-
-
公开(公告)号:EP3613192A1
公开(公告)日:2020-02-26
申请号:EP18732194.8
申请日:2018-05-21
-
公开(公告)号:EP3210155A1
公开(公告)日:2017-08-30
申请号:EP15788524.5
申请日:2015-10-18
发明人: THOM, Stefan , AIGNER, Ronald , MATTOON, Dennis J. , SCHAEFER, Stuart H. , KAPADIA, Merzin , SPIGER, Robert Karl , WOOTEN, David R. , ENGLAND, Paul
CPC分类号: H04L9/3247 , G06F21/53 , G06F21/629 , G06F21/72 , G06F2221/034 , H04L63/0428 , H04L63/0876 , H04L63/102
摘要: Techniques for a trust service for a client device are described. In various implementations, a trust service is implemented remotely from a client device and provides various trust-related functions to the client device. According to various implementations, communication between a client device and a remote trust service is authenticated by a client identifier (ID) that is maintained by both the client device and the remote trust service. In at least some implementations, the client ID is stored on a location of the client device that is protected from access by (e.g., is inaccessible to) device components such as an operating system, applications, and so forth. Thus, the client ID may be utilized to generate signatures to authenticate communications between the client device and the remote trust service.
摘要翻译: 描述了用于客户端设备的信任服务的技术。 在各种实现中,信任服务从客户端设备远程实现,并向客户端设备提供各种信任相关功能。 根据各种实现,客户端设备和远程信任服务之间的通信由客户端设备和远程信任服务两者维护的客户端标识符(ID)进行认证。 在至少一些实施方式中,客户端ID被存储在客户端设备的位置上,该位置被设备组件(诸如操作系统,应用等)(例如,不可访问)保护以免被访问。 因此,可以利用客户端ID来生成签名以认证客户端设备和远程信任服务之间的通信。
-
公开(公告)号:EP4111341A1
公开(公告)日:2023-01-04
申请号:EP21705042.6
申请日:2021-01-20
发明人: THOM, Stefan , ENGLAND, Paul , SPIGER, Robert Karl , TELFER, Brian , LEE, Sangho , PEINADO, Marcus
IPC分类号: G06F21/57 , G06F9/4401
-
公开(公告)号:EP3362939A1
公开(公告)日:2018-08-22
申请号:EP16787596.2
申请日:2016-10-03
IPC分类号: G06F21/57
CPC分类号: H04L9/002 , G06F8/65 , G06F21/57 , G06F21/575 , G06F21/71 , G06F2221/034 , H04L9/0869
摘要: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.
-
公开(公告)号:EP3362936A1
公开(公告)日:2018-08-22
申请号:EP16785280.5
申请日:2016-10-03
CPC分类号: G06F21/575 , G06F9/4406 , G06F11/1417 , G06F21/51 , H04L9/0861 , H04L9/0866 , H04L9/0891 , H04L9/3263
摘要: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.
-
公开(公告)号:EP3044900A1
公开(公告)日:2016-07-20
申请号:EP14783691.0
申请日:2014-09-08
IPC分类号: H04L9/08
CPC分类号: H04L9/0861 , H04L9/0877 , H04L9/088
摘要: A security processing unit is configured to manage cryptographic keys. In some instances, the security processing unit may comprise a co-processing unit that includes memory, one or more processors, and other components to perform operations in a secure environment. A component that is external to the security processing unit may communicate with the security processing unit to generate a cryptographic key, manage access to a cryptographic key, encrypt/decrypt data with a cryptographic key, or otherwise utilize a cryptographic key. The external component may comprise a central processing unit, an application, and/or any other hardware or software component that is located outside the security processing unit.
-
公开(公告)号:EP3044901B1
公开(公告)日:2020-11-25
申请号:EP14783693.6
申请日:2014-09-11
-
公开(公告)号:EP3210155B1
公开(公告)日:2019-08-07
申请号:EP15788524.5
申请日:2015-10-18
-
公开(公告)号:EP3044901A1
公开(公告)日:2016-07-20
申请号:EP14783693.6
申请日:2014-09-11
发明人: FERGUSON, Niels T. , NYSTROM, Magnus Bo Gustaf , MCPHERSON, Dave M. , ENGLAND, Paul , NOVAK, Mark Fishel
CPC分类号: H04L9/0861 , G06F9/4401 , G06F21/57 , G06F21/575 , G06F21/602 , H04L9/0836 , H04L9/0866 , H04L9/3234 , H04L2209/38
摘要: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.016 秒)
