Method and system for secure external TPM password generation and use

US 20070226787A1
Filed: 11/30/2006
Published: 09/27/2007
Est. Priority Date: 03/24/2006
Status: Active Grant

First Claim

Patent Images

1. A trusted platform module (TPM) based computer system comprising one or more central processing units (CPUs) connected to one or more internal system busses, having random access memory (RAM), read-only memory, and at least one input/output adapter, which supports various I/O devices, a user interface adapter, a means for generating a secure access code at a remote device in communication with the system;

conveying the secure access code to the TPM; and

receiving the secure access code at the TPM.wherein the TPM receives the secure access code as a parameter for various TPM commands.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the present invention include a method and system for generating a secure access code at a remote device in communication with a computer system having a secure storage device; conveying the secure access code to the system secure storage device; receiving the secure access code at the system secure storage device with unique data characteristics associated with remote device; and, securely providing content to the remote device.

Citations

49 Claims

1. A trusted platform module (TPM) based computer system comprising one or more central processing units (CPUs) connected to one or more internal system busses, having random access memory (RAM), read-only memory, and at least one input/output adapter, which supports various I/O devices, a user interface adapter, a means for generating a secure access code at a remote device in communication with the system;
- conveying the secure access code to the TPM; and
  
  receiving the secure access code at the TPM.wherein the TPM receives the secure access code as a parameter for various TPM commands.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The system of claim 1, wherein the means for generating a secure access code at a remote device further comprises means for reading data input at the remote device and data recognition software adapted in association with unique characteristics of user identifying data for capturing, authenticating and transmitting the data.
  - 3. The system of claim 1, wherein the remote device is a biometric device capable of reading one or more of biometric data, fingerprint data, iris data, retinal data, temperature data, facial data, or vein patterns.
  - 4. The system of claim 1, wherein the TPM is a companion chip situated interoperably with the central processing unit of the system.
  - 5. The system of claim 1 wherein the secure access code is not known by a user.
  - 6. The system of claim 1, wherein the secure access code is a high entropy password, keycode, random number, or alphanumeric complex.
  - 7. The system of claim 1, wherein the secure access code is provided from a separate device.
  - 8. The system of claim 7, wherein the separate device comprises any of a biometric processor, smart card, flash disk or other attached peripheral.
  - 9. The system of claim 3, wherein the TPM is resident and in interoperable communication with a central processing unit of the system wherein the devices share a random authorization secret (RAS).
  - 10. The system of claim 9, wherein the RAS is attached to a public key on the secure storage device.
  - 11. The system of claim 1, further comprising initiating an object-specific authorization protocol (OSAP) session on the TPM.
  - 12. The system of claim 11, further comprising saving at least one OSAP nonce.
  - 13. The system of claim 12, further comprising generating a second template at the remote device in response to unique data characteristics received at the remote device.
  - 14. The system of claim 13, further comprising the remote device generating a random secret and transmitting the secret to the TPM of the system.
  - 15. The system of claim 14, wherein the secret is securely stored or transmitted in association with the second template.
  - 16. The system of claim 15, further comprising the system transmitting the shared secret from a remote device to the TPM.
  - 17. The system of claim 16, wherein the TPM authenticates the unique data characteristics with an identifying template of the system associated with the unique data characteristics and transmits secure content to remote device.
  - 18. The system of claim 17, wherein the remote device is capable of receiving real-time input.
  - 19. The system of claim 17, wherein the remote device is capable of reading biometric data.
  - 20. The system of claim 19, wherein the biometric data is one of fingerprint data, iris data, retinal data, temperature data, facial data, vein patterns or similar other biometric-based data.
  - 21. The system of claim 20, wherein the secure generation and storage on a third device provides an increased level of protection against unapproved snooping of the secure access code.
  - 22. The system of claim 21, wherein the creation of secure access code includes TPM-CreateWrapKey, TPM_Seal and commands that create secure entities for later use.
  - 23. The system of claim 22, wherein the authorization of the secure access code includes TPM-Unseal, TPM-Sign, TPM-Unbind, TPM-LoadKey that require the authorization for entity usage.
  - 24. The system of claim 23, wherein the authorization protocol is provided by the TPM commands include those that require owner or operator authorization.
  - 25. The system of claim 24, wherein the authorization values can be changed TPM_ChangeAuth that changes authorization values.

