Method and apparatus for secure processing of cryptographic keys
First Claim
1. A method for secure processing of cryptographic keys using a main system processor having a secure processor mode, comprising the steps of:
- loading a cryptographic key, cryptographic program, and any other required cryptographic data into a secure memory during a secure processor mode or during a power-on initialization sequence; and
executing the cryptographic program in the secure processor mode or during the power-on initialization sequence using the cryptographic key stored in the secure memory.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for secure processing of cryptographic keys, wherein a cryptographic key stored on a token is processed in a secure processor mode using a secure memory. A main system processor is initialized into a secure processing mode, which cannot be interrupted by other interrupts, during a power-on sequence. A user enters a Personal Identification Number (PIN) to unlock the cryptographic key stored on the token. The cryptographic key and associated cryptographic program are then loaded into the secure memory. The secure memory is locked to prevent access to the stored data from any other processes. The user is then prompted to remove the token and the processor exits the secure mode and the system continues normal boot-up operations. When an application requests security processing, the cryptographic program is executed by the processor in the secure mode such that no other programs or processes can observe the execution of the program. Two-factor authentication is thus obtained without the need for any additional hardware.
-
Citations
28 Claims
-
1. A method for secure processing of cryptographic keys using a main system processor having a secure processor mode, comprising the steps of:
-
loading a cryptographic key, cryptographic program, and any other required cryptographic data into a secure memory during a secure processor mode or during a power-on initialization sequence; and
executing the cryptographic program in the secure processor mode or during the power-on initialization sequence using the cryptographic key stored in the secure memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for secure processing of cryptographic keys using a main system processor, comprising the steps of:
-
verifying a user'"'"'s personal identification number (PIN);
loading a cryptographic program, and any other required cryptographic data stored on a token into a secure memory, if the user'"'"'s PIN is verified;
locking the secure memory, if required by a system architecture to prevent other processes from accessing the secure memory, after loading the cryptographic program and any other data; and
exiting the secure processor mode and continuing a normal boot-up procedure. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A secure processing apparatus for secure processing of cryptographic keys, the apparatus comprising:
-
a main system processor having a secure processor mode;
a secure memory which can only be accessed by the processor while the processor is in the secure mode; and
a cryptographic key, program, and associated data stored on a token, wherein the cryptographic key, program and associated data are stored in the secure memory during a power-on initialization or a secure processor mode, and wherein the cryptographic key, program and associated data are processed by the processor during a power-on initialization or a secure processor mode. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification