Invention Grant
US08495361B2 Securely creating an endorsement certificate in an insecure environment
失效
在不安全的环境中安全地创建背书证书
- Patent Title: Securely creating an endorsement certificate in an insecure environment
- Patent Title (中): 在不安全的环境中安全地创建背书证书
-
Application No.: US11858971Application Date: 2007-09-21
-
Publication No.: US08495361B2Publication Date: 2013-07-23
- Inventor: Ryan Charles Catherman , David Carroll Challener , James Patrick Hoff
- Applicant: Ryan Charles Catherman , David Carroll Challener , James Patrick Hoff
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Yudell Isidore Ng Russell PLLC
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
Public/Granted literature
- US20090083539A1 Method for Securely Creating an Endorsement Certificate in an Insecure Environment Public/Granted day:2009-03-26
Information query
