公开(公告)号：US20250124139A1

公开(公告)日：2025-04-17

申请号：US18485518

申请日：2023-10-12

Applicant: Google LLC

Inventor： Jeffrey Thomas Andersen ,  Marius Paul Michiel Schilder

IPC: G06F21/60 ,  G06F21/57 ,  G06F21/64

Abstract: Example embodiments of the present disclosure provide for an example method including maintaining a current version info list including version info tuples for software layers. The example method includes, upon receipt of a request for a registered version key, performing a comparison algorithm to authenticate a requested version info list including a number of version info tuples associated with software layers. The tuples can include a security version number (SVN) and a security context string for each software layer. The requested version info list can be authenticated using the comparison algorithm to determine that the requested version info list includes version info tuples with higher SVNs than the current version info list. Responsive to authenticating the requested version info list, the method include providing a portion of the requested version info list as input into a key derivation function (KDF) and obtaining a device requested version key as output.

公开(公告)号：US20240364531A1

公开(公告)日：2024-10-31

申请号：US18250838

申请日：2023-03-22

Applicant: Google LLC

Inventor： Vidya Bharat Satyamsetti ,  Jeffrey Thomas Andersen ,  Jordan Thomas Hand ,  Christopher Edward Fenner

IPC: H04L9/32 ,  G06F21/57 ,  H04L9/08

CPC classification number: H04L9/3242 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/0877

Abstract: Provided are computing systems that feature a centralized attestation device able to perform attestation on behalf of a number of different platform components. More particularly, the present disclosure provides extensible mechanisms for representing trustworthiness statements by an attester device within a platform either as implicit attestation or explicit attestation. Thus, according to one aspect of the present disclosure, a computing system can include an attester device that implements a hybrid model for presenting evidence of measurements of all the components in a platform to a verifier.

公开(公告)号：US20240333513A1

公开(公告)日：2024-10-03

申请号：US18250851

申请日：2023-03-22

Applicant: Google LLC

Inventor： Jordan Thomas Hand ,  Christopher Edward Fenner ,  Jeffrey Thomas Andersen ,  Vidya Bharat Satyamsetti

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3234 ,  H04L9/0877 ,  H04L9/3271

Abstract: The present disclosure provides systems and methods for demonstrating the identity of a central processing unit (CPU) to a Trusted Platform Module (TPM) with improved security against, for example, interposers on a communications bus. In particular, according to an aspect of the present disclosure, a CPU can generate a policy alias key that can be used to sign a challenge to prove the identity of the CPU to the TPM. Specifically, the policy alias key can be generated by the CPU by performing a key derivation function on a combined identity value generated by the CPU for the CPU and TPM. The combined identity value can be generated by the CPU from a CPU device identity value and a public endorsement key (EK) associated with the TPM.

公开(公告)号：US12244582B2

公开(公告)日：2025-03-04

申请号：US18428700

申请日：2024-01-31

Applicant: Google LLC

Inventor： Anna Sapek ,  Uday Ramesh Savagaonkar ,  Jeffrey Thomas Andersen ,  Thomas Michael Roeder

IPC: H04L9/40 ,  G06Q30/018 ,  H04L9/08

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

公开(公告)号：US20240171560A1

公开(公告)日：2024-05-23

申请号：US18428700

申请日：2024-01-31

Applicant: Google LLC

Inventor： Anna Sapek ,  Uday Ramesh Savagaonkar ,  Jeffrey Thomas Andersen ,  Thomas Michael Roeder

IPC: H04L9/40 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0844 ,  H04L63/0428 ,  H04L63/101 ,  G06Q30/0185

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

公开(公告)号：US11962576B2

公开(公告)日：2024-04-16

申请号：US17973664

申请日：2022-10-26

Applicant: Google LLC

Inventor： Anna Sapek ,  Uday Savagaonkar ,  Jeffrey Thomas Andersen ,  Thomas Michael Roeder

IPC: H04L9/40 ,  G06Q30/018 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0844 ,  H04L63/0428 ,  H04L63/101 ,  G06Q30/0185

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

公开(公告)号：US20230039096A1

公开(公告)日：2023-02-09

申请号：US17973664

申请日：2022-10-26

Applicant: Google LLC

Inventor： Anna Sapek ,  Uday Savagaonkar ,  Jeffrey Thomas Andersen ,  Thomas Michael Roeder

IPC: H04L9/40 ,  H04L9/08

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

公开(公告)号：US11509643B2

公开(公告)日：2022-11-22

申请号：US17046547

申请日：2018-07-18

Applicant: Google LLC

Inventor： Anna Sapek ,  Uday Savagaonkar ,  Jeffrey Thomas Andersen ,  Thomas Michael Roeder

IPC: H04L9/40 ,  H04L9/08 ,  G06Q30/00

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

公开(公告)号：US20210037001A1

公开(公告)日：2021-02-04

申请号：US17046547

申请日：2018-07-18

Applicant: Google LLC

Inventor： Anna Sapek ,  Uday Savagaonkar ,  Jeffrey Thomas Andersen ,  Thomas Michael Roeder

IPC: H04L29/06 ,  H04L9/08

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.