Secure transfer of protected application storage keys with change of trusted computing base

Assignee

• Brickell Cryptology LLC · US

Inventor

• Ernest Brickell · Albuquerque, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0442
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and apparati for securely transferring application storage keys in an application in a trusted computing environment, when the trusted computing base is modified. In an apparatus embodiment of the present invention, a computing device comprises: a protected partition in which an application can execute without attack from outside a trusted computing base of the partition; and a storage key derivation module which provides a first storage key to said application, where the value of the first storage key is derived from a computation dependent upon a first version of the trusted computing base that is launched on the platform. The storage key derivation module is further configured to derive a second storage key from a computation dependent upon an alternate version of the trusted computing base; a migration key module is configured to verify whether there is an approval for providing the second storage key to the application while the application is executing with the first version of the trusted base having been launched; and the migration key module is further configured to provide the second storage key to the application after said approval has been verified.