Implementing enhanced computer security standard for secure cryptographic key storage using a software-based keystore

Inventors

• Bidan Sinha · Milpitas, US
• Kavitha Chandramohan · Sherwood Park, CA
• Helen Chen · Cupertino, US
• Karthik Bhat · Saratoga, US
• Fei Chen · Palo Alto, US
• Aakash Mehta · San Jose, US
• Thanh-Ha Nguyen · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3231
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A client device that is not originally compliant with a particular security standard (e.g., FIPS) is brought into compliance through the addition of a standard-compliant software-based cryptographic library. In order to adapt the cryptographic library to integrate with the hardware-backed keystore, a non-hardware-backed software keystore is used to store keys used by the cryptographic library. Additionally, in order to provide appropriate security for the software keystore, the software keystore (and/or the keypairs within the software keystore) is protected by a password, and the password is in turn protected by the hardware-backed keystore. Thus, to obtain the password needed to obtain a keypair from the software keystore that is in turn needed to use the cryptographic library, a user must authenticate with the operating system, e.g., by providing biometric credentials.