Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms

US 20080059799A1
Filed: 08/29/2006
Published: 03/06/2008
Est. Priority Date: 08/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a cryptographic key, the method comprising:

receiving a configuration of a computing platform, the computing platform comprising a Trusted Platform Module (TPM);

receiving the cryptographic key;

receiving authorization data for accessing the cryptographic key; and

creating an authorization blob, the authorization blob locking the authorization data to a measurement of the configuration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and arrangements to control access to cryptographic keys and to attest to the approved configurations of computer platforms able to access these keys, which include trusted platform modules (TPMs) are contemplated. Embodiments include transformations, code, state machines or other logic to control access to a cryptographic key by creating an authorization blob locking authorization data to access the cryptographic key to platform configuration register (PCR) values of a TPM, the PCR values representing a configuration of a computing platform. Embodiments may also involve generating a first TPM cryptographic key bound to PCR values, receiving a second TPM cryptographic key owned by software, and receiving evidence of the identity of an upgrade service controlling the upgrading of the software. Embodiment may also include certifying the first TPM cryptographic key; certifying the second TPM cryptographic key; concatenating the first certification, the second certification, and the evidence of the identity of the upgrade service; and signing the concatenation.

137 Citations

30 Claims

1. A method for controlling access to a cryptographic key, the method comprising:
- receiving a configuration of a computing platform, the computing platform comprising a Trusted Platform Module (TPM);
  
  receiving the cryptographic key;
  
  receiving authorization data for accessing the cryptographic key; and
  
  creating an authorization blob, the authorization blob locking the authorization data to a measurement of the configuration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising deleting another authorization blob locking the cryptographic key to a measurement of another configuration of the computing platform.
  - 3. The method of claim 1, further comprising:
    - hashing one or more authorization blobs locking the authorization data to one or more configurations of the computing platform after the creating, thereby creating a first hash;
      
      storing the first hash;
      
      booting the computing platform;
      
      hashing one or more authorization blobs locking the authorization data to one or more configurations of the computing platform after booting, thereby creating a second hash;
      
      comparing the first hash and the second hash; and
      
      accessing the cryptographic key, based upon a determination that the first hash matches the second hash.
  - 4. The method of claim 1, further comprising creating another authorization blob containing the authorization data, the authorization blob accessible by a recovery authority.
  - 5. The method of claim 1, further comprising upgrading the computing platform to the configuration of the computing platform.
  - 6. The method of claim 1, wherein:
    - receiving a configuration comprises receiving a configuration of the computing platform, the configuration comprising Platform Configuration Register (PCR) values of the TPM; and
      
      the creating comprises creating an authorization blob, the authorization blob locking the authorization data to the PCR values of the configuration.
  - 7. The method of claim 1, wherein the receiving the cryptographic key comprises creating a TPM data encryption key.
  - 8. The method of claim 1, wherein the receiving the cryptographic key comprises creating a TPM signing key.
  - 9. The method of claim 1, wherein the creating comprises:
    - receiving a TPM storage key; and
      
      sealing the authorization data to the configuration of the computing platform with the TPM storage key.
  - 10. The method of claim 1, wherein the creating comprises:
    - creating a TPM configuration key;
      
      binding the TPM configuration key to the configuration of the computing platform; and
      
      encrypting the authorization data with the TPM configuration key.
  - 11. The method of claim 1, wherein:
    - receiving the cryptographic key, authorization data, and a configuration of the computing platform comprise receiving by a virtual TPM the cryptographic key, the authorization data, and the configuration of the computing platform; and
      
      creating an authorization blob comprises creating the authorization blob by the virtual TPM.

12. A method for attesting to approved configurations of a computing platform, the method comprising:
- generating a first Trusted Platform Module (TPM) cryptographic key, the key bound to platform configuration register (PCR) values representing a current configuration of a trusted computing base and software;
  
  receiving a second TPM cryptographic key owned by the software;
  
  receiving evidence of an identity of an upgrade service controlling the upgrading of the software;
  
  certifying the first TPM cryptographic key, thereby producing a first certification;
  
  certifying the second TPM cryptographic key, thereby producing a second certification;
  
  concatenating the first certification, the second certification, and the evidence of the identity of the upgrade service, thereby producing a concatenation; and
  
  signing the concatenation.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising proving to the upgrade service the trustworthiness of the current configuration of the trusted computing base and the software.
  - 14. The method of claim 12, wherein:
    - the generating comprises generating a TPM identity key bound to the PCR values;
      
      receiving evidence of the identity of the upgrade service comprises receiving a public key of the upgrade service;
      
      certifying the second TPM cryptographic key comprises certifying the second TPM cryptographic key with the TPM identity key; and
      
      the concatenating comprises concatenating the first certification, the second certification, and the public key of the upgrade service.

