1. Field
The present disclosure pertains to the field of information processing, and more particularly, to the, field of encrypting information.
2. Description of Related Art
In an information processing system, secret information may be protected from discovery by encrypting it. Private key encryption algorithms, such as the advanced encryption standard (“AES”) defined in Federal Information Processing Standard 197 from the National Institute of Standards and Technology, use a private key to transform unencrypted information (“plain-text”) into encrypted information (“cipher-text”) that generally has no meaning unless subsequently decrypted by a reverse transformation using the private key.
The present invention is illustrated by way of example and not limitation in the accompanying figures.
Embodiments of an invention for repeatable application-specific encryption key derivation using a hidden root key are described. In this description, numerous specific details, such as component and system configurations, may be set forth in order to provide a more thorough understanding of the present invention. It will be appreciated, however, by one skilled in the art, that the invention may be practiced without such specific details. Additionally, some well-known structures, circuits, and other features have not been shown in detail, to avoid unnecessarily obscuring the present invention.
As described in the background section, encryption may he used to protect, secret information. One type of secret information may be application-specific encryption keys. Embodiments of the present invention provide for the repeatable derivation of application-specific encryption keys using a hidden root key. These embodiments provide for the derivation to be repeatable so that the application-specific encryption key need not be stored with the data that it is used to encrypt. These embodiments also provide for the derivation to be performed without comprising protection of the hidden root key.
Root key 110 may be any hardware encryption key. in one embodiment, root key 110 is a 256 bit key stored in a read-only memory implemented in fuses. The read-only memory is inaccessible to software running on processor 100. Only encryption engine 120 has access to root key 110.
Encryption engine 120 may include any circuitry or other structures to execute one or more encryption algorithms in one embodiment, encryption engine 120 includes circuitry to perform AES encryption, secure hash algorithms (“SHA”), and/or hash-based message authentication code (“HMAC”) generation.
Instruction hardware 130 may represent any circuitry, structure, or other hardware, such as an instruction decoder, for fetching, receiving, decoding, and/or scheduling instructions. Any instruction format may be used within the scope of the present invention; for example, an instruction may include an opcode and one or more operands, where the opcode may be decoded into one or more micro-instructions or micro-operations for execution by execution hardware 140.
In one embodiment, instruction hardware 130 may be designed to receive one or more instructions to support the operation of processor 100 in a secured or isolated execution mode, in which access to particular system resources may be controlled by trusted software such as a measured virtual machine monitor. In this embodiment, access to encryption engine 120 may be limited to software operating within the secured or isolated execution mode. In other embodiments, any other approach to hiding or protecting root key 110 may be used. In one embodiment, root key 110 is accessible only to an AES wrap operation that is performed entirely by encryption engine 120 and is riot observable by any other hardware or software.
Execution hardware 140 may include any circuitry, structure, or other hardware, such as an arithmetic unit, logic unit, floating point unit, shifter, etc for processing data and executing instructions, micro-instructions, and/or micro-operations.
Control logic 150 may include any circuitry, logic, or other structures, including microcode, state machine logic, and programmable logic, to control the operation of the units and other elements of processor 100 and the transfer of data within, into, and out of processor 100. Control logic 150 may cause processor 100 to perform or participate in the performance of method embodiments of the present invention, such as the method embodiments described below, for example, by causing processor 100, using execution hardware 140, encryption engine 120, and/or any other resources, to execute instructions received by instruction hardware 130 and micro-instructions or micro-operations derived from instructions received by instruction hardware 130.
System 180 may also include system memory 190, network interface controller (“NIC”) 182, and any other components any other components or other elements connected, coupled, or otherwise in communication with each other through any number of buses, point-to-point, or other wired or wireless connections. System memory 190 may include dynamic random access memory and/or any other type of medium accessible by processor 100, and may he used to store data and/or instructions used or generated by processor 100 and/or any other components. For example, system memory 190 is shown as storing application program 192, including application instructions 194, application data 196, and application-specific string 198, as described below. NIC 182 may be any type of controller used to enable communication between system 190 and another information processing system.
In box 210 of method 200, a unique data string, such as application-specific string 196 is assigned to an application running on processor 100. Each application running on processor 100 for which an application-specific key is needed or desired may be assigned pits own unique data string generated according to any approach. In box 214, a concatenation operation is performed on application-specific string 196 and a salt. In one embodiment, the salt may be a platform-specific string, such as the MAC of NIC 182.
In box 220, art SHA is performed on the result of the concatenation operation from box 214. In one embodiment, an SHA-256 algorithm is used to provide a 256-bit input to box 224. In box 224, an AES wrap is performed on the SHA output from box 220 by encryption engine 130. The AES wrap function performs an AES operation using root key 210.
In box 230, an SHA is performed on the output of the AES wrap from box 224. in one embodiment, an HMAC-SHA-256 algorithm is used to provide a 256-bit application-specific key. Any HMAC key may be used for this operation.
The output of the SHA operation of box 230 is a key that is unique to application 192. Since the operations of boxes 214, 220, 224, arid 230 are deterministic, an application may use method 200 to generate the same application-specific key again and again. Therefore, there is no need to store the application-specific key.
In box 240, the application-specific key may be used to encrypt data. In box 244, the encrypted data may be stored, for example, in application data area 196. Within the scope of the present invention, method 200 may be performed in a different order, with illustrated boxes omitted, with additional boxes added, or with a combination of reordered, omitted, or additional boxes.
Embodiments or portions of embodiments of the present invention, as described above, may be stored in any form of a machine-readable medium. For example, all or part of method 200 may be embodied in software or firmware instructions that are stored on a medium readable by processor 100, which when executed by processor 100, cause processor 100 to execute an embodiment of the present invention.
Thus, embodiments of an invention for repeatable application-specific encryption key derivation have been described. While certain embodiments have been described, and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative and not restrictive of the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other modifications may occur to those ordinarily skilled in the art upon studying this disclosure. In an area of technology such as this, where growth is fast and further advancements are not easily foreseen, the disclosed embodiments may be readily modifiable in arrangement and detail as facilitated by enabling technological advancements without departing from the principles of the present disclosure or the scope of the accompanying claims.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/US12/24527 | 2/9/2012 | WO | 00 | 9/4/2014 |