Secure creation and management of device ownership keys
First Claim
Patent Images
1. A method of generating an ownership key for a target device containing a Trusted Platform Module (TPM) by a Key Manager comprising:
- combining manufacturer information with target device specific information to generate an owner key and a recovery token, the recovery token being based on information used to generate the owner key;
sending the owner key to the target device;
commanding the target device to use the owner key to take ownership of the TPM;
sending the key recovery token to the target device and storing the key recovery token in the target device; and
storing transaction information and the key recovery token in an ownership recovery database.
4 Assignments
0 Petitions
Accused Products
Abstract
Secure creation and management of device ownership keys. TPM ownership keys are generated by cryptographically combining manufacturer information with device specific information. Ownership keys are established in the TPM containing device. The manufacturer retains necessary information to reconstruct the ownership key if needed.
8 Citations
20 Claims
-
1. A method of generating an ownership key for a target device containing a Trusted Platform Module (TPM) by a Key Manager comprising:
-
combining manufacturer information with target device specific information to generate an owner key and a recovery token, the recovery token being based on information used to generate the owner key; sending the owner key to the target device; commanding the target device to use the owner key to take ownership of the TPM; sending the key recovery token to the target device and storing the key recovery token in the target device; and storing transaction information and the key recovery token in an ownership recovery database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory machine readable medium having a set of instructions stored therein, which when executed on a system comprising a key manager connected to a target device containing a TPM causes a set of operations to be performed comprising:
-
hashing target device specific information concatenated with manufacturer information to form an intermediate value, choosing a model key corresponding to the target device; hashing the intermediate value with the model key to form an output value; selecting the owner key from the output value; generating a key recovery token from the model key; sending the owner key to the target device; commanding the target device to use the owner key to take ownership of the TPM; sending the key recovery token to the target device and storing the key recovery token in the target device; and storing transaction information and the key recovery token in an ownership recovery database.
-
-
14. A method of generating an owner key for a target device containing a Trusted Platform Module (TPM) by a Key Manager, the method comprising:
-
performing operations on manufacturer information and identification information for the target device to an intermediary result; performing operations on the intermediary result and keying material to generate an owner key, the owner key to be needed for future operations using the TPM; performing operations on a unique identifier located in the keying material to generate a key recovery token; transmitting the owner key and the key recovery token to the target device that results in the target device issuing a command to securely store and utilize the owner key; receiving information from the target device that the owner key has been successfully changed; and transmitting the identification information and the key recovery token in an external storage device upon receiving the information from the target device that the owner key has been successfully changed. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification