FLEXIBLE PROVISIONING OF ATTESTATION KEYS IN SECURE ENCLAVES
A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning se...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclaveto authenticate to the second provisioning service to obtain the second attestation key.
计算平台实现个或多个安全飞地,包括:第供应飞地,用于与第供应服务接合以从第供应服务获得第认证密钥,第二供应飞地,用于与不同的第二供应服务接合以从第二供应服务获得第二证明密钥,以及供应认证飞地,用于使用基于硬件的供应证明密钥对来自第供应飞地的第数据和来自第二供应飞地的第二 |
|---|