TREA

Method and Apparatus for Secure Key Management and Protection

Follow

Information

  • Patent Application
  • 20070195957
  • Publication Number
    20070195957
  • Date Filed
    October 06, 2006
    17 years ago
  • Date Published
    August 23, 2007
    16 years ago
Information
Abstract
In a system having a control processor, an apparatus is provided with at least one memory. The at least one memory includes a first memory portion for storing at least one first decryption key. A decryption engine uses the first decryption key to decrypt information. A key processor provides the first decryption key to the decryption engine without allowing the control processor to access the first decryption key. A system incorporating the key processing apparatus and a method of using the apparatus are also provided.
Description
FIELD OF THE INVENTION

The present invention relates to security mechanisms for information systems.


BACKGROUND

Current and emerging digital rights management (DRM) solutions include multi level key management solutions. Keys used for Encryption/Decryption are derived from various intermediate keys to ultimately determine a title key for a media file. As an example a master key will unlock a device key and, using the device key, a media key is unlocked. Using this media key a title key is discovered. In this process it is important that the decrypted keys are not exposed to users or processes outside the device to be used by a hacker.


Often, conventional approaches used a completely software-based approach in which the decryption keys were protected by software. Other approaches employed hardware assisted methods which exposed the keys. Exposed keys may provide backdoor access for a hacker, allowing the keys to become compromised.


SUMMARY OF THE INVENTION

In some embodiments, an apparatus has at least one memory. The at least one memory includes a first memory portion for storing at least one first decryption key. A decryption engine uses the first decryption key to decrypt information. A key processor provides the first decryption key to the decryption engine without allowing a control processor to access the first decryption key.


In some embodiments, a system comprises an input for receiving streaming encrypted payload data. A control processor controls the system to process the encrypted payload data. At least one memory is provided, including a first memory portion for storing at least one first decryption key. A decryption engine uses the first decryption key to decrypt an encrypted second decryption key, and uses the second decryption key to decrypt the encrypted payload data. A key processor provides the first decryption key to the decryption engine for decrypting the second decryption key by the decryption engine without allowing the control processor to access the first decryption key.


In some embodiments, a method includes controlling operation of a media storage system using a control processor. A first decryption key is used to decrypt a second decryption key in a decryption engine of the media storage system. The first decryption key and the decrypted second decryption key are moved between at least one memory device and the decryption engine using direct memory access (DMA), while preventing the control processor from accessing the first decryption key and preventing the control processor from accessing the decrypted second decryption key.




BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a block diagram of an exemplary secure key management system.



FIG. 2 is a block diagram of an exemplary home network attached storage (HNAS) server including the secure key management system of FIG. 1.



FIG. 3 is a data flow diagram showing data flows during a key decryption and data decryption.



FIG. 4 is a flow chart showing a method performed by the apparatus of FIG. 2.




DETAILED DESCRIPTION

This description of the exemplary embodiments is intended to be read in connection with the accompanying drawings, which are to be considered part of the entire written description.


Current and evolving DRM solutions demand secure key processing, because the keys are used to decrypt the media files, allowing them to be played on home media players. If the keys are left unprotected, or are not protected sufficiently, a hacker could easily compromise the overall digital rights management concept.


A localized key protection mechanism is desired. The examples below provide a hardware-based key management engine, and a subsystem for accelerated encryption/decryption of media content.



FIG. 1 shows an example of a system 100 in which the keys are managed primarily in hardware, thus prohibiting any outside entity from gaining access to these keys. The exemplary secure key processing subsystem 100 includes:


(a) a non volatile on-chip memory 112;


(b) On-Chip key memory 110;


(c) On-chip Data memory 108;


(d) Off chip Media content memory 116;


(e) A key transfer/processing engine, such as a direct memory access (DMA) engine 104 (e.g., ARM PrimeCell PL080 by ARM Holdings, plc. of Cambridge, UK). Other key transfer engines may be used;


(f) An encryption/decryption engine 102 (e.g., an Advanced Encryption Standard (AES) core, such as a CS5210-40 core by Conexant Systems, Inc., Newport Beach, Calif.). Other encryption/decryption engines and other encryption/decryption algorithms may be used.


(g) An application Processor (control processor) 106, such as an embedded ARM 926 processor, by ARM Holdings, plc. of Cambridge, UK, or the like; and


(h) An external memory controller 114.


Optionally, an external storage device, such as an external flash memory 118 may be included.


In FIG. 1, the above components are all connected to an Advanced Microcontroller Bus Architecture (AMBA) Advanced High-performance Bus (AHB), but any suitable type of data bus providing the desired performance for a given system may be used.


