environment can hinder these to be attacked vectors and makes the unauthorized access of data that trusted application program and their are handled be restricted, and the resistibility to attacking is provided.These attacks can be initiated by the user of system that can comprise executable code or mechanism.Media application 105 illustrates in the central authorities of diagrammatic sketch, and attacks vector 507-510 and tend to concentrate on the sensitive data 500 of visit by application program 105 storages and/or processing.
One may attack vector 509 can start via malicious user pattern application program 502.In the exemplary operation system architecture, parent process has unrestricted access right to other process and their handled data such as a process of handling media content usually with the arbitrary process with supervisor privilege.This visit to media content is unwarranted.Thereby protected environment can guarantee that trusted application program and its handled media content have resistibility to the attack of other user mode application.
One may to attack vector 508 are malicious code 503 being written in process 501.Have usually only the same safe with code in this process of formation of internal operation from the resistive security procedure of the attack of outside.Suppose that DLL and other code are written into process usually for execution, can provide a kind of mechanism, this mechanism can guarantee to believe that loaded code can be in this in-process operation before code is written into process in protected environment.
One may to attack vector 510 be by malice kernel mode code 504.Code with kernel mode 104 operations has maximum privilege usually.The result can be the chance that can have a plurality of other application programs of attack with the driver of kernel mode operation.For example, the possible directly reference-to storage in another process of driver.Consequently driver is in case move the process storer that comprises through " encrypted media content " (Fig. 3,309) of deciphering with regard to addressable.By the code of guaranteeing to move in kernel is the non-malicious code that provides as this example, can prevent the kernel mode attack.
One may to attack vector 507 be by the external attack 506 to system 100.This colony represents common that group attack that does not need malicious code to move in system 100.For example, a debugged program is additional to application program in this system and/or process, in machine search sensitive data etc.Can create protected environment and resist the attack of these types.
Create and safeguard protected environment
Fig. 6 illustrates to be used to create and to safeguard the process flow diagram that tends to limit to the process 600 of the protected environment of the unauthorized access of media content and other data.When computer system starting (602) and be written into the kernel of operating system, and the kernel safety label is when being set up (604) and becoming initial value, sequence 600 beginnings.This process is usually being created protected environment and application program is being written into wherein continuation in time of (606).This process comprises the periodic test (608) by protected environment, to seek guaranteeing that system keeps safety in the time that needs security procedure.
When using in this article, term " kernel " is defined as being used for the central module of the operating system of computing environment, system or equipment.This kernel module can computer executable instructions and/or the form of electronic logic circuit realize.Usually, kernel is responsible for memory management, process and task management and the storage medium management of computing environment.Term " kernel component " is defined as constituting basic controlling mechanism, module, computer executable instructions and/or the electronic logic circuit of a kernel part when this uses.For example, kernel component can be to be responsible for being written into other kernel component so that make up " loader " of a comprehensive operation kernel.
Conclude the process of creating and safeguarding protected environment now:
1. the startup of frame 602 expression computer systems.This usually with often be called boot process and comprise from the dish or other certain storage medium be written into operating system.
2. one of startup operation during the common boot process is to be written into kernel and assembly thereof.This example provides the checking of kernel component, and if all successfully verified as being safety, then indicate the mark of kernel to be set to safety.This is shown in the frame 604.
3. after computer system is regarded as comprehensively operation, the user can start may need a protected environment such as the application program of being trusted media player.The application program that this example is moved in security kernel is provided at protected environment is shown in frame 606.
4. in case protected environment has been created and one or more processes of application program have been written into wherein and and move, be subjected to trusted environment just can check periodically that the kernel safety label is to guarantee this kernel maintenance safety, shown in frame 608.That is,, can periodically make inspection, be included in whenever be written into new kernel component to determine whether being written into any unwarranted kernel component from the time point that the trusted application program brings into operation.These unwarranted kernel component can be attacked the data that trusted application program or it may handled.Therefore, if be written into arbitrary these assemblies, then the kernel safety label can be set correctly.
Be written into and confirm security kernel
Fig. 7 illustrates to be used to create the exemplary kernel component 720-730 of an exemplary secured computing environment 200 and the block diagram of other assembly 710-714.This diagrammatic sketch illustrates and comprises several assemblies 710-730 that is stored in usually on the dish etc., and several assemblies wherein are used for constituting the kernel of operating system when computer starting.Arrow 604 indications are written into the process of storer with the operation kernel of formation system with kernel component.Loaded kernel 750 is regarded as comprising in its each assembly 751-762 and the indication and checks protected environment and whether be regarded as safe kernel safety label 790.This kernel safety label 790 is described to " mark " and does not mean that is restrictive; It can be implemented as Boolean variable or more complex data structures or mechanism.Each assembly or the element of secured computing environment 200 and/or kernel 750 are renewable and/or personalizable.
