Securely downloading and executing code from mutually suspicious authorities

Assignee

• International Business Machines Corporation · US

Inventors

• Sean William Smith · Hanover, US
• Steve Weingart · Peekskill, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2211/009
• WIPO fieldIT methods for management
• WIPO sectorElectrical engineering

Abstract

An apparatus, system and method for secure code-downloading and information exchange, in the full generality of complex code dependencies while considering the implications of mutual distrust and hot-swapping. Included are secure techniques wherein an authority signs code from another party upon which that authority depends in order to establish that a trusted execution environment, is being preserved. Trusted code is employed to ensure that proprietary data is destroyed, disabled, and/or made unreadable, when a change causes the trusted execution environment to cease holding to a certain security level. A carefully constructed key structure is employed to ensure that communications allegedly from particular code in a particular environment can be authenticated as such. Authenticity of code that decides the authenticity of public-key signatures, and/or the authenticity of other code is cared for. In particular, the loading code that performs these tasks may itself be reloadable. Authenticity is maintained in physically secure coprocessors with multiple levels of dependent software that is independently downloadable by mutually suspicious authorities, and in physically secure coproc…