An example of a media server apparatus 201 incorporating an example of a key management facility 200 is shown in FIG. 2. To the extent that the key management facility 200 in FIG. 2 includes identification of specific hardware items corresponding to the structures of the key management facility 100 of FIG. 1, such specific hardware items are exemplary in nature, and other devices may be used to fulfill the functions of key management facility 100.



FIG. 2 is a block diagram of an exemplary home network attached storage (HNAS) system 201 for a home media server application. Intermediate storage is provided in memory 216 while storing incoming streaming data from the network (e.g., Ethernet) 219 or while streaming out data from the disk 242 toward the network. Also, control traffic arriving from the network 219 is managed in the memory 216. Data stream queues comprising a plurality of buffers 221 (shown in FIG. 3) within memory 216 are used to manage such simultaneous data streams.


In the HNAS system 201, data from multiple sessions can simultaneously be stored to disk array 242, played out to devices on a home network (e.g., via the Ethernet 219), and/or used for control traffic. An efficient queuing structure (using buffer queues 221) efficiently manages all these traffic flows. The traffic management of memory 216 and bandwidth may be performed in hardware, via a traffic manager/arbiter (TMA) 230.



FIG. 2 shows TMA 230 and its interfaces in the HNAS media server device 201. TMA 230 manages media traffic arriving at the Ethernet interface 236 or USB port 240, control traffic arriving for the control processor 206, which may be an embedded application processor (AP), and playback traffic during retrieval from disk 242. (Although the example includes an ARM application processor, other embedded processors may be used). TMA 230 may include a buffer manager and scheduler (not shown). An upper layer protocol processor (protocol accelerator) 238 includes hardware that performs routine network, transport and application layer communications protocol processing, to offload these tasks from AP 206. Although FIG. 2 shows a DDR II memory 216, other types of random access memory (RAM) may be used.


The incoming media streams are stored in a disk array 242, for example, in a 4-channel Serial Advanced Technology Attachment (SATA) hard disk array, by way of a redundant array of inexpensive disks (RAID) decode/encode module 232 and disc controller 234. Other types of storage devices, such as PATA hard disks, optical disks, or the like may be used.



FIG. 2 also shows an AMBA/AHB bus 220 that serves as an instruction bus for AP 206. The control data destined for inspection by AP 206 are stored in the shared memory 216 by way of the DDR II controller 217 (or other memory controller, if a different type of memory is used). AP 206 is given access to read the packets in memory 216. Parts of the shared memory 216 and disk 242 contain program instructions and data for AP 206. TMA 230 manages the access to memory 216 and disk 242 by transferring control information from the disk 242 to memory 216, and from memory 216 to disk 242. TMA 230 also enables AP 206 to insert data into, and extract data from, an existing packet stream.


A data memory 208 provides intermediate storage. The intermediate storage may be used by the key management facility for queuing or buffering encrypted payload data to be decrypted or the decrypted payload data.


Although FIG. 2 shows a specific example in which the key management apparatus 200 is incorporated into an HNAS system 201, one of ordinary skill can readily incorporate the key management apparatus 100 of FIG. 1, or a variant thereof, in other types of information systems, and in other media servers and players, and other electronic consumer appliances.


Operation


The non-volatile memory 212 is used to store a set of one or more master keys. In some embodiments, to enhance security, non-volatile memory 212 can only be written once. These master keys are used to decrypt the keys that are programmed in the flash 218 by the media server manufacturer. The master keys are programmed during the device manufacturing process as well.


In some embodiments, read access to the master keys in non-volatile memory 212 may be limited to the DMA Key Processing Engine 204 (to the exclusion of control processor 206). An arbiter 207 grants bus access to either control processor 206 or DMA Key Processing Engine 204 at any given time, so that processor 206 does not have access to the bus while engine 204 is reading decrypted keys from key memory 210 or the output FIFO 203 of the encryption/decryption engine 202.


Due to the cost associated with the non-volatile (NV) memory 212 and key memory 210, the amount of on-chip memory space may optionally be very limited. By storing encrypted keys in an optional external flash memory 218, the total number of device specific keys that can be stored is extended. The device specific keys are encrypted, and the key (to decrypt the keys stored in flash memory 218) is programmed in the NV memory 212.


When a decryption operation requiring a key is to be performed, the control processor 206 set ups the DMA Key Processing Engine 204 to move a key from either the NV memory 212 or the Key memory 210 to the Encryption/Decryption engine (e.g., AES core) 202. Once this is done, the control processor 206 inputs the data that are to be decrypted to the Encryption/Decryption engine 202. Arbiter 207 then grants DMA Key Processing Engine 204 access to bus 220, to the exclusion of control processor 206. When Encryption/Decryption engine 202 decrypts the data, the decrypted key is moved by the DMA key processing engine 204 to the key memory 210. At this time, access by the control processor 206 to the decrypted key is prohibited. Control processor 206 does not have access to read key memory 210.


