The present disclosure relates generally to systems and methods for the secure processing of digital or electronic information. More specifically, the present disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications.
Computer systems are commonly used to store and process digital information that a user may wish to keep secret or secure. For example, a user may wish to prevent secret information related to their identity, financial accounts, passwords, and the like from being accessed by and/or exposed to potential attackers who may desire to exploit such secret information. Further, information (e.g., cryptographic keys, certificates, licenses, control programs, etc.) utilized in digital rights management (“DRM”) implementations designed to prevent unauthorized access and/or use to secure and/or proprietary content may also need to be kept secret to maintain the integrity of the DRM implementation. Accordingly, systems and methods to manage the processing of secret information by a computer system in a secure manner are desirable.
To prevent unauthorized access to and/or exposure of secret or secure information, a processing environment may be established on a computer system having a plurality of processing domains with different levels of security. For example, a secure processing domain may be established where secret information is securely processed and protected from exposure to applications executing outside the secure processing domain. An open processing domain may be established where less-sensitive and/or less-secure operations and applications may be performed and/or executed. Potential attackers may gain access to the open processing domain by virtue of its less secure nature, but will be substantially impeded from accessing the secret or secure information processed within the secure processing domain given its higher level of security.
In some circumstances, applications running in the open processing domain may need to use secret information protected within the secure processing domain. Consistent with embodiments disclosed herein, a secure programmatic abstraction layer may operate as a boundary between the secure processing domain and the open processing domain allowing applications running in the open processing domain to utilize secret information protected within the secure processing domain without compromising the security of the secret information. The secure programmatic abstraction layer may be invoked by the application running in the open processing domain and used to perform required operations on the secret information in a secure environment.
Secure operations performed on and/or using secret information consistent with embodiments disclosed herein may initiate when a client application executing in an open processing domain of a system invokes a secure abstraction layer. The secure abstraction layer may be configured to interface with secret data protected by a secure processing domain of the system. In some embodiments, the secure processing domain may include a secure processor unit having integrated support for symmetric and asymmetric cryptographic algorithms Further, in certain embodiments, before invoking the secure abstraction layer, the system may determine that the secure abstraction layer is trusted. Determining that the secure abstraction layer is trusted may be based on, for example, a successful signature verification operation.
Once invoked, the secure abstraction layer may perform one or more secure operations on the secret information based on an invocation from a client application. The secure operations may include, for example, loading a cryptographically wrapped key into the secure abstraction layer, performing encryption/decryption operations utilizing the secret information, performing cryptographic signing and/or signature verification utilizing the secret information, encrypting secret fields within a larger piece of data utilizing the secret information, and/or performing digest calculations. By performing secure operations in the secure processing domain, the secret information may not be exposed to the less-secure client application running the open processing domain.
In certain embodiments, secret information may be exported and/or persisted from the secure processing domain in a secure manner. To export or persist secret information, the secret information may first be encrypted using a persistent (e.g., permanent) encryption key. In certain embodiments, the persistent encryption key may be associated with hardware components of the secure processing domain and be configured to persist between system reboots. The secret information may, in addition or alternatively, be encrypted using a cycling encryption key that may not be configured to persist between system reboots. Once encrypted by the persistent and/or cycling encryption key, the secret information may then be exported from the secure abstraction layer to the client application running in the open processing domain.