发明授权
US08954735B2 Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
有权
使用防篡改硬件的安全信任锚配置和保护的设备,方法和系统
- 专利标题: Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
- 专利标题(中): 使用防篡改硬件的安全信任锚配置和保护的设备,方法和系统
-
申请号: US13631562申请日: 2012-09-28
-
公开(公告)号: US08954735B2公开(公告)日: 2015-02-10
- 发明人: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
- 申请人: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
- 申请人地址: US CA Santa Clara
- 专利权人: Intel Corporation
- 当前专利权人: Intel Corporation
- 当前专利权人地址: US CA Santa Clara
- 代理机构: Barnes & Thornburg LLP
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
摘要:
A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.