Trusted platform module for generating sealed data

US 7,809,957 B2
Filed: 09/29/2005
Issued: 10/05/2010
Est. Priority Date: 09/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method for creating single use data, the method comprising:

determining, with a trusted platform module of a computing device, a key for sealing the data;

receiving a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a counter parameter for sealing the data;

associating a counter parameter obtained from the selected counter with the data; and

the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a method and system for creating sealed data are disclosed herein. A trusted platform module (TPM) is used to seal data and other information in a sealed blob. In one embodiment, a monotonic counter parameter is included in the sealed blob. In another embodiment, a tick counter parameter is included in the sealed blob. In yet another embodiment, a session parameter is included in the sealed blob. In each instance, the data is only released if the associated parameter included in the blob corresponds to a current parameter. Other embodiments are described and claimed.

223 Citations

26 Claims

1. A method for creating single use data, the method comprising:
- determining, with a trusted platform module of a computing device, a key for sealing the data;
  
  receiving a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a counter parameter for sealing the data;
  
  associating a counter parameter obtained from the selected counter with the data; and
  
  the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising associating at least one platform configuration register (PCR) with the data.
  - 3. The method of claim 1, wherein the counter parameter includes monotonic counter parameters.
  - 4. The method of claim 3, wherein the monotonic counter parameters comprise a counter ID, a minimum counter value, and a maximum counter value.
  - 5. The method of claim 4, further comprising:
    - unsealing the data, counter ID, minimum counter value, and maximum counter value,analyzing the unsealed counter ID, minimum counter value, and maximum counter value,releasing the data if the counter ID, minimum counter value, and maximum counter value correspond to current values, andautomatically incrementing a counter parameter for a monotonic counter identified by the counter ID in response to the releasing.
  - 6. The method of claim 2, wherein the counter parameter includes tick counter parameters.
  - 7. The method of claim 6, wherein the tick counter parameters comprise a tick nonce, a minimum tick value, and a maximum tick value.
  - 8. The method of claim 7, further comprising:
    - unsealing the data, tick nonce, minimum tick value, and maximum tick value,analyzing the unsealed tick nonce, minimum tick value, and maximum tick value, andreleasing the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values.

9. A computer-readable storage medium having stored thereon instructions, which when executed in a system operate to create single use data by:
- determining a key for sealing the data;
  
  receiving a selection of a counter, from a plurality of currently available counters of a trusted platform module, to provide a counter parameter for sealing the data; and
  
  associating a counter parameter obtained from the selected counter with the data; and
  
  the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The medium of claim 9, wherein the counter parameter comprises monotonic counter parameters.
  - 11. The medium of claim 10, wherein the monotonic counter parameters comprise a counter ID, a minimum counter value, and a maximum counter value.
  - 12. The medium of claim 11, wherein the operation further comprises:
    - unsealing the data, counter ID, minimum counter value, and maximum counter value, andreleasing the data if the counter ID, minimum counter value, and maximum counter value correspond to current values.
  - 13. The medium of claim 9, wherein the counter parameter further comprises tick counter parameters.
  - 14. The medium of claim 13, wherein the tick counter parameters further comprise a tick nonce, a minimum tick value, and a maximum tick value.

15. The medium of the 14, wherein the operation further comprises:
- unsealing the data, tick nonce, minimum tick value, and maximum tick value, andreleasing the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values.

16. A system configured to create single use data, the system comprising:
- a trusted platform module (TPM) configured to,determine a key for sealing the data;
  
  receive a selection of a counter, from a plurality of currently available counters of the TPM, to provide a counter parameter for sealing the data;
  
  associate a counter parameter obtained from the selected counter with the data; and
  
  use the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the TPM to enforce use limitations on the data utilizing the selected counter and the counter parameter.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system of claim 16, wherein the counter parameter includes monotonic counter parameters.
  - 18. The system of claim 17, wherein the monotonic counter parameters include a counter ID, a minimum counter value, and a maximum counter value.
  - 19. The system of claim 18, wherein the TPM is further configured to:
    - unseal the data, counter ID, minimum counter value, and maximum counter value, andrelease the data if the counter ID, minimum counter value, and maximum counter value correspond to current values.
  - 20. The system of claim 16, wherein the counter parameter includes tick counter parameters.
  - 21. The system of claim 20, wherein the tick counter parameters include a tick nonce, a minimum tick value, and a maximum tick value.
  - 22. The system of claim 21, wherein the TPM is further configured to:
    - unseal the data, tick nonce, minimum tick value, and maximum tick value, release the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values.

23. A method of generating sealed data, the method comprisingdetermining, with a trusted platform module of a computing device, a key for sealing the data;
- receiving at least one of a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a parameter for sealing the data, or a selection of a session handle;
  
  associating a parameter with the data, wherein the parameter is selected from a group consisting of a counter parameter and a session parameter; and
  
  the trusted platform module using the key to seal the data and the parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected at least one of the counter or the session handle.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23, wherein the parameter comprises a session handle.
  - 25. The method of claim 23, wherein the parameter comprises a monotonic counter parameter and a pointer to a selected monotonic counter.
  - 26. The method of claim 23, wherein the parameter comprises a tick counter parameter and a pointer to a selected tick counter parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Grawrock, David
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US11/238,440
Publication Number

US 20070073416A1
Time in Patent Office

1,832 Days
Field of Search

726/26, 726/27, 380/43, 380/277, 713/201, 713/187, 705/51, 725/31
US Class Current

713/193
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Trusted platform module for generating sealed data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

223 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted platform module for generating sealed data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

223 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links