| CPC H04L 9/3234 (2013.01) [G06F 21/57 (2013.01); G06F 21/602 (2013.01); G06F 21/606 (2013.01); H04L 9/0825 (2013.01); H04L 9/0861 (2013.01); H04L 9/0897 (2013.01); H04L 9/14 (2013.01); H04L 63/20 (2013.01); H04L 2209/122 (2013.01)] | 28 Claims |
|
1. A processing device in a computing system, comprising:
non-volatile data storage hardware, wherein the data storage hardware stores at least one secure credential that is uniquely associated with the processing device, wherein the secure credential includes a private key of a public-private key pair; and
execution circuitry comprising at least one security accelerator and at least one processor core, the execution circuitry to perform operations to:
access a symmetric wrapper key in a first memory of the computing system, the symmetric wrapper key associated with a client entity, wherein the symmetric wrapper key is encrypted in the first memory, and wherein the symmetric wrapper key is encrypted based on a public key of the public-private key pair;
decrypt the symmetric wrapper key using the private key of the public-private key pair;
access a client private key in a second memory of the computing system, the client private key associated with the client entity, wherein the client private key is encrypted in the second memory, and wherein the client private key is encrypted based on the symmetric wrapper key;
decrypt the client private key with the symmetric wrapper key; and
execute a computation in a trusted execution environment of the processing device, using the decrypted client private key, to produce a computation result for the client entity;
wherein to execute the computation in the trusted execution environment includes to execute the computation with the processor core; and
wherein the decrypted client private key is securely maintained by the execution circuitry and the execution circuitry prevents access to the decrypted client private key by an entity outside the trusted execution environment.
|