Method and apparatus for binding TPM keys to execution entities

US 20070006169A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

measuring an execution entity to generate a digest value according to an authorization request issued by the execution entity for authorization data required by a trusted platform module (TPM) to use a key protected within the TPM; and

granting the authorization request if the digest value verifies that the execution entity is an owner of the key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.

Citations

20 Claims

1. A method comprising:
- measuring an execution entity to generate a digest value according to an authorization request issued by the execution entity for authorization data required by a trusted platform module (TPM) to use a key protected within the TPM; and
  
  granting the authorization request if the digest value verifies that the execution entity is an owner of the key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein granting the authorization request further comprises:
    - transmitting the authorization data to the execution entity.
  - 3. The method of claim 1, wherein granting the authorization request further comprising:
    - applying the authorization data to each command issued by the execution entity to the TPM for use of the key to prohibit disclosure of the authorization data to the execution entity.
  - 4. The method of claim 3, wherein applying the authorization data further comprises:
    - receiving command parameters from the execution entity;
      
      applying the authorization data to the received command parameters to generate a command digest value;
      
      transmitting the command digest value to the execution entity; and
      
      issuing, by the execution entity, the command digest value to the TPM for use of the key.
  - 5. The method of claim 1, wherein granting comprises:
    - comparing the digest value of execution entity with a digest value of the owner of the key; and
      
      verifying the execution entity as the owner of the key if the digest value of the execution entity matches the digest value of the owner of the key.

6. An article of manufacture comprising a machine-accessible medium having associated data, wherein the data, when accessed, results in a machine performing:
- generating, by a platform reference module, authorization data for a requested key according to a key generation request issued by an execution entity;
  
  measuring the execution entity to generate an ownership digest value;
  
  issuing a key creation command to a trusted platform module (TPM) including the authorization data, wherein the TPM is to require the authorization data for use of the requested key; and
  
  providing a key credential to the execution entity to enable the execution entity to verify that the authorization data required by the TPM for use of the requested key is held by the platform reference module.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The article of manufacture of claim 6, wherein providing the execution entity with the key credential further results in the machine performing:
    - generating the key credential to include a digest of the platform reference module, a digest of trusted computing blocks of the platform reference module and an authorization disclosure mechanism; and
      
      signing the key credential with a certification key owned by the platform reference module.
  - 8. The article of manufacture of claim 6, wherein the machine-accessible medium further includes data, which when accessed by the machine further results in the machine performing:
    - storing the ownership digest value in combination with the authorization data within a key table held within sealed storage by the TPM.
  - 9. The article of manufacture of claim 8, wherein the machine-accessible medium further includes data, which when accessed by the machine further results in the machine performing:
    - receiving an authorization request issued by the execution entity for the authorization data required by the TPM to use the key held within sealed storage by the TPM;
      
      measuring the execution entity to generate an entity digest value; and
      
      granting the authorization request if the entity digest value verifies that the execution entity is an owner of the key.
  - 10. The article of manufacture of claim 9, wherein granting the authorization request further results in the machine performing:
    - comparing the entity digest value with an owner digest value of an owner of the key; and
      
      verifying the execution entity as the owner of the key if the entity digest value of the matches the owner digest value of the owner of the key.

11. A method comprising:
- restricting use of at least one parent key owned by a trusted platform service to a trusted platform bootup state; and
  
  loading, for the trusted platform service, one or more child keys of the parent key if platform metrics indicate the trusted platform bootup state.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein restricting access further comprises:
    - binding usage of the at least one parent key owned by the trusted platform service to the trusted platform bootup state.
  - 13. The method of claim 11, wherein loading further comprises:
    - loading, using a parent certification key owned by the trusted platform service, a child certification key of the trusted platform service; and
      
      generating a credential for the child certification key using at least the parent certification key.
  - 14. The method of claim 11, wherein loading further comprises:
    - loading, using a parent storage key owned by the trusted platform service, a data storage key of the trusted platform service; and
      
      unsealing, using the data storage key, a data table owned by the trusted platform service.
  - 15. The method of claim 11, wherein loading further comprises:
    - loading a parent storage key and a signature key of the trusted platform service;
      
      loading, by the storage key, at least one child key of the trusted platform service; and
      
      certifying the at least one child key using the signature key.

16. A platform comprising:
- a trusted platform module (TPM), including a processor and a non-volatile memory to provide sealed storage of at least one entity key owned;
  
  a trusted measurement agent to measure an execution entity to generate an entity digest value according to an authorization request issued by the execution entity for authorization data required by the TPM to use an entity key held within the sealed storage of the TPM; and
  
  a platform reference module to grant an authorization request issued by an execution entity if an entity digest value measured from the execution entity verifies that the execution entity is an owner of the entity key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The platform of claim 16, wherein the TPM is to provide sealed storage of at least one parent key owned by the platform reference module, the TPM to restrict use of the parent key to a trusted platform bootup state to provide the platform reference module exclusive access to load one or more child keys of the parent key during the trusted platform bootup state.
  - 18. The platform of claim 16, wherein the platform reference module is to:
    - generate authorization data for a requested key according to a key generation request issued by the execution entity;
      
      store a measurement of the execution entity as an owner digest value;
      
      issue a key creation command for the requested key to the TPM including the authorization data, wherein the authorization data is required by the TPM for use of the requested key; and
      
      provide a key credential to the execution entity to enable the execution entity to verify that the authorization data required by the TPM for use of the requested key is held by the platform reference module.
  - 19. The platform of claim 16, further comprising:
    - a chipset coupled to the TPM;
      
      a processor coupled to the chipset; and
      
      non-volatile memory coupled to the chipset, the non-volatile memory including;
      
      a platform initialization module to bootstrap the platform to a trusted platform bootup state required by the TPM for use of a parent key owned by the platform reference module and held in sealed storage by the TPM to restrict the platform reference module to exclusive access to load one or more child keys of the parent key during the trusted platform bootup state.
  - 20. The platform of claim 19, wherein the TPM further comprises:
    - at least one platform configuration register (PCR) to bind use of the parent key to the trusted platform bootup state according to one or more PCR BOOTENV values and a PCR POST_BOOT value, wherein the platform initialization module to modify a platform POST_BOOT value to disable use of the parent key once platform bootup progresses beyond the trusted platform bootup state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Iliev, Alexander, Rozas, Carlos, Scarlata, Vincent

Granted Patent

US 7,908,483 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/131
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/72   in cryptographic circuits

G06F 2221/2141   Access rights, e.g. capabil...

H04L 9/0897   involving additional device...

Method and apparatus for binding TPM keys to execution entities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for binding TPM keys to execution entities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links