公开(公告)号：US20220278855A1

公开(公告)日：2022-09-01

申请号：US17188047

申请日：2021-03-01

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel JACQUIN ,  Nigel John EDWARDS ,  Luis E. LUCIANI, JR.

IPC: H04L9/32

Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.

公开(公告)号：US20220276875A1

公开(公告)日：2022-09-01

申请号：US17663470

申请日：2022-05-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel JACQUIN ,  Nigel John EDWARDS ,  Thomas M. LAFFEY

IPC: G06F9/4401 ,  G06F9/38 ,  G06F21/33 ,  G06F21/44 ,  G06F21/51

Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station. The certification station determines that the integrity proof is an expected value based on an expected provisioning state of the device and the device identity. The certification station signs, using a second authority, an integrity manifest certificate, based on the integrity proof and the device identity. The integrity manifest certificate is stored.