Protecting remote asset against data exploits utilizing an embedded key generator

摘要

Some embodiments include a method of using different keys from an embedded key generator for each update of a trusted storage to mitigate common user-based exploits (clone, restore, tamper) of the trusted storage. The method includes: retrieving a key generator certificate from the key generator; requesting the key generator to generate a key associated with a key authenticator and to return a key handle associated with the key; generating a request to the key generator, the request including the key handle, the key authenticator, and a record to be maintained in the trusted storage; and in response to receiving an encrypted record from the key generator, storing the encrypted record associated with the first key handle and an authenticator generation formula in the trusted storage in a computing device, wherein the encrypted record is encrypted via the above key.