Hardware-based device authentication
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- detect that a computing device has entered a particular domain;
receive a domain identifier of the particular domain over a network associated with the particular domain, the domain identifier included in a domain certificate;
identify, using a secured microcontroller of the computing device, a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device, wherein the secured microcontroller is independent of an operating system of the computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system, the hardware identifier derived from a fuse key stored in a non-volatile memory of the computing device during fabrication; and
derive, using the secured microcontroller, a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and the domain identifier of the particular domain.
9 Assignments
0 Petitions
Accused Products
Abstract
An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.
-
Citations
20 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
detect that a computing device has entered a particular domain; receive a domain identifier of the particular domain over a network associated with the particular domain, the domain identifier included in a domain certificate; identify, using a secured microcontroller of the computing device, a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device, wherein the secured microcontroller is independent of an operating system of the computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system, the hardware identifier derived from a fuse key stored in a non-volatile memory of the computing device during fabrication; and derive, using the secured microcontroller, a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and the domain identifier of the particular domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A mobile computing device comprising:
-
a secured microcontroller; secured memory; secure identifier generation logic, executable by the secured microcontroller to; identify a domain identifier of a particular one of a plurality of domains, the domain identifier included in a domain certificate received from the particular domain; identify a secured, persistent hardware identifier stored in the secured memory of the computing device, the hardware identifier derived from a fuse key stored in a non-volatile memory of the secured microcontroller during fabrication; and derive a secure identifier for a pairing of the mobile computing device and the particular domain based on the hardware identifier and the domain identifier; and a transmitter to transmit the secure identifier over a secured channel to a computing device associated with the particular domain, wherein the secured microcontroller is independent of an operating system of the mobile computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
detecting that a computing device has entered a particular domain; receiving a domain identifier of the particular domain over a network associated with the particular domain, the domain identifier included in a domain certificate; identifying, using a secured microcontroller of the computing device, a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device, wherein the secured microcontroller is independent of an operating system of the computing device and values of secure identifiers derived by the secured microcontroller are hidden from the operating system, the hardware identifier derived from a fuse key stored in a non-volatile memory of the computing device during fabrication; and deriving, using the secured microcontroller, a secure identifier for a pairing of the computing device and the particular domain based on the hardware identifier and the domain identifier of the particular domain. - View Dependent Claims (17, 18, 19, 20)
-
Specification