Trusted platform module for generating sealed data
First Claim
Patent Images
1. A method for creating single use data, the method comprising:
- determining, with a trusted platform module of a computing device, a key for sealing the data;
receiving a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a counter parameter for sealing the data;
associating a counter parameter obtained from the selected counter with the data; and
the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a method and system for creating sealed data are disclosed herein. A trusted platform module (TPM) is used to seal data and other information in a sealed blob. In one embodiment, a monotonic counter parameter is included in the sealed blob. In another embodiment, a tick counter parameter is included in the sealed blob. In yet another embodiment, a session parameter is included in the sealed blob. In each instance, the data is only released if the associated parameter included in the blob corresponds to a current parameter. Other embodiments are described and claimed.
223 Citations
26 Claims
-
1. A method for creating single use data, the method comprising:
-
determining, with a trusted platform module of a computing device, a key for sealing the data; receiving a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a counter parameter for sealing the data; associating a counter parameter obtained from the selected counter with the data; and the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium having stored thereon instructions, which when executed in a system operate to create single use data by:
-
determining a key for sealing the data; receiving a selection of a counter, from a plurality of currently available counters of a trusted platform module, to provide a counter parameter for sealing the data; and associating a counter parameter obtained from the selected counter with the data; and the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. The medium of the 14, wherein the operation further comprises:
-
unsealing the data, tick nonce, minimum tick value, and maximum tick value, and releasing the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values.
-
-
16. A system configured to create single use data, the system comprising:
a trusted platform module (TPM) configured to, determine a key for sealing the data; receive a selection of a counter, from a plurality of currently available counters of the TPM, to provide a counter parameter for sealing the data; associate a counter parameter obtained from the selected counter with the data; and use the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the TPM to enforce use limitations on the data utilizing the selected counter and the counter parameter. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
23. A method of generating sealed data, the method comprising
determining, with a trusted platform module of a computing device, a key for sealing the data; -
receiving at least one of a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a parameter for sealing the data, or a selection of a session handle; associating a parameter with the data, wherein the parameter is selected from a group consisting of a counter parameter and a session parameter; and the trusted platform module using the key to seal the data and the parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected at least one of the counter or the session handle. - View Dependent Claims (24, 25, 26)
-
Specification