Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware

Assignee

• Intel Corporation · US

Inventors

• Ned M. Smith · Beaverton, US
• David Johnston · Beaverton, US
• George W. Cox · Terrace Park, US
• Adi Shaliv · Kiryat Malachi, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/127
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.