-
公开(公告)号:WO2017218180A1
公开(公告)日:2017-12-21
申请号:PCT/US2017/035080
申请日:2017-05-30
Applicant: INTEL CORPORATION
Inventor: SCARLATA, Vincent R. , MCKEEN, Francis X. , ROZAS, Carlos V. , JOHNSON, Simon P. , ZHANG, Bo , BEANEY, James D. , ZMIJEWSKI, Piotr , SMITH, Wesley Hamilton , CABRE, Eduardo , SAVAGAONKAR, Uday R.
CPC classification number: H04L9/3263 , G09C1/00 , H04L9/0816 , H04L9/0822 , H04L9/14 , H04L9/3268 , H04L63/06 , H04L63/0823 , H04L63/12
Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
Abstract translation: 实施例包括被配置为对于平台的第一处理器生成平台根密钥的系统,方法,计算机可读介质和设备; 创建数据结构以封装平台根密钥,所述数据结构包括平台供应密钥和注册服务的标识; 并且在安全连接上将所述数据结构传输到所述注册服务以注册用于所述平台的所述第一处理器的所述平台根密钥。 实施例包括被配置为存储从密钥生成设施接收到的设备证书的系统,方法,计算机可读介质和设备; 从平台接收清单,所述清单包括与所述平台相关联的处理器的标识; 并使用存储的设备证书验证处理器。
-
Patent Agency Ranking
公开(公告)号:WO2017210145A1
公开(公告)日:2017-12-07
申请号:PCT/US2017/034897
申请日:2017-05-28
Applicant: INTEL CORPORATION
Inventor: SCARLATA, Vincent R. , MCKEEN, Francis X. , ROZAS, Carlos V. , JOHNSON, Simon P. , ZHANG, Bo , BEANEY, JR., James D. , ZMIJEWSKI, Piotr , SMITH, Wesley Hamilton , CABRE, Eduardo
CPC classification number: H04L9/3252 , G06F21/44 , G06F21/53 , G09C1/00 , H04L9/0866 , H04L9/14 , H04L9/302 , H04L9/3066 , H04L9/3234 , H04L9/3247 , H04L9/3249 , H04L63/06 , H04L63/062 , H04L63/0823 , H04L63/12 , H04L2209/127
Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
Abstract translation: 计算平台实现一个或多个安全区域,所述安全区域包括第一供应区域和第一供应服务,以从第一供应服务获得第一认证密钥,第二供应区域与不同的 ,第二供应服务以从第二供应服务获得第二认证密钥,以及供应认证区域,以使用基于硬件的供应认证密钥来对来自第一供应区域的第一数据和来自第二供应区域的第二数据进行签名。 经签名的第一数据由第一供应区域用于向第一供应服务认证以获得第一认证密钥,并且由第二供应区域使用经签署的第二数据来向第二供应服务认证以获得第二认证密钥。
-
公开(公告)号:WO2016076978A1
公开(公告)日:2016-05-19
申请号:PCT/US2015/054153
申请日:2015-10-06
Applicant: INTEL CORPORATION
Inventor: SMITH, Ned M. , WALKER, Jesse , AGERSTAM, Mats , SUBRAMANIAM, Ravi S. , CABRE, Eduardo
IPC: H04L9/08
CPC classification number: H04L9/0841 , H04L9/0833 , H04L9/0844 , H04L9/0866 , H04L9/14 , H04L9/30 , H04L9/3013 , H04L2209/127 , H04W12/04
Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.
Abstract translation: 用于可信设备登机的技术包括第一计算设备,用于基于私有Diffie-Hellman密钥和第一计算设备的第一唯一标识符生成第一公共Diffie-Hellman密钥。 从第一计算设备的安全存储器检索第一唯一标识符。 第一计算设备将第一公共Diffie-Hellman密钥发送到第二计算设备,并从第二计算设备接收第二计算设备的第二公共Diffie-Hellman密钥。 第二个公共Diffie-Hellman密钥包含第二计算设备的第二唯一标识符。 此外,第一计算设备从第二公共Diffie-Hellman密钥去除第二唯一标识符的贡献,以生成修改的公共Diffie-Hellman密钥,并且基于修改的公共Diffie-Hellman密钥生成共享Diffie-Hellman密钥,并且 第一个计算设备的私人Diffie-Hellman密钥。
-
公开(公告)号:WO2019156716A1
公开(公告)日:2019-08-15
申请号:PCT/US2018/053588
申请日:2018-09-28
Applicant: INTEL CORPORATION
Inventor: SMITH, Ned M. , AGIS, Edward , CABRE, Eduardo , ROVER, Jeremy , MCCALL, David J.
Abstract: Various systems and methods for testing devices, issuing certificates, and managing certified devices, are discussed herein. A system is configured for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network. The system may use an approved product list to verify compliance and compatibility for the device. When the device is certified, the system may use an onboarding tool to onboard the device into the IoT network.
-
公开(公告)号:WO2019147311A1
公开(公告)日:2019-08-01
申请号:PCT/US2018/053433
申请日:2018-09-28
Applicant: INTEL CORPORATION
Inventor: CABRE, Eduardo , HELDT-SHELLER, Nathan , SMITH, Ned M.
Abstract: Various systems and methods for establishing security profiles for Internet of Things (IoT) devices and trusted platforms, including in OCF specification device deployments, are discussed herein. In an example, a technique for onboarding a subject device for use with a security profile, includes: receiving a request to perform an owner transfer method of a device associated with a device platform; verifying attestation evidence associated with the subject device, the attestation evidence being signed by a certificate produced using a manufacturer-embedded key, with the key provided from a trusted hardware component of the device platform; and performing device provisioning of the subject device, based on the attestation evidence, as the device provisioning causes the subject device to use a security profile tied to manufacturer-embedded keys.
-
公开(公告)号:EP3219044A1
公开(公告)日:2017-09-20
申请号:EP15858445.8
申请日:2015-10-06
Applicant: Intel Corporation
Inventor: SMITH, Ned M. , WALKER, Jesse , AGERSTAM, Mats , SUBRAMANIAM, Ravi S. , CABRE, Eduardo
IPC: H04L9/08
CPC classification number: H04L9/0841 , H04L9/0833 , H04L9/0844 , H04L9/0866 , H04L9/14 , H04L9/30 , H04L9/3013 , H04L2209/127 , H04W12/04
Abstract: Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.
Abstract translation: 用于可信设备加入的技术包括第一计算设备,用于基于私有Diffie-Hellman密钥和第一计算设备的第一唯一标识符来生成第一公共Diffie-Hellman密钥。 第一唯一标识符从第一计算设备的安全存储器中检索。 第一计算设备将第一公共Diffie-Hellman密钥发送到第二计算设备,并且从第二计算设备接收第二计算设备的第二公共Diffie-Hellman密钥。 第二公共Diffie-Hellman密钥包含第二计算设备的第二唯一标识符。 此外,第一计算设备从第二公共Diffie-Hellman密钥中去除第二唯一标识符的贡献以生成修改的公共Diffie-Hellman密钥,并基于修改的公共Diffie-Hellman密钥和生成共享Diffie-Hellman密钥 第一计算设备的私人Diffie-Hellman密钥。
-
-
-
-
-
Search Results
6
records
(took 0.027 seconds)
