Platform and method for securely transmitting an authorization secret.

US 20020080974A1
Filed: 12/27/2000
Published: 06/27/2002
Est. Priority Date: 12/27/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an ephemeral asymmetric public key and an ephemeral credential;

verifying that the ephemeral asymmetric public key is valid using data recovered from the ephemeral credential;

encrypting authorization secret using the ephemeral asymmetric public key if the ephemeral asymmetric public key is determined to be valid; and

transmitting the encrypted authorization secret over a link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a platform comprises a processor, an input/output control hub (ICH), and a trusted platform module (TPM). Coupled to the ICH, the TPM comprises an internal memory, and an asymmetric key generation unit. The symmetric key generation unit produces an ephemeral asymmetric key pair including an ephemeral asymmetric public key and an ephemeral asymmetric private key. Both the ephemeral asymmetric public key and the ephemeral asymmetric.

Citations

24 Claims

1. A method comprising:
- receiving an ephemeral asymmetric public key and an ephemeral credential;
  
  verifying that the ephemeral asymmetric public key is valid using data recovered from the ephemeral credential;
  
  encrypting authorization secret using the ephemeral asymmetric public key if the ephemeral asymmetric public key is determined to be valid; and
  
  transmitting the encrypted authorization secret over a link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the ephemeral credential includes at least a duplicate copy of the ephemeral asymmetric public key digitally signed with an identity private key.
  - 3. The method of claim 2, wherein prior to verifying that the ephemeral asymmetric public key is valid, the method farther comprises receiving of an identity public key and an identity credential.
  - 4. The method of claim 3, wherein the ephemeral credential further includes a predetermined sequence of alphanumeric characters.
  - 5. The method of claim 2, wherein the verifying that the ephemeral asymmetric public key is valid includes recovering the duplicate copy of the ephemeral asymmetric public key from the ephemeral credential;
    - and comparing the duplicate copy of the ephemeral asymmetric public key with the ephemeral asymmetric public key.
  - 6. The method of claim 5, wherein the recovering of the duplicate copy of the ephemeral asymmetric public key includes decrypting the ephemeral credential with an identity public key.
  - 7. The method of claim 1, wherein the link routes the encrypted authorization secret to a trusted platform module including an input/output interface, a processor, an internal memory and an asymmetric key generation unit.
  - 8. The method of claim 7 further comprising:
    - recovering the authorization secret by decrypting the encrypted authorization secret using an ephemeral asymmetric private key corresponding to the ephemeral asymmetric public key, both the ephemeral asymmetric private key and the ephemeral asymmetric public key are temporarily used for a single communication session.
  - 9. The method of claim 8, wherein prior to receiving the ephemeral asymmetric public key and the ephemeral credential, both the ephemeral asymmetric public key and the ephemeral asymmetric private key are created by the asymmetric key generation unit within the trusted platform module.

10. A method comprising:
- creating an ephemeral asymmetric public key and a corresponding ephemeral asymmetric private key internally within an integrated circuit device;
  
  certifying the ephemeral asymmetric public key;
  
  transmitting the ephemeral asymmetric public key and an ephemeral credential to an requester in order to determine whether the ephemeral asymmetric public key is valid; and
  
  using the ephemeral asymmetric public key for protecting confidentiality of an authorization secret provided by the requester during a communication session.
- View Dependent Claims (11, 12, 13, 15, 16, 17, 19, 20, 21)
- - 11. The method of claim 10, wherein the authorization secret is any type of information that enables access to stored content within the integrated circuit device.
  - 12. The method of claim 10, wherein the authorization secret is any type of information that enables selected functionality for a platform including the integrated circuit device.
  - 13. The method of claim 10, wherein protecting of the confidentiality of the authorization data includes encrypting the authorization secret using the ephemeral asymmetric public key.
  - 15. The integrated circuit device of claim 14, wherein the internal memory contains the ephemeral asymmetric key pair and an asymmetric key cryptography function for execution by the asymmetric key generation unit.
  - 16. The integrated circuit device of claim 14 further comprising an integrated circuit package encapsulating the internal memory and the asymmetric key generation unit.
  - 17. The integrated circuit device of claim 16 further comprising:
    - a processor coupled to the internal memory and contained within the integrated circuit package; and
      
      an input/output (I/O) interface coupled to the processor.
  - 19. The platform of claim 18, wherein the internal memory of the TPM contains the ephemeral asymmetric key pair and an asymmetric key cryptography function for execution by the asymmetric key generation unit.
  - 20. The platform of claim 18, wherein the TPM further comprises an integrated circuit package including the internal memory and the asymmetric key generation unit.
  - 21. The platform of claim 20, wherein the TPM further comprises a processor coupled to the internal memory and contained within the integrated circuit package;
    - and an input/output (P/O) interface coupled to the processor.

14. An integrated circuit device comprising:
- an internal memory; and
  
  an asymmetric key generation unit to produce an ephemeral asymmetric key pair including an ephemeral asymmetric public key and an ephemeral asymmetric private key, both the ephemeral asymmetric public key and the ephemeral asymmetric private key are temporarily used for encryption and decryption during a single communication session.

18. A platform comprising:
- a processor;
  
  an input/output control hub; and
  
  a trusted platform module (TPM) coupled to the input/output control hub, the TPM including an internal memory, and an asymmetric key generation unit to produce an ephemeral asymmetric key pair including an ephemeral asymmetric public key and an ephemeral asymmetric private key, both the ephemeral asymmetric public key and the ephemeral asymmetric private key are temporarily used for encryption and decryption during a single communication session.

22. A program loaded into readable memory for execution by a trusted platform module of a platform, the program comprising:
- code to receive an ephemeral asymmetric public key and an ephemeral credential;
  
  code to verify that the ephemeral asymmetric public key is valid using data recovered from the ephemeral credential;
  
  code to encrypt an authorization secret using the ephemeral asymmetric public key if the ephemeral asymmetric public key is determined to be valid, the authorization secret to control access to an entity loaded on the platform; and
  
  code to transmit the encrypted authorization secret over a link to the platform.
- View Dependent Claims (23, 24)
- - 23. The program of claim 22, wherein the ephemeral credential includes at least a duplicate copy of the ephemeral asymmetric public key digitally signed within with trusted platform module.
  - 24. The program of claim 22, wherein the credential further includes a predetermined sequence of alphanumeric characters to indicate that the ephemeral asymmetric public key originated from a selected identity of the trusted platform module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Grawrock, David W.

Granted Patent

US 6,948,065 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

G06Q 20/3821   Electronic credentials

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/60   Digital content management,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3226   using a predetermined code,...

Platform and method for securely transmitting an authorization secret.

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and method for securely transmitting an authorization secret.

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links