Kernel component 720-730 is " through signature " and can comprise certificate data 738 normally, and certificate data 738 can allow kernel to verify that these assemblies are assemblies that they are claimed, and their unmodified and/or be not malice.Signaling block and/or certificate data 738 can exist in each kernel component 720-730 and/or kernel component 760,762 that each is loaded.Signature and/or certificate data 738 are unique to each assembly.Signature and/or certificate data 738 can be used when creating and safeguarding protected environment, and be as described below.Usually assembly is represented the source of this assembly by its supplier with safety and/or is indicated the mode " signature " whether it distorted.Signature can be implemented as the hash (being sometimes referred to as " header image hash ") of assembly header, or by using other technology to realize.One conventional certificate or certificate chain also can be included in an assembly, and they can be used to determine whether can believe this assembly.Signature and/or certificate data 738 were added to an assembly usually before distribution is public.Those skilled in the art will be familiar with these technology and uses thereof.
When typical computing system is activated or when " guiding ", the process that is written into of operating system or " kernel loader " 751 can wait from dish usually kernel component is loaded into the part of system storage kernel with formation operating system.In case all kernel component are written into and move, then computing machine and operating system are regarded as " through what guide " and are ready to normal running.
Kernel component #1720 in the computing environment can be stored on dish or other storage medium to kernel component #n730 and cancellation tabulation 714, core dump mark 712 and debugged program 710 and debugging voucher 711.Arrow 604 indications are read each assembly 714-730 and its loading system storer are written into process with the kernel that forms feature operation system kernel 750 from its memory location.Core dump mark 712 is described to " mark " and does not mean that is restrictive; It can be implemented as Boolean variable or more complex data structures or mechanism.
The protected environment of kernel loader 751 and kernel (" PE ") administrative section 752,754 and two kernel component 720 of cancellation tabulation and 722 are illustrated as being loaded in the kernel; the latter is frame 760 and 762, and indication is used for being loaded into the indication-764 and 770 in space of the additional kernel component of kernel.At last, kernel 750 comprises and can be used to indicate that kernel 750 is current whether is regarded as safe kernel safety label 790.This diagrammatic sketch is used as an example and provides, and is not to be restricted or complete.For the purpose of clear, the PE administrative section 752 of kernel loader 751, kernel and/or other assembly of kernel are illustrated as different kernel component, but in fact they can be distinguished mutually with the other parts of kernel, or can not distinguish mutually with them.
Being included in the computing environment 200 can be cancellation tabulation 714, and it can use in conjunction with signature that is associated with kernel component 760 and 762 and certificate data 738.This object 714 no longer is regarded as effective signature, certificate and/or certificate chain tabulation till can remaining into tabulation 714 date created.Cancellation tabulation 714 is illustrated as being loaded in the kernel as object 754.It is can be found afterwards because of the effective assembly of signing and proving of the warp of for example assembly 760 and 762 to have certain problem that these tabulations are saved.This system can use such tabulation 754 to check them when being written into kernel component 720-730, and these assemblies 720-730 can correctly be signed and/or have the certificate data 738 of being trusted but can be considered to fly-by-night subsequently.This cancellation tabulation 754 will comprise version information 755 usually, thereby it can more easily identify as required, manages and upgrade.
Another assembly of the influenced kernel security of system is a debugged program 710.Debugged program can not be regarded as the part of kernel usually, but can appear in the computing environment 200.Comprise that those debugged programs that are called kernel debugger, systematic analysis program etc. can have the wide in range access right to system and the process of moving and any data in system.Debugged program 710 may be able to be visited any data in the computing environment 200, comprises not the media content that should visit in the mode except that being authorized.On the other hand, the part of new function is normally developed in debugging, and in protected environment debugging to be intended to handle the code of protected media content normally possible.Debugged program 710 thereby can comprise the debugging voucher 711 that the indication appearance of debugged program 710 in system obtained the authorization.Detection to debugged program 710 and 711 appearance of any subsidiary voucher can be to create and safeguard the part of protected environment (Fig. 6,600) thus.
Computing environment 200 can comprise core dump mark 712.This mark 712 can be used to indicate has can be used for checking in the situation of the calamitous system failure for how many kernel memory.Perhaps, but the full memory dump of this mark or similar mark indication mechanism.Such kernel and/or memory dump are used in such as the debugging afterwards after the fault.If all basically storeies of this mark 712 indications can be used for the inspection to dump; then kernel 750 can be considered to be unsafe because the hacker can move protected medium in the exposing system storer, impel the storer that can cause can be used for checking to comprise the application program that contains the bust situation that discloses media content to some extent then.Thus, core dump mark 712 can be used for creating and safeguarding protected environment (Fig. 6,600).
