公开(公告)号：US20220329435A1

公开(公告)日：2022-10-13

申请号：US17808411

申请日：2022-06-23

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Thomas M. LAFFEY

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/73

Abstract: Methods and systems for implementing DevID enrollment for hardware redundant Trust Platform Modules (TPMs), are described. A system can include hardware redundancy for management modules, and for TPMs that correspond to each management module. Accordingly, a product can have a dual-TPM configuration, where both modules are associated with the same product. Further, a process that particularly considers the presence of dual-TPMs for creating, issuing, and enrolling DevID certificates is described. The process issues and maintains DevID certificates for each TPM by synchronizing dual sessions that correspond to each TPM. Also, the process accounts for duplicate identification data, for example allowing the certificate authority (CA) to sign certificates for dual-TPMs linked to the same chassis number. The process can include performing validation checks, rendezvous points, and locks to ensure that DevID certificates are successfully issued for each of the dual-TPMs, respectively.

公开(公告)号：US20230421554A1

公开(公告)日：2023-12-28

申请号：US17808744

申请日：2022-06-24

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Gareth David RICHARDS ,  Christopher Anthony Grant HILLIER ,  Ludovic Emmanuel Paul Noel JACQUIN ,  Thomas M. LAFFEY

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/0823 ,  H04L63/0435 ,  H04L63/062

Abstract: Examples for identification and authentication of hardware. Techniques may include receiving a node identifier during an initial phase of the node. The node identifier may include an initial unique identifier of the node. The node may receive a latest change identifier during a phase change of the node, wherein the phase change may cause a hierarchical change of the node. The latest change identifier is configured to incorporate a latest unique identifier corresponding to a latest system and one or more unique identifiers corresponding to one or more earlier systems of the node. Further, responsive to the reception of the latest change identifier, delete an earlier change identifier, and the node may send the second change identifier to a management service, in response to a request for authentication of the node by the management service.

公开(公告)号：US20220276875A1

公开(公告)日：2022-09-01

申请号：US17663470

申请日：2022-05-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel JACQUIN ,  Nigel John EDWARDS ,  Thomas M. LAFFEY

IPC: G06F9/4401 ,  G06F9/38 ,  G06F21/33 ,  G06F21/44 ,  G06F21/51

Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station. The certification station determines that the integrity proof is an expected value based on an expected provisioning state of the device and the device identity. The certification station signs, using a second authority, an integrity manifest certificate, based on the integrity proof and the device identity. The integrity manifest certificate is stored.