SECURE HARDWARE FOR CROSS-DEVICE TRUSTED APPLICATIONS
First Claim
1. A computing device, comprising:
- secure hardware, comprising;
a shared secret, the shared secret being shared by the secure hardware and a server computing system, the shared secret being provisioned by at least one of the server computing system or a provisioning computing system of a party affiliated with the server computing system; and
a cryptographic engine that executes a cryptographic algorithm using at least one of the shared secret or a key generated from the shared secret, the cryptographic engine executes the cryptographic algorithm to perform at least one of encryption, decryption, authentication, or attestation.
1 Assignment
0 Petitions
Accused Products
Abstract
Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.
-
Citations
20 Claims
-
1. A computing device, comprising:
secure hardware, comprising; a shared secret, the shared secret being shared by the secure hardware and a server computing system, the shared secret being provisioned by at least one of the server computing system or a provisioning computing system of a party affiliated with the server computing system; and a cryptographic engine that executes a cryptographic algorithm using at least one of the shared secret or a key generated from the shared secret, the cryptographic engine executes the cryptographic algorithm to perform at least one of encryption, decryption, authentication, or attestation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. A method for controlling sharing of a hardware protected state across multiple computing devices, comprising:
-
accessing a first shared secret in storage of a server computing system, the first shared secret being shared by the server computing system and first secure hardware of a first computing device; accessing a second shared secret in the storage of the server computing system, the second shared secret being shared by the server computing system and second secure hardware of a second computing device; and synchronizing the hardware protected state between the first secure hardware and the second secure hardware, the hardware protected state being synchronized based on; first encrypted messages communicated between the server computing system and the first computing device, the first encrypted messages being encrypted based on the first shared secret shared by the server computing system and the first secure hardware; and second encrypted messages communicated between the server computing system and the second computing device, the second encrypted messages being encrypted based on the second shared secret shared by the server computing system and the second secure hardware. - View Dependent Claims (17, 18, 19)
-
-
20. Secure hardware, comprising:
-
a shared secret, the shared secret being shared by the secure hardware and a server computing system; a symmetric key generated by the secure hardware based on the shared secret; a remote access control component that generates a message for accessing remote storage of the server computing system, the message generated responsive to the secure hardware receiving a command; and a cryptographic engine that encrypts the message for transmission to the server computing system, the cryptographic engine encrypts the message using the symmetric key to generate an encrypted message, the encrypted message configured to cause the remote storage of the server computing system to one of; write data to the remote storage of the server computing system;
orread the data from the remote storage of the server computing system.
-
Specification