Method for controlling security function execution with a flexible, extendable, and non-forgable block

Assignee

• International Business Machines Corporation · US

Inventors

• Todd W. Arnold · Charlotte, US
• Elizabeth A. Dames · Concord, US
• Carsten D. Frehr · Farum, DK
• Kurt S. Jacobsen · Roskilde, DK
• Michael J. Kelly · Staatsburg, US
• Mark D. Marik · Charlotte, US
• Jesper Wiese · Avenue Madeleine, DK

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/34
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method, article, and system for providing an effective implementation of data structures, and application programming interface (API) functions that allow secure execution of functions behind a secure boundary. The controlling mechanism is a flexible, extendable, and non-forgeable block that details how values and parameters behind the secure boundary can be changed. The invention allows for one entity to execute a security function that will normally require extensive authorizations or dual or multiple control. The method and system comprise instructions that are cryptographically protected against alteration or misuse, wherein the instructions further comprise a trusted block that defines security policies that are permitted when an application program employs the trusted block in APIs. The trusted block has a number of fields containing rules that provide an ability to limit how the trusted block is used, thereby reducing the risk of the trusted block being employed in unintended ways.