Generating a key hieararchy for use in an isolated execution environment
First Claim
1. An apparatus comprising:
- a key storage for storing an initial key unique to a platform; and
a cipher key creator in a protected platform creating a hierarchy of keys based upon the initial key, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode, the cipher key creator including a key generator for hashing an ID of loaded software code with a loading software code key to create a loaded software code key and a key selector for selecting a smaller symmetric cipher key from the loaded software code key.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.
-
Citations
32 Claims
-
1. An apparatus comprising:
-
a key storage for storing an initial key unique to a platform; and
a cipher key creator in a protected platform creating a hierarchy of keys based upon the initial key, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode, the cipher key creator including a key generator for hashing an ID of loaded software code with a loading software code key to create a loaded software code key and a key selector for selecting a smaller symmetric cipher key from the loaded software code key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
storing an initial key unique to a platform;
creating a hierarchy of keys based upon the initial key in a protected platform, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode;
hashing an ID of loaded software code with a loading software code key to create a loaded software code key; and
selecting a smaller symmetric cipher key from the loaded software code key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
creating a random number with a random number generator of the platform;
generating the initial key based upon the random number; and
storing the initial key in the key storage.
-
-
14. The method of claim 9 further comprising:
-
creating a processor nub key by hashing the initial key with a processor nub ID; and
selecting a smaller processor nub cipher key based on the processor nub key.
-
-
15. The method of claim 14 further comprising:
-
creating an OS nub key by hashing the processor nub key with an OS nub ID; and
selecting a smaller OS nub cipher key based on the OS nub key.
-
-
16. The method of claim 15 further comprising creating an applet key by hashing the OS nub key with an applet ID;
- and
selecting an applet cipher key based on the applet key.
- and
-
17. A computer program product comprising:
-
a machine readable medium having program code embedded therein, the computer program product comprising;
computer readable program code for storing an initial key unique to a platform;
computer readable program code for creating a hierarchy of keys based upon the initial key in a protected platform, the protected platform having a processor configured in one of a normal execution mode and an isolated execution mode;
computer readable program code for hashing an ID of loaded software code with a loading software code key to create a loaded software code key; and
computer readable program code for selecting a smaller symmetric cipher key from the loaded software code key. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
computer readable program code for creating a random number with a random number generator of the platform;
computer readable program code for generating the initial key based upon the random number; and
computer readable program code for storing the initial key in the key storage.
-
-
22. The computer program product of claim 17 further comprising:
-
computer readable program code for creating a processor nub key by hashing the initial key with a processor nub ID; and
computer readable program code for selecting a smaller processor nub cipher key based on the processor nub key.
-
-
23. The computer program product of claim 22 further comprising:
-
computer readable program code for creating an OS nub key by hashing the processor nub key with an OS nub ID; and
computer readable program code for selecting a smaller OS nub cipher key based on the OS nub key.
-
-
24. The computer program product of claim 23 further comprising:
-
computer readable program code for creating an applet key by hashing the OS nub key with an applet ID; and
computer readable program code for selecting an applet cipher key based on the applet key.
-
-
25. A protected platform comprising:
-
a chipset;
a memory coupled to the chipset having an isolated memory area;
a processor coupled to the chipset and the memory, the processor having a normal execution mode and an isolated execution mode, processor accessing the isolated memory area when the processor is in the isolated execution mode;
a key storage for storing an initial key unique to a platform; and
a cipher key creator creating a hierarchy of keys based upon the initial key, the cipher key creator including a key generator for hashing an ID of loaded software code with a loading software code key to create a loaded software code key and a key selector for selecting a smaller symmetric cipher key from the loaded software code key. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification