公开(公告)号：US20160142212A1

公开(公告)日：2016-05-19

申请号：US14542491

申请日：2014-11-14

Applicant: Intel Corporation

Inventor： NITIN V. SARANGDHAR ,  DANIEL NEMIROFF ,  NED M. SMITH ,  ERNIE BRICKELL ,  JIANGTAO LI

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract translation: 该应用程序针对使用匿名密钥系统的可信平台模块认证和认证。 一般来说，通过使用匿名密钥系统（AKS）认证，可以在使用集成TPM的设备中支持TPM认证和TPM认证。 一个示例设备可以包括将AKS和TPM固件（FW）加载到可以进一步包括至少一个操作系统（OS）加密模块，AKS服务模块和TPM认证和认证的运行时环境中的至少组合的AKS和TPM资源 （CA）模块。 对于TPM认证，CA模块可以与运行时环境中的其他模块进行交互，以生成由AKS证书签名的TPM证书，该证书可能被传送到认证平台进行验证。 对于TPM认证，CA模块可能会使TPM凭据与TPM和/或AKS证书一起提供给认证平台进行验证。

公开(公告)号：US20170170966A1

公开(公告)日：2017-06-15

申请号：US15431479

申请日：2017-02-13

Applicant: Intel Corporation

Inventor： NITIN V. SARANGDHAR ,  DANIEL NEMIROFF ,  NED M. SMITH ,  ERNIE BRICKELL ,  JIANGTAO LI

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

公开(公告)号：US20160087805A1

公开(公告)日：2016-03-24

申请号：US14490402

申请日：2014-09-18

Applicant: Intel Corporation

Inventor： JIANGTAO LI ,  WEI WU ,  PATRICK KOEBERL

IPC: H04L9/32 ,  G06F11/07 ,  H04L9/06

CPC classification number: H04L9/3278 ,  H04L9/0866

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.

Abstract translation: 根据本文公开的实施例，提供了用于提供用于物理不可克隆功能的后处理机构的系统和方法。 集成电路包括包括自适应PUF逻辑的物理不可克隆功能（PUF）单元。 自适应PUF逻辑接收具有多个比特的PUF响应。 自适应PUF逻辑还确定在PUF响应中的多个比特中是否存在针对比特的记录。 记录包括存储的比特位置和对应于存储的比特位置的存储的比特值。 当确定在PUF响应中存在该比特的记录时，自适应PUF逻辑还用存储的比特值来覆盖PUF响应中的比特的比特值。 PUF响应中的位的位值与存储的位值不同。