公开(公告)号：US20150212971A1

公开(公告)日：2015-07-30

申请号：US13691635

申请日：2012-11-30

Applicant: Google Inc.

Inventor： Joao Paulo PAGAIME da SILVA ,  Kenneth Edward MIXTER ,  Raymond LO ,  Glenn WILSON ,  William Alexander DREWRY ,  Bin ZHAO ,  Sumit GWALANI ,  Mattias Stefan NISSLER

IPC: G06F15/177

CPC classification number: H04L63/083 ,  H04L63/0428 ,  H04L63/0823

Abstract: A system and a method for registering an electronic device are provided. An auto-enrollment status of an electronic device by an enterprise is determined based on hash information associated with an identifier for the electronic device. In a case where the auto-enrollment status of the electronic device is determined to require auto-enrollment of the electronic device by the enterprise, one or more configuration settings for the electronic device as designated by the enterprise are identified, and the electronic device is requested to adopt the one or more configuration settings as designated by the enterprise in response to providing the auto-enrollment login interface to the electronic device.

Abstract translation: 提供了一种用于登记电子设备的系统和方法。 基于与电子设备的标识符相关联的哈希信息来确定企业的电子设备的自动注册状态。 在电子设备的自动注册状态被确定为要求企业自动注册电子设备的情况下，识别由企业指定的电子设备的一个或多个配置设置，并且电子设备是 响应于向电子设备提供自动注册登录界面，请求采用企业指定的一个或多个配置设置。

公开(公告)号：US20170041147A1

公开(公告)日：2017-02-09

申请号：US14821616

申请日：2015-08-07

Applicant: Google Inc.

Inventor： Darren David KRAHN ,  William Alexander DREWRY ,  Sumit GWALANI

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3247 ,  G06F21/445 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0897 ,  H04L9/3234 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/123

Abstract: Techniques for peer to peer attestation are provided. An example method includes receiving, at a first device, a discovery message from a second device, based on the discovery message, establishing a communication channel between the first device and the second device, receiving, at the first device, identity information from the second device, the identity information including one or more of: a trusted platform module (TPM) endorsement key certificate, a public portion of an identity key, one or more platform control register (PCR) values or a quote of the PCR values with the identity key, verifying, at the first device, one or more of the PCR values, the quote or the endorsement key certificate and authenticating one or more of the communication channel or the identity information of the second device based on the verification of a signature received from the second device.

Abstract translation: 提供了对等认证的技术。 一种示例性方法包括：在第一设备处，基于所述发现消息从第二设备接收发现消息，在所述第一设备和所述第二设备之间建立通信信道，在所述第一设备处接收来自所述第二设备的身份信息 设备，身份信息包括以下中的一个或多个：可信平台模块（TPM）认可密钥证书，身份密钥的公共部分，一个或多个平台控制寄存器（PCR）值或具有身份的PCR值的引用 密钥，在第一设备处验证一个或多个PCR值，报价或背书密钥证书，并且基于从第一设备接收到的签名的验证来验证第二设备的一个或多个通信信道或身份信息 第二个设备。

公开(公告)号：US20170109533A1

公开(公告)日：2017-04-20

申请号：US15335101

申请日：2016-10-26

Applicant: GOOGLE INC.

Inventor： Gaurav SHAH ,  William A. DREWRY ,  Randall SPANGLER ,  Ryan TABONE ,  Sumit GWALANI ,  Luigi SEMENZATO

IPC: G06F21/57 ,  G06F21/64 ,  H04L9/30 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F21/554 ,  G06F21/64 ,  G06F21/74 ,  H04L9/30 ,  H04L9/3236 ,  H04L9/3247

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.