Technologies for trusted device on-boarding
First Claim
1. A first computing device for trusted device on-boarding, the first computing device comprising:
- a processor;
a memory coupled to the processor;
a protocol execution module to (i) retrieve a first unique identifier from the memory and (ii) generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and the first unique identifier of the first computing device, wherein the first unique identifier is provisioned into a secure portion of the memory; and
a communication module to (i) transmit the first public Diffie-Hellman key to a second computing device and (ii) receive, from the second computing device, a second public Diffie-Hellman key of the second computing device, wherein the second public Diffie-Hellman key incorporates a second unique identifier of the second computing device,wherein the protocol execution module is further to (i) remove a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key (ii) generate a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device and (iii) open a secure session with the second computing device using the shared Diffie-Hellman key, wherein to remove the contribution of the second unique identifier comprises to generate the modified public Diffie-Hellman key according to gb=gb+p/gp, wherein;
gb is the modified public Diffie-Hellman key;
gb+p is the second public Diffie-Hellman key;
p is the second unique identifier;
g is a generator for an Abelian group;
gp is a member of the Abelian group corresponding to g, and/ is a division operator.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for trusted device on-boarding include a first computing device to generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and a first unique identifier of the first computing device. The first unique identifier is retrieved from secure memory of the first computing device. The first computing device transmits the first public Diffie-Hellman key to a second computing device and receives, from the second computing device, a second public Diffie-Hellman key of the second computing device. The second public Diffie-Hellman key incorporates a second unique identifier of the second computing device. Further, the first computing device removes a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key and generates a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device.
-
Citations
22 Claims
-
1. A first computing device for trusted device on-boarding, the first computing device comprising:
-
a processor; a memory coupled to the processor; a protocol execution module to (i) retrieve a first unique identifier from the memory and (ii) generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and the first unique identifier of the first computing device, wherein the first unique identifier is provisioned into a secure portion of the memory; and a communication module to (i) transmit the first public Diffie-Hellman key to a second computing device and (ii) receive, from the second computing device, a second public Diffie-Hellman key of the second computing device, wherein the second public Diffie-Hellman key incorporates a second unique identifier of the second computing device, wherein the protocol execution module is further to (i) remove a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key (ii) generate a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device and (iii) open a secure session with the second computing device using the shared Diffie-Hellman key, wherein to remove the contribution of the second unique identifier comprises to generate the modified public Diffie-Hellman key according to gb=gb+p/gp, wherein; gb is the modified public Diffie-Hellman key; gb+p is the second public Diffie-Hellman key; p is the second unique identifier; g is a generator for an Abelian group; gp is a member of the Abelian group corresponding to g, and / is a division operator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution by a first computing device, cause the first computing device to:
-
retrieve a first unique identifier from memory of the first computing device, wherein the first unique identifier is provisioned into a secure portion of the memory; generate a first public Diffie-Hellman key based on a private Diffie-Hellman key and the first unique identifier of the first computing device; transmit the first public Diffie-Hellman key to a second computing device; receive, from the second computing device, a second public Diffie-Hellman key of the second computing device, wherein the second public Diffie-Hellman key incorporates a second unique identifier of the second computing device; remove a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key, wherein to remove the contribution of the second unique identifier comprises to generate the modified public Diffie-Hellman key according to gb=gb+p/gp, wherein; gb is the modified public Diffie-Hellman key; gb+p is the second public Diffie-Hellman key; p is the second unique identifier; g is a generator for an Abelian group; gp is a member of the Abelian group corresponding to g, and / is a division operator; generate a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device; and open a secure session with the second computing device using the shared Diffie-Hellman key. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer-implemented method for trusted device on-boarding, the method comprising:
-
retrieving a first unique identifier from memory of a first computing device, wherein the first unique identifier is provisioned into a secure portion of the memory; generating, by the first computing device, a first public Diffie-Hellman key based on (i) a private Diffie-Hellman key and (ii) the first unique identifier of the first computing device; transmitting, by the first computing device, the first public Diffie-Hellman key to a second computing device; receiving, by the first computing device and from the second computing device, a second public Diffie-Hellman key of the second computing device, wherein the second public Diffie-Hellman key incorporates a second unique identifier of the second computing device; removing, by the first computing device, a contribution of the second unique identifier from the second public Diffie-Hellman key to generate a modified public Diffie-Hellman key, wherein removing the contribution of the second unique identifier comprises generating the modified public Diffie-Hellman key according to gb=gb+p/gp, wherein; gb is the modified public Diffie-Hellman key; gb+p is the second public Diffie-Hellman key; p is the second unique identifier; g is a generator for an Abelian group; gp is a member of the Abelian group corresponding to g, and / is a division operator; generating, by the first computing device, a shared Diffie-Hellman key based on the modified public Diffie-Hellman key and the private Diffie-Hellman key of the first computing device; and opening a secure session with the second computing device using the shared Diffie-Hellman key. - View Dependent Claims (21, 22)
-
Specification