Secure processing systems and methods

摘要

This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

主权项

1. A method performed by a computer system including an open processing domain, a secure processing domain, and a non-transitory storage medium storing instructions that, when executed by the computer system, cause the computer system to perform the method, the method comprising:
determining that a secure abstraction layer executing in the secure processing domain of the computer system is trusted based on successfully verifying a digital signature associated with the secure processing domain using a cryptographic value stored in a hardware security element, the secure abstraction layer being configured to interface with secret data protected by the secure processing domain; invoking, by a client application executing in the open processing domain of the computer system, the secure abstraction layer; and performing, by the secure abstraction layer, a secure operation on the secret data based on an invocation from the client application.