Device with embedded certificate authority
First Claim
1. A computing device comprising:
- one or more hardware processors;
a trusted computing manager executable by the one or more hardware processors to access a secure memory;
a certificate authority embedded in the trusted computing manager at the computing device and executable by the one or more hardware processors to generate a compound certificate, the generated compound certificate including a representation of a state of the computing device and being chained at least to a manufacturer certificate,wherein the manufacturer certificate is received from an external certificate authority and stored in the secure memory accessible by the trusted computing manager, wherein the state of the computing device is determined based on one or more measurements of code executable on the computing device; and
a server process executable by the one or more hardware processors to transmit the generated compound certificate to an external device in response to a certificate request sent by the external device, wherein the representation of the state of the computing device included in the generated compound certificate is usable by the requesting external device to determine whether the computing device is in a trusted state.
1 Assignment
0 Petitions
Accused Products
Abstract
A smart device, connected device, Internet of Things (IoT) device, etc. is configured with an embedded certificate authority. The embedded certificate authority generates a compound certificate that is signed at least by a manufacturer certificate securely stored on the device. The compound certificate includes a representation of a state of the device, which is based on one or more measurements of code executable on the device. The compound certificate may be used by an external device communicating with the smart device to determine whether the device is in a trusted state. Because the compound certificate is chained to a manufacturer certificate, the external device can communicate with the manufacturer (or an employed party) to determine whether the state of the device should be trusted.
74 Citations
20 Claims
-
1. A computing device comprising:
-
one or more hardware processors; a trusted computing manager executable by the one or more hardware processors to access a secure memory; a certificate authority embedded in the trusted computing manager at the computing device and executable by the one or more hardware processors to generate a compound certificate, the generated compound certificate including a representation of a state of the computing device and being chained at least to a manufacturer certificate, wherein the manufacturer certificate is received from an external certificate authority and stored in the secure memory accessible by the trusted computing manager, wherein the state of the computing device is determined based on one or more measurements of code executable on the computing device; and a server process executable by the one or more hardware processors to transmit the generated compound certificate to an external device in response to a certificate request sent by the external device, wherein the representation of the state of the computing device included in the generated compound certificate is usable by the requesting external device to determine whether the computing device is in a trusted state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
storing a manufacturer certificate in a secure memory of a computing device, the secure memory accessible by a trusted computing manager; generating, at the computing device, one or more measurements of code executable on the computing device, the one or more measurements of code representing a state of the computing device; generating, by a certificate authority embedded in the trusted computing manager at the computing device, a compound certificate, wherein the compound certificate includes the one or more measurements of code and is chained to at least the stored manufacturer certificate, wherein the stored manufacturer certificate is received from an external certificate authority and stored in the secure memory accessible by the trusted computing manager; and transmitting, by the computing device, the generated compound certificate to an external device in response to a certificate request sent from the external device, wherein the one or more measurements of code included in the generated compound certificate are usable by the external device to determine whether the computing device is in a trusted state. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more tangible processor-readable storage device embodied with instructions for executing on one or more hardware processors and circuits of a computing device a process comprising:
-
storing, at the computing device, a manufacturer certificate in a secure memory of the computing device, the secure memory accessible by a trusted computing manager; generating, on the computing device, one or more measurements of code executable on the computing device, the one or more measurements of code representing a state of the computing device; generating, by a certificate authority embedded in the trusted computing manager at the computing device, a compound certificate, wherein the compound certificate includes the one or more measurements of code and is chained to at least the stored manufacturer certificate, wherein the stored manufacturer certificate is received from an external certificate authority and stored in the secure memory accessible by the trusted computing manager; and transmitting, by the computing device, the generated compound certificate to an external device, wherein the one or more measurements of code included in the generated compound certificate is usable by the external device to determine whether the computing device is in a trusted state. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification