Patent Application
20080047024
Although the following text sets forth a detailed description of numerous different embodiments, it should be understood that the legal scope of the description is defined by the words of the claims set forth at the end of this disclosure. The detailed description is to be construed as exemplary only and does not describe every possible embodiment since describing every possible embodiment would be impractical, if not impossible. Numerous alternative embodiments could be implemented, using either current technology or technology developed after the filing date of this patent, which would still fall within the scope of the claims.
It should also be understood that, unless a term is expressly defined in this patent using the sentence “As used herein, the term ‘______’ is hereby defined to mean . . . ” or a similar sentence, there is no intent to limit the meaning of that term, either expressly or by implication, beyond its plain or ordinary meaning, and such term should not be interpreted to be limited in scope based on any statement made in any section of this patent (other than the language of the claims). To the extent that any term recited in the claims at the end of this patent is referred to in this patent in a manner consistent with a single meaning, that is done for sake of clarity only so as to not confuse the reader, and it is not intended that such claim term by limited, by implication or otherwise, to that single meaning. Finally, unless a claim element is defined by reciting the word “means” and a function without the recital of any structure, it is not intended that the scope of any claim element be interpreted based on the application of 35 U.S.C. §112, sixth paragraph.
Much of the inventive functionality and many of the inventive principles are best implemented with or in software programs or instructions and integrated circuits (ICs) such as application specific ICs. It is expected that one of ordinary skill, notwithstanding possibly significant effort and many design choices motivated by, for example, available time, current technology, and economic considerations, when guided by the concepts and principles disclosed herein will be readily capable of generating such software instructions and programs and ICs with minimal experimentation. Therefore, in the interest of brevity and minimization of any risk of obscuring the principles and concepts in accordance to the present invention, further discussion of such software and ICs, if any, will be limited to the essentials with respect to the principles and concepts of the preferred embodiments.
Many prior-art high-value computers, personal digital assistants, organizers, and the like, are not suitable for use in a pre-pay or pay-for-use business model as is. The ability to enforce a contract requires a service provider, or other enforcement entity, to be able to affect a device's operation even though the device may not be connected to the service provider, e.g. connected to the Internet. A first stage of enforcement may include a simple pop up warning, indicating the terms of the contract are nearing a critical point. A second stage of enforcement, for example, after pay-per-use minutes have expired or a subscription period has lapsed, may be to present a system modal user interface for adding value and restoring service. A provider's ultimate leverage for enforcing the terms of a subscription or pay-as-you go agreement is to disable the device. Such a dramatic step may be appropriate when it appears that the user has made a deliberate attempt to subvert the metering or other security systems active in the device.
Uses for the ability to place an electronic device into a limited function mode may extend beyond subscription and pay-per-use applications. For example, techniques for capacity consumption could be used for operating system licensing enforcement. Other applications may use multiple levels of performance limiting, based on the expected foreground task. For example, a test administration application may use one level of enforcement during the test and a second level of enforcement while the scores are being processed.
The computer 10 may include a secure execution environment 125 (SEE). The SEE 125 may be enabled to perform security monitoring, pay-per-use and subscription usage management, and policy enforcement related to terms and conditions associated with paid use, particularly in a subsidized purchase business model. The secure execution environment 125 may be embodied in the processing unit 120, as a standalone component, or as part of another circuit, as depicted in later figures.
Computer 110 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed by computer 110 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by computer 110. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency, infrared and other wireless media. Combinations of the any of the above should also be included within the scope of computer readable media.
The system memory 130 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 131 and random access memory (RAM) 132. A basic input/output system 133 (BIOS), containing the basic routines that help to transfer information between elements within computer 110, such as during start-up, is typically stored in ROM 131. RAM 132 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 120. By way of example, and not limitation,
The computer 110 may also include other removable/non-removable, volatile/nonvolatile computer storage media. By way of example only,
The drives and their associated computer storage media discussed above and illustrated in
The computer 110 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 180. The remote computer 180 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 10, although only a memory storage device 181 has been illustrated in
When used in a LAN networking environment, the computer 110 is connected to the LAN 171 through a network interface or adapter 170. When used in a WAN networking environment, the computer 10 typically includes a modem 172 or other means for establishing communications over the WAN 173, such as the Internet. The modem 172, which may be internal or external, may be connected to the system bus 121 via the user input interface 160, or other appropriate mechanism. In a networked environment, program modules depicted relative to the computer 110, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,
A variety of functional circuits may be coupled to either the graphics and memory interface 204 or the I/O Interface 210. The graphics and memory interface 204 may be coupled to system memory 206 and a graphics processor 208, which may itself be connected to a display (not depicted). A mouse/keyboard 212 may be coupled to the I/O interface 210. A universal serial bus (USB) 214 may be used to interface external peripherals including flash memory, cameras, network adapters, etc. (not depicted). Board slots 216 may accommodate any number of plug-in devices, known and common in the industry. A local area network interface (LAN) 218, such as an Ethernet board may be connected to the I/O interface 210. Firmware, such as a basic input output system (BIOS) 220 may be accessed via the I/O interface 210. Nonvolatile memory 222, such as a hard disk drive or any of the other non-volatile memories listed above, may also be coupled to the I/O interface 210.
