公开(公告)号：US09916453B2

公开(公告)日：2018-03-13

申请号：US14979135

申请日：2015-12-22

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  Ashish Grover

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  H04L9/08

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F21/72 ,  G06F2221/034 ,  H04L9/0861

Abstract: Methods, apparatus, and computer program products for generating a derivative key for an execution environment (EE) are described. An example of a method includes obtaining a device key by a key derivation circuit, obtaining a context string by the key derivation circuit from a one-time writable bit register (OWBR), generating the derivative key for a current EE by the key derivation circuit based on the device key and on the context string from the OWBR.

公开(公告)号：US20180152307A1

公开(公告)日：2018-05-31

申请号：US15364078

申请日：2016-11-29

Applicant: QUALCOMM Incorporated

Inventor： Ashish Grover ,  Bollapragada Manohar ,  Baranidharan Mutukumaran ,  Zhen Kong

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3297 ,  H04L9/3247 ,  H04L63/12

Abstract: Aspects may relate to a device to provide trusted time assurance. The device may comprise: a time clock; an interface; and a processor coupled to the interface. The processor may be configured to operate a trusted execution environment to: receive a request through the interface from a server to send current time; receive a nonce from the server through the interface; sign the current time from the time clock, the nonce received from the server, and device information with an attestation key; transmit the signed current time, nonce, and device information to the server through the interface. The device may then receive an application, a service, or data and a defined period of time from the server through the interface to be available for use for the defined period of time measured by the trusted execution environment.

公开(公告)号：US09100192B2

公开(公告)日：2015-08-04

申请号：US14037050

申请日：2013-09-25

Applicant: QUALCOMM Incorporated

Inventor： Bollapragada Venkata Janaki Manohar ,  Ashish Grover ,  Eamonn Coleman

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/53 ,  G06F21/57 ,  G06F21/72

CPC classification number: H04L9/3263 ,  G06F21/53 ,  G06F21/572 ,  G06F21/72 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0877 ,  H04L9/0897

Abstract: Disclosed is a method for provisioning an endorsement key (EK) certificate for a firmware trusted platform module (fTPM). In the method, the fTPM receives a derived key (DK) from a hardware trusted platform (HWTP). The fTPM is implemented in the HWTP, the DK is derived from a hardware key (HWK) securely stored in the HWTP, the HWK is unique to the HWTP, and the HWK is not available to the fTPM. The fTPM generates an endorsement primary seed (EPS) based on the DK, and generates a hashed endorsement primary seed (HEPS) based on a hash of the EPS. The fTPM forwards the HEPS to a provisioning station, and receives, from the provisioning station, an EK certificate corresponding to the HEPS.

Abstract translation: 公开了一种用于为固件可信平台模块（fTPM）提供认可密钥（EK）证书的方法。 在该方法中，fTPM从硬件可信平台（HWTP）接收导出密钥（DK）。 在HWTP中实现了fTPM，DK是从HWTP中安全存储的硬件密钥（HWK）派生出来的，HWK是HWTP唯一的，HWK不能用于fTPM。 基于DK，fTPM生成认证主要种子（EPS），并且基于EPS的散列生成散列认证主要种子（HEPS）。 fTPM将HEPS转发到供应站，并从供应站接收与HEPS相对应的EK证书。

公开(公告)号：US20170177872A1

公开(公告)日：2017-06-22

申请号：US14979135

申请日：2015-12-22

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  Ashish Grover

IPC: G06F21/57 ,  H04L9/08

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F21/72 ,  G06F2221/034 ,  H04L9/0861

Abstract: Methods, apparatus, and computer program products for generating a derivative key for an execution environment (EE) are described. An example of a method includes obtaining a device key by a key derivation circuit, obtaining a context string by the key derivation circuit from a one-time writable bit register (OWBR), generating the derivative key for a current EE by the key derivation circuit based on the device key and on the context string from the OWBR.

公开(公告)号：US20140365763A1

公开(公告)日：2014-12-11

申请号：US14037050

申请日：2013-09-25

Applicant: QUALCOMM Incorporated

Inventor： Bollapragada Venkata Janaki Manohar ,  Ashish Grover ,  Eamonn Coleman

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  G06F21/53 ,  G06F21/572 ,  G06F21/72 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0877 ,  H04L9/0897

Abstract: Disclosed is a method for provisioning an endorsement key (EK) certificate for a firmware trusted platform module (fTPM). In the method, the fTPM receives a derived key (DK) from a hardware trusted platform (HWTP). The fTPM is implemented in the HWTP, the DK is derived from a hardware key (HWK) securely stored in the HWTP, the HWK is unique to the HWTP, and the HWK is not available to the fTPM. The fTPM generates an endorsement primary seed (EPS) based on the DK, and generates a hashed endorsement primary seed (HEPS) based on a hash of the EPS. The fTPM forwards the HEPS to a provisioning station, and receives, from the provisioning station, an EK certificate corresponding to the HEPS.

Abstract translation: 公开了一种用于为固件可信平台模块（fTPM）提供认可密钥（EK）证书的方法。 在该方法中，fTPM从硬件可信平台（HWTP）接收导出密钥（DK）。 在HWTP中实现了fTPM，DK是从HWTP中安全存储的硬件密钥（HWK）派生出来的，HWK是HWTP唯一的，HWK不能用于fTPM。 基于DK，fTPM生成认证主要种子（EPS），并且基于EPS的散列生成散列认证主要种子（HEPS）。 fTPM将HEPS转发到供应站，并从供应站接收与HEPS相对应的EK证书。