KEYING INFRASTRUCTURE

US 20150082048A1
Filed: 03/31/2014
Published: 03/19/2015
Est. Priority Date: 09/13/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

setting, by a computing device, an initial application key in a sequence of application keys;

determining that a component is loaded or executed, and in response to the determining;

deriving an application key for the sequence of application keys with a key derivation function, the application key being derived based at least in part on a preceding application key that directly precedes the application key in the sequence of application keys and based at least in part on a hash of the component that is loaded or executed; and

deleting the preceding application key upon deriving the application key;

utilizing, by the computing device, an application key that remains in the sequence of application keys after the deletion to derive an image operation key; and

utilizing the image operation key to at least one of verify an application state of the computing device or encrypt data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.

26 Citations

View as Search Results

20 Claims

1. A method comprising:
- setting, by a computing device, an initial application key in a sequence of application keys;
  
  determining that a component is loaded or executed, and in response to the determining;
  
  deriving an application key for the sequence of application keys with a key derivation function, the application key being derived based at least in part on a preceding application key that directly precedes the application key in the sequence of application keys and based at least in part on a hash of the component that is loaded or executed; and
  
  deleting the preceding application key upon deriving the application key;
  
  utilizing, by the computing device, an application key that remains in the sequence of application keys after the deletion to derive an image operation key; and
  
  utilizing the image operation key to at least one of verify an application state of the computing device or encrypt data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein each of the application keys in the sequence of application keys comprises an encryption key utilized to encrypt data.
  - 3. The method of claim 1, wherein each of the application keys in the sequence of application keys comprises an identity key utilized to verify the application state of the computing device.
  - 4. The method of claim 1, further comprising:
    - obtaining a root identity key from at least one of multiple fuses of the computing device or the key derivation function; and
      
      deriving a platform identity key with the key derivation function, the platform identity key being derived based at least in part on the root identity key and a platform identifier for a platform that is implemented on the computing device;
      
      wherein the setting comprises setting the initial application key in the sequence of application keys to the platform identity key.
  - 5. The method of claim 1, wherein the image operation key is derived with the key derivation function based at least in part on the application key that remains in the sequence of application keys after the deletion and a hash of an image of a Trusted Execution Environment (TrEE).
  - 6. The method of claim 5, wherein the component that is loaded or executed comprises an application and the image operation key is utilized to verify an application state of the computing device by:
    - sending, to a service provider, a device identifier of the computing device and a log of applications that have been loaded;
      
      receiving a challenge from the service provider to verify the application state of the computing device;
      
      deriving an application identity operation key for an application that is running within the TrEE, the application identity operation key being derived based at least in part on the image operation key and a hash of the application that is running within the TrEE;
      
      generating a response to the challenge based at least in part on the application identity operation key; and
      
      sending the response to the service provider to verify the application state of the computing device.
  - 7. The method of claim 1, wherein at least one of the application keys in the sequence of application keys is derived while the computing device is being booted.
  - 8. One or more computer-readable media storing computer-executable instructions, the computer-executable instructions upon execution, to instruct one or more processors to perform the method of claim 1.

9. One or more computer-readable media storing computer-executable instructions, the computer-executable instructions upon execution, to instruct one or more processors to perform operations comprising:
- generating an encryption key hierarchy with a key derivation function, the encryption key hierarchy including (i) a Trusted Execution Environment (TrEE) loader encryption key that is associated with a current security configuration of a TrEE loader and (ii) a TrEE encryption key that is associated with a current security configuration of a TrEE core, the TrEE encryption key being generated based at least in part on the TrEE loader encryption key; and
  
  utilizing the TrEE encryption key to encrypt data.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The one or more computer-readable media of claim 9, wherein the generating includes deriving a platform encryption key for the encryption key hierarchy with the key derivation function based at least in part on a platform identifier for a platform that is implemented by the one or more processors.
  - 11. The one or more computer-readable media of claim 10, wherein the generating includes deriving the TrEE loader encryption key for the encryption key hierarchy with the key derivation function based at least in part on the platform encryption key and a TrEE loader value, the TrEE loader value being associated with an update of the TrEE loader from a previous security configuration to the current security configuration.
  - 12. The one or more computer-readable media of claim 9, wherein the generating includes deriving the TrEE encryption key for the encryption key hierarchy with the key derivation function based at least in part on a security version number of the current security configuration of the TrEE core.
  - 13. The one or more computer-readable media of claim 9, wherein:
    - the TrEE loader encryption key is accessible to the TrEE loader; and
      
      the TrEE encryption key is accessible to the TrEE core.
  - 14. The one or more computer-readable media of claim 9, wherein the generating includes deriving a root encryption key for the encryption key hierarchy with the key derivation function based at least in part on a debug status that indicates whether or not debugging is enabled or disabled.
  - 15. The one or more computer-readable media of claim 9, wherein the generating includes deriving a root encryption key for the encryption key hierarchy with the key derivation function based at least in part on a debug status that indicates a number of times that debugging has been enabled or disabled.

16. A method comprising:
- deriving, by a computing device and with a key derivation function, a Trusted Execution Environment (TrEE) loader encryption key that is associated with a security configuration of a TrEE loader, the TrEE loader being configured to load a TrEE core that implements a TrEE;
  
  deriving, by the computing device and with the key derivation function, a TrEE encryption key that is associated with a security configuration of the TrEE core, the TrEE encryption key being derived based at least in part on the TrEE loader encryption key; and
  
  utilizing the TrEE encryption key to at least one of encrypt data or decrypt data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the security configuration of the TrEE loader comprises an updated security configuration and the TrEE loader encryption key is derived based at least in part on a TrEE loader value that is associated with an update of the TrEE loader from a previous security configuration to the updated security configuration.
  - 18. The method of claim 16, further comprising:
    - deriving another TrEE encryption key with the key derivation function based at least in part on the TrEE loader encryption key and an updated security configuration of the TrEE core; and
      
      utilizing the other TrEE encryption key to at least one of encrypt other data or decrypt other data.
  - 19. The method of claim 16, further comprising:
    - deriving a root encryption key with the key derivation function based on at least one of whether or not debugging is enabled or disabled for the computing device or a number of times that debugging has been enabled or disabled; and
      
      deriving a platform encryption key with the key derivation function based at least in part on the root encryption key and a platform identifier for a platform that is implemented by the computing device;
      
      wherein the TrEE loader encryption key is derived based at least in part on the platform encryption key.
  - 20. The method of claim 16, further comprising:
    - determining when an application is loaded or executed, and in response to the determining;
      
      deriving an application identity key for a sequence of application identity keys with the key derivation function, the application identity key being derived based at least in part on a preceding application identity key that directly precedes the application identity key in the sequence of application identity keys and based at least in part on a hash of the application that is loaded or executed; and
      
      deleting the preceding application identity key upon deriving the application identity key; and
      
      verifying an application state of the computing device based at least in part on an application identity key that remains in the sequence of application identity keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ferguson, Niels T., McPherson, Dave M., England, Paul, Novak, Mark Fishel, Nystrom, Magnus Bo Gustaf

Granted Patent

US 9,633,210 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 9/4401   Bootstrapping security arra...

H04L 9/0836   using tree structure or hie...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3234   involving additional secure...

H04L 9/50   using hash chains, e.g. blo...

KEYING INFRASTRUCTURE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

KEYING INFRASTRUCTURE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links