Secure Creation and Management of Device Ownership Keys

US 20090268915A1
Filed: 04/24/2008
Published: 10/29/2009
Est. Priority Date: 04/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method of generating an ownership key for a target device containing a Trusted Platform Module (TPM) by a Key Manager comprising:

combining manufacturer information with target device specific information to generate an owner key and a recovery token,sending the owner key to the target device,commanding the target device to use the owner key to take ownership of the TPM,sending the key recovery token to the target device and storing the key recovery token in the target device, andstoring transaction information and the key recovery token in an ownership recovery database.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure creation and management of device ownership keys. TPM ownership keys are generated by cryptographically combining manufacturer information with device specific information. Ownership keys are established in the TPM containing device. The manufacturer retains necessary information to reconstruct the ownership key if needed.

Citations

13 Claims

1. A method of generating an ownership key for a target device containing a Trusted Platform Module (TPM) by a Key Manager comprising:
- combining manufacturer information with target device specific information to generate an owner key and a recovery token,sending the owner key to the target device,commanding the target device to use the owner key to take ownership of the TPM,sending the key recovery token to the target device and storing the key recovery token in the target device, andstoring transaction information and the key recovery token in an ownership recovery database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 where the step of generating an owner key and a recovery token is a cryptographic process.
  - 3. The method of claim 1 where the step of generating an owner key and a recovery token further comprises:
    - hashing the target device specific information concatenated with manufacturer information to form an intermediate value,choosing a model key corresponding to the target device,hashing the intermediate value with the model key to form an output value,selecting the owner key from the output value, andgenerating a key recovery token from the model key.
  - 4. The method of claim 3 where the manufacturer information includes a nonce.
  - 5. The method of claim 3 where the target device specific information includes one or more of the device model, device MAC address, and/or the target device serial number.
  - 6. The method of claim 3 where the step of generating a key recovery token comprises encrypting the concatenation of the Model Key ID and nonce using the Key Manager'"'"'s public key.
  - 7. The method of claim 6 further comprising padding the concatenation of the Model Key ID and the nonce to the same length as the public key.
  - 8. The method of claim 1 where the key recovery token is stored in the target device.
  - 9. The method of claim 1 where the key recovery token is stored in the target device TPM.
  - 10. The method of claim 9 further comprising purging the owner key from target device memory after storing the key recovery token in the TPM.
  - 11. The method of claim 1 further comprising having the target device notify the Key Manager of a successful owner key change after the step of taking ownership of the TPM using the owner key.
  - 12. The method of claim 9 further comprising having the target device notify the Key Manager of a successful owner key change after the step of storing the key recovery token in the TPM.

13. A machine readable medium having a set of instructions stored therein, which when executed on a system comprising a key manager connected to a target device containing a TPM causes a set of operations to be performed comprising:
- hashing target device specific information concatenated with manufacturer information to form an intermediate value,choosing a model key corresponding to the target device,hashing the intermediate value with the model key to form an output value,selecting the owner key from the output value,generating a key recovery token from the model key,sending the owner key to the target device,commanding the target device to use the owner key to take ownership of the TPM,sending the key recovery token to the target device and storing the key recovery token in the target device, andstoring transaction information and the key recovery token in an ownership recovery database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Aruba Networks Incorporated (Hewlett-Packard Enterprise Company)
Inventors
Kshirsagar, Shekhar, Kelly, Scott G.

Granted Patent

US 8,041,960 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

H04L 9/0877 using additional device, e....

H04L 9/0897 involving additional device...

Secure Creation and Management of Device Ownership Keys

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Creation and Management of Device Ownership Keys

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links