公开(公告)号：US20190052469A1

公开(公告)日：2019-02-14

申请号：US16162776

申请日：2018-10-17

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/32 ,  G06F21/53 ,  G09C1/00 ,  H04L29/06 ,  G06F21/44 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20210006416A1

公开(公告)日：2021-01-07

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US12028443B2

公开(公告)日：2024-07-02

申请号：US16650439

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Eduardo Cabre ,  Nathan Heldt-Sheller ,  Ned M. Smith

IPC: H04L9/08 ,  G06F21/57

CPC classification number: H04L9/0825 ,  G06F21/575 ,  H04L9/0838 ,  H04L9/0866

Abstract: Various systems and methods for establishing security profiles for Internet of Things (IoT) devices and trusted platforms, including in OCF specification device deployments, are discussed herein. In an example, a technique for onboarding a subject device for use with a security profile, includes: receiving a request to perform an owner transfer method of a device associated with a device platform; verifying attestation evidence associated with the subject device, the attestation evidence being signed by a certificate produced using a manufacturer-embedded key, with the key provided from a trusted hardware component of the device platform; and performing device provisioning of the subject device, based on the attestation evidence, as the device provisioning causes the subject device to use a security profile tied to manufacturer-embedded keys.

公开(公告)号：US10708067B2

公开(公告)日：2020-07-07

申请号：US15201400

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US20170353319A1

公开(公告)日：2017-12-07

申请号：US15279527

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3252 ,  G06F21/44 ,  G06F21/53 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/302 ,  H04L9/3066 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/127

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20200374700A1

公开(公告)日：2020-11-26

申请号：US16957684

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Edward Agis ,  Eduardo Cabre ,  Jeremy Rover ,  David J. McCall

IPC: H04W12/06 ,  H04L9/32

Abstract: Various systems and methods for testing devices, issuing certificates, and managing certified devices, are discussed herein. A system is configured for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network. The system may use an approved product list to verify compliance and compatibility for the device. When the device is certified, the system may use an onboarding tool to onboard the device into the IoT network.

公开(公告)号：US10135622B2

公开(公告)日：2018-11-20

申请号：US15279527

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/36 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  G09C1/00 ,  G06F21/53

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20170366359A1

公开(公告)日：2017-12-21

申请号：US15201400

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P, Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06

CPC classification number: H04L9/3263 ,  G09C1/00 ,  H04L9/0816 ,  H04L9/0822 ,  H04L9/14 ,  H04L9/3268 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/12

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US11683685B2

公开(公告)日：2023-06-20

申请号：US16957684

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Edward Agis ,  Eduardo Cabre ,  Jeremy Rover ,  David J. McCall

IPC: H04L29/06 ,  H04W12/069 ,  H04L9/32

CPC classification number: H04W12/069 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3278

Abstract: Various systems and methods for testing devices, issuing certificates, and managing certified devices, are discussed herein. A system is configured for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network. The system may use an approved product list to verify compliance and compatibility for the device. When the device is certified, the system may use an onboarding tool to onboard the device into the IoT network.

公开(公告)号：US11489678B2

公开(公告)日：2022-11-01

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L9/40 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.