Keying infrastructure

US 10,419,216 B2
Filed: 03/14/2017
Issued: 09/17/2019
Est. Priority Date: 09/13/2013
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media storing computer-executable instructions, the computer-executable instructions upon execution, to instruct one or more processors to perform operations comprising:

generating an encryption key hierarchy with a key derivation function, the encryption key hierarchy including (i) a Trusted Execution Environment (TrEE) loader encryption key that is associated with a current security configuration of a TrEE loader and (ii) a TrEE encryption key that is associated with a current security configuration of a TrEE core, the TrEE encryption key being generated based at least in part on the TrEE loader encryption key;

utilizing the TrEE encryption key to encrypt data;

derive an application key for a sequence of application keys with the key derivation function, the application key being based on at least one of a preceding application key that directly precedes the application key in the sequence of application keys and a hash of an application that is loaded or executed during a current stage of a boot process; and

determine whether to load a next stage of the boot process based on whether additional applications are to be loaded and executed during the boot process, wherein the key derivation function is based at least in part on a debug status that indicates a number of times that debugging has been enabled or disabled.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.

Citations

20 Claims

1. One or more non-transitory computer-readable media storing computer-executable instructions, the computer-executable instructions upon execution, to instruct one or more processors to perform operations comprising:
- generating an encryption key hierarchy with a key derivation function, the encryption key hierarchy including (i) a Trusted Execution Environment (TrEE) loader encryption key that is associated with a current security configuration of a TrEE loader and (ii) a TrEE encryption key that is associated with a current security configuration of a TrEE core, the TrEE encryption key being generated based at least in part on the TrEE loader encryption key;
  
  utilizing the TrEE encryption key to encrypt data;
  
  derive an application key for a sequence of application keys with the key derivation function, the application key being based on at least one of a preceding application key that directly precedes the application key in the sequence of application keys and a hash of an application that is loaded or executed during a current stage of a boot process; and
  
  determine whether to load a next stage of the boot process based on whether additional applications are to be loaded and executed during the boot process, wherein the key derivation function is based at least in part on a debug status that indicates a number of times that debugging has been enabled or disabled.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more non-transitory computer-readable media of claim 1, wherein the generating includes deriving a platform encryption key for the encryption key hierarchy with the key derivation function, wherein the key derivation function is further based at least in part on a platform identifier for a platform that is implemented by the one or more processors.
  - 3. The one or more non-transitory computer-readable media of claim 2, wherein the generating includes deriving the TrEE loader encryption key for the encryption key hierarchy with the key derivation function, wherein the key derivation function is further based at least in part on the platform encryption key and a TrEE loader value, the TrEE loader value being associated with an update of the TrEE loader from a previous security configuration to the current security configuration.
  - 4. The one or more non-transitory computer-readable media of claim 1, wherein the generating includes deriving the TrEE encryption key for the encryption key hierarchy with the key derivation function, wherein the key derivation function is further based at least in part on a security version number of the current security configuration of the TrEE core.
  - 5. The one or more non-transitory computer-readable media of claim 1, wherein:
    - the TrEE loader encryption key is accessible to the TrEE loader; and
      
      the TrEE encryption key is accessible to the TrEE core.
  - 6. The one or more non-transitory computer-readable media of claim 1, wherein the generating includes deriving a root encryption key for the encryption key hierarchy with the key derivation function, wherein the key derivation function is further based at least in part on a debug status that indicates whether or not debugging is enabled or disabled.
  - 7. The one or more non-transitory computer-readable media of claim 1, wherein the generating includes deriving a root encryption key for the encryption key hierarchy with the key derivation function based at least in part on a debug status that indicates a number of times that debugging has been enabled or disabled.

