SECURE PROCESSING SYSTEMS AND METHODS

摘要

This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

主权项

1. A computer system enabling secure processing of data, said system comprising:
a secure processing unit; a master key, said master key protected against tampering and accessible to said secure processing unit; a firmware validation module, said firmware validation module validating that system firmware is trusted, said validation at least in part using said master key; a secure processing domain, said secure processing domain protecting data stored or processed in the domain in a manner that is resistant to unauthorized analysis or alteration; secure abstraction layer software, said secure abstraction layer software configured to execute within said secure processing domain and to communicate with said secure processing unit; a software validation module, said module configured to validate said secure abstraction layer software prior to execution in the secure processing domain, said validation at least in part using said master key or a validated trust anchor; and an open processing domain, said open processing domain configured to allow an application executing within the open processing domain to call the secure abstraction layer to perform one or more operations using data protected by the secure processing domain.