Generating a key hieararchy for use in an isolated execution environment

US 6,760,441 B1
Filed: 03/31/2000
Issued: 07/06/2004
Est. Priority Date: 03/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus comprising:

a key storage for storing an initial key unique to a platform; and

a cipher key creator in a protected platform creating a hierarchy of keys based upon the initial key, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode, the cipher key creator including a key generator for hashing an ID of loaded software code with a loading software code key to create a loaded software code key and a key selector for selecting a smaller symmetric cipher key from the loaded software code key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

Citations

32 Claims

1. An apparatus comprising:
- a key storage for storing an initial key unique to a platform; and
  
  a cipher key creator in a protected platform creating a hierarchy of keys based upon the initial key, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode, the cipher key creator including a key generator for hashing an ID of loaded software code with a loading software code key to create a loaded software code key and a key selector for selecting a smaller symmetric cipher key from the loaded software code key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1 wherein the initial key is programmed into fuses of an Input/Output Control Hub (ICH).
  - 3. The apparatus of claim 1 wherein the initial key is based on a random number.
  - 4. The apparatus of claim 1 wherein the initial key is generated by the platform when the platform is first powered up.
  - 5. The apparatus of claim 4 wherein the initial key is based upon a random number created by a random number generator of the platform.
  - 6. The apparatus of claim 1 wherein the key generator creates a processor nub key by hashing the initial key with a processor nub ID and the key selector selects a smaller processor nub cipher key based on the processor nub key.
  - 7. The apparatus of claim 6 wherein the key generator creates an OS nub key by hashing the processor nub key with an OS nub ID and the key selector selects a smaller OS nub cipher key based on the OS nub key.
  - 8. The apparatus of claim 7 wherein the key generator creates an applet key by hashing the OS nub key with an applet ID and the key selector selects an applet cipher key based on the applet key.

9. A method comprising:
- storing an initial key unique to a platform;
  
  creating a hierarchy of keys based upon the initial key in a protected platform, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode;
  
  hashing an ID of loaded software code with a loading software code key to create a loaded software code key; and
  
  selecting a smaller symmetric cipher key from the loaded software code key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 wherein storing the initial key comprises programming the initial key into fuses of an Input/Output Control Hub (ICH).
  - 11. The method of claim 9 wherein the initial key is based on a random number.
  - 12. The method of claim 9 further comprising generating the initial key utilizing the platform when the platform is first powered up.
  - 13. The method of claim 12 wherein generating the initial key comprises:
14. The method of claim 9 further comprising:
- creating a processor nub key by hashing the initial key with a processor nub ID; and
  
  selecting a smaller processor nub cipher key based on the processor nub key.
15. The method of claim 14 further comprising:
- creating an OS nub key by hashing the processor nub key with an OS nub ID; and
  
  selecting a smaller OS nub cipher key based on the OS nub key.
16. The method of claim 15 further comprising creating an applet key by hashing the OS nub key with an applet ID;
- andselecting an applet cipher key based on the applet key.

17. A computer program product comprising:
- a machine readable medium having program code embedded therein, the computer program product comprising;
  
  computer readable program code for storing an initial key unique to a platform;
  
  computer readable program code for creating a hierarchy of keys based upon the initial key in a protected platform, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode;
  
  computer readable program code for hashing an ID of loaded software code with a loading software code key to create a loaded software code key; and
  
  computer readable program code for selecting a smaller symmetric cipher key from the loaded software code key.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17 wherein the computer readable program code for storing an initial key comprises computer readable program code for programming the initial key into fuses of an Input/Output Control Hub (ICH).
  - 19. The computer program product of claim 17 wherein the initial key is based on a random number.
  - 20. The computer program product of claim 17 further comprising computer readable program code for generating the initial key utilizing the platform when the platform is first powered up.
  - 21. The computer program product of claim 20 wherein the computer readable program code for generating the initial key comprises:
22. The computer program product of claim 17 further comprising:
- computer readable program code for creating a processor nub key by hashing the initial key with a processor nub ID; and
  
  computer readable program code for selecting a smaller processor nub cipher key based on the processor nub key.
23. The computer program product of claim 22 further comprising:
- computer readable program code for creating an OS nub key by hashing the processor nub key with an OS nub ID; and
  
  computer readable program code for selecting a smaller OS nub cipher key based on the OS nub key.
24. The computer program product of claim 23 further comprising:
- computer readable program code for creating an applet key by hashing the OS nub key with an applet ID; and
  
  computer readable program code for selecting an applet cipher key based on the applet key.

25. A protected platform comprising:
- a chipset;
  
  a memory coupled to the chipset having an isolated memory area;
  
  a processor coupled to the chipset and the memory, the processor having a normal execution mode and an isolated execution mode, processor accessing the isolated memory area when the processor is in the isolated execution mode;
  
  a key storage for storing an initial key unique to a platform; and
  
  a cipher key creator creating a hierarchy of keys based upon the initial key, the cipher key creator including a key generator for hashing an ID of loaded software code with a loading software code key to create a loaded software code key and a key selector for selecting a smaller symmetric cipher key from the loaded software code key.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The protected platform of claim 25 wherein the initial key is programmed into fuses of an Input/Output Control Hub (ICH).
  - 27. The protected platform of claim 25 wherein the initial key is based on a random number.
  - 28. The protected platform of claim 25 wherein the initial key is generated by the platform when the platform is first powered up.
  - 29. The protected platform of claim 28 wherein the initial key is based upon a random number created by a random number generator of the platform.
  - 30. The protected platform of claim 25 wherein the key generator creates a processor nub key by hashing the initial key with a processor nub ID and the key selector selects a smaller processor nub cipher key based on the processor nub key.
  - 31. The protected platform of claim 30 wherein the key generator creates an OS nub key by hashing the processor nub key with an OS nub ID and the key selector selects a smaller OS nub cipher key based on the OS nub key.
  - 32. The protected platform of claim 31 wherein the key generator creates an applet key by hashing the OS nub key with an applet ID and the key selector selects an applet cipher key based on the applet key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Lin, Derrick C., Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Mittal, Millind, Reneris, Ken, McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Song, Hosuk

Application Number

US09/539,348
Time in Patent Office

1,558 Days
Field of Search

380/277, 380/284, 380/44, 380/45, 380/46, 713/187, 713/189, 713/166, 713/200
US Class Current

380/45
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

Generating a key hieararchy for use in an isolated execution environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Generating a key hieararchy for use in an isolated execution environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links