Fig. 8 and Fig. 9 illustrate to be used to be written into the process flow diagram of kernel component with an example process 604 of creating an exemplary secured computing environment.This process 604 has started and the PE administrative section of kernel begins after being written into and having moved at the kernel loader.Shown in these accompanying drawings be not, but the PE administrative section validation of kernel loader of kernel itself and/or previous loaded any other core member.Checking can be defined as determining one whether be regarded as to locking assembly safe and trusty, shown in the part 2 of this process 604.
" be authorized to safe handling " as the following term that is relevant to the kernel component use and have following concrete implication.Comprise the secured computing environment that the kernel of any assembly of uncommitted safe handling does not provide protected environment to move within it.Opposite situation also may not be true, because it depends on such as the other factors of attacking vector.
1. frame 801 illustrates the process of being written into 604 and begins after the PE of kernel administrative section has been written into and has moved.Any assembly that is written into before this in the kernel can be verified as described above.
2. frame 802 illustrates the kernel safety label and the time is set to TRUE (very) in beginning, unless that any assembly that was written into before the PE of kernel administrative section or this assembly itself are found to be is unsafe, the kernel safety label can be configured to FALSE (vacation) at this moment.In fact the indication of TRUE or FALSE can be taked various forms; Use TRUE or FALSE only to be an example and not to represent it is restrictive at this.Perhaps, FALSE can be configured to when the kernel safety label begins, and in finding, TRUE can be configured to during nuclear safety afterwards.
3. frame 804 indications are to the inspection of the appearance of debugged program in computing environment.Perhaps debugged program can be remotely resident and can via network or with computing environment in other communication media of a process be additional to computing environment.If do not detect debugged program, then be written into process 604 and continue at frame 810.Otherwise it continues at frame 809.Be not that this inspection can periodically be carried out and the state of kernel safety label can correspondingly be upgraded shown in the diagrammatic sketch.
4. if detect a debugged program, then frame 806 illustrates the inspection to the debugging voucher, and this debugging voucher can be indicated and be debugged when protected environment occurring and can obtain the authorization in system.If such voucher do not occur, then the kernel safety label can be configured to FALSE, as shown in frame 808.Otherwise being written into process 604 continues at frame 810.
5. frame 810 illustrates the inspection of core dump mark.If it is possible that this mark is indicated full kernel memory dump etc., then the kernel safety label can be configured to FALSE, as shown in frame 808.Otherwise being written into process 604 continues at frame 812.Be not that this inspection can periodically be carried out and the state of kernel safety label can correspondingly be upgraded shown in the diagrammatic sketch.
6. frame 812 illustrates the cancellation tabulation is written into kernel.Can be used to check in the situation of debugging voucher or other voucher that before had been written into, signature, certificate data etc. that sequence shown in this step is comparable is earlier carried out (before being written into the voucher that will check etc.) in cancellation tabulation.Shown in the diagrammatic sketch not,, just can check arbitrary and whole kernel component that before had been written into, whether cancelling its signature and/or certificate data by the cancellation tabulation to check in case be written into this assembly.If cancelled any, then the kernel safety label can be configured to FALSE, and is written into process 604 in frame 814 continuation.Notice that the cancellation tabulation can maybe cannot be loaded in the kernel to be used for creating and safeguarding protected environment.
7. frame 814 illustrates the conversion of the second portion of this diagrammatic sketch, and this second portion is shown in Figure 9 and continue at frame 901.
8. frame 902 illustrates the inspection to any additional kernel component that will be written into.If all component is written into, it is normally complete then to be written into process 604, and the kernel safety label keep its last time set or be TRUE or be any state of FALSE.If there is other kernel component to be written into, then is written into process 604 and continues at frame 906.
9. frame 906 illustrates the inspection to effective signature of next assembly that will be written into.If it is invalid to sign, then the kernel safety label can be configured to FALSE, shown in frame 918.Otherwise being written into process 604 continues at frame 908.If there is not assembly signature available, then this assembly can be regarded as dangerous and the kernel safety label can be configured to FALSE, shown in frame 918.Signature validity can be by checking effective signature list coupling and/or the identity by checking signer whether be that a trusted entities is determined.As in the safety technique field the technician was familiar with, also can use other method to verify the assembly signature.
10. frame 908 illustrates the inspection to the certificate data of assembly.The kernel safety label can be set to FALSE if certificate data is invalid, shown in frame 918.Otherwise being written into process 604 continues at frame 910.If there are not the component certificate data to use, then this assembly can be regarded as dangerous and the kernel safety label can be configured to FALSE, shown in frame 918.Certificate data validity can be determined to check whether this assembly is authorized to use safely by the certificate data of checking this assembly.As those skilled in the familiar, also can use other method to verify the component certificate data.
11. frame 910 illustrates according to the signature that is loaded into the cancellation tabulation inspection assembly in the kernel.Upward indicate it to be cancelled if this signature appears at tabulation, then the kernel safety label can be configured to FALSE, shown in frame 918.Otherwise being written into process 604 continues at frame 912.
