image
How It Works


All DRM and other protection schemes involve encryption, with a key hidden somewhere on the user's computer to unlock the encryption so the user may use the product. All these schemes are ultimately beatable because hackers can find, and then manipulate, the key.

Such encryption schemes just don't work. The CloakX innovation is to make the key inaccessible to a hacker by inserting it in an external processor, which is not accessible to a hacker. Because the external processor is protected, the key cannot be removed, nor copied, nor changed in any way. Nor can the digital media work without the external processor.

As experience has proved, digital protection schemes that rely only on software-based schemes don't work. Hardware must be involved in any successful protection method, and in the next section we discuss how the technology works. From the manufacturers' standpoint, the CloakX system guarantees absolute compliance.

The CloakX system removes a selection of small strategic selected "Critical Code Fragments" (CCFs) from protected applications and relocate them into a small portable "Secure Computing Device" (SCD). We refer to this approach as "Cloaked Execution." In Cloaked Execution, the CCFs are never exposed in executable form outside of the SCD. They are therefore beyond the reach of the cracker's tools.

Unlike traditional dongle protections schemes, the CloakX SCD is not linked to a specific application or vendor. One SCD can contain the CCFs for multiple applications from multiple vendors. In addition, since the SCD is portable, CloakX-enabled applications can be freely installed on any number of computers, and run by any user possessing an SCD containing a license and CCFs for that application.

System Architecture

The CloakX system works because it is based on protected remote procedure call (RPC), as described below. Because the software exists essentially in two places, the program cannot execute properly without both pieces. One piece resides on an encrypted local host, and the second piece is in the secure computing device (SCD).

In the future, when broadband connections to the Internet are widely available, the CloakX RPC architecture can be employed by means of an SSL connection to a broadband-connected Website. Some hardware trends will make this architecture very attractive with ultra-small high-performance disk drives as well as encrypted drives, meaning that hardware will do the encryption on the fly.

Cloaked Execution: Critical Fragments

The core protection mechanism of the CloakX System requires that the vendor identify a portion of the application code that will be kept secret and never publicly disclosed. This portion is referred to as a "critical code fragment," or CCF.

Every software application has a corresponding CCF. The licensing and protection mechanism for a given application requires that its CCF be inserted into the smart card for which it is licensed. When the application is run, it invokes this CCF whenever it is needed during the course of its execution. Since this CCF is hidden and cannot be extracted from the card, this constitutes a very effective level of protection.

Secure Computing Device

The Secure Computing Device (SCD) is one of the core enabling technologies for CloakX applications. An SCD can be thought of as a smart card on steroids. It consists of a combination of electronics and software in a tamper resistant package.

As the name implies, an SCD provides a robust and secure environment for performing computations and data manipulation operations critical to such applications as data encryption and decryption, public key interchange, message digest generation and validation, and other data security functions. In addition to these data security functions, the SCD provides a novel solution for running arbitrary programs and storing non-volatile data in a protected environment.

SCD Hardware

As shown in Figure 2, the hardware for the CloakX SCD consists of a general purpose processor, special purpose cryptographic processing circuitry, volatile and non-volatile memory, and a real-time timer/clock all encapsulated in a highly tamper resistant package. The SCD is effectively protected from attempted data security breaches by physical, electrical, magnetic, chemical or optical means.


Figure 2 CloakX Secure Computing Device Functional Block Diagram

Protected Processor

At the heart of the SCD is the general-purpose protected processor. The SCD architecture is not dependent on any processor-specific features. Rather, the processor architecture is selected based on price-performance ratio, longevity and industry support.

The current processor architecture of choice is the widely used ARM family. The ARM processor is supported by a wide range of commercial and open-source development tools, operating systems, and software libraries.

Cryptographic Co-Processor

The SCD includes cryptographic co-processor support to enable the secure high performance encryption and decryption operations crucial to all CloakX applications:

  • Public Key Infrastructure
  • Asymmetric Encryption/Decryption
  • Symmetric Encryption/Decryption
  • Digital Watermark creation and detection

Random Access Memory

Random access memory (RAM) is used to store transient data used by the SCD processing elements. The contents of this memory are lost when power is removed from the SCD.

