Password triggered trusted encryption key deletion
First Claim
1. A method of evaluating secrets in a general purpose computer system without using any specialized hardware or circuit, whereina trusted execution environment is provided for evaluating secrets through the use of an active secure execution mode of a computer'"'"'s CPU and a passive security chip considering possible vulnerabilities and possible attacks and eliminating said vulnerabilities and said possibilities of attacks, including providing the said trusted execution environment during the boot up of the computer system or the wake up from sleep mode;
- the trusted execution environment, using the active secure execution mode of the CPU and the passive security chip, enablestamper-proof evaluation and management of keys,tamper-proof execution of custom unlock/deletion logic,binding between the intact integrity of the trusted execution environment and the encryption key; and
enforcing and later attesting the intact software state of the computer;
bypassing the trusted execution environment renders the stored encryption key or keys inaccessible;
upon entering a secret in a guessing-resistant manner, including showing plausible compliance when facing coercion, and after evaluation of the secret, a securely stored encryption key protecting either on-disk or in-memory data is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion or upon entering a specified number of incorrect secrets; and
enabling secrets for key retrieval and secrets for key deletion to be indistinguishable pattern from each other and from undefined secrets without prior knowledge hence imposing high guessing risk, and ensuring undetectable deletion trigger and plausible user compliance under coercion.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of evaluating secrets in a computer system'"'"'s trusted execution environment, wherein after evaluation of secrets, a securely stored encryption key is either retrieved or deleted upon entering corresponding secret (password, graphical password, biometric information, data sequence, security token, etc.) or secrets. Deletion of the encryption key can happen in a verifiable manner or in a non-verifiable manner. If a storage is encrypted with the encryption key, deletion of the encryption key makes the encrypted storage irreversibly undecryptable, while retrieval of the key permits decryption of the storage. Two encryption keys can be used to encrypt two separate storages, and then securely stored and processed in the trusted execution environment. Each of the two encryption keys can be retrieved using one or more associated secrets (passwords, etc.), and one or more other secrets would delete the encryption key associated with a preselected storage. During sleep-wake event a computer system'"'"'s memory can be encrypted with a symmetric key, and the symmetric key can be secured by encrypting with a public encryption key. Corresponding private key is retrieved to decrypt the symmetric key upon evaluation of associated password (secret) in trusted execution environment, while the private key is deleted upon evaluation of one or many preselected deletion password (secret) leaving the encrypted memory undecryptable.
-
Citations
32 Claims
-
1. A method of evaluating secrets in a general purpose computer system without using any specialized hardware or circuit, wherein
a trusted execution environment is provided for evaluating secrets through the use of an active secure execution mode of a computer'"'"'s CPU and a passive security chip considering possible vulnerabilities and possible attacks and eliminating said vulnerabilities and said possibilities of attacks, including providing the said trusted execution environment during the boot up of the computer system or the wake up from sleep mode; -
the trusted execution environment, using the active secure execution mode of the CPU and the passive security chip, enables tamper-proof evaluation and management of keys, tamper-proof execution of custom unlock/deletion logic, binding between the intact integrity of the trusted execution environment and the encryption key; and enforcing and later attesting the intact software state of the computer; bypassing the trusted execution environment renders the stored encryption key or keys inaccessible; upon entering a secret in a guessing-resistant manner, including showing plausible compliance when facing coercion, and after evaluation of the secret, a securely stored encryption key protecting either on-disk or in-memory data is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion or upon entering a specified number of incorrect secrets; and enabling secrets for key retrieval and secrets for key deletion to be indistinguishable pattern from each other and from undefined secrets without prior knowledge hence imposing high guessing risk, and ensuring undetectable deletion trigger and plausible user compliance under coercion. - View Dependent Claims (2, 3, 4, 5, 6)
a Trusted Platform Module (TPM) and a CPU with Trusted Execution Technology (TXT); a TPM and a CPU with Secure Virtual Machine (SVM); a CPU with Software Guard Extensions (SGX) with built-in secure storage; and a Secure Element and a CPU with TrustZone.
-
-
3. The method according to claim 1, further comprising of the step:
associating the encryption key with an on-disk or in-memory encrypted storage, wherein retrieval of the encryption key permits decryption of the encrypted storage, deletion of the encryption key makes the encrypted storage irreversibly undecryptable, and both the retrieval and deletion logic depends on the user-supplied secret and on the software state of the computer being intact.