12. frame 912 illustrates the certificate data of checking assembly according to the cancellation tabulation.Upward indicate it to be cancelled if certificate data appears at tabulation, then the kernel safety label can be configured to FALSE, shown in frame 918.Otherwise being written into process 604 continues at frame 914.
13. illustrating, frame 914 checks that the assembly signature is to determine whether it can use.This inspection can be carried out to check whether this assembly is authorized to use safely by the leaf certificate data of checking assembly.Some attribute in the certificate data can indicate this assembly whether to be approved for protected environmental application.If for not, then this assembly can not suitably be signed and the kernel safety label can be configured to FALSE, shown in frame 918.Otherwise being written into process 604 continues at frame 916.
14. frame 916 illustrates the inspection to the root certificate data of assembly.This inspection can be by checking assembly the root certificate data to check whether it carries out on trusted root list of cert.If for not, then this assembly can be regarded as dangerous and the kernel safety label can be configured to FALSE, shown in frame 918.Otherwise being written into process 604 continues at frame 920.
15. frame 920 illustrates assembly is written into kernel, assembly is regarded as operation now in this kernel.Be written into process 604 then and turn back to frame 902 to check any other assembly that will be written into.
Create protected environment
Figure 10 is the block diagram that secured computing environment 200 is shown, and this secured computing environment 200 is written into an exemplary protected environment 203 to form usually to attacking resistive trusted application program with application program 105.In this example, in endorse described identically and be written into Fig. 7, system 200 is regarded as comprehensive operation.As example, this moment, the user started media application 105.Media application 105 can require to create protected environment 203, so that one or more operations within it of its process and/or assembly.Protected creating environments process 606 is created protected environment 203, and is written into application program 105 and/or its assembly, and is as described below.
Figure 11 illustrates the process flow diagram that is used to create protected environment and an application program is written into an example process 606 of protected environment.This process 606 comprises the initial step of creating a security procedure, checking will be written into wherein component software, then this component software is written into new security procedure and make its operation then.When successful, the result can be that component software moves in the protected environment that security kernel is supported.This component software and its handled any digital media content or other data can make it avoid comprising above-described various attack.
1. frame 1101 illustrates the beginning of protected creating environments process 606.This is normally when certain application program or code require protected environment operation.
2. frame 1102 illustrates the foundation of protected environment.Although not shown in the diagrammatic sketch, this can finish by requiring operating system to create a new security procedure.The code that was written into afterwards and moved in this security procedure can be regarded as moving in protected environment.If the kernel safety label is set to FALSE, request can failure then " to create new security procedure ".This can be because this system can be considered to be dangerous as a whole and be not suitable for protected environment and Any Application that requires protected environment or data.Perhaps, " creating new security procedure " request can success, and the assembly that is written into this new process can obtain, and system is regarded as unsafe notice so that this assembly is correspondingly changed its operation.Otherwise process 606 continues at frame 1106.
3. frame 1106 illustrates the inspection to effective signature of the component software that will be written into new security procedure or protected environment.Process 606 can be failed if this signature is invalid, shown in frame 1118.Else process 606 continues at frame 1108.Be not also can effectively sign shown in this process to program or its equivalent inspection of creating new security procedure.Thereby, for assembly itself and/or the program of creating new security procedure, if do not sign available then this assembly can be regarded as dangerous and process 606 can be failed, shown in frame 1118.Signature validity can be by checking whether to the coupling of effective signature list and/or the identity by checking signer be that a trusted entities is determined.As the safety technique field the technician was familiar with, also can use other method to verify the assembly signature.
4. frame 1108 illustrates the inspection to the certificate data of component software.Process 606 can be failed if certificate data is invalid, shown in frame 1118.Else process 606 continues at frame 1110.If there are not the component certificate data to use, then assembly can be regarded as dangerous and process 606 meeting failures, shown in frame 1118.Certificate data validity can be determined to check whether this assembly is authorized to use safely by the certificate data of checking assembly.As those skilled in the familiar, also can use other method to verify the component certificate data.
5. frame 1110 illustrates the signature of checking assembly according to the cancellation tabulation.If appearing at tabulation, this signature upward indicate it to be cancelled then process 606 meeting failures, shown in frame 1118.Else process 606 continues at frame 1112.
12. frame 1112 illustrates the certificate data of checking assembly according to the cancellation tabulation.If appearing at tabulation, this certificate data upward indicate it to be cancelled then process 606 meeting failures, shown in frame 1118.Else process 606 continues at frame 1114.
13. frame 1114 illustrates inspection to assembly signature to determine whether can to accept it for use.This inspection can be carried out to check whether this assembly is authorized to use safely by the leaf certificate data of checking assembly.Some attribute in the certificate data can indicate whether to grant this assembly to be used in protected environment.If be not, then this assembly can be regarded as can failing without suitable signature and process 606, shown in frame 1118.Else process 606 continues at frame 1116.
14. frame 1116 illustrates the inspection to the root certificate data of assembly.This inspection can be carried out to check whether it is shown on the trusted root list of cert by the root certificate data of checking assembly.If be not, then this assembly can be regarded as dangerous and process 606 meeting failures, shown in frame 1118.Otherwise process 606 continues at frame 1120.
Being written into the component software failure 15. frame 1118 illustrates, is frame 1130 then, and promptly protected creating environments process 606 finishes.
16. frame 1120 illustrates component software and is written into protected environment, this component software is regarded as operation in this environment, is frame 1130 then, and promptly protected creating environments process 606 finishes.
Confirm security kernel with the passing of time
Figure 12 is the block diagram that an exemplary trusted application program of the safe condition 790 that utilizes an exemplary protected environment 202 periodically to check (608) secured computing environment 200 is shown.In this example, computing environment 200 and kernel 750 can with Fig. 7 and 8 described identical.Kernel 750 has been written into and computing machine 200 is regarded as moving fully.In addition, protected environment has been created and the suitable assembly of trusted application program has been written into wherein and operation, thereby has set up the trusted application program of utilizing protected environment 202 (hereafter is " protected environment ").
Protected environment 202 can periodically be checked to determine whether kernel 750 keeps safety as time goes by the PE administrative section of kernel 752.Carrying out this periodic test is because New Parent might be written into kernel 750 at any time, comprises being regarded as unsafe assembly.If this situation takes place, then the state of kernel safety label 790 can become FALSE, and the code of operation in protected environment 202 has an opportunity to make suitable response.
For example, consider the media player application program that on PC 200, starts, and operation in protected environment 202, handle the digital media content and the part of the media player application program of licensed safe handling only with security kernel 750.In this example, if when media player application program is handled media content, be written into and be regarded as unsafe new kernel component, check that then kernel safe condition process 240 will mark kernel safety label 790 and become FALSE, indicate this kernel 750 no longer safe.
Perhaps, cancellation tabulation 745 can be updated, and before has been regarded as safe kernel component and no longer is regarded as safety, thereby causes kernel safety label 790 to be set to FALSE.Application program can receive system 200 and no longer was regarded as safe notice and can stops operation this moment, or take other suitably action protect its media content own and/or that it is being handled.
Figure 13 is the process flow diagram that an example process 608 of the safe condition that is used for periodically checking secured computing environment is shown.This process 608 can be used for determining whether this kernel keeps safety as time goes by by protected environment 202.Protected environment 202 can periodically use this process 608 to check the current safe state of kernel.The component software of protected environment 202 and/or operation therein can use this current safety state information suitably to change its operation.The periodicity of this process activates can use routine techniques to realize.
Diagrammatic sketch illustrates with the communication sequence 608 between the PE administrative section of illustrative protected environment 202 of exemplary pseudo code and kernel 752.This communication can comprise the version of checking the cancellation tabulation, and this can give application program and specify the ability of the cancellation tabulation of certain version at least.Can use routine techniques to come to protect this communication sequence with cryptology.
1. the PE administrative section of 202 pairs of kernels of protected environment is made IsKernelSecure (MinRLVer) and is called out 1320, with the current safe state of inquiry kernel.Be included in this calling 1320 is the minimum version (MinRLVer) of the cancellation tabulation used of expectation.
2. the PE administrative section of kernel conducts a survey to check as the protected environment of calling process safety whether.If for not, then it can provide and one return (safety label=FALSE) indication 1322, and communication sequence 608 is finished to protected environment.This safety inspection can be by kernel the PE administrative section to protected environmental test effectively signature and/or certificate data realize, as mentioned above.
Otherwise, the PE administrative section of kernel is checked the kernel safety labels in response to calling out 1320.If the state of this mark is FALSE, then it can provide and return (safety label=FALSE) indication 1324, and communication sequence 608 is finished to protected environment.
Otherwise, the PE administrative section of kernel is checked cancellation listing version information to cancellation tabulation.Call out the old version information of being asked in 1320 if the cancellation tabulation has than IsKernelSecure (MinRLVer), then have several options.At first, as shown in diagrammatic sketch, the PE administrative section of kernel can provide and return (safety label=FALSE) indication 1326, and communication sequence 608 is finished to protected environment.
Perhaps, and not shown in the diagrammatic sketch, suitably the cancellation of version tabulation can be positioned and be loaded in the kernel, and all kernel component can use this new or verify again through the tabulation of upgrading, the kernel safety label upgrades in due course, and repeats the previous step #3 of this communication sequence 608.
Otherwise, the PE administrative section of kernel can provide and return (safety label=FALSE) indication 1328, and communication sequence 608 is finished to protected environment.
The example calculation environment
Figure 14 is the block diagram that an example calculation environment 1400 of the process that wherein can realize being used to set up the secured computing environment that comprises protected environment 203, system and method is shown.Exemplary personal computer 1400 only is the example that the computing system or the equipment of secured computing environment and/or protected environment can be provided, and is not to be intended to example limits described in the application in this specific calculation environment or device type.
