Sharing content securely between devices implies ciphering content with one or several ciphering keys, depending on the kind of cryptographic scheme. The use of one shared encryption/decryption key typically refers to a symmetric encryption scheme, whereas the asymmetric scheme implies the use of pairs of private and public keys for each device. The public key of the receiving device can be freely exchanged to any device and therefore can be used by a sending device to encrypt a message to be sent to the receiving device. The latter will use his corresponding private key to decrypt the message which cannot be decrypted by the other devices given that the process is not reversible, i.e. the encrypted message cannot be decrypted by using the public key of the sending device. This cryptographic scheme is based on algorithm implying mathematical problems which are easy to solve in a way, but which are very difficult in the reverse way. As shared key generation process, Diffie-Hellman method allows two parties to jointly establish a shared secret key over an insecure communication channel and then to use this key to encrypt subsequent communications according to a symmetric cryptographic scheme.
In general, keys can be perfectly secured when they are exchanged, outside of the devices, by means of secure network protocols and these keys can also be perfectly secured inside these devices, by hardware key paths. The problem occurs when linking both of these parts, i.e. at the interface between each of these devices and the network paths linking them. All communications between two devices or systems require that transferred data travel down though the sending system's network stack, across the physical layer, and then up through the receiving system's network stack. The traditional way of linking the secure network protocol and the hardware key path implies extracting the clear key from the network stack then injecting it in the hardware key path. This way of doing exposes the clear key used to perform cryptographic operations onto the content in the RAM memory of the device. Therefore, there is a risk that this key can be accessed within the device, before being injected in the hardware key path, by malicious person wanting to intercept the exchanged messages between two devices.