公开(公告)号：US20170041147A1

公开(公告)日：2017-02-09

申请号：US14821616

申请日：2015-08-07

Applicant: Google Inc.

Inventor： Darren David KRAHN ,  William Alexander DREWRY ,  Sumit GWALANI

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3247 ,  G06F21/445 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0897 ,  H04L9/3234 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/123

Abstract: Techniques for peer to peer attestation are provided. An example method includes receiving, at a first device, a discovery message from a second device, based on the discovery message, establishing a communication channel between the first device and the second device, receiving, at the first device, identity information from the second device, the identity information including one or more of: a trusted platform module (TPM) endorsement key certificate, a public portion of an identity key, one or more platform control register (PCR) values or a quote of the PCR values with the identity key, verifying, at the first device, one or more of the PCR values, the quote or the endorsement key certificate and authenticating one or more of the communication channel or the identity information of the second device based on the verification of a signature received from the second device.

Abstract translation: 提供了对等认证的技术。 一种示例性方法包括：在第一设备处，基于所述发现消息从第二设备接收发现消息，在所述第一设备和所述第二设备之间建立通信信道，在所述第一设备处接收来自所述第二设备的身份信息 设备，身份信息包括以下中的一个或多个：可信平台模块（TPM）认可密钥证书，身份密钥的公共部分，一个或多个平台控制寄存器（PCR）值或具有身份的PCR值的引用 密钥，在第一设备处验证一个或多个PCR值，报价或背书密钥证书，并且基于从第一设备接收到的签名的验证来验证第二设备的一个或多个通信信道或身份信息 第二个设备。