Trusted platform module attestation flow over simple authentication and security layer with multiple symmetric key identification

Trusted platform module attestation flow over simple authentication and security layer with multiple symmetric key identification

An existing Simple Authentication and Security Layer (SASL) framework is modified to overcome message size limitations by implementing a control byte that enables segmentation of SASL messages. In implementations in which client computing devices utilize a trusted platform module (TPM) for enhanced...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Vokkarne, Rajeev Mandayam, Porter, Simon, Brandon, Jelani Zukar
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An existing Simple Authentication and Security Layer (SASL) framework is modified to overcome message size limitations by implementing a control byte that enables segmentation of SASL messages. In implementations in which client computing devices utilize a trusted platform module (TPM) for enhanced security, the client computing device can transmit multiple public keys and other information to a provisioning service during an attestation process. This information can be segmented across multiple messages while leveraging the SASL framework. A control byte may be utilized in each message and define attributes about the respective messages, such as whether a current message is an interim or final message segment. Likewise, the provisioning service can divide a challenge key into multiple segments and include a control byte for each segment. The control byte within segmented messages enables utilization of the TPM public keys and thereby can leverage the heightened security provided by the TPM.