1. Field
The present invention relates generally to computer security and, more specifically, to securely distributing cryptographic keys to devices in processing systems.
2. Description
Some processing system architectures supporting content protection and/or computer security features require that specially-protected or “trusted” software modules be able to create an authenticated encrypted communications session with specific protected or “trusted” hardware devices in the processing system (such as graphics controller cards, for example). One commonly used method for both identifying the device and simultaneously establishing the encrypted communications session is to use a one-side authenticated Diffie-Hellman (DH) key exchange process. In this process, the device is assigned a unique public/private Rivest, Shamir and Adelman (RSA) algorithm key pair or a unique Elliptic Curve Cryptography (ECC) key pair. However, because this authentication process uses RSA or ECC keys, the device then has a unique and provable identity, which can raise privacy concerns. In the worst case, these concerns may result in a lack of support from original equipment manufacturers (OEMs) for building trustable devices providing this kind of security.