Abstract: A decryption key management system includes a memory, a memory controller, a decryption engine, and an on-chip crypto-accelerator. A key blob and an encrypted code are stored in the memory. The memory controller fetches the key blob and stores it in a memory buffer. The decryption engine fetches the key blob and decrypts it using an OTP key to generate a decryption key. The decryption key is used to decrypt the encrypted code and generate a decrypted code.

Abstract: A system for securing a variable length keyladder key includes a keyladder decryptor configured to alter a first layer key and to execute a keyladder algorithm to generate a content key, the keyladder algorithm to generate the content key by decrypting an encrypted second layer key with the altered first layer key. The alteration mirrors the alteration applied to encrypt the second layer key by a content server providing content data to be decrypted. The system may further include a cryptographic direct memory access controller (DMAC) coupled with the keyladder decryptor and to decrypt encrypted content data using the generated content key. The keyladder decryptor may be further configured to send the content key to be stored in the DMAC without information regarding how the first layer key was altered. The alteration may include a permutation function or other change or modification.