-
公开(公告)号:US09405912B2
公开(公告)日:2016-08-02
申请号:US14080284
申请日:2013-11-14
发明人: Mark Novak , Paul England , Stefan Thom
IPC分类号: G06F9/24 , G06F15/177 , G06F21/57 , G06F21/31 , G06F21/72 , H04L29/06 , H04L9/08 , H04L9/32 , H04L9/16
CPC分类号: G06F21/575 , G06F21/31 , G06F21/72 , H04L9/0822 , H04L9/0869 , H04L9/0877 , H04L9/16 , H04L9/3234 , H04L63/0876 , H04L2463/062
摘要: Computing devices that perform hardware rooted attestation are described, as are methods for use therewith, wherein such devices include a system integrated TPM (e.g., a firmware-based TPM), with m boot chain components loaded and executed prior to the system integrated TPM. Between powering-up of a device and the system integrated TPM being loaded and executed, seed morphing is performed for n=0 to m. This involves an nth encryption seed (ESn) being morphed into an n+1th encryption seed (ESn+1), under control of an nth boot chain component, by extending the nth encryption seed (ESn) with a measurement of the n+1th boot chain component to thereby generate the n+1th encryption seed (ESn+1). In a similar manner, an nth identity seed (ISn) is morphed into an n+1th identity seed (ISn+1). Such techniques establish trust in the system integrated TPM despite it not being the first component loaded and executed after powering-up.
摘要翻译: 描述执行硬件有根据认证的计算设备,以及与其一起使用的方法也被描述,其中这样的设备包括系统集成TPM(例如,基于固件的TPM),其中m个引导链组件在系统集成TPM之前被加载和执行。 在设备上电和加载和执行的集成TPM系统之间,n = 0到m执行种子变形。 这包括在第n个引导链组件的控制下,通过用第n + 1个测量扩展第n个加密种子(ESn),将第n个加密种子(ESn)变形为第n + 1个加密种子(ESn + 1) 引导链组件,从而生成第n + 1个加密种子(ESn + 1)。 以类似的方式,将第n个身份种子(ISn)变形为第n + 1个身份种子(ISn + 1)。 这种技术在系统集成TPM中建立信任,尽管它不是上电后加载和执行的第一个组件。
-
公开(公告)号:US20150134942A1
公开(公告)日:2015-05-14
申请号:US14080284
申请日:2013-11-14
发明人: Mark Novak , Paul England , Stefan Thom
IPC分类号: G06F21/57
CPC分类号: G06F21/575 , G06F21/31 , G06F21/72 , H04L9/0822 , H04L9/0869 , H04L9/0877 , H04L9/16 , H04L9/3234 , H04L63/0876 , H04L2463/062
摘要: Computing devices that perform hardware rooted attestation are described, as are methods for use therewith, wherein such devices include a system integrated TPM (e.g., a firmware-based TPM), with m boot chain components loaded and executed prior to the system integrated TPM. Between powering-up of a device and the system integrated TPM being loaded and executed, seed morphing is performed for n=0 to m. This involves an nth encryption seed (ESn) being morphed into an n+1th encryption seed (ESn+1), under control of an nth boot chain component, by extending the nth encryption seed (ESn) with a measurement of the n+1th boot chain component to thereby generate the n+1th encryption seed (ESn+1). In a similar manner, an nth identity seed (ISn) is morphed into an n+1th identity seed (ISn+1). Such techniques establish trust in the system integrated TPM despite it not being the first component loaded and executed after powering-up.
摘要翻译: 描述执行硬件有根据认证的计算设备,以及与其一起使用的方法也被描述,其中这样的设备包括系统集成TPM(例如,基于固件的TPM),其中m个引导链组件在系统集成TPM之前被加载和执行。 在设备上电和加载和执行的集成TPM系统之间,n = 0到m执行种子变形。 这涉及在第n个引导链组件的控制下,第n个加密种子(ESn)被变形为第n + 1个加密种子(ESn + 1),通过用第n + 1个测量扩展第n个加密种子(ESn) 引导链组件,从而生成第n + 1个加密种子(ESn + 1)。 以类似的方式,将第n个身份种子(ISn)变形为第n + 1个身份种子(ISn + 1)。 这种技术在系统集成TPM中建立信任,尽管它不是上电后加载和执行的第一个组件。
-
搜索结果
2 条记录 (耗时 0.011 秒)