A secure execution environment (SEE) 224 is shown disposed in the I/O interface 210. An alternate embodiment shows another secure execution environment 226 disposed in the graphics and memory interface 204. While system configurations with more than one secure execution environment are supported, one exemplary embodiment is directed to a single instance of the secure execution environment.
Because the SEE may be part of the processor 120, as shown in
When the secure execution environment is embedded in the graphics and memory interface 204 or the I/O interface 210, as in
As discussed with respect to
The technique referenced above, resource diversion, may be used to restrict processing power available to a user while still allowing recovery processes to be run, without imposing arbitrary time limits to the recovery process.
Two basic approaches may be used to divert resources, as well as combinations of these two. One basic approach is to require the processor to perform tasks that consume nearly all its resources. The second basic approach is to occupy all but a small fraction of system memory so that only small, simplistic programs can run in the unoccupied memory space. Both approaches and the combinations available are suitable for use by any of the SEE embodiments of
The resource diversion technique also is applicable when the limited function mode is recognized by the processor at start up and is ‘cooperative,’ or when the processor merely responds to high priority processes requesting tasks to be performed. In being cooperative, the processor may recognize that a special case (the limited function mode) is executing and automatically gives priority to the resource diversion tasks, but such cooperation is not required.
A lower bound may be determined for the resources consumed by a particular challenge or task. That is, for a known electronic device configuration, e.g. processor type and speed, memory size and speed, etc., a given task may require 40 milliseconds of 95% of all processor cycles to calculate a result. Similarly, when the task corresponds to retrieving data from memory, 10,000 data fetches with consecutive hash functions may require 250 milliseconds. When the lower bound, that is, a theoretical minimum compute time/resource usage combination, is known, the limits set for a response can be set such that all the resources required for useful computing are consumed but yet enough processing power is available for performing a restoration function either through the user interface or at a network service site.
Referring to
When the computer 200 is operating in normal mode, the ‘normal’ branch may be followed to block 306 and the computer operated in a normal mode until next startup at block 302. In one embodiment, any condition that would cause the computer 200 to leave the normal mode, such as detection of tampering, or expiration of usage minutes, may cause a reset enforce operation to continue at block 302. In another embodiment, a function of the normal operating mode may be to periodically check operating status for a mode change at block 304, such as once per minute.
If, at block 304, it is determined that the computer 200 is in an HLM mode, the branch ‘HLM’ may be followed to block 308. The secure execution environment 228 may determine a set of challenges to present to the processor to block resources from other user tasks. The SEE 228 may have significantly less processing power than the processor 202 of computer 200. Therefore, the ideal challenge should be easy for the SEE 228 to calculate and present, but difficult for the processor 202 to calculate and answer. Also, the challenge must be tuned to the particular system configuration of computer 200, accounting for, among other things, processor speed and capability as well as internal bus speeds so that the challenge may consume the desired amount of resources while leaving enough processing capability for system restoration.
A cryptographic calculation lends itself to such criteria. For example, a DES algorithm is both compact and fast, allowing the SEE 228 to process a cryptographic result in a very short amount of time even with a limited processing capability, or in even less time with a hardware accelerator or dedicated cryptographic processor. A challenge may be calculated at block 308, using clear text to generate a corresponding cipher text using a key known only to the SEE 228. While challenges other than cryptographic challenges may be equally effective, one embodiment uses the DES algorithm because it has been so widely characterized and optimized algorithms relating to DES encryption, decryption, and cracking are widely available. The challenge, then, is for the processor 202 to take the clear text and the cipher text and return the value of the key.
At block 310, the clear text and cipher text may be presented to the processor 202, and a timer may be started inside the SEE 228. Because brute force cracking of a DES key is a statistical process, that is, a truly random key may be anywhere in the key search space. Correspondingly, trying each key in the search space may result in relatively short or relatively long key search times. To account for this, rather than use a single challenge, the SEE 228 may present hundreds, or even thousands, of clear text-cipher text pairs for cracking. Given a reasonable level of randomness, the average solution time over all the pairs will approach 50% of the theoretical maximum.
Part of the tuning process to accommodate differences in speed and architecture may be to use shorter keys than would normally be used in a typical cryptographic operation, such as 24 bits instead of 64 or 128 bits. Similarly, the fastest known cracking algorithm may be given to the processor for use in cracking keys so that the SEE 228 can better approximate the expected result time. Since some algorithms may already be optimized to certain key sizes, such as 64-bit or 128 bit, the SEE 228 may provide the processor 202 with information regarding limits on where the keys may be found, or by passing a known number of key bits to the processor 202 to limit the key search space. Similarly, limiting the key size or key search space may allow finer tuning of the resource usage.
Another consideration for presenting and receiving challenges and results may be the bandwidth of the connection between the SEE 228 and the other components of the computer 200. For example, connections 230 and 232 may use the single bit SPI bus for very low transfer rate. Thus receiving thousands of results from the key cracking process may unduly burden the connection. A further challenge can be for the processor 202 to perform some additional processing, such as hashing all the key results in providing only the hash the SEE 228. Again, hashing algorithms are fast and well known and would allow the SEE 228 to quickly calculate and store an expected result during the processing at block 312, to quickly determine the accuracy of the answer.
At block 314, the timeliness of the result may be compared to an expected time for the known algorithms to calculate key values for the given challenges. At block 316, a determination may be made regarding the response accuracy and timeliness. When the results provided by the processor 202 are timely and correct, the ‘yes’ branch may be followed to block 318 and a new set of challenges calculated for use at block 310 to repeat the process. When, at block 316, the result is not correct or not provided in a timely fashion the ‘no’ branch may be followed to block 320. When the results are not correct or the answer is not provided in a timely fashion, the SEE 228 must assume that the processor 202 was not fully dedicated to responding to the challenge presented and that other processes were running or being attempted. Therefore at block 320, a reset, non-maskable interrupt (NMI), or power interruption may be triggered causing a reset to occur. If other processing resources are available in the system, for example, a graphics processor, other system peripheral, or even a cryptographic processor, the challenges may have to be adjusted for the sum-total of the accessible resources. Particularly in the case of a cryptographic co-processor, such as plug-in boards, additional challenges may be generated requiring simultaneous computations to maintain the desired level of resource diversion. As long as the resources can be identified, either at the time of manufacture or on-the-fly, and their processing capabilities known, the technique can be effectively implement.
In order to manage HLM mode processing, when the computer 200 comes out of reset and is determined to be in HLM mode, execution priorities must be set to guarantee that the process responding to challenges has a higher priority than other user-initiated tasks so that the challenges may be processed on schedule. Also, the ideal challenge set should be solvable in a fairly short amount of time with respect to network round-trip times, so the processor does not simply offload the calculations to a remote processor.
When trying to hack key values and multiple challenges are presented, a technique known as bit slicing may be employed to try a given key value for each of the challenges presented, saving time over running through each key for each challenge. To address this technique, the keys may designed to be non-overlapping, or the allocated time may be adjusted with the assumption bit-slicing will be employed.
The SEE 228 may be given the hardware configuration of the computer at the time of manufacture so that it can correctly calculate the challenges to consume the desired amount of processing capability. The SEE 228 may also require access to a known service to periodically determine whether the algorithms used are still valid. For example, over the course of time a significantly better DES algorithm may be discovered that would render the challenge generating algorithm useless for the task of diverting resources. If that should happen, a new algorithm may be downloaded, new key lengths set, or new response times set in order to restore the effectiveness of the process.
When in a normal operation mode, the ‘normal’ branch from block 404 may be taken to block 406. Normal operation continues and the SEE 228 may function normally to monitor operations including performing metering, when required. In one embodiment, any condition that would cause the computer 200 to leave the normal mode, such as detection of tampering, or expiration of usage minutes, may cause a reset enforce operation to continue at block 402. In another embodiment, a function of the normal operating mode may be to periodically check operating status for a mode change at block 404, such as once per minute.
When in a hardware locked mode, the ‘HLM’ branch from block 404 may be taken to block 408, where a memory pattern may be determined, for example, using an algorithm.
In a trivial embodiment, the SEE 228 would have the same amount of memory as the system memory 208. The SEE 228 could generate a pattern of any nature and transfer its memory to the system memory 208 minus a small amount, such as a 1 MB. Because it is not uncommon for system memory 208 to have 1 GB or more memory, it is impractical for the SEE 228 to have an identical amount of memory. As above, a cryptographic algorithm may be useful in generating a pattern to place into the system memory 208. In one embodiment, the SEE 228 can use a simple, fast algorithm, such as DES or AES, and use a key seed value to calculate memory values. In one embodiment, the memory location address itself can be encrypted to produce the value stored in that memory location. At block 410 the pattern may be written to system memory 208. The algorithm may be implemented in software, firmware, or hardware.
Referring briefly to
At block 414 the challenge may be presented to the processor 202 and a timer started or an expected response time noted. The goal of the challenge is to make the processor 202 prove to the SEE 228 that the system memory is occupied by the pattern. The challenge may simply be to return the value of a given memory location in such a short period of time as to not allow a disk access or access to an external memory such as a thumb drive. Because system memory 208 is typically at least an order of magnitude faster than any other large memory, the timing goals may be relatively loose and still accomplish the desired result.
When a response is received, an evaluation may be made at block 416 to determine if the challenge response is correct and timely. Alternatively, if the allotted time period expires and no response is received, it may be counted as an incorrect response. When the response is untimely or incorrect, the ‘no’ branch from block 416 may be taken to block 418 and a reset may be triggered or other dramatic action imposed, such as interrupting power to the computer 200.
If the response is correct and timely the ‘yes’ branch from block 416 may be taken, in this embodiment, to block 408 and a new challenge calculated and the resource diversion process repeated.
The use of an algorithm to generate memory location values optimizes the SEE's 228 limited memory size. Another optimization may be made recognizing the SEE's 228 disadvantage in processing power over the main processor 202. The SEE 228 may not be able to calculate values for every location as fast as the processor 202 could respond to requests to provide a value for that memory location. The SEE 228 may ask for a high number of responses, for example 1000, but may only check a handful, such as 100. Because the processor does not know which results will actually be asked for and checked, the processor must maintain the generated values in all the designated memory locations.
Another optimization may be required to overcome limited bandwidth connecting the SEE 228 to the rest of the computer 200. As mentioned above, the bandwidth of such a connection may be in a kilobyte per second range compared to processor and front side bus of potentially gigabytes per second. If the SEE 228 were to calculate and provide discrete values for every memory location in the system memory 208, the process could take hours to complete. To overcome this, the SEE 228 may provide an algorithm and parameters for the processor to populate the desired memory locations itself. This works as long as the algorithm is expensive with respect to calculation time compared to reading a memory location, that is, the algorithm used to calculate a memory location value should take significantly longer to execute than to read the memory location and provide the response. Thus the system memory cannot be diverted to other tasks while the processor is relied upon to calculate responses to memory location requests from the SEE 228 in real time. Referring briefly to
To further accommodate bandwidth restrictions to the SEE 228, the challenge may further include some post-processing on multiple memory location results before providing an ultimate response to the SEE 228. For example, values from 500 memory locations may be retrieved and hashed, or consecutively encrypted, before returning a single result to the SEE 228.
In some systems, memory in a graphics processor 206, external memory, or future peripheral (not depicted) may be substantially as fast as system memory 208 and as plentiful. If access to the graphics processor 206 memory or other memory is known, the additional memory may simply be added to memory captured by the SEE 228 for overwriting. When the access characteristics are similar to, but not exactly the same as the main system memory, timing characteristics may be stored in the SEE 228 and appropriate adjustments made for response times from those portions of memory. Thus, slower memory or even mapped memory may be captured by the SEE 228 using custom timings. Other attempts to circumvent the HLM mode using this technique for protection may be to increase the system memory 208 size or to increase the speed or computing power of the processor 202. In some cases, the SEE 228 may be able to determine system memory size and or control it to a fixed setting as well as determine processor capability. When such capabilities are not available, the memory size and processor capability may simply have to be fixed during the manufacturing process either through BIOS changes or by simple mechanical methods such as potting the memory.
A combination of processes that both paints memory and presents problems to the computer is a simple extension of the alternatives described above. For example, certain system memory 208 locations may store clear text-ciphertext pairs that are known only to the SEE 228 and are used in timed processor challenges.
In either case, such an approach allows substantially disabling a computer, or other electronic device, using relatively lightweight processing power in a circuit, or function, whose only recourse is a reset. As long as the computer complies with the requests, i.e. challenges, presented to it, the computer may run indefinitely, allowing simple diagnostics and restoration processes to be performed. The technique may be hardened against software attacks, making it difficult to deliver widespread attacks over the Internet. Without a simple software attack available, a hacker would be required to remove the cover and physically alter the system to defeat the protection circuitry. The resource diversion techniques described herein are both efficient and inexpensive to implement, especially when compared to techniques requiring chip redesigns to accommodate an embedded secure execution environment.
Although the foregoing text sets forth a detailed description of numerous different embodiments of the invention, it should be understood that the scope of the invention is defined by the words of the claims set forth at the end of this patent. The detailed description is to be construed as exemplary only and does not describe every possibly embodiment of the invention because describing every possible embodiment would be impractical, if not impossible. Numerous alternative embodiments could be implemented, using either current technology or technology developed after the filing date of this patent, which would still fall within the scope of the claims defining the invention.
Thus, many modifications and variations may be made in the techniques and structures described and illustrated herein without departing from the spirit and scope of the present invention. Accordingly, it should be understood that the methods and apparatus described herein are illustrative only and are not limiting upon the scope of the invention.