8. A method comprising:
- deriving, by a computing device and with a key derivation function, a Trusted Execution Environment (TrEE) loader encryption key that is associated with a security configuration of a TrEE loader, the TrEE loader being configured to load a TrEE core that implements a TrEE;
  
  deriving, by the computing device and with the key derivation function, a TrEE encryption key that is associated with a security configuration of the TrEE core, the TrEE encryption key being derived based at least in part on the TrEE loader encryption key;
  
  utilizing the TrEE encryption key to encrypt data;
  
  deriving an application key for a sequence of application keys with the key derivation function, the application key being based on at least one of a preceding application key that directly precedes the application key in the sequence of application keys and a hash of an application that is loaded or executed during a current stage of a boot process; and
  
  determining whether to load a next stage of the boot process based on whether additional applications are to be loaded and executed during the boot process, wherein the key derivation function is based at least in part on a debug status that indicates a number of times that debugging has been enabled or disabled.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the security configuration of the TrEE loader comprises an updated security configuration and the TrEE loader encryption key is derived based at least in part on a TrEE loader value that is associated with an update of the TrEE loader from a previous security configuration to the updated security configuration.
  - 10. The method of claim 8, further comprising:
    - deriving another TrEE encryption key with the key derivation function, wherein the key derivation function is further based at least in part on the TrEE loader encryption key and an updated security configuration of the TrEE core; and
      
      utilizing the other TrEE encryption key to at least one of encrypt other data or decrypt other data.
  - 11. The method of claim 8, further comprising:
    - deriving a root encryption key with the key derivation function, wherein the key derivation function is further based on whether or not debugging is enabled or disabled for the computing device; and
      
      deriving a platform encryption key with the key derivation function, wherein the key derivation function is further based at least in part on the root encryption key and a platform identifier for a platform that is implemented by the computing device;
      
      wherein the TrEE loader encryption key is derived based at least in part on the platform encryption key.
  - 12. The method of claim 8, further comprising:
    - deleting the preceding application key upon deriving the application key; and
      
      verifying an application state of the computing device based at least in part on an application key that remains in the sequence of application keys.

13. A computing device comprising:
- one or more hardware processors; and
  
  one or more computer-readable media storing instructions that, when executed by the one or more hardware processors, cause the one or more hardware processors to perform operations comprising;
  
  generating, with a first key derivation function, a first encryption key that is associated with a security configuration of a Trusted Execution Environment (TrEE) loader;
  
  generating, with a second key derivation function, a second encryption key that is associated with a security configuration of a TrEE core, the second encryption key being generated based at least in part on the first encryption key;
  
  utilizing the second encryption key to at least one of encrypt data or decrypt data;
  
  deriving an application key for a sequence of application keys with a third key derivation function, the application key being based on at least one of a preceding application key that directly precedes the application key in the sequence of application keys and a hash of an application that is loaded or executed during a current stage of a boot process; and
  
  determining whether to load a next stage of the boot process based on whether additional applications are to be loaded and executed during the boot process, wherein the third key derivation function is based at least in part on a debug status that indicates a number of times that debugging has been enabled or disabled.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computing device of claim 13, the operations further comprising generating, with the third key derivation function, a third encryption key based at least in part on a platform identifier for a platform that is implemented by the one or more processors.
  - 15. The computing device of claim 14, wherein the generating the first encryption key comprises generating, using the first key derivation function, the first encryption key based at least in part on the third encryption key and a TrEE loader value, the TrEE loader value being associated with an update of the TrEE loader from a previous security configuration to the security configuration of the TrEE loader.
  - 16. The computing device of claim 13, wherein the second encryption key is further generated based at least in part on a security version number of the security configuration of the TrEE core.
  - 17. The computing device of claim 13, wherein:
    - the first encryption key is accessible to the TrEE loader; and
      
      the second encryption key is accessible to the TrEE core.
  - 18. The computing device of claim 13, the operations further comprising generating, with the third key derivation function, a third encryption key based at least in part on a debug status that indicates whether or not debugging is enabled or disabled.
  - 19. The computing device of claim 13, the operations further comprising:
    - generating, with the third key derivation function, a third encryption key based at least in part on the first encryption key and an updated security configuration of the TrEE core; and
      
      utilizing the third encryption key to at least one of encrypt other data or decrypt other data.
  - 20. The computing device of claim 13, wherein the TrEE loader is configured to load the TrEE core that implements a TrEE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Ferguson, Niels T., Nystrom, Magnus Bo Gustaf, McPherson, Dave M., England, Paul, Novak, Mark Fishel
Primary Examiner(s)
Tran, Tri M

Application Number

US15/458,543
Publication Number

US 20170187526A1
Time in Patent Office

917 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 9/4401   Bootstrapping security arra...

H04L 9/0836   using tree structure or hie...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3234   involving additional secure...

H04L 9/50   using hash chains, e.g. blo...

Keying infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Keying infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links