公开(公告)号：JP2009089390A

公开(公告)日：2009-04-23

申请号：JP2008248778

申请日：2008-09-26

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: H04L9/08 ,  G06F21/24 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/0836 ,  H04L9/0897

Abstract: PROBLEM TO BE SOLVED: To solve the problem that conventional PCR bindings can yield very rigid protection of data, where any change to the software that executes on the system results in the inability to access the data.
SOLUTION: This disclosure describes methods for using the TPM's configuration binding capabilities to lock data to a configuration in a manner that is flexible enough to allow the software in that configuration to be upgraded, under a trusted upgrade service, without causing the processing system to lose access to the data. Additionally, a processing system can provide for recovery of data when the processing system is no longer able to get into the predefined safe and approved configuration, e.g., recovery from a failed upgrade is allowed.
COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：为了解决常规PCR绑定可以产生非常严格的数据保护的问题，在系统上执行的软件的任何改变导致无法访问数据。 解决方案：本公开描述了使用TPM的配置绑定功能以足够灵活的方式将数据锁定到配置的方式，以允许在可信升级服务下升级该配置中的软件，而不会导致处理 系统丢失访问数据。 此外，当处理系统不再能够进入预定义的安全和批准的配置时，处理系统可以提供数据的恢复，例如，允许从故障升级恢复。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：GB2453230A

公开(公告)日：2009-04-01

申请号：GB0817350

申请日：2008-09-23

Applicant: INTEL CORP

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: G06F21/00

Abstract: A processing system with a trusted platform module (TPM) supports migration of digital keys. An application in the processing system creates a first configuration key 120 as a child of a TPM storage root key (SRK) 110 when the system has a first configuration. The application also creates an upgradeable root user key 130 associated with an upgrade authority as a child of the first configuration key. When the system has a second configuration, the application creates a second configuration key 122 as a child of the SRK and requests migration approval from the upgrade authority. In response to receiving approval from the upgrade authority, the application migrates the root user key 132 to be a child of the second configuration key. Compared to the conventional structure (fig. 2) the upgradeable key structure includes an extra layer (the configuration keys) in the hierarchy between the Root User Key 130 and the SRK.

公开(公告)号：GB2453230B

公开(公告)日：2010-01-06

申请号：GB0817350

申请日：2008-09-23

Applicant: INTEL CORP

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: G06F21/00

Abstract: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.