公开(公告)号：US20090083539A1

公开(公告)日：2009-03-26

申请号：US11858971

申请日：2007-09-21

申请人： Ryan Charles Catherman ,  David Carroll Challener ,  James Patrick Hoff

发明人： Ryan Charles Catherman ,  David Carroll Challener ,  James Patrick Hoff

IPC分类号： H04L9/00

CPC分类号： G06F21/57

摘要： A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

摘要翻译： 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密，并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥（EK）凭证处理过程中，TPM产生一个签名密钥，其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥（来自认可密钥）和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时，EK证书才会生成并插入到TPM中。

公开(公告)号：US07269747B2

公开(公告)日：2007-09-11

申请号：US10411408

申请日：2003-04-10

申请人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F1/28

CPC分类号： G06F21/57 ,  G06F21/575

摘要： A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

摘要翻译： 提出了一种计算机系统，其提供可信赖的平台，通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立，并为平台建立信任度量的根。 构建加密协处理器，使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。