FIG. 1 illustrates a conventional hardware security architecture. The architecture includes a security chip 101 and a memory 102 in a computer system. The memory 102 is separated into different localities, such as Locality 1 (103) and Locality 3 (104). Various applications 105-108 execute from each locality. Each locality also has its own key cache manager 111-112. Each key cache manager 111-112 manages the cryptographic storage of application security keys in the key storage 110 of the security chip 101. For example, the key cache manger 111 encrypts the key of the application 105 using the public key of the security chip 101. The public key is part of the public/private key pair, or storage root key (SRK) 109, for the security chip 101. The encrypted application key is then sent to the security chip 101. The security chip 101 decrypts the encrypted application key using its own private key, and stores the application key on the chip 101. Then, when the application 105 later requests the use of its key, the key cache manager 111 can service the request using the application key stored on the security chip 101.
However, in this architecture, the key cache managers 111-112 function with mutual distrust, i.e., neither key cache managers 111-112 trusts that the other will leave the key storage 110 in the same state. Thus, for example, if the key storage 110 is full, the key cache manager 112 can evict a currently loaded key in order to store another key for an application in its own locality 3 (104). If the evicted key is from an application within its locality, the key cache manager 112 tracks the storage of these keys. However, the key cache manager 112 can evict a key for an application in another locality, such as Locality 1 (103). Since the key cache mangers 111 and 112 do not communicate with each other, the key cache manager 111 would not be aware of the eviction of one of its keys by the key cache manger 112. Thus, when the key cache manager 111 goes to the key storage 110 to access its key, the wrong key is used. This results in coherency problems. One way to avoid these problems is to limit access of the security chip 101 to the applications in one locality. However, this prevents applications in other localities from taking advantage of the features of the security chip 101.
Accordingly, there exists a need for a method for a plurality of key cache managers to share the cryptographic key storage resources of a security chip. This method should allow key cache managers of different localities to access the security chip without coherency problems. The present invention addresses such a need.