System and method for providing endorsement certificate
First Claim
Patent Images
1. A method comprising the acts of:
- providing an endorsement key pair to a security module associated with a customer computing device, the endorsement key pair including a public key and a private key;
storing data representative of the public key in a storage external to the customer device;
at a subsequent time, receiving at a comparison agent operatively connected to the storage, certificate request data from the customer device, the certificate request data including at least one of;
the public key, and a hash of the public key with a temporary secret;
determining whether at least a portion of the certificate request data transmitted to the comparison agent matches the data representative of the public key stored in the storage, and if so;
generating an endorsement certificate at least in part using the public key; and
providing the endorsement certificate to the customer device.
3 Assignments
0 Petitions
Accused Products
Abstract
A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
39 Citations
24 Claims
-
1. A method comprising the acts of:
-
providing an endorsement key pair to a security module associated with a customer computing device, the endorsement key pair including a public key and a private key;
storing data representative of the public key in a storage external to the customer device;
at a subsequent time, receiving at a comparison agent operatively connected to the storage, certificate request data from the customer device, the certificate request data including at least one of;
the public key, and a hash of the public key with a temporary secret;
determining whether at least a portion of the certificate request data transmitted to the comparison agent matches the data representative of the public key stored in the storage, and if so;
generating an endorsement certificate at least in part using the public key; and
providing the endorsement certificate to the customer device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A customer computing device, comprising:
-
at least one security module containing a private key and a public key related to the private key, the keys establishing an endorsement key pair;
at least one processor operatively connected to the security module and executing logic comprising;
requesting an endorsement certificate at least in part by sending data representative of the public key to a source of endorsement certificates; and
if it is determined at the source that the data representative of the public key matches a version of the data representative of the public key already at the source, receiving from the source an endorsement certificate generated by the source, the endorsement certificate being generated at least in part using the public key. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A service comprising:
-
storing data representative of public keys associated with respective customer computing devices;
receiving transmissions of data representative of public keys from customer computing devices;
comparing the received data representative of a public key with at least the stored data representative of a public key to determine if a match is found; and
, if a match is found;
generating an endorsement certificate if a match is found; and
providing the endorsement certificate to the customer computing device. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computing facility comprising:
-
means for storing data representative of public keys associated with respective customer computing devices, prior to providing the devices to customers;
means for receiving transmissions of data representative of public keys from devices provided to customers;
means for comparing data representative of a public key received from a device provided to a customer with at least data representative of a public key in the means for storing to determine if a match is found;
means for generating an endorsement certificate based at least in part on the associated public key if a match is found; and
means for transmitting the endorsement certificate to the customer device. - View Dependent Claims (21, 22, 23, 24)
-
Specification