A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, pro grams, data) by the use of strong encryption and/or keyed hashing, respectively. In addition to secrets the Authority owns, the system provides access to third party secrets from the computing devices. In one embodiment, the hardware rooted encryption and hashing each use a single hardware register fabricated as part of the computing device's proces sor or System-on-Chip (SoC) and protected from external probing. The secret data is protected while in the device even during operating system malfunctions and becomes non-accessible from storage according to various rules, one of the rules being the passage of a certain time period. The use of the keys (or other secrets) can be bound to security policies that cannot be separated from the keys (or other secrets). The Authority is also able to establish remote trust and secure communications to the devices after deployment in the field using a special tamper-resistant hardware register in the device, to enable, disable or update the keys or secrets stored securely by the device.

In one operation, a software program runs on the portable device in conjunction with a device root key (DRK) (a device specific master cryptographic key) which is built into the microprocessor in one of the registers. Another register contains a storage root hash (SRH) which then serves to encode the integrity of a storage structure. Together, the DRK and the SRH provide a secure execution environment for the software program that operates on the critical secrets. In this manner, the processor itself provides hardware-rooted trust for flexible software architecture and usage models.

Note that the trusted software module protected directly by SP hardware can be used to implement an arbitrary number of desired security policies such that it can protect anything that it is set up to protect such as a security policy, or other data. There may be one or more data registers like the SRH, acces sible only to the trusted software module, which can use it in different ways.

By using a root of trust embedded in the hardware micro processor or System-on-a-Chip (SoC), it is possible to protect sensitive keys in a sensor-node platform or a node in a mobile ad-hoc network. This prevents an adversary from extracting these protected long-term keys from a captured node in order to fabricate new nodes. Note that the trusted software module protected directly by SP hardware can be used to implement an arbitrary number of desired security policies such that it can protect anything that it is set up to protect Such as a security policy, or other data.

The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention. It should be appreciated by those skilled in the art that the conception and specific embodiment disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present invention. It should also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims. The novel features which are believed to be characteristic of the invention, both as to its organization and method of operation, together with further objects and advantages will be better understood from the following description when considered in connection with the accompanying figures. It is to be expressly understood, however, that each of the figures is provided for the purpose of illustration and description only and is not intended as a definition of the limits of the present invention.