-
4. The method according to claim 1, wherein
the intact software state of the computer can be enforced and later attested by the CPU'"'"'s trusted execution mode and a passive security chip, and further enhancing with at least one of: -
the secret associated with the retrieval of the encryption key is one of a plurality of secrets, wherein each of the plurality of secrets associated with encryption key retrieval results in the retrieval of the encryption key; and the secret associated with the deletion of the encryption key is one of a plurality of secrets, wherein each of the plurality of secrets associated with encryption key deletion results in the deletion of the encryption key in a cryptographically verifiable manner or in a non-verifiable manner.
-
-
5. The method according to claim 1, further comprising of steps:
-
creating two encrypted data storages on-disk or in-memory within the computer system; and associating at least three secrets, wherein each of a pair of the at least three secrets allow retrieval and use of encryption key associated with one of the two encrypted data storages and the third secret securely deletes the encryption key associated with a preselected encrypted data storage of the two encrypted data storages.
-
-
6. The method according to claim 5, wherein
the at least three secrets are part of a plurality of secrets wherein each of the plurality of secrets other than the at least three secrets, after entering more than a specified number of times, also results in the deletion of the encryption key associated with the preselected encrypted data storage of the two encrypted data storages; - and
the intact software state of the computer can be enforced and later attested to by the CPU'"'"'s trusted execution mode and a passive security chip.
- and
-
7. A method of evaluating secrets in a computer system'"'"'s trusted execution environment, wherein after evaluation of secrets, a securely stored encryption key is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion, comprising of steps:
-
creating two encrypted data storage within the computer system; and associating at least three secrets, wherein each of a pair of the at least three secrets allow retrieval and use of encryption key associated with one of the two encrypted data storages and the third secret securely deletes the encryption key associated with a preselected encrypted data storage of the two encrypted data storages, providing a hidden system upon the computer system for storing selected data; providing a decoy system upon the computer system for storing other data; encrypting the data being stored upon the hidden system with a first encryption key, KH; encrypting the other data being stored upon the decoy system with a second encryption key, KN; associating a first secret, PH, for retrieving KH;
wherein entry of PH retrieves KH in order to either retrieve selected data or to store additional data within the hidden system;associating a second secret, PN, for retrieving KN;
wherein entry of PN retrieves KN in order to either retrieve other data or to store additional data within the decoy system; andassociating a third secret, PD, for performing a secure deletion of KH;
wherein entry of PD results in secure deletion of KH.- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
counts are stored in a tamper-proof manner; and upon reaching a threshold count of invalid entry of passwords also results in the secure deletion of KH.
-
-
11. The method according to claim 7, wherein
active secure execution mode of the CPU and a passive security chip provides a trusted execution environment, which enables tamper-proof execution of custom unlock/deletion logic, and binding between the integrity of the trusted execution environment and the encryption key; - and
the active secure execution mode of the CPU and the passive security chip comprises at least one of; a Trusted Platform Module (TPM) and a CPU with Trusted Execution Technology (TXT); a TPM and a CPU with Secure Virtual Machine (SVM); a CPU with Software Guard Extensions (SGX) with built-in secure storage; and a Secure Element and a CPU with TrustZone.
- and
-
12. The method according to claim 7, wherein
the encryption keys KH and KN are at least one of stored and sealed within non-volatile random access memory (NVRAM) of the TPM. -
13. The method according to claim 7, wherein
the encryption keys KH and KN are bound to the state of the computer software. -
14. The method according to claim 13, wherein
binding to the intact state of the computer software is achieved by the active secure execution mode of the CPU in conjunction with the passive security chip. -
15. The method according to claim 7, wherein
the hidden system and the decoy system are each at least one of software based full disk encryption (FDE) and hardware-based FDE. -
16. The method according to claim 15, wherein
the software based FDE includes support for plausible deniability. -
17. The method according to claim 7, wherein
the encryption key is deleted on one or more network connected computer system by remotely sending the secret through a secure network tunnel, where the secret is associated with encryption key deletion and the evaluation of the secret is performed in the intact software state of the computer, enforced and attested by the active trusted execution environment of the CPU and the passive security chip. -
18. The method according to claim 17, wherein
each network connected computer system sends back verifiable proof of the deletion of the encryption key.
-
19. A computer subsystem comprising of:
-
a hidden system forming part of a computer system storing encrypted data with a first encryption key, KH; and a decoy system forming part of the computer system storing encrypted other data with a second encryption key, KN; with a first password, PH, for retrieving KH in order to either retrieve secured data or store additional data within the hidden system; a second password, PN, for retrieving KN in order to either retrieve other data or store additional data within the decoy system; and a third password, PD, with performing a secure deletion of KH;
whereas receiving PD results in secure deletion of KH. - View Dependent Claims (20, 21)
-
-
22. A method of evaluating secrets in a computer system'"'"'s trusted execution environment, wherein
after evaluation of secrets, a securely stored encryption key is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion; - and
during a sleep-wake event of a computer system memory is encrypted with a symmetric key (SK) as computer system enters a sleep mode of the sleep-wake event and the SK is encrypted with a public encryption key (HGPUB) such that the encrypted memory can only be decrypted with entry of the correct secret (PW) to retrieve a private key HGPRIV corresponding to HGPUB that allows decryption of SK and subsequent decryption of encrypted memory and entry of a preselected deletion password (PD) will delete HGPRIV, and both the retrieval of HGPRIV and deletion logic depends on the software state of the computer, and the user-supplied secret. - View Dependent Claims (23, 24)
- and
-
25. A method of evaluating secrets in a computer system'"'"'s trusted execution environment, wherein
after evaluation of secrets, a securely stored encryption key is either unlocked upon entering a secret associated with encryption key retrieval or deleted in cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion; - and
comprises of the following steps during a sleep-wake event of a computer system; associating a symmetric encryption key (SK) with the encryption of the memory of the computer system upon the initiation of a sleep mode of the computer system; encrypting the memory of the computer system with SK during entry into the sleep mode of the computer system; receiving a public key, HGPUB, for encrypting SK during entry into the sleep mode of the computer system; storing the encrypted SK within the memory of the computer system; receiving a correct secret (PW) during initiation of a wake mode of the computer system after the sleep mode has been entered; retrieving a private key HGPRIV corresponding to HGPUB from secure storage of the trusted execution environment upon receipt of PW; decrypting SK when HGPRIV is retrieved allowing subsequent decryption of the encrypted memory encrypted with SK during entry into the sleep mode; wherein receipt of a special deletion secret (PD) instead of PW, during initiation of the wake mode of the computer system after the sleep mode has been entered results in deletion of HGPRIV or receipt of multiple incorrect secrets during initiation of the wake mode of the computer system after the sleep mode has been entered results in deletion of HGPRIV. - View Dependent Claims (26, 27, 28, 29, 30)
the active secure execution mode of the CPU and the passive security chip comprises at least one of; a Trusted Platform Module (TPM) and a CPU with Trusted Execution Technology (TXT); a TPM and a CPU with Secure Virtual Machine (SVM); a CPU with Software Guard Extensions (SGX) with built-in secure storage; and a Secure Element and a CPU with TrustZone.
- and
-
28. The method according to claim 25, wherein
the HGPRIV private key is at least one of stored and sealed within non-volatile random access memory (NVRAM) of the TPM. -
29. The method according to claim 25, wherein
GCM mode is used to check whether the authenticity of the data in memory is compromised upon wakeup from a sleep mode. -
30. The method according to claim 29, wherein
GCM mode defers tag verification and runs tag verification during decryption process to improve decryption performance.
-
31. A computer subsystem comprising of:
-
a symmetric encryption key (SK) stored within the memory of the computer system associated with the encryption of the memory of the computer system upon the initiation of a sleep mode of the computer system; encrypted memory of the computer system encrypted with SK during entry into the sleep mode of the computer system; a public key, HGPUB, for encrypting SK during entry into the sleep mode of the computer system; storing the encrypted SK within the memory of the computer system; receiving a correct secret (PW) during initiation of a wake mode of the computer system after the sleep mode has been entered; retrieving a private key HGPRIV corresponding to HGPUB from secure storage of the computer system upon receipt of PW; decrypting SK when HGPRIV is retrieved allowing subsequent decryption of the encrypted active system memory encrypted with SK during entry into the sleep mode; wherein receipt of a special deletion password (PD) instead of PW, during initiation of the wake mode of the computer system after the sleep mode has been entered results in deletion of HGPRIV or receipt of multiple incorrect passwords during initiation of the wake mode of the computer system after the sleep mode has been entered results in the deletion of HGPRIV. - View Dependent Claims (32)
-
Specification