Secure processor architecture for use with a digital rights management (DRM) system on a computing device
First Claim
1. A method for a secure processor to instantiate and authenticate a secure application thereon by way of a security kernel, the method comprising:
- powering on into a normal mode;
receiving an instruction to instantiate the application after being powered on and while being in the normal mode;
after receiving the instruction to instantiate the application, transitioning from the normal mode to a preferred mode upon a non-power-up executed CPU reset, where a security key of the processor is accessible while in the preferred mode;
instantiating and running a security kernel while in the preferred mode, the security kernel;
accessing the security key;
applying the accessed security key to decrypt at least one encrypted key for the application;
storing the decrypted key(s) in a location where the application will expect the key(s) to be found; and
authenticating the application on the processor;
instantiating the application while in the preferred mode and only after the security kernel has authenticated such application; and
transitioning from the preferred mode to the normal mode after the security kernel authenticates the application and the application has been instantiated, where the security key is not accessible while in the normal mode, the application as instantiated during the preferred mode being available for use during the transitioned-to normal mode;
wherein the security kernel allows the processor to be trusted to keep hidden the security key(s) of the application, andwherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure processor is operable in normal and preferred modes, and includes a security kernel instantiated when the processor enters into preferred mode and a security key accessible by the security kernel during preferred mode. The security kernel employs the accessed security key to authenticate a secure application, and allows the processor to be trusted to keep hidden a secret of the application. To instantiate the application, the processor enters preferred mode where the security key is accessible, and instantiates and runs the security kernel. The security kernel accesses the security key and applies same to decrypt a key for the application, stores the decrypted key in a location where the application will expect same, and instantiates the application. The processor then enters the normal mode, where the security key is not accessible.
151 Citations
18 Claims
-
1. A method for a secure processor to instantiate and authenticate a secure application thereon by way of a security kernel, the method comprising:
-
powering on into a normal mode; receiving an instruction to instantiate the application after being powered on and while being in the normal mode; after receiving the instruction to instantiate the application, transitioning from the normal mode to a preferred mode upon a non-power-up executed CPU reset, where a security key of the processor is accessible while in the preferred mode; instantiating and running a security kernel while in the preferred mode, the security kernel; accessing the security key; applying the accessed security key to decrypt at least one encrypted key for the application; storing the decrypted key(s) in a location where the application will expect the key(s) to be found; and authenticating the application on the processor; instantiating the application while in the preferred mode and only after the security kernel has authenticated such application; and transitioning from the preferred mode to the normal mode after the security kernel authenticates the application and the application has been instantiated, where the security key is not accessible while in the normal mode, the application as instantiated during the preferred mode being available for use during the transitioned-to normal mode; wherein the security kernel allows the processor to be trusted to keep hidden the security key(s) of the application, and wherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for a secure processor to instantiate one of a plurality of available secure applications thereon by way of a security kernel, the method comprising:
-
setting a chooser value to a value corresponding to a chooser application upon power-up; entering a preferred mode upon a first power-up CPU reset and instantiating and running the security kernel while in a preferred mode, the security kernel determining that the chooser value corresponds to the chooser application and therefore authenticating same, the chooser application being instantiated by the security kernel while in the preferred mode and only after being authenticated; transitioning from the preferred mode to a normal mode after the chooser application is instantiated and leaving same to run while in the normal mode, the chooser application while in the normal mode presenting the plurality of available applications for selection by a user; receiving a selection of one of the presented applications to be instantiated; setting the chooser value to a value corresponding to the selected application; transitioning from the normal mode to the preferred mode upon a second non-power-up executed CPU reset after setting the chooser value to the value corresponding to the selected application, and thereafter again instantiating and running the security kernel while in the preferred mode, the security kernel determining that the chooser value corresponds to the selected application and therefore authenticating same, the selected application being instantiated by the security kernel while in the preferred mode and only after being authenticated; transitioning from the preferred mode to the normal mode after the selected application is instantiated and leaving same to run while in the normal mode, the selected application as instantiated during the preferred mode being available for use during the transitioned-to normal mode; wherein the security kernel allows the processor to be trusted to keep hidden a secret of the chooser application and a secret of the selected application. - View Dependent Claims (8, 9)
-
-
10. A computer-readable medium having stored thereon computer-executable instructions implementing a method for a secure processor to instantiate a secure application thereon by way of a security kernel, the method comprising:
-
powering on into a normal mode; receiving an instruction to instantiate the application after being powered on and while being in the normal mode; after receiving the instruction to instantiate the application, transitioning from the normal mode to a preferred mode upon a non-power-up executed CPU reset, where a security key of the processor is accessible while in the preferred mode; instantiating and running a security kernel while in the preferred mode, the security kernel; accessing the security key; applying the accessed security key to decrypt at least one encrypted key for the application; storing the decrypted key(s) in a location where the application will expect the key(s) to be found; and authenticating the application on the processor; instantiating the application while in the preferred mode and only after the security kernel has authenticated such application; and transitioning from the preferred mode to the normal mode after the security kernel authenticates the application and the application has been instantiated, where the security key is not accessible while in the normal mode, the application as instantiated during the preferred mode being available for use during the transitioned-to normal mode; wherein the security kernel allows the processor to be trusted to keep hidden the key(s) of the application, and wherein the security kernel employs the accessed security key during the preferred mode to authenticate/verify the application prior to instantiation thereof. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer-readable medium having computer-executable instructions thereon implementing a method for a secure processor to instantiate one of a plurality of available secure applications thereon by way of a security kernel, the method comprising:
-
setting a chooser value to a value corresponding to a chooser application upon power-up; entering a preferred mode upon a first power-up CPU reset and instantiating and running the security kernel while in a preferred mode, the security kernel determining that the chooser value corresponds to the chooser application and therefore authenticating same, the chooser application being instantiated by the security kernel while in the preferred mode and only after being authenticated; transitioning from the preferred mode to a normal mode after the chooser application is instantiated and leaving same to run while in the normal mode, the chooser application while in the normal mode presenting the plurality of available applications for selection by a user; receiving a selection of one of the presented applications to be instantiated; setting the chooser value to a value corresponding to the selected application; transitioning from the normal mode to the preferred mode upon a second non-power-up executed CPU reset after setting the chooser value to the value corresponding to the selected application, and thereafter again instantiating and running the security kernel while in the preferred mode, the security kernel determining that the chooser value corresponds to the selected application and therefore authenticating same, the selected application being instantiated by the security kernel while in the preferred mode and only after being authenticated; transitioning from the preferred mode to the normal mode after the selected application is instantiated and leaving same to run while in the normal mode, the selected application as instantiated during the preferred mode being available for use during the transitioned-to normal mode; wherein the security kernel allows the processor to be trusted to keep hidden a secret of the chooser application and a secret of the selected application. - View Dependent Claims (17, 18)
-
Specification