Suitable computing environment can realize with a plurality of other universal or special systems.The example of known system can include but not limited to, personal computer (" PC ") 1400, hand-held or laptop devices, the system based on microprocessor, multicomputer system, set-top box, programmable-consumer electronics, game console, consumer appliances equipment, honeycomb fashion dialogue, PDA etc.
PC 1400 comprises the general-purpose computing system of computing equipment 1401 forms that are coupled to each peripherals 1403,1404,1415,1416 etc.Each assembly of computing equipment 1401 can comprise the system bus 1408 of one or more processors (comprising CPU, GPU, microprocessor etc.) 1407, system storage 1409 and each system component that is coupled.Processor 1407 is handled the operation of various computer executable instructions with control computing equipment 1401, and communicates by letter via various the communicating to connect with other electronics and/or computing equipment (not shown) that connects 1414 etc. such as network.A few class bus structure of system bus 1408 expression arbitrary numbers comprise memory bus or Memory Controller, peripheral bus, Accelerated Graphics Port and/or use any processor or local bus of various bus architectures.
System storage 1409 can comprise the computer-readable medium such as the nonvolatile memory form of the volatile memory of random-access memory (ram) and/or ROM (read-only memory) (ROM).Basic input/output (BIOS) can be stored among the ROM.RAM comprises usually can be by the data and/or the program module of one or more processor 1407 instant visits and/or current operation.As example, shown in to be loaded into system storage be to utilize one of protected environment 203 to be subjected to trust program 202 with what do operation, and the media content of handling 106.
Mass- memory unit 1404 and 1410 can be coupled in computing equipment 1401 or is attached in the computing equipment 1401 by being coupled to system bus.Such mass- memory unit 1404 and 1410 can comprise and reads and write disc driver removable, non-volatile magnetic disk (for example " floppy disk ") 1405, and/or read and write non-volatile CD 1406, such as the CD drive of CD-ROM, DVD-ROM etc.The computer-readable instruction that provides on floppy disk, CD, DVD, the portable memory stick etc., data structure, program module etc. are provided computer- readable medium 1405 and 1406.
The program of arbitrary number or module can be stored on hard disk 1410, other mass-memory unit 1404 and the system storage 1409 and (limited by free space), comprise for example operating system, one or more application program, other program module and/or routine data.This operating system, application program, other program module and routine data (or its certain combination) can comprise an embodiment of described system and method herein separately.Kernel component 720-730 can be stored on the dish 1410 together with other operating system code.Media application 105 and/or digital right management system 204 can be stored on the dish 1410 together with other application program.These assemblies 720-730 and application program 105,204 can be written into system storage 1409 and operation.
Display device 1416 can be coupled to system bus 1408 via the interface such as video adapter 1411.The user can be via communicating by letter with computing equipment 1400 such as the different input equipments 1403 of any numbers such as keyboard, pointing device, operating rod, game mat, serial port.But these and other input equipment can be coupled to processor 1407 via the input/output interface 1412 of coupled system bus 1408, and can be by other interface and the bus structure coupling such as parallel port, game port and/or USB (universal serial bus) (USB) etc.
Computing equipment 1400 can move in the networked environment that communicates to connect that uses by one or more Local Area Network, wide area network (WAN), the Internet, Radio Link, optical link etc. and one or more remote computers and/or equipment.Computing equipment 1400 can be via network adapter 1413 or replacedly is coupled to a network via modulator-demodular unit, DSL, isdn interface etc.
Communicating to connect 1414 is examples of communication media.Communication media embodies computer-readable instruction, data structure, program module or other data usually in the modulated message signal such as carrier wave or other transmission mechanism, and comprises any information conveyance medium.Term " modulated message signal " means and use the signal that the mode of information coding is provided with or changes its one or more features in signal.As example, and unrestricted, communication media comprises the wire medium that connects such as cable network or straight line and such as the wireless medium of acoustics, radio frequency, infrared ray and other wireless medium.
Those skilled in the art will recognize that being used for the memory device of storage computation machine readable program instructions can be distributed on the network.For example remote computer or equipment can be stored an example of the system that is described to software.Addressable (a plurality of) remote computer of this locality or terminal computer or equipment or equipment, and downloaded software partly or entirely to move one (a plurality of) program.Perhaps, local computer can by operating part software instruction on the local terminal and on remote computer and/or equipment the operating part software instruction come as required downloaded software or distributed earth to handle this software.
Those of skill in the art also will appreciate that all or part of of software instruction can be by carrying out such as special electronic circuit such as digital signal processor (" DSP "), programmable logic array (" PDA "), discrete circuits by utilizing routine techniques known in those skilled in the art.The term electronic installation comprises computing equipment and the consumer-elcetronics devices that contains any software and/or firmware when using in this article, and/or does not contain the electronic equipment or the circuit of any software and/or firmware.
Term computer-readable medium can comprise system storage, hard disk, large capacity equipment and the medium that is associated, communication media etc.

Claims (4)

1. one kind is written into kernel component to create the method for a secured computing environment, comprising:
The kernel safety notice is loaded in the kernel of operating system of computing equipment;
Described kernel safety label is set to true state;
Inspection is to determine whether to have in the described operating system debugged program outside kernel; And
Check and whether have the debugging voucher that is associated with described debugged program.
2. the method for claim 1 is characterized in that, comprises that also if there is no debugging the then described kernel safety label of voucher is set to pseudo-state.
3. the method for claim 1 is characterized in that, also comprises:
The cancellation tabulation is loaded in the kernel of described operating system;
Determine to also have another assembly will be loaded in the kernel;
Confirm the signature of described another assembly;
Authentication certificate is effective;
Determine that described signature is not in the cancellation tabulation that is loaded; And
Determine that described certificate is not in the described cancellation tabulation that is loaded.
4. method as claimed in claim 3 is characterized in that, also comprises:
Determine that described signature can accept for using;
Determine that described certificate can accept for using; And
Described another assembly is written into described kernel.
CN2008101897184A 2005-04-22 2005-08-26 Method for loading into kernel component to establish computing environment Expired - Fee Related CN101458748B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US67397905P 2005-04-22 2005-04-22
US60/673,979 2005-04-22
US11/116,598 2005-04-27
US11/116,598 US20060242406A1 (en) 2005-04-22 2005-04-27 Protected computing environment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN2005800495535A Division CN101189615B (en) 2005-04-22 2005-08-26 Method for establishing and maintaining protected computing environment

