Key-attestation-contingent certificate issuance

Key-attestation-contingent certificate issuance

The present invention provides for streamlined issuance of certificates and other tokens that are contingent on key attestation of keys from a trusted platform module within a computing platform. Various methods are described for wrapping the requested token in a secret, such as an AES key, that is...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: WAXMAN PETER DAVID, SALVAN CRISTIAN STEFAN, RAJU PRABU, KOULADJIE KAM, SONI HIMANSHU, VISWANATHAN GIRIDHAR, FENNER CHRISTOPHER EDWARD, STOCCO GABRIEL FORTUNATO
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The present invention provides for streamlined issuance of certificates and other tokens that are contingent on key attestation of keys from a trusted platform module within a computing platform. Various methods are described for wrapping the requested token in a secret, such as an AES key, that is encrypted to a TPM based key in a key challenge. If the requesting platform fails the key challenge,the encrypted certificate or token cannot be decrypted. If requesting platform passes the challenge, the encrypted certificate or token can be decrypted using the AES key recovered from the key challenge. 本发明提供了取决于来自计算平台内的可信平台模块的密钥的密钥认证的证书和其他令牌的流线型发布。描述了用于将请求的令牌包装在秘密中的各种方法,该秘密是诸如被加密到密钥挑战中的基于TPM的密钥的AES密钥。如果请求平台未通过密钥挑战,则加密的证书或令牌无法被解密。如果请求平台通过挑战,则加密的证书或令牌可以使用从密钥挑战恢复的AES密钥而被解密。