In some embodiments, the key memory 210 may be a volatile memory (e.g., random access memory), in which case the decrypted keys are automatically removed from memory when the system 201 is powered down. In other embodiments, key memory 210 is an additional non-volatile memory.


The above process ensures that the master key is secure in NV key memory 212 and will be accessed in a secure manner in order to decrypt any further keys.


The key processing engine 204 may also process the keys by performing pre-determined logical operations (i.e., XOR with another datum, or the like). The operand and the operators are specified by the control processor 206. However, at no time does the control processor 206 have access to the decrypted key. Instead, the control processor 206 is provided a pointer to the decrypted key. When the decrypted key is to be used for decryption, control processor 206 provides the pointer to key processing engine 204, which moves the decrypted key from key memory 210 to the encryption/decryption engine 202.


Although the example of a key processing engine 204 described above is a DMA engine, in other embodiments, key processing engine 204 may be any module that can move data efficiently between NV memory 212, encryption/decryption engine 202, and key memory 210 without making the data available to control processor 106, such as a function built into the TMA 230 itself.


In some embodiments, one of the DMA channels (i.e., CH0) is dedicated to handling internal transfers of keys among the Encryption/Decryption engine (AES core 202), non-volatile memory 212 and the internal key memory 210. When an encrypted key stored in flash 218 is to be decrypted, the control processor 206 programs the DMA CH0 with the following parameters:


Source Addr=the address of the device key in NV memory 212,


Dest Address=the address of the key register 210


When the DMA channel is thus programmed, the DMA engine 204 sets access to the AES output FIFO 203 (shown in FIG. 3). For example, DMA engine 204 sets a signal dma_aes_allow_fifo_read_LOW). When this signal is LOW, the AES core 202 prevents any read of the output FIFO 203 of AES core 202 until the signal is set to HIGH. This method prevents any accesses by the control processor 206 to the AES output FIFO 203, and thus prevents any other process or user from obtaining the decrypted key.


Once the DMA engine 204 completes the transfer of the master key to the AES core 202, the control processor 206 reads the external flash 218 and loads the encrypted device key in the AES Input FIFO 205 (shown in FIG. 3), and enables the decryption operation in AES core 202. When AES core 202 completes the operation, control processor 206 programs the DMA engine 204 to read the decrypted key from the AES output FIFO 203 and store it internal Key memory 210. When this operation is completed, and when the DMA engine 204 is the bus master, the DMA engine 204 sets dma_aes_allow_fifo_read=HIGH. The DMA engine 204 reads the content of the output FIFO 203 and stores it in the internal key memory 210.



FIG. 3 is a data flow diagram of an exemplary operation using the encryption/decryption apparatus. Note that FIG. 3 only shows a subset of the blocks in FIG. 2 that are involved in the data flows discussed below. This does not exclude elements of the system from participating in other data flows for other purposes.


In data flow 301, one or more packets of data are received (e.g., received from network 219, by way of the upper layer protocol (ULP) protocol accelerator block 238, which optionally offloads routine network, transport and application layer protocol processing from control processor 206), and passed on to the traffic manager/arbitrator (TMA) 230.


In data flow 302, TMA 230 stores the data in intermediate buffers 221 in the DDR memory 216. The packets are re-assembled and, in some embodiments, translated to accommodate the internal bus width of the HNAS system 201.


In data flow 303, the memory 216 outputs the data to be decrypted from the buffers 221 to the DMA engine 204 via the TMA 230.


In data flow 304, the DMA channel moves the master key and an encrypted device key to the Encryption/Decryption engine (AES core) 202, which decrypts the device key using the master key.


In data flow 305, the DMA engine 204 reads the decrypted device key from the AES output FIFO 203.


In data flow 306, the DMA channel 204 delivers the decrypted device key to the internal key memory 210, where it is stored.


In data flow 307, the DMA engine retrieves the decrypted device key from the internal key memory 210.


In data flow 308, the DMA engine 204 delivers the encrypted data to be decrypted into the AES core 202, along with the decrypted device key, and enables the decryption operation to be performed (on the encrypted data content) in the AES core 202 using the decrypted device key.


In data flow 309, the DMA engine 204 reads the decrypted data from the AES output FIFO 203.


In data flow 310, the DMA engine 204 delivers the decrypted data to the TMA 230, which transmits the decrypted data to a buffer queue 221 in memory 216.