26. A computer readable medium containing program instructions comprising:
- generating a secure access code at a remote device in communication with a secure storage device;
  
  conveying the secure access code to the system secure storage device; and
  
  receiving the secure access code at the system secure storage device with unique data characteristics associated with a remote device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 27. The computer readable medium of claim 26, wherein the secure storage device comprises a trusted platform module (TPM).
  - 28. The computer readable medium of claim 26 wherein the secure access code is not known by a user.
  - 29. The computer readable medium of claim 26, wherein the secure access code is a high entropy password, keycode, random number, or alphanumeric complex.
  - 30. The computer readable medium of claim 26, wherein the secure access code is provided from a separate device.
  - 31. The computer readable medium of claim 30, wherein the separate device comprises any of a biometric processor, mart card and flash disk.
  - 32. The computer readable medium of claim 26, wherein the secure storage device is resident and in interoperable communication with a central processing unit of the system wherein the devices share a random authorization secret (RAS).
  - 33. The computer readable medium of claim 32, wherein the RAS is attached to a public key on the secure storage device.
  - 34. The computer readable medium of claim 26, further comprising initiating an object-specific authorization protocol (OSAP) session on the secure storage device.
  - 35. The computer readable medium method of claim 34, further comprising saving at least one OSAP nonce.
  - 36. The computer readable medium of claim 35, further comprising generating a second template at the remote device in response to unique data characteristics received at the remote device.
  - 37. The computer readable medium of claim 36, further comprising the remote device generating a random secret and transmitting the secret to the secure storage device of the system.
  - 38. The computer readable medium of claim 37, wherein the secret is securely stored or transmitted in association with the second template.
  - 39. The computer readable medium of claim 38, further comprising the system transmitting the shared secret from a remote device to the secure storage device.
  - 40. The computer readable medium of claim 39, wherein the secure storage device authenticates the unique data characteristics with an identifying template of the system associated with the unique data characteristics and transmits secure content to remote device.
  - 41. The computer readable medium of claim 40, wherein the remote device is capable of receiving real-time input.
  - 42. The computer readable medium of claim 40, wherein the remote device is capable of reading biometric data.
  - 43. The computer readable medium of claim 42, wherein the biometric data is one of fingerprint data, iris data, retinal data, temperature data, facial data, vein patterns or similar other biometric-based data.
  - 44. The computer readable medium of claim 42, wherein the secure storage device is a companion chip situated interoperably with the central processing unit of the system.
  - 45. The computer readable medium of claim 44, wherein the secure generation and storage on a third device provides an increased level of protection against unapproved snooping of the secure access code.
  - 46. The computer readable medium of claim 45, wherein the creation of the secure access codes include TPM-CreateWrapKey, TPM_Seal and other commands that create secure entities for later use.
  - 47. The computer readable medium of claim 46, wherein the authorization of the secure access code includes TPM-Unseal, TPM-Sign, TPM-Unbind, TPM-LoadKey and other commands that require the authorization for entity usage.
  - 48. The computer readable medium of claim 47, wherein the authorization protocol is provided by the TPM commands include those that require owner or operator authorization.
  - 49. The computer readable medium of claim 48, wherein the authorization values can be changed by TPM_ChangeAuth that changes authorization values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Atmel Corporation (Microchip Technology Incorporated)
Original Assignee
Atmel Corporation (Microchip Technology Incorporated)
Inventors
Bohlmann, Nathanael J., Maletsky, Kerry D.

Granted Patent

US 8,261,072 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/46   by designing passwords or c...

G06F 21/57   Certifying or maintaining t...

G06F 21/71   to assure secure computing ...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

Method and system for secure external TPM password generation and use

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure external TPM password generation and use

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links