Publications (2)

Publication Number Publication Date
CN101458748A CN101458748A (en) 2009-06-17
CN101458748B true CN101458748B (en) 2011-12-07

Family

ID=39334916

Family Applications (6)

Application Number Title Priority Date Filing Date
CN2008101897199A Expired - Fee Related CN101458749B (en) 2005-04-22 2005-08-26 Method for establishing protected environment
CN2005800495249A Expired - Fee Related CN101167296B (en) 2005-04-22 2005-08-26 Renewable and individualizable elements of a protected computing environment
CN2008101897184A Expired - Fee Related CN101458748B (en) 2005-04-22 2005-08-26 Method for loading into kernel component to establish computing environment
CN2005800495535A Expired - Fee Related CN101189615B (en) 2005-04-22 2005-08-26 Method for establishing and maintaining protected computing environment
CN2006800134090A Expired - Fee Related CN101208655B (en) 2005-04-22 2006-03-22 Hardware functionality scan for device authentication
CN2006800133721A Expired - Fee Related CN101167299B (en) 2005-04-22 2006-03-22 Linking DIFFIE HELLMAN with HFS authentication by using a seed

Family Applications Before (2)

Application Number Title Priority Date Filing Date
CN2008101897199A Expired - Fee Related CN101458749B (en) 2005-04-22 2005-08-26 Method for establishing protected environment
CN2005800495249A Expired - Fee Related CN101167296B (en) 2005-04-22 2005-08-26 Renewable and individualizable elements of a protected computing environment

Family Applications After (3)

Application Number Title Priority Date Filing Date
CN2005800495535A Expired - Fee Related CN101189615B (en) 2005-04-22 2005-08-26 Method for establishing and maintaining protected computing environment
CN2006800134090A Expired - Fee Related CN101208655B (en) 2005-04-22 2006-03-22 Hardware functionality scan for device authentication
CN2006800133721A Expired - Fee Related CN101167299B (en) 2005-04-22 2006-03-22 Linking DIFFIE HELLMAN with HFS authentication by using a seed

Country Status (1)

Country Link
CN (6) CN101458749B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2747071A1 (en) * 2012-12-21 2014-06-25 Deutsche Telekom AG Display of a tamper-resistant identity indicator
US9298923B2 (en) * 2013-09-04 2016-03-29 Cisco Technology, Inc. Software revocation infrastructure
CN109983443B (en) * 2016-12-23 2024-03-08 英特尔公司 Techniques to implement bifurcated non-volatile memory flash drives
CN111159718B (en) * 2019-12-31 2022-10-28 青岛海尔科技有限公司 Method and device for bug repair and household appliance
CN114547593A (en) * 2020-11-18 2022-05-27 成都鼎桥通信技术有限公司 Terminal application authentication method, device and equipment
CN113255325B (en) * 2021-05-10 2023-05-23 成都微视联软件技术有限公司 Method for automatically calculating content of electronic document

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0534597B1 (en) * 1991-09-23 2000-04-26 Intel Corporation Computer system having software interrupt (INTN) instructions selectively operating in a virtual mode
US5825877A (en) * 1996-06-11 1998-10-20 International Business Machines Corporation Support for portable trusted software
US5943248A (en) * 1997-01-17 1999-08-24 Picturetel Corporation w-bit non-linear combiner for pseudo-random number generation
US6334189B1 (en) * 1997-12-05 2001-12-25 Jamama, Llc Use of pseudocode to protect software from unauthorized use
CN1501322A (en) * 2002-11-15 2004-06-02 上海市社会保障和市民服务信息中心上 A personalized method for making identification card adaptive for the need of issuing card in batch
CN1560743A (en) * 2004-03-11 2005-01-05 浙江大学 Cooperative simulation experimental platform of multi medium processor

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system

Also Published As

Publication number Publication date
CN101458749A (en) 2009-06-17
CN101167296A (en) 2008-04-23
CN101167299A (en) 2008-04-23
CN101189615B (en) 2010-06-09
CN101189615A (en) 2008-05-28
CN101208655A (en) 2008-06-25
CN101458748A (en) 2009-06-17
CN101458749B (en) 2012-05-30
CN101167296B (en) 2012-09-26
CN101208655B (en) 2010-11-10
CN101167299B (en) 2011-10-19

Similar Documents

Publication Publication Date Title
KR101176646B1 (en) System and method for protected operating system boot using state validation
US9189605B2 (en) Protected computing environment
CN1801091B (en) Systems and methods for securely booting a computer with a trusted processing module
EP1916614B1 (en) Projection of trustworthiness from a trusted environment to an untrusted environment
CN108604274A (en) secure system-on-chip
Eggers A novel approach for analyzing the nuclear supply chain cyber-attack surface
WO2006071630A2 (en) System and method to lock tpm always 'on' using a monitor
CN103827881A (en) Method and system for dynamic platform security in a device operating system
US7890756B2 (en) Verification system and method for accessing resources in a computing environment
CN101458748B (en) Method for loading into kernel component to establish computing environment
US20050091516A1 (en) Secure attention instruction central processing unit and system architecture
TWI428786B (en) Protected computing environment
Msgna et al. Secure application execution in mobile devices
US20030028780A1 (en) Software controlled device
Jadhav Protecting the integrity of Android applications by employing automated self-introspection methods
Nayani Designing secure solutions for embedded systems
Ginn A software assurance framework for mitigating the risks of malicious software in embedded systems used in aircraft

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150428

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150428

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20111207

Termination date: 20190826