AR075283A1 - Metodo sistema y dispositivo para proveer un modulo de plataforma confiable (tpm) - Google Patents

Metodo sistema y dispositivo para proveer un modulo de plataforma confiable (tpm)

Info

Publication number
AR075283A1
AR075283A1 ARP090103901A AR075283A1 AR 075283 A1 AR075283 A1 AR 075283A1 AR P090103901 A ARP090103901 A AR P090103901A AR 075283 A1 AR075283 A1 AR 075283A1
Authority
AR
Argentina
Prior art keywords
platform module
running
tpm
device method
secure communications
Prior art date
Application number
Other languages
English (en)
Inventor
Kevin M Litwack
Shon Eizenhoefer
Stefan Thom
Erik L Holt
Yash Gandhi
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of AR075283A1 publication Critical patent/AR075283A1/es

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Se proveen técnicas para implementar la inicializacion de un Modulo de Plataforma Confiable TPM. Los resultados pueden ser confiables y confidenciales aun cuando los dispositivos contengan programas en ejecucion o sistemas operativos maliciosos. En una materializacion, las comunicaciones seguras pueden ser activadas mediante una clave proporcionada por el fabricante del dispositivo. Las comunicaciones seguras pueden permitir que un administrador de sistema realice una operacion para obtener la propiedad de forma remota, en lugar de ejecutarla localmente en cada dispositivo y correr el riesgo de exponer informacion sensible al software local.
ARