AUTHORIZATION LOGIC IN MEMORY CONSTRAINED SECURITY DEVICE

摘要

Architecture that utilizes logical combinations (e.g., of Boolean logic) of authorizations as a logical authorization expression that is computed through a proofing process to a single proof value which equates to authorizing access to an intended entity. The authorizations are accumulated and processed incrementally according to an evaluation order defined in the authorization expression. The logical combinations can include Boolean operations that evaluate to a proof value associated with a sum of products expression (e.g., combinations of AND, OR, etc.). The incremental evaluations output corresponding hash values as statistically unique identifiers used in a secure hash algorithm that when evaluated in order allow execution of a specific command to access the entity. The architecture, employed in a trust module, uses minimal internal trust module state, and can be employed as part of a device system that handles trust processing to obtain authorization to access the intended entity.

主权项

1. An authorization system, comprising:
an evaluation component that receives authorizations in response to request for access to an entity and outputs a digest during incremental evaluation of the authorizations according to an authorization policy; and an authorization component that grants the access to the entity when the digest matches an access value associated with authorization of access to the entity.