In data flow 311, TMA 230 retrieves the decrypted data from the buffer queue 221 at an appropriate rate for forwarding the data to RDE module 232.


In data flow 312, TMA 230 delivers the decrypted data to RDE 232 for storage in disk 242.



FIG. 4 is a flow chart of a method performed by the apparatus of FIG. 2.


At step 400 control processor 206 controls operation of a media storage system 201. For example, control processor 206 controls the DMA processor 204


At step 402, control processor 206 retrieves the encrypted second decrypted key (the device key) from the flash memory 218 or RAM 216 in which the device key is stored.


At step 404, the control processor 206 delivers the encrypted second decrypted key to the decryption engine 202 before the step 408 of using the first decryption key to decrypt the encrypted second decryption key.


At step 406, DMA processor 204 moves the first decryption key from the NV memory 212 to the decryption engine 202 using direct memory access (DMA), while preventing the control processor 206 from accessing the first decryption key.


At step 408, decryption engine 202 of the media storage system 201 uses the first decryption key to decrypt the second decryption key; while preventing the control processor 206 from accessing the decrypted second decryption key.


Step 410, DMA engine 204 moves the second decryption key to the key memory 210 from the decryption engine 202, while preventing the control processor 206 from accessing the decrypted second decryption key.


At step 412, DMA engine 204 moves the second decryption key from key memory 210 to the decryption engine, while preventing the control processor 206 from accessing the decrypted second decryption key.


At step 414, the control processor 206 delivers payload data to the decryption engine 202.


At step 416, decryption engine 416 decrypts the payload data using the second decryption key.


One of ordinary skill in the art understands that the system and data flows described above can be extended to multiple levels of keys. The decrypted device key can be delivered by the DMA engine 204 to the input of the AES core 202 for decrypting an additional key, that is in turn used to decrypt the encrypted payload data.


Although an example is described above in which the decrypted device key is stored in the key memory 210, in other embodiments, the decrypted device key is re-encrypted with a different key (e.g., another master key stored in non-volatile memory 212) by encryption/decryption engine 202, before storing it in key memory 210.


Although the examples described above include an encryption/decryption engine 202 that acts as the decryption engine, for the purpose of performing the decryption operations described above, a standalone decryption engine that provides the decryption functions may alternatively be used.


The exemplary apparatus and method described above provides an efficient data movement mechanism for encryption/decryption, and an efficient key protection strategy including hardware for decryption and storage of decrypted device keys.


The optional inclusion of non-volatile and key memory allows a designer to extend the number of keys supported. Thus, the number of keys supported is variable.


The apparatus provides a multi-level key management and processing engine that supports a master key to unlock device specific keys on a chip.


The master keys may be programmed by the manufacturer of the device at the time of production, so that each vendor can select one or more master keys.


The apparatus may provide hardware acceleration of the key management, encryption and decryption with minimal control processor intervention.


The apparatus may provide the ability to hide the keys from the control processor itself to avoid hackers from modifying the boot up code to access any protected keys.


Although the invention has been described in terms of exemplary embodiments, it is not limited thereto. Rather, the invention should be construed broadly, to include other variants and embodiments of the invention, which may be made by those skilled in the art without departing from the scope and range of equivalents of the invention.

