Platform and method for issuing and certifying a hardware-protected attestation key
First Claim
Patent Images
1. A method comprising:
- generating an attestation key pair in a platform that supports isolated execution mode, wherein the platform comprises a processor capable of operating in isolated execution mode and a system memory to include an isolated area that is accessible only when the processor is operating in isolated execution mode, and wherein the attestation key pair includes a private attestation key and a public attestation key; and
producing a certificate for the platform to attest that the platform uses isolated execution mode to protect the private key.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method for certifying an attestation key comprises generating a remote attestation key pair within a platform and producing a certificate. The certificate includes a public attestation key to attest that a private attestation key, corresponding to the public attestation key, is stored in hardware-protected memory.
-
Citations
19 Claims
-
1. A method comprising:
-
generating an attestation key pair in a platform that supports isolated execution mode, wherein the platform comprises a processor capable of operating in isolated execution mode and a system memory to include an isolated area that is accessible only when the processor is operating in isolated execution mode, and wherein the attestation key pair includes a private attestation key and a public attestation key; and producing a certificate for the platform to attest that the platform uses isolated execution mode to protect the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A platform comprising:
-
a processor to operate selectively in distinct modes including a normal execution mode and an isolated execution mode; storage in communication with the processor, the storage comprising a system memory to include an isolated area that is accessible only when the processor is operating in isolated execution mode; key generation instructions encoded in the storage, the key generation instructions to generate an attestation key pair for the platform while executing in isolated execution mode, wherein the attestation key pair comprises a private attestation key and a public attestation key; and a certificate in the storage, wherein the certificate attests that the platform uses isolated execution mode to protect the private key. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
generating an attestation key pair for a platform; storing a private attestation key of the attestation key pair into isolated memory of the platform, the isolated memory being accessible to a processor of the platform only when the processor operates in isolated execution mode, wherein the isolated memory comprises hardware-protected memory; and producing a certificate including the public attestation key, the certificate to attest that the platform stores the private attestation key in the isolated memory. - View Dependent Claims (17, 18, 19)
-
Specification