Invention Grant
US08954735B2 Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
有权
使用防篡改硬件的安全信任锚配置和保护的设备,方法和系统
- Patent Title: Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
- Patent Title (中): 使用防篡改硬件的安全信任锚配置和保护的设备,方法和系统
-
Application No.: US13631562Application Date: 2012-09-28
-
Publication No.: US08954735B2Publication Date: 2015-02-10
- Inventor: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
- Applicant: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
- Applicant Address: US CA Santa Clara
- Assignee: Intel Corporation
- Current Assignee: Intel Corporation
- Current Assignee Address: US CA Santa Clara
- Agency: Barnes & Thornburg LLP
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.
Public/Granted literature
Information query
