SUPPORT FOR SECURE OBJECTS IN A COMPUTER SYSTEM

摘要

A computer system includes a mechanism supporting a Secure Object that includes information that is cryptographically protected so that other software on the computer system cannot access or undetectably tamper with the information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object. The Mechanism includes a crypto engine that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.

主权项

1. A computer system comprising a mechanism supporting a Secure Object that comprises information that is cryptographically protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information from other software while making an unencrypted form of the Secure Object information available to the Secure Object itself during execution of the Secure Object, wherein said mechanism comprises:
a crypto mechanism that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage; and a protected key storage area, that is not accessible by software, used to store keys used for decryption and integrity-checking of Secure Object information when this information is moved into the computer system from the external storage and for encryption of Secure Object information and generation of an integrity value as the information is moved out of the computer system to the external storage.