1. Technical Field
The present application relates generally to an improved data processing device. More specifically, the present application is directed to an apparatus and method for providing sealed storage in a data processing device.
2. Description of Related Art
Maintaining the secrecy of sensitive data in computing systems is a consistent problem in today's computer-centered society. Problems associated with identity theft, corporate espionage, hacking, and the like, are on a rise. Various measures, e.g., encryption mechanisms, certification mechanisms, and the like, have been devised for making it more difficult for unauthorized users, programs, and the like, to access sensitive data.
One endeavor to attempt to create a more secure computing environment is the development of “Trusted Computing” by International Business Machines, Inc. (IBM) and the Trusted Computing Group (TCG), a consortium of several companies that aims to standardize a hardware module and a software stack that enable attestation, i.e. the ability to prove the integrity of a cryptographic co-processor to remote systems, and other security services necessary for verifying system integrity. In one version of “Trusted Computing,” the hardware of a computing device includes a passive monitoring component that stores a hash of a machine state on start-up. This hash is computed using details of the hardware (audio card, video card, etc.) and the software (O/S, drivers, etc.). If the computing device ends up in the ‘approved’ state, the hardware may make available to the operating system the cryptographic keys needed to decrypt trusted applications and data. If the computing device ends up in a ‘wrong’ state, the hash will be wrong and the hardware will not release the right cryptographic key. The computing device may still be able to run non-trusted applications and access non-trusted data, but protected applications and data will be unavailable and hence unusable.
The current “Trusted Computing” solutions provided by IBM work very well in existing computing environments and provide a mechanism by which data and applications are cryptographically linked to a specific hardware and software environment that would be very difficult for an unauthorized individual to replication. However, with the advent of new computing architectures, opportunities for improving upon known security mechanisms and “Trusted Computing” solutions are made available.