公开(公告)号：US20120110644A1

公开(公告)日：2012-05-03

申请号：US12938363

申请日：2010-11-02

申请人： Stefan Thom ,  Nathan Ide ,  Scott Daniel Anderson ,  Robert Karl Spiger ,  David J. Linsley ,  Mark Fishel Novak ,  Magnus Nyström

发明人： Stefan Thom ,  Nathan Ide ,  Scott Daniel Anderson ,  Robert Karl Spiger ,  David J. Linsley ,  Mark Fishel Novak ,  Magnus Nyström

IPC分类号： H04L9/32 ,  G06F15/16 ,  G06F21/00

CPC分类号： G06F21/57 ,  G06F2221/2101 ,  H04L9/0897

摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.

摘要翻译： 事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示 休眠前的计算设备现在已经恢复。 休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是 记录。 在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。 事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

公开(公告)号：US20110167503A1

公开(公告)日：2011-07-07

申请号：US12652094

申请日：2010-01-05

申请人： Mikael Horal ,  Hakki Tunc Bostanci ,  Vandana Gunupudi ,  Ning Zhang ,  Scott Daniel Anderson ,  Stefan Thom ,  Erik Holt

发明人： Mikael Horal ,  Hakki Tunc Bostanci ,  Vandana Gunupudi ,  Ning Zhang ,  Scott Daniel Anderson ,  Stefan Thom ,  Erik Holt

IPC分类号： G06F21/22

CPC分类号： G06F21/10 ,  G06F2221/0704

摘要： A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.

摘要翻译： 可信激活许可证（TAL）可以由可信平台模块（TPM）特有的密钥组成，并且识别与具有该TPM的计算设备捆绑的软件应用的信息。 为了激活软件应用程序，可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较，并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较 地点。 随后的验证可以基于TAL和认证身份密钥（AIK）之间的保护关联，该密钥可以由TPM作为激活步骤的一部分生成。 可选地，可以在验证期间周期性地改变TPM的平台配置寄存器（PCR），以防止使用一个TPM来在多个计算设备上进行验证。

公开(公告)号：US08418259B2

公开(公告)日：2013-04-09

申请号：US12652094

申请日：2010-01-05

申请人： Mikael Horal ,  Hakki Tunc Bostanci ,  Vandana Gunupudi ,  Ning Zhang ,  Scott Daniel Anderson ,  Stefan Thom ,  Erik Holt

发明人： Mikael Horal ,  Hakki Tunc Bostanci ,  Vandana Gunupudi ,  Ning Zhang ,  Scott Daniel Anderson ,  Stefan Thom ,  Erik Holt

IPC分类号： G06F7/04

CPC分类号： G06F21/10 ,  G06F2221/0704

摘要： A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.

摘要翻译： 可信激活许可证（TAL）可以由可信平台模块（TPM）特有的密钥组成，并且识别与具有该TPM的计算设备捆绑的软件应用的信息。 为了激活软件应用程序，可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较，并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较 地点。 随后的验证可以基于TAL和认证身份密钥（AIK）之间的保护关联，该密钥可以由TPM作为激活步骤的一部分生成。 可选地，可以在验证期间周期性地改变TPM的平台配置寄存器（PCR），以防止使用一个TPM来在多个计算设备上进行验证。