Secure repository with layers of tamper resistance and system and method for providing same
First Claim
1. A method implemented at least in part by a computing device of securely decrypting data with a cryptographic key, said method comprising:
- identifying attributes of said cryptographic key corresponding to a set of actions;
performing a first set of actions functionally equivalent to the actions corresponding to said cryptographic key using said attributes but without access to, storing in memory, or exposing a whole or segment of said cryptographic key; and
performing a diversionary second set of actions different from said first set of actions;
wherein said first and said second sets of actions are implemented by way of a set of computer-executable instructions executable on a computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries.
86 Citations
10 Claims
-
1. A method implemented at least in part by a computing device of securely decrypting data with a cryptographic key, said method comprising:
-
identifying attributes of said cryptographic key corresponding to a set of actions; performing a first set of actions functionally equivalent to the actions corresponding to said cryptographic key using said attributes but without access to, storing in memory, or exposing a whole or segment of said cryptographic key; and performing a diversionary second set of actions different from said first set of actions; wherein said first and said second sets of actions are implemented by way of a set of computer-executable instructions executable on a computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium, wherein the computer-readable storage medium is not a signal, encoded with computer-executable instructions to perform the acts comprising:
-
identifying attributes of said cryptographic key corresponding to a set of actions; performing a first set of actions functionally equivalent to the actions corresponding to said cryptographic key using said attributes but without access to, storing in memory, or exposing a whole or segment of said cryptographic key; and performing a diversionary second set of actions different from said first set of actions; wherein said first and said second sets of actions are implemented by way of a set of computer-executable instructions executable on a computing device.
-
Specification