Secure Creation and Management of Device Ownership Keys
First Claim
Patent Images
1. A method of generating an ownership key for a target device containing a Trusted Platform Module (TPM) by a Key Manager comprising:
- combining manufacturer information with target device specific information to generate an owner key and a recovery token,sending the owner key to the target device,commanding the target device to use the owner key to take ownership of the TPM,sending the key recovery token to the target device and storing the key recovery token in the target device, andstoring transaction information and the key recovery token in an ownership recovery database.
4 Assignments
0 Petitions
Accused Products
Abstract
Secure creation and management of device ownership keys. TPM ownership keys are generated by cryptographically combining manufacturer information with device specific information. Ownership keys are established in the TPM containing device. The manufacturer retains necessary information to reconstruct the ownership key if needed.
-
Citations
13 Claims
-
1. A method of generating an ownership key for a target device containing a Trusted Platform Module (TPM) by a Key Manager comprising:
-
combining manufacturer information with target device specific information to generate an owner key and a recovery token, sending the owner key to the target device, commanding the target device to use the owner key to take ownership of the TPM, sending the key recovery token to the target device and storing the key recovery token in the target device, and storing transaction information and the key recovery token in an ownership recovery database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A machine readable medium having a set of instructions stored therein, which when executed on a system comprising a key manager connected to a target device containing a TPM causes a set of operations to be performed comprising:
-
hashing target device specific information concatenated with manufacturer information to form an intermediate value, choosing a model key corresponding to the target device, hashing the intermediate value with the model key to form an output value, selecting the owner key from the output value, generating a key recovery token from the model key, sending the owner key to the target device, commanding the target device to use the owner key to take ownership of the TPM, sending the key recovery token to the target device and storing the key recovery token in the target device, and storing transaction information and the key recovery token in an ownership recovery database.
-
Specification