Invention Grant
US07644278B2 Method for securely creating an endorsement certificate in an insecure environment
失效
在不安全的环境中安全地创建背书证书的方法
- Patent Title: Method for securely creating an endorsement certificate in an insecure environment
- Patent Title (中): 在不安全的环境中安全地创建背书证书的方法
-
Application No.: US10750594Application Date: 2003-12-31
-
Publication No.: US07644278B2Publication Date: 2010-01-05
- Inventor: Ryan Charles Catherman , David Carroll Challener , James Patrick Hoff
- Applicant: Ryan Charles Catherman , David Carroll Challener , James Patrick Hoff
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Dillon & Yudell, LLP
- Main IPC: H04L9/32
- IPC: H04L9/32
Abstract:
A Method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured trusted platform modules. The endorsement keys are generated for the trusted platform module (TPM). The TPM vendor selects an N-byte secret and stores the N-type secret in the trusted platform module along with the endorsement keys. The secret number cannot be read outside of the trusted platform module. The secret number is also provided to the credential server of the original equipment manufacturer. During the endorsement key (EK) credential process, the trusted platform module generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key withy a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the trusted platform module only when a match is confirmed.
Public/Granted literature
- US20050144440A1 Method for securely creating an endorsement certificate in an insecure environment Public/Granted day:2005-06-30
Information query
