Hardware trust anchors in SP-enabled processors
First Claim
1. A computing device having a hardware portion and at least one memory external to said hardware portion, said computing device comprising:
- at least one hash register for storing a root hash of a hash tree corresponding to a secure storage area within the at least one memory external to said hardware portion, said root hash encoding information about the integrity of said secure storage area, said register constructed within said hardware portion; and
at least one symmetric cryptographic key register physically constructed within said hardware portion at a location such that probing of said register by a user is difficult to achieve without rendering data in said register useless for its intended purpose,wherein said hardware portion includes at least one processing element with hardware circuitry capable of executing software code, and the processing element is connected to said hash register and said cryptographic key register,and wherein said computing device includes a trusted software module (TSM), said TSM having exclusive access to data or programs in said secure storage area, said TSM using said at least one hash register to verify the integrity of data fetched from said secure storage area, and said TSM using key data based on said symmetric cryptographic key register to decrypt data fetched from said secure storage area.
6 Assignments
0 Petitions
Accused Products
Abstract
A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware-rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, programs, data) by the use of strong encryption and/or keyed-hashing, respectively. In addition to secrets the Authority owns, the system provides access to third party secrets from the computing devices. In one embodiment, the hardware-rooted encryption and hashing each use a single hardware register fabricated as part of the computing device'"'"'s processor or System-on-Chip (SoC) and protected from external probing. The secret data is protected while in the device even during operating system malfunctions and becomes non-accessible from storage according to various rules, one of the rules being the passage of a certain time period. The use of the keys (or other secrets) can be bound to security policies that cannot be separated from the keys (or other secrets). The Authority is also able to establish remote trust and secure communications to the devices after deployment in the field using a special tamper-resistant hardware register in the device, to enable, disable or update the keys or secrets stored securely by the device.
-
Citations
40 Claims
-
1. A computing device having a hardware portion and at least one memory external to said hardware portion, said computing device comprising:
-
at least one hash register for storing a root hash of a hash tree corresponding to a secure storage area within the at least one memory external to said hardware portion, said root hash encoding information about the integrity of said secure storage area, said register constructed within said hardware portion; and at least one symmetric cryptographic key register physically constructed within said hardware portion at a location such that probing of said register by a user is difficult to achieve without rendering data in said register useless for its intended purpose, wherein said hardware portion includes at least one processing element with hardware circuitry capable of executing software code, and the processing element is connected to said hash register and said cryptographic key register, and wherein said computing device includes a trusted software module (TSM), said TSM having exclusive access to data or programs in said secure storage area, said TSM using said at least one hash register to verify the integrity of data fetched from said secure storage area, and said TSM using key data based on said symmetric cryptographic key register to decrypt data fetched from said secure storage area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system of computers each having at least one hardware processor and at least one memory external to said processors each said computer comprising:
-
at least one cryptographic key register and at least one cryptographic hash value register, said at least one hash value register storing a root hash of a hash tree corresponding to a secure storage area in said at least one memory, said root hash encoding information about the integrity of said secure storage area, each register physically constructed within said hardware processor at a location such that probing of said registers by a user is difficult to achieve without rendering data in said register useless for its intended purpose;
each said computers having loaded thereon at least one trusted software module (TSM); anda unique symmetric device root encryption key loaded in said cryptographic key register, each set of said registers operatively responding only to a TSM loaded on the same computer. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for storing data on a computer, said method comprising:
-
storing a symmetric device root key (DRK) by a trusted authority for storage in a first register contained within a processor of said computer; storing a storage root hash (SRH) in a second register contained within a processor of said computer, said storage root hash corresponding to a root hash of a hash tree corresponding to a secure storage area within at least one memory external to said hardware portion, said root hash encoding information about the integrity of said secure storage area; storing a trusted software module (TSM) by said authority on said computer, said TSM being the only software on said computer that can interact with said SRH; and encrypting any secure data to be stored on said computer under control of said TSM working in conjunction with said DRK. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification