HARDWARE TRUST ANCHORS IN SP-ENABLED PROCESSORS
First Claim
1. A computing device having a hardware portion and at least one memory external to said hardware portion, said computer comprising:
- at least one register for storing therein a moderate amount of data, said data register constructed within said hardware portion at a location such that probing of said register by a user is difficult to achieve without rendering data in said register useless for its intended purpose; and
at least one cryptographic key register physically constructed within said hardware portion at a location such that probing of said register by a user is difficult to achieve without rendering data in said register useless for its intended purpose.
6 Assignments
0 Petitions
Accused Products
Abstract
A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware-rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, programs, data) by the use of strong encryption and/or keyed-hashing, respectively. In addition to secrets the Authority owns, the system provides access to third party secrets from the computing devices. In one embodiment, the hardware-rooted encryption and hashing each use a single hardware register fabricated as part of the computing device'"'"'s processor or System-on-Chip (SoC) and protected from external probing. The secret data is protected while in the device even during operating system malfunctions and becomes non-accessible from storage according to various rules, one of the rules being the passage of a certain time period. The use of the keys (or other secrets) can be bound to security policies that cannot be separated from the keys (or other secrets). The Authority is also able to establish remote trust and secure communications to the devices after deployment in the field using a special tamper-resistant hardware register in the device, to enable, disable or update the keys or secrets stored securely by the device.
-
Citations
71 Claims
-
1. A computing device having a hardware portion and at least one memory external to said hardware portion, said computer comprising:
-
at least one register for storing therein a moderate amount of data, said data register constructed within said hardware portion at a location such that probing of said register by a user is difficult to achieve without rendering data in said register useless for its intended purpose; and at least one cryptographic key register physically constructed within said hardware portion at a location such that probing of said register by a user is difficult to achieve without rendering data in said register useless for its intended purpose. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A system of computers each having at least one hardware processor and at least one memory external to said processors each said computer comprising:
-
at least one cryptographic key register and at least one cryptographic hash value register each register physically constructed within said hardware processor at a location such that probing of said registers by a user is difficult to achieve without rendering data in said register useless for its intended purpose; each said computer having loaded thereon at least one trusted software module (TSM); and a unique device root encryption key loaded in said cryptographic key register and a hash loaded in said hash register, each set of said registers operatively responding only to a TSM loaded on the same computer. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A method for storing data on a general purpose computer or, on a special-purpose computing nodes in a secure manner, said method comprising:
-
storing a device root key (DRK) by a trusted authority for storage in a register contained within a processor of said computer; storing a trusted software module (TSM) by said authority on said computer, said TSM being the only software on said computer that can interact with said DRK; and encoding any secure data to be stored on said computer under control of said TSM working in conjunction with said DRK. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A method for secure communication between an authority and one of a plurality of devices pre-associated with said authority, said method comprising:
-
establishing a communication connection between said authority and one of said devices; identifying said one device at said authority; said authority and said device each generating a message and sending it to the other party, such generation involving a common cryptographic key stored at both said device and said authority and such generation involving data values such that the same message will not be generated more than once; and said messages being verified by the receiving party involving a computation that involves said cryptographic key and such that the same message will not be accepted more than once; said stored cryptographic key on the device either stored in a processor of said device or derived from said key stored in said processor of said device; said cryptographic key on the device also being used to protect a TSM also contained on said device. - View Dependent Claims (70, 71)
-
Specification