公开(公告)号：US09953167B2

公开(公告)日：2018-04-24

申请号：US14880746

申请日：2015-10-12

Applicant: Microsoft Technology Licensing, LLC

Inventor： David R Wooten ,  Andrey Marochko ,  Dennis Mattoon ,  Paul England

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  G06F9/44 ,  H04L9/08 ,  H04L9/32 ,  G06F21/51 ,  G06F11/14

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F11/1417 ,  G06F21/51 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/0891 ,  H04L9/3263

Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.

公开(公告)号：US10146916B2

公开(公告)日：2018-12-04

申请号：US14943208

申请日：2015-11-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Stefan Thom ,  Robert Karl Spiger ,  David R Wooten ,  Merzin Kapadia

IPC: G06F21/57 ,  G06F21/10 ,  H04L9/32 ,  G06F21/62 ,  H04L9/30

Abstract: Systems and methods for facilitating a trusted platform module (TPM) or other protector mechanism that provides a device with a trusted device capability store. To provide the device with a trusted device capability store, a fingerprint of an endorsement key that is associated with the TPM or other protector mechanism can be imprinted into firmware of the device. By imprinting the fingerprint into the firmware, the device can determine whether or not the TPM or other protector mechanism the device is communicating with is the TPM or other protector mechanism associated with the device. The TPM or other protector mechanism can include the endorsement key, the trusted device capability store, and an access policy. The trusted device capability store can include one or more capabilities associated with the device. The access policy can indicate both unauthorized read access and authorized write access associated with the TPM or other protector mechanism.

公开(公告)号：US09917687B2

公开(公告)日：2018-03-13

申请号：US14880813

申请日：2015-10-12

Applicant: Microsoft Technology Licensing, LLC

Inventor： David R Wooten ,  Andrey Marochko ,  Dennis Mattoon ,  Paul England

IPC: H04L9/00 ,  G06F9/445 ,  G06F21/57 ,  G06F21/71 ,  H04L9/08

CPC classification number: H04L9/002 ,  G06F8/65 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F2221/034 ,  H04L9/0869

Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.