This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing doma
This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
대표청구항▼
1. A method performed by a computer system including an open processing domain, a secure processing domain, and a non-transitory storage medium storing instructions that, when executed by the computer system, cause the computer system to perform the method, the method comprising: determining that a
1. A method performed by a computer system including an open processing domain, a secure processing domain, and a non-transitory storage medium storing instructions that, when executed by the computer system, cause the computer system to perform the method, the method comprising: determining that a secure abstraction layer executing in the secure processing domain of the computer system is trusted based on successfully verifying the presence of a permanent encryption key embedded in a hardware security element associated with the secure processing domain, the secure abstraction layer being configured to interface with secret data protected by the secure processing domain;invoking, by a client application executing in the open processing domain of the computer system, the secure abstraction layer; andperforming, by the secure abstraction layer, a secure operation on the secret data based on an invocation from the client application. 2. The method of claim 1, wherein the secure operation is performed on the secret data without exposing the secret data to the client application. 3. The method of claim 1, wherein the determining that the secure abstraction layer is trusted is based on a successful signature verification of the secure abstraction layer utilizing the permanent encryption key by the computer system. 4. The method of claim 1, wherein the secure operation includes loading a cryptographically wrapped key into the secure abstraction layer. 5. The method of claim 1, wherein the secure operation includes an encryption operation utilizing the secret data. 6. The method of claim 1, wherein the secure operation includes a decryption operation utilizing the secret data. 7. The method of claim 1, wherein the secure operation includes a cryptographic signing operation utilizing the secret data. 8. The method of claim 1, wherein the secure operation includes a cryptographic signature verification operation utilizing the secret data. 9. The method of claim 1, wherein the secure operation includes a digest calculation operation of the secret data. 10. The method of claim 1, wherein the secret data comprises as least one cryptographic key. 11. The method of claim 1, wherein the secure operation includes encrypting the secret data using the permanent encryption key. 12. The method of claim 11, wherein the method further comprises exporting the encrypted secret data from the secure abstraction layer to the client application. 13. The method of claim 11, wherein the permanent encryption key is persisted between reboots of the computer system. 14. The method of claim 1, wherein the secure operation includes encrypting the secret data using a cycling encryption key. 15. The method of claim 14, wherein the method further comprises exporting the encrypted secret data from the secure abstraction layer to the client application. 16. The method of claim 1, wherein the secret data is included in secret fields associated with a larger piece of data, and the secure operation includes encrypting the secret data in the secret fields of the piece of data. 17. The method of claim 16, wherein the method further comprises exporting the piece of data including the encrypted secret data from the secure abstraction layer to the client application. 18. The method of claim 1, wherein the secure processing domain includes a secure processor including integrated support for symmetric and asymmetric cryptographic algorithms.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (17)
MacKay,Michael K.; Sibert,W. Olin; Landsman,Richard A.; Swenson,Eric J.; Hunt,William, Data protection systems and methods.
Shamoon, Talal G.; Hill, Ralph D.; Radcliffe, Chris D.; Hwa, John P.; Sibert, W. Olin; Van Wie, David M., Methods and apparatus for persistent control and protection of content.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Maher,David P.; Rudd,James M.; Swenson,Eric J.; Landsman,Richard A., Systems and methods for managing and protecting electronic content and applications.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.