CPC G06F 21/79 (2013.01) [G06F 21/6209 (2013.01)] | 20 Claims |
1. A method for securing sensitive information in a flash memory of a computing system, the method comprising:
communicating, by an integrated secure element (ISE) of a system-on-chip of the computing system and over a dedicated channel between the ISE and a secure flash memory external to the system-on-chip, information for determining a shared secret key useful to enable secure communication between the ISE of the system-on-chip and the secure flash memory over the dedicated channel, the information based on a first public key and private key pair preprogrammed into the ISE and a second public key and private key pair preprogrammed into the secure flash memory;
securing, based on the shared secret key, the dedicated channel between the ISE of the system-on-chip and the secure flash memory external to the system-on-chip to establish a secure dedicated channel to provide the ISE with exclusive access to a flash cryptographic key stored by the secure flash memory external to the system-on-chip;
accessing, via the secure dedicated channel, the flash cryptographic key stored by the secure flash memory external to the system-on-chip; and
cryptographically protecting, using the flash cryptographic key obtained from the secure flash memory, sensitive information written to the flash memory of the computing system via an interface between the system-on-chip and the flash memory that is separate from the dedicated channel between the ISE and the secure flash memory, the flash memory external to the system-on-chip.
|