This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing doma
This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
대표청구항▼
1. A computer system enabling secure processing of data, said system comprising: a secure processing unit;a securely-stored master key, said master key protected against tampering, and said key is accessible to said secure processing unit;a secure processing domain, said secure processing domain pro
1. A computer system enabling secure processing of data, said system comprising: a secure processing unit;a securely-stored master key, said master key protected against tampering, and said key is accessible to said secure processing unit;a secure processing domain, said secure processing domain protecting data stored and processed in the domain in a manner that is resistant to unauthorized access;an open processing domain, said open processing domain to allow an application executing within the open processing domain to call a secure abstraction layer software within the secure processing domain to perform one or more operations using said protected data;a software validation module, said module configured to- validate, in response to receiving the application call, said secure abstraction layer software said validation using said master key with a signature of the secure abstraction layer software; andsaid secure abstraction layer software configured-to execute within said secure processing domain and, after being successfully validated, access the protected data, and use the protected data to perform the one or more operations according to the application call. 2. The computer system of claim 1, wherein said secure abstraction layer software comprises a set of operations that permit the calling application to operate on secret data protected within the secure processing domain in a manner that does not expose the secret data to the calling application. 3. The computer system of claim 2, wherein said set of operations includes an operation to create a data object within the secure processing domain. 4. The computer system of claim 3, wherein said operation to create a data object comprises creating a data object for data resulting from unwrapping cryptographically wrapped data. 5. The computer system of claim 4, wherein unwrapping cryptographically wrapped data comprises decrypting specified data with a cryptographic key. 6. The computer system of claim 5, wherein the secure abstraction layer is configured to allow the calling application to refer to secret data by name. 7. The computer system of claim 2, wherein the secure processing unit at least comprises a secure non-volatile storage location storing a cryptographic value. 8. The computer system of claim 7, wherein the stored cryptographic value is the master key. 9. The computer system of claim 2, wherein said secure abstraction layer software includes an operation that permits the calling application to load a cryptographically wrapped key into the secure processing domain. 10. The computer system of claim 2, wherein said set of operations includes an encryption operation utilizing the secret data. 11. The computer system of claim 2, wherein said set of operations includes a decryption operation utilizing the secret data. 12. The computer system of claim 2, wherein said set of operations includes a cryptographic signing operation utilizing the secret data. 13. The computer system of claim 2, wherein said set of operations includes a cryptographic signature verification operation utilizing the secret data. 14. The computer system of claim 2, wherein said set of operations includes a digest calculation operation utilizing the secret data. 15. The computer system of claim 2, wherein the secret data comprises at least one cryptographic key. 16. The computer system of claim 2, wherein said set of operations includes an operation to encrypt the secret data using the master key. 17. The computer system of claim 16, wherein the set of operations further comprises an operation to export the encrypted secret data from the secure abstraction layer to a client application. 18. The computer system of claim 2, wherein said set of operations includes an operation to encrypt the secret data using a cycling encryption key. 19. The computer system of claim 18, wherein the cycling encryption key does not persist between reboots of the computer system. 20. The computer system of claim 18, wherein the set of operations further comprises an operation to export the encrypted secret data from the secure abstraction layer to a client application.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (17)
MacKay,Michael K.; Sibert,W. Olin; Landsman,Richard A.; Swenson,Eric J.; Hunt,William, Data protection systems and methods.
Shamoon, Talal G.; Hill, Ralph D.; Radcliffe, Chris D.; Hwa, John P.; Sibert, W. Olin; Van Wie, David M., Methods and apparatus for persistent control and protection of content.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Maher,David P.; Rudd,James M.; Swenson,Eric J.; Landsman,Richard A., Systems and methods for managing and protecting electronic content and applications.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.