Securely creating an endorsement certificate in an insecure environment
US8495361B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 21, 2007 |
| Grant date | Jul 23, 2013 |
| Priority date | — |
| Expiry date | Aug 29, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/57
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.