Apparatus and method for providing hardware security

摘要

A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.

主权项

1. An integrated circuit comprising:
a hardware security module configured to support a secure boundary for retention of a device unique key and to prevent unauthorized access of the device unique key by sources external to the secure boundary, the hardware security module including:
an interface configured to service data transfers between the secure boundary of the hardware security module and the external sources;a security processor configured to:
use the device unique key to unwrap a content key within the secure boundary; anddecrypt, within the secure boundary, encrypted data received from one of the external sources via the interface by using the unwrapped content key; andprovide decrypted data to the interface for transfer outside of the secure boundary; anda secure key cache configured to allow access for use but not copying of the unwrapped content key external to the secure boundary; and a bus coupled to the interface of the hardware security module and configured to support transfer of data between the interface and the external sources.