Claims
  • 1. In a system having a control processor, apparatus comprising: at least one memory including a first memory portion for storing at least one first decryption key; a decryption engine for using the first decryption key to decrypt information; and a key processor for providing the first decryption key to the decryption engine without allowing the control processor to access the first decryption key.
  • 2. The apparatus of claim 1, wherein: the key processor is a DMA processor capable of providing a signal to the decryption engine when the decryption engine is to decrypt the information; and the decryption engine is responsive to the signal for outputting the decrypted information and preventing the control processor from accessing the decrypted information from an output of the decryption engine.
  • 3. The apparatus of claim 1, wherein: the information includes an encrypted second decryption key and payload data; and the decryption engine is operable to decrypt the encrypted second decryption key using the first decryption key, and to decrypt the payload data using the second decryption key.
  • 4. The apparatus of claim 3, wherein: the key processor is a DMA processor capable of providing a signal to the decryption engine when the decryption engine is to decrypt the encrypted second decryption key; the decryption engine is responsive to the signal for outputting the second decryption key and preventing the control processor from accessing the second decryption key from an output of the decryption engine.
  • 5. The apparatus of claim 3, wherein: the at least one memory includes a second memory portion for storing the second decryption key after decryption thereof, and the second memory portion is accessible by the key processor to the exclusion of the control processor.
  • 6. The apparatus of claim 5, wherein the at least one memory includes a non-volatile memory, and the first memory portion is included in the non-volatile memory.
  • 7. The apparatus of claim 6, wherein the at least one memory further includes a volatile memory, and the second memory portion is included in the volatile memory.
  • 8. The apparatus of claim 3, further comprising a memory controller capable of receiving the second decryption key from an additional memory.
  • 9. The apparatus of claim 6, wherein the additional memory is one of the group consisting of a random access memory and a flash memory.
  • 10. A system comprising: an input for receiving streaming encrypted payload data; a control processor for controlling the system to process the encrypted payload data; at least one memory including a first memory portion for storing at least one first decryption key; a decryption engine for using the first decryption key to decrypt an encrypted second decryption key, and for using the second decryption key to decrypt the encrypted payload data; and a key processor for providing the first decryption key to the decryption engine for decrypting the second decryption key by the decryption engine without allowing the control processor to access the first decryption key.
  • 11. The system of claim 10, wherein: the key processor is a DMA processor capable of providing a signal to the decryption engine when the decryption engine is to decrypt the second decryption key; the decryption engine is responsive to the signal for outputting the second decryption key and preventing the control processor from accessing the second decryption key from an output of the decryption engine.
  • 12. The system of claim 10, wherein: the at least one memory includes a second memory for storing the second decryption key after decryption thereof, and the second memory is accessible by the key processor to the exclusion of the control processor.
  • 13. The system of claim 10, wherein the at least one memory includes a non-volatile memory, and the first memory portion is included in the non-volatile memory.
  • 14. The system of claim 13, wherein the at least one memory further includes a volatile memory, and the second memory portion is included in the volatile memory.
  • 15. The system of claim 13, further comprising a memory controller capable of receiving the second decryption key from an additional memory.
  • 16. The system of claim 15, wherein the additional memory is one of the group consisting of a random access memory and a flash memory.
  • 17. A method comprising the steps of: controlling operation of a media storage system using a control processor; using a first decryption key to decrypt an encrypted second decryption key in a decryption engine of the media storage system; moving the first decryption key and the decrypted second decryption key between at least one memory device and the decryption engine using direct memory access (DMA), while preventing the control processor from accessing the first decryption key and preventing the control processor from accessing the decrypted second decryption key.
  • 18. The method of claim 17, wherein the controlling step includes controlling a DMA processor that performs the moving step.
  • 19. The method of claim 17, wherein the moving step includes moving the first decryption key from a non-volatile memory to the decryption engine.
  • 20. The method of claim 17 wherein the moving step includes moving the decrypted second decryption key between a volatile memory and the decryption engine.
  • 21. The method of claim 17, wherein the control processor delivers payload data to the decryption engine, and the method further comprises decrypting the payload data in the decryption engine using the decrypted second decryption key.
  • 22. The method of claim 17, further comprising: providing a second memory device in which the encrypted second decrypted key is stored; and retrieving the encrypted second decrypted key by the control processor, wherein the control processor delivers the encrypted second decrypted key to the decryption engine before the step of using the first decryption key to decrypt the encrypted second decryption key.
Parent Case Info

This application is a continuation in part of U.S. patent application Ser. No. 11/226,507, filed Sep. 13, 2005, and is a continuation in part of U.S. patent application Ser. No. 11/273,750, filed Nov. 15, 2005, and is a continuation in part of U.S. patent application Ser. No. 11/364,979, filed Feb. 28, 2006, and is a continuation in Part of U.S. patent application Ser. No. 11/384,975, filed Mar. 20, 2006, and claims the benefit of U.S. provisional patent application Nos. 60/724,692, filed Oct. 7, 2005, 60/724,464, filed Oct. 7, 2005, 60/724,462, filed Oct. 7, 2005, 60/724,463, filed Oct. 7, 2005, 60/724,722, filed Oct. 7, 2005, 60/725,060, filed Oct. 7, 2005, and 60/724,573, filed Oct. 7, 2005, all of which applications are expressly incorporated by reference herein in their entireties.

Provisional Applications (7)
Number Date Country
60724692 Oct 2005 US
60724464 Oct 2005 US
60724462 Oct 2005 US
60724463 Oct 2005 US
60724722 Oct 2005 US
60725060 Oct 2005 US
60724573 Oct 2005 US
Continuation in Parts (4)
Number Date Country
Parent 11226507 Sep 2005 US
Child 11539327 Oct 2006 US
Parent 11273750 Nov 2005 US
Child 11539327 Oct 2006 US
Parent 11364979 Feb 2006 US
Child 11539327 Oct 2006 US
Parent 11384975 Mar 2006 US
Child 11539327 Oct 2006 US