Non-Volatile Memory

Non-volatile memory is used to store programs and data used by the SCD processing elements. The contents of this memory can be updated during the normal operation of the SCD, and is retained even when power is removed. Depending on intended application and form factor of the SCD, the non-volatile memory can be implemented with one or more applicable technologies:

  • Flash memory: up to several gigabytes of infrequently modified data
  • Battery backed-up CMOS RAM: several megabytes of dynamically modified data
  • Hard drive: up to several hundred gigabytes of frequently modified data

Protected Non-Volatile Memory

The protected non-volatile memory is not externally accessible and cannot be updated or modified during normal SCD operation. This memory is used to store the core software and data used by the SCD.

Depending on the application, protected non-volatile memory can be implemented as any combination of flash memory, mask programmed ROM and one-time programmable ROM.

Contents of this memory are typically determined when the SCD is manufactured. Contents can include data which are unique to each individual SCD such as serial number, digital certificates, and encryption keys.

Real-time Clock/Timer

Many aspects of CloakX applications are enabled or enhanced by the ability to reliably determine real time and date and elapsed time intervals. The SCD architecture therefore supports the inclusion of a real-time clock and timer. The timer can be used to measure timing intervals ranging from microseconds to hours. The clock can be used to securely determine absolute time and date. An embedded rechargeable battery allows uninterrupted operation of the Clock even when power is removed from the SCD.

Application-Specific Features

The computational requirements for some CloakX applications may be beyond the capabilities of the general purpose protected processing unit. In these cases, the SCD architecture supports the inclusion of application specific features. For example, decoding of MPEG video can be performed by the current generation of low-power 32-bit processors, but MPEG encoding or transcoding may require assistance.to achive real-time performance with a cost effective processor. This assistance may be in the form of custom hardware functions or a more flexible digital signal processing (DSP) core.

Communications Interface

The SCD must be able to communicate with the outside world in order to receive programs and exchange data. No single interface option is ideal for all applications, so the SCD architecture can accommodate a number of industry standard interfaces including, but certainly not limited to:

  • USB 2.0
  • Firewire (IEE1394)
  • 10/100/1000BaseT Ethernet
  • 802-11 wireless
  • Bluetooth wireless

SCD Packaging

For applications such as software protection identity and payment, one convenient configuration resembles a USB Flash memory device (Figure 2). For other applications, however, alternate SCD configurations and electrical interfaces are more appropriate. The SCD architecture easily accommodates this flexibility.

Depending on the application and level of required security, the SCD packaging can include a variety of features to prevent tampering.

  • Hardened metal case to discourage physical tampering
  • Encapsulation with chemical resistant resin to prevent non-destructive access to electronics
  • Faraday shielding to prevent passive electromagnetic sniffing
  • Break wires and sensors to disable operation in the event of physical tampering

SCD Software and Data

The Software and data associated with the SCD can be divided into five categories:

  1. Core software and data, which are permanently resident within the SCD hardware.
  2. Application-specific software and data, which are dynamically downloaded to the SCD for execution in the secure environment.
  3. Application-specific data content: protected data for the implemented application (such as critical code and media fragments and financial transaction records)
  4. Host resident software, which runs on a computer or other host device in direct communication with the SCD.
  5. Server resident software, which runs on servers communicating with the SCD indirectly via a communications channel such as the internet or other wide area network.

Core SCD Resident Software and Data

Each SCD contains core software and data to implement the critical features and functions for the supported CloakX applications. The core software includes:

  • Core communication protocols for exchanging information with CloakX servers and user computer systems
  • Asymmetric (public/private key) and symmetric (single key) encryption/decryption routines for securely exchanging data with CloakX servers and user computer systems
  • Key exchange algorithm for establishing secret keys for efficient private session data communications
  • Secure hash algorithms for signing and verifying data blocks
  • Interval timer and real-time clock functions

SCD specific core data includes:

  • Globally Unique Identifier (GUID) for the specific SCD
  • Global Public/Private encryption key pairs for the specific SCD