Application program integrity verification method and network device
US-10846393-B2 · Nov 24, 2020 · US
Message authentication with secure code verification
US11876791B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11876791-B2 |
| Application number | US-202016835173-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 30, 2020 |
| Priority date | Apr 18, 2016 |
| Publication date | Jan 16, 2024 |
| Grant date | Jan 16, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with an authorized code to determine that the code is authorized, the information being stored within the security device. In response to determining that the code is authorized, the security device enables to access data stored within the security device and generate a property of a message based on the data.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system comprising: a client device storing a code; and a security device coupled to the client device and to: select a plurality of memory address ranges of an authorized code; determine a respective portion of the authorized code for each of the plurality of memory address ranges; calculate a respective first property of each determined portion of the authorized code; store first information indicative of the respective first properties of the portions of the authorized code and second information indicative of the respective memory address ranges in the security device; and respectively associate memory address ranges from among the plurality of memory address ranges with first properties from among the first properties of the portions; receive a first property of a code generated by the client device; verify correctness of the first property of the code based on information associated with the authorized code to determine that the code is authorized, the information being stored within the security device; in response to determining that the code is authorized, enable the security device to access first secret data stored within secure storage of the security device; and generate a second property of a first message based on the first secret data, wherein the client device is to: receive the second property of the first message from the security device; generate the second property of a second message based on second secret data stored within the client device, the second secret data corresponding to the first secret data stored within the security device; determine whether the second property of the second message is valid based on a comparison of the second property of the second message and the second property of the first message; and determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid. 2. The system of claim 1 , wherein the security device is to: select a particular memory address range from among the plurality of memory address ranges; and cause data indicating the particular memory address range to be sent to the client device, the particular memory address range corresponding to a particular portion of the authorized code. 3. The system of claim 2 , wherein the first property of the code comprises a digest of a portion of the code, and wherein the security device is to verify the correctness of the first property of the code by determining that the digest of the portion of the code matches a digest of the particular portion of the authorized code stored in the security device. 4. The system of claim 2 , wherein the first property of the code comprises scrambled data of a portion of the code, wherein the security device is to: descramble the scrambled data of the portion of the code to get a descrambled portion of the code, generate a digest of the descrambled portion of the code, and determine that the generated digest of the descrambled portion of the code matches the stored digest of the particular portion of the authorized code to verify the correctness of the first property of the code. 5. A method comprising: providing a client device storing a code and a security device coupled to the client device; selecting, by the security device, a plurality of memory address ranges of an authorized code; determining, by the security device, a respective portion of the authorized code for each of the plurality of memory address ranges; calculating, by the security device, a respective first property of each determined portion of the authorized code; storing, by the security device, first information indicative of the respective first properties of the portions of the authorized code and second information indicative of the respective memory address ranges in the security device; and respectively associating, by the security device, memory address ranges from among the plurality of memory address ranges with first properties from among the first properties of the portions; receiving, by the security device, a first property of a code generated by the client device; verifying, by the security device, correctness of the first property of the code based on information associated with the authorized code to determine that the code is authorized, the information being stored within the security device; in response to determining that the code is authorized, enabling the security device to access first secret data stored within secure storage of the security device; generating, by the security device, a second property of a first message based on the first secret data; receiving, by the client device, the second property of the first message from the security device; generating, by the client device, the second property of a second message based on second secret data stored within the client device, the second secret data corresponding to the first secret data stored within the security device; determining, by the client device, whether the second property of the second message is valid based on a comparison of the second property of the second message and the second property of the first message; and determining, by the client device, whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid. 6. The method of claim 5 , comprising: selecting, by the security device, a particular memory address range from among the plurality of memory address ranges; and causing, by the security device, data indicating the particular memory address range to be sent to the client device, the particular memory address range corresponding to a particular portion of the authorized code. 7. The method of claim 6 , wherein the first property of the code comprises a digest of a portion of the code. 8. The method of claim 7 , wherein verifying the correctness of the first property of the code comprises: determining, by the security device, that the digest of the portion of the code matches a digest of the particular portion of the authorized code stored in the security device. 9. The method of claim 6 , wherein the first property of the code comprises scrambled data of a portion of the code. 10. The method of claim 9 , comprising: descrambling, by the security device, the scrambled data of the portion of the code to get a descrambled portion of the code, generating, by the security device, a digest of the descrambled portion of the code, and determining, by the security device, that the generated digest of the descrambled portion of the code matches the stored digest of the particular portion of the authorized code to verify the correctness of the first property of the code.
Assignees
Inventors
Classifications
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
- H04L9/3247Primary
involving digital signatures · CPC title
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
Protocols · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11876791B2 cover?
- Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based …
- Who is the assignee on this patent?
- Atmel Corp, Amtel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).