Method for securely creating an endorsement certificate in an insecure environment
US7861079B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 21, 2007 |
| Grant date | Dec 28, 2010 |
| Priority date | — |
| Expiry date | Mar 12, 2029 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2117
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.