15. A trusted platform module (TPM), the TPM comprising:
- a configuration module to receive a configuration of a computing platform;
  
  a cryptographic module to receive a cryptographic key and to receive authorization data for accessing the cryptographic key; and
  
  a storage module to create an authorization blob, wherein the authorization blob locks the authorization data to the configuration of the computing platform.
- View Dependent Claims (16, 17)
- - 16. The TPM of claim 15, wherein:
    - the cryptographic module comprises a generation module to create a TPM storage key; and
      
      the storage module comprises logic to seal the authorization data to the configuration of the computing platform with the TPM storage key.
  - 17. The TPM of claim 15, wherein:
    - the cryptographic module comprises a generation module to create a TPM configuration key and an encryption module to encrypt the authorization data with the TPM configuration key; and
      
      the storage module comprises logic to lock the TPM configuration key to the configuration of the computing platform.

18. A machine-accessible medium to control access to a cryptographic key, the medium having one or more associated instructions, wherein the one or more instructions, when executed, cause a machine to:
- receive a configuration of a computer platform, the computer platform comprising a Trusted Platform Module (TPM);
  
  receive a cryptographic key;
  
  receive authorization data for accessing the cryptographic key; and
  
  create an authorization blob, the authorization blob locking the authorization data to a measurement of the configuration.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 19. The medium of claim 18, wherein the one or more instructions, when executed, cause the machine to:
    - hash one or more authorization blobs locking the cryptographic key to one or more configurations of the computing platform, thereby creating a first hash;
      
      store the first hash;
      
      boot the computing platform;
      
      hash one or more authorization blobs locking the cryptographic key to one or more configurations of the computing platform after booting, thereby creating a second hash;
      
      compare the first hash and the second hash; and
      
      access the cryptographic key, based upon a determination that the first hash matches the second hash.
  - 20. The medium of claim 18, wherein the one or more instructions, when executed, further cause the machine to create another authorization blob containing the authorization data for the cryptographic key, the authorization blob accessible by a recovery authority.
  - 21. The medium of claim 18, wherein the medium comprises a transmission medium.
  - 22. The medium of claim 18, wherein:
    - causing the machine to receive a configuration comprises causing the machine to receive the configuration of the computing platform, the configuration comprising Platform Configuration Register (PCR) values of the TPM; and
      
      causing the machine to create an authorization blob comprises causing the machine to create the authorization blob, the authorization blob locking the authorization data to the PCR values of the configuration.
  - 23. The medium of claim 18, wherein causing the machine to receive a cryptographic key comprises causing the machine to create a TPM data encryption key.
  - 24. The medium of claim 18, wherein causing the machine to receive a cryptographic key comprises causing the machine to create a TPM signing key.
  - 25. The medium of claim 18, wherein causing the machine to create comprises:
    - cause the machine to receive a TPM storage key; and
      
      causing the machine to seal the authorization data to the configuration of the computing platform with the TPM storage key.
  - 26. The medium of claim 18, wherein causing the machine to create an authorization blob comprises:
    - causing the machine to create a TPM configuration key;
      
      causing the machine to lock the TPM configuration key to the configuration of the computing platform; and
      
      causing the machine to encrypt the authorization data with the TPM configuration key.
  - 27. The medium of claim 18, wherein:
    - causing the machine to receive the cryptographic key, authorization data, and a configuration of the computing platform comprises causing the machine to receive by a virtual TPM the cryptographic key, the authorization data, and the configuration of the computing platform; and
      
      causing the machine to create an authorization blob comprises causing the machine to create the authorization blob by the virtual TPM.
  - 28. The medium of claim 18, wherein the one or more instructions, when executed, cause the machine to:
    - generate a second cryptographic key, the key a TPM key bound to PCR values representing a current configuration of a trusted computing base and software;
      
      receive evidence of an identity of an upgrade service controlling the upgrading of the software;
      
      certify the second cryptographic key, thereby producing a first certification;
      
      certify the cryptographic key, thereby producing a second certification;
      
      concatenate the first certification, the second certification, and the evidence of the identity of the upgrade service, thereby producing a concatenation; and
      
      sign the concatenation.
  - 29. The medium of claim 28, wherein the one or more instructions, when executed, further cause the machine to:
    - prove to the upgrade service the trustworthiness of the current configuration of the trusted computing base and the software.
  - 30. The medium of claim 28, wherein:
    - causing the machine to generate a second cryptographic key comprises causing the machine to generate a TPM identity key bound to the PCR values;
      
      causing the machine to receive evidence of an identity of the upgrade service comprises causing the machine to receive a public key of the upgrade service;
      
      causing the machine to certify the cryptographic key comprises causing the machine to certify the cryptographic key with the TPM identity key; and
      
      the concatenating comprises concatenating the first certification, the second certification, and the public key of the upgrade service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Scarlata, Vincent

Granted Patent

US 7,711,960 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 9/0897 involving additional device...

Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

137 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links