Password triggered trusted encryption key deletion

US 10,516,533 B2
Filed: 02/05/2017
Issued: 12/24/2019
Est. Priority Date: 02/05/2016
Status: Active Grant

First Claim

Patent Images

1. A method of evaluating secrets in a general purpose computer system without using any specialized hardware or circuit, whereina trusted execution environment is provided for evaluating secrets through the use of an active secure execution mode of a computer'"'"'s CPU and a passive security chip considering possible vulnerabilities and possible attacks and eliminating said vulnerabilities and said possibilities of attacks, including providing the said trusted execution environment during the boot up of the computer system or the wake up from sleep mode;

the trusted execution environment, using the active secure execution mode of the CPU and the passive security chip, enablestamper-proof evaluation and management of keys,tamper-proof execution of custom unlock/deletion logic,binding between the intact integrity of the trusted execution environment and the encryption key; and

enforcing and later attesting the intact software state of the computer;

bypassing the trusted execution environment renders the stored encryption key or keys inaccessible;

upon entering a secret in a guessing-resistant manner, including showing plausible compliance when facing coercion, and after evaluation of the secret, a securely stored encryption key protecting either on-disk or in-memory data is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion or upon entering a specified number of incorrect secrets; and

enabling secrets for key retrieval and secrets for key deletion to be indistinguishable pattern from each other and from undefined secrets without prior knowledge hence imposing high guessing risk, and ensuring undetectable deletion trigger and plausible user compliance under coercion.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of evaluating secrets in a computer system'"'"'s trusted execution environment, wherein after evaluation of secrets, a securely stored encryption key is either retrieved or deleted upon entering corresponding secret (password, graphical password, biometric information, data sequence, security token, etc.) or secrets. Deletion of the encryption key can happen in a verifiable manner or in a non-verifiable manner. If a storage is encrypted with the encryption key, deletion of the encryption key makes the encrypted storage irreversibly undecryptable, while retrieval of the key permits decryption of the storage. Two encryption keys can be used to encrypt two separate storages, and then securely stored and processed in the trusted execution environment. Each of the two encryption keys can be retrieved using one or more associated secrets (passwords, etc.), and one or more other secrets would delete the encryption key associated with a preselected storage. During sleep-wake event a computer system'"'"'s memory can be encrypted with a symmetric key, and the symmetric key can be secured by encrypting with a public encryption key. Corresponding private key is retrieved to decrypt the symmetric key upon evaluation of associated password (secret) in trusted execution environment, while the private key is deleted upon evaluation of one or many preselected deletion password (secret) leaving the encrypted memory undecryptable.

22 Citations

View as Search Results

32 Claims

1. A method of evaluating secrets in a general purpose computer system without using any specialized hardware or circuit, whereina trusted execution environment is provided for evaluating secrets through the use of an active secure execution mode of a computer'"'"'s CPU and a passive security chip considering possible vulnerabilities and possible attacks and eliminating said vulnerabilities and said possibilities of attacks, including providing the said trusted execution environment during the boot up of the computer system or the wake up from sleep mode;
- the trusted execution environment, using the active secure execution mode of the CPU and the passive security chip, enablestamper-proof evaluation and management of keys,tamper-proof execution of custom unlock/deletion logic,binding between the intact integrity of the trusted execution environment and the encryption key; and
  
  enforcing and later attesting the intact software state of the computer;
  
  bypassing the trusted execution environment renders the stored encryption key or keys inaccessible;
  
  upon entering a secret in a guessing-resistant manner, including showing plausible compliance when facing coercion, and after evaluation of the secret, a securely stored encryption key protecting either on-disk or in-memory data is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion or upon entering a specified number of incorrect secrets; and
  
  enabling secrets for key retrieval and secrets for key deletion to be indistinguishable pattern from each other and from undefined secrets without prior knowledge hence imposing high guessing risk, and ensuring undetectable deletion trigger and plausible user compliance under coercion.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, whereinthe active secure execution mode of the CPU and the passive security chip comprises at least one of:
3. The method according to claim 1, further comprising of the step:
- associating the encryption key with an on-disk or in-memory encrypted storage, whereinretrieval of the encryption key permits decryption of the encrypted storage,deletion of the encryption key makes the encrypted storage irreversibly undecryptable, andboth the retrieval and deletion logic depends on the user-supplied secret and on the software state of the computer being intact.
4. The method according to claim 1, whereinthe intact software state of the computer can be enforced and later attested by the CPU'"'"'s trusted execution mode and a passive security chip, andfurther enhancing with at least one of:
- the secret associated with the retrieval of the encryption key is one of a plurality of secrets, wherein each of the plurality of secrets associated with encryption key retrieval results in the retrieval of the encryption key; and
  
  the secret associated with the deletion of the encryption key is one of a plurality of secrets, wherein each of the plurality of secrets associated with encryption key deletion results in the deletion of the encryption key in a cryptographically verifiable manner or in a non-verifiable manner.
5. The method according to claim 1, further comprising of steps:
- creating two encrypted data storages on-disk or in-memory within the computer system; and
  
  associating at least three secrets, wherein each of a pair of the at least three secrets allow retrieval and use of encryption key associated with one of the two encrypted data storages and the third secret securely deletes the encryption key associated with a preselected encrypted data storage of the two encrypted data storages.
6. The method according to claim 5, whereinthe at least three secrets are part of a plurality of secrets wherein each of the plurality of secrets other than the at least three secrets, after entering more than a specified number of times, also results in the deletion of the encryption key associated with the preselected encrypted data storage of the two encrypted data storages;
- andthe intact software state of the computer can be enforced and later attested to by the CPU'"'"'s trusted execution mode and a passive security chip.

7. A method of evaluating secrets in a computer system'"'"'s trusted execution environment, wherein after evaluation of secrets, a securely stored encryption key is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion, comprising of steps:
- creating two encrypted data storage within the computer system; and
  
  associating at least three secrets, wherein each of a pair of the at least three secrets allow retrieval and use of encryption key associated with one of the two encrypted data storages and the third secret securely deletes the encryption key associated with a preselected encrypted data storage of the two encrypted data storages,providing a hidden system upon the computer system for storing selected data;
  
  providing a decoy system upon the computer system for storing other data;
  
  encrypting the data being stored upon the hidden system with a first encryption key, KH;
  
  encrypting the other data being stored upon the decoy system with a second encryption key, KN;
  
  associating a first secret, PH, for retrieving KH;
  
  wherein entry of PH retrieves KH in order to either retrieve selected data or to store additional data within the hidden system;
  
  associating a second secret, PN, for retrieving KN;
  
  wherein entry of PN retrieves KN in order to either retrieve other data or to store additional data within the decoy system; and
  
  associating a third secret, PD, for performing a secure deletion of KH;
  
  wherein entry of PD results in secure deletion of KH.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The method according to claim 7, whereinPD is one of a plurality of PDs, each of which results in secure deletion of KH.
  - 9. The method according to claim 7, whereineach of PH, PN, and PD is one of a plurality of passwords based on distance-based password scheme, whereas each password from password space PH results in retrieving KH, each password from password space PN results in retrieving KN, and each password from password space PD results in secure deletion of KH, andall passwords from password space PN are farther than passwords of password space PH are from the center of password space PH, and all passwords from password space PD are farther than passwords from password spaces PH and PN are from the center of the password space PH.
  - 10. The method according to claim 7, whereininvalid entry of passwords are counted;
11. The method according to claim 7, whereinactive secure execution mode of the CPU and a passive security chip provides a trusted execution environment, which enables tamper-proof execution of custom unlock/deletion logic, and binding between the integrity of the trusted execution environment and the encryption key;
- andthe active secure execution mode of the CPU and the passive security chip comprises at least one of;
  
  a Trusted Platform Module (TPM) and a CPU with Trusted Execution Technology (TXT);
  
  a TPM and a CPU with Secure Virtual Machine (SVM);
  
  a CPU with Software Guard Extensions (SGX) with built-in secure storage; and
  
  a Secure Element and a CPU with TrustZone.
12. The method according to claim 7, whereinthe encryption keys KH and KN are at least one of stored and sealed within non-volatile random access memory (NVRAM) of the TPM.
13. The method according to claim 7, whereinthe encryption keys KH and KN are bound to the state of the computer software.
14. The method according to claim 13, whereinbinding to the intact state of the computer software is achieved by the active secure execution mode of the CPU in conjunction with the passive security chip.
15. The method according to claim 7, whereinthe hidden system and the decoy system are each at least one of software based full disk encryption (FDE) and hardware-based FDE.
16. The method according to claim 15, whereinthe software based FDE includes support for plausible deniability.
17. The method according to claim 7, whereinthe encryption key is deleted on one or more network connected computer system by remotely sending the secret through a secure network tunnel, where the secret is associated with encryption key deletion and the evaluation of the secret is performed in the intact software state of the computer, enforced and attested by the active trusted execution environment of the CPU and the passive security chip.
18. The method according to claim 17, whereineach network connected computer system sends back verifiable proof of the deletion of the encryption key.

19. A computer subsystem comprising of:
- a hidden system forming part of a computer system storing encrypted data with a first encryption key, KH; and
  
  a decoy system forming part of the computer system storing encrypted other data with a second encryption key, KN;
  
  with a first password, PH, for retrieving KH in order to either retrieve secured data or store additional data within the hidden system;
  
  a second password, PN, for retrieving KN in order to either retrieve other data or store additional data within the decoy system; and
  
  a third password, PD, with performing a secure deletion of KH;
  
  whereas receiving PD results in secure deletion of KH.
- View Dependent Claims (20, 21)
- - 20. A computer subsystem according to claim 19, further comprising of:
    - a computer readable medium storing executable instructions thereon that, when executed by a CPU, perform the steps to build the computer subsystem of claim 19, including encrypting data stored in the hidden system and the decoy system, and associating the passwords PH, PN, and PD.
  - 21. A computer subsystem according to claim 20, wherein the computer readable medium storing executable instructions thereon that, when executed by a CPU, further perform the following steps:
    - establishing the hidden system upon the computer system; and
      
      establishing the decoy system upon the computer system.

22. A method of evaluating secrets in a computer system'"'"'s trusted execution environment, whereinafter evaluation of secrets, a securely stored encryption key is either unlocked upon entering a secret associated with encryption key retrieval or deleted in a cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion;
- andduring a sleep-wake event of a computer system memory is encrypted with a symmetric key (SK) as computer system enters a sleep mode of the sleep-wake event and the SK is encrypted with a public encryption key (HGPUB) such that the encrypted memory can only be decrypted with entry of the correct secret (PW) to retrieve a private key HGPRIV corresponding to HGPUB that allows decryption of SK and subsequent decryption of encrypted memory and entry of a preselected deletion password (PD) will delete HGPRIV, and both the retrieval of HGPRIV and deletion logic depends on the software state of the computer, and the user-supplied secret.
- View Dependent Claims (23, 24)
- - 23. The method according to claim 22, wherein the PD is one of a plurality of secrets wherein each of the plurality of secrets results in deletion of HGPRIV.
  - 24. The method according to claim 22, wherein failure to enter the correct secret within a predetermined number of attempts also results in deletion of HGPRIV.

25. A method of evaluating secrets in a computer system'"'"'s trusted execution environment, whereinafter evaluation of secrets, a securely stored encryption key is either unlocked upon entering a secret associated with encryption key retrieval or deleted in cryptographically verifiable manner or in a non-verifiable manner upon entering a secret associated with encryption key deletion;
- andcomprises of the following steps during a sleep-wake event of a computer system;
  
  associating a symmetric encryption key (SK) with the encryption of the memory of the computer system upon the initiation of a sleep mode of the computer system;
  
  encrypting the memory of the computer system with SK during entry into the sleep mode of the computer system;
  
  receiving a public key, HGPUB, for encrypting SK during entry into the sleep mode of the computer system;
  
  storing the encrypted SK within the memory of the computer system;
  
  receiving a correct secret (PW) during initiation of a wake mode of the computer system after the sleep mode has been entered;
  
  retrieving a private key HGPRIV corresponding to HGPUB from secure storage of the trusted execution environment upon receipt of PW;
  
  decrypting SK when HGPRIV is retrieved allowing subsequent decryption of the encrypted memory encrypted with SK during entry into the sleep mode;
  
  whereinreceipt of a special deletion secret (PD) instead of PW, during initiation of the wake mode of the computer system after the sleep mode has been entered results in deletion of HGPRIV or receipt of multiple incorrect secrets during initiation of the wake mode of the computer system after the sleep mode has been entered results in deletion of HGPRIV.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The method according to claim 25, whereinPD is one of a plurality of PDs, each of which results in secure deletion of HGPRIV.
  - 27. The method according to claim 25, whereinactive secure execution mode of the CPU and a passive security chip provides a trusted execution environment, which enables tamper-proof execution of custom unlock/deletion logic, and binding between the integrity of the trusted execution environment and the encryption key;
    - and
28. The method according to claim 25, whereinthe HGPRIV private key is at least one of stored and sealed within non-volatile random access memory (NVRAM) of the TPM.
29. The method according to claim 25, whereinGCM mode is used to check whether the authenticity of the data in memory is compromised upon wakeup from a sleep mode.
30. The method according to claim 29, whereinGCM mode defers tag verification and runs tag verification during decryption process to improve decryption performance.

31. A computer subsystem comprising of:
- a symmetric encryption key (SK) stored within the memory of the computer system associated with the encryption of the memory of the computer system upon the initiation of a sleep mode of the computer system;
  
  encrypted memory of the computer system encrypted with SK during entry into the sleep mode of the computer system;
  
  a public key, HGPUB, for encrypting SK during entry into the sleep mode of the computer system;
  
  storing the encrypted SK within the memory of the computer system;
  
  receiving a correct secret (PW) during initiation of a wake mode of the computer system after the sleep mode has been entered;
  
  retrieving a private key HGPRIV corresponding to HGPUB from secure storage of the computer system upon receipt of PW;
  
  decrypting SK when HGPRIV is retrieved allowing subsequent decryption of the encrypted active system memory encrypted with SK during entry into the sleep mode;
  
  whereinreceipt of a special deletion password (PD) instead of PW, during initiation of the wake mode of the computer system after the sleep mode has been entered results in deletion of HGPRIV or receipt of multiple incorrect passwords during initiation of the wake mode of the computer system after the sleep mode has been entered results in the deletion of HGPRIV.
- View Dependent Claims (32)
- - 32. The computer subsystem according to claim 31, further comprising ofa computer readable medium storing executable instructions thereon that, when executed by a CPU, performs a method comprising of all the steps needed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mohammad Mannan
Original Assignee
Mohammad Mannan
Inventors
Mannan, Mohammad, Zhao, Lianying
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US15/424,848
Publication Number

US 20170230179A1
Time in Patent Office

1,052 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 9/4418   Suspend and resume; Hiberna...

H04L 9/002   Countermeasures against att...

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

Password triggered trusted encryption key deletion

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Password triggered trusted encryption key deletion

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links