Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information
First Claim
1. A method comprising:
- authenticating a digital signature of a hardware device according to a public key of an issuer of a private signature key used by the hardware device to sign a received message;
establishing a secure session with the authenticated hardware device according to a session key formed from a key exchange using the received message; and
using the same public key of the issuer to authenticate multiple hardware devices that use different private signature keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for establishing a secure session with a device without exposing privacy-sensitive information are described. In one embodiment, the method includes the authentication of a digitally signed message received from a hardware device. In one embodiment, a digital signature, created by a private signature key of the hardware device, is authenticated according to a public key of an issuer without disclosure of an identity of the hardware device. The digital signature is a signature of an ephemeral DH public key, which the verifier is now assured comes from a trusted device. An encrypted and authenticated session (“secure session”) is established with the authenticated hardware device according to a key exchange using this signed ephemeral DH public key. Other embodiments are described and claimed.
-
Citations
40 Claims
-
1. A method comprising:
-
authenticating a digital signature of a hardware device according to a public key of an issuer of a private signature key used by the hardware device to sign a received message;
establishing a secure session with the authenticated hardware device according to a session key formed from a key exchange using the received message; and
using the same public key of the issuer to authenticate multiple hardware devices that use different private signature keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
transmitting a message to a verifier in response to an authentication request, the message signed by a hardware device using a private signature key;
authenticating, by the verifier, a digital signature of the hardware device according to a public key of an issuer of the private signature key used by the hardware device to sign the message, without disclosing any unique identification information of the hardware device; and
establishing a secure session with the verifier according to a session key formed from a key exchange using a message received from the verifier. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus, comprising:
-
a flash memory to store cryptographic information received from certifying manufacturer of the apparatus; and
a trusted platform module to transmit a signed message to a verifier in response to an authentication request and to establish a secure session with the verifier according to a session key formed from a key exchange using a message received from the verifier without disclosing any unique identification information of the apparatus. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A system comprising:
-
a processor to execute a trusted software module to issue a one-way authentication key exchange request to the hardware device;
a chipset coupled to the processor; and
a hardware device coupled to the chipset, the hardware device including a trusted platform module, the trusted platform module to transmit a signed message to the trusted software module in response to a one-way authentication request from the trusted software module and to establish a secure session with the trusted software module according to a session key formed from a key exchange using a message received from the trusted software module without disclosing any unique identification information of the hardware device. - View Dependent Claims (27, 28, 29, 30)
-
-
31. An article of manufacture including a machine readable medium having stored thereon instructions which may be used to program a system to perform a method, comprising:
-
authenticating a digital signature of a hardware device according to a public key of an issuer of a private signature key used by the hardware device to sign a received message;
establishing a secure session with the authenticated hardware device according to a session key formed from a key exchange using the received message; and
using the same public key of the issuer to authenticate multiple hardware devices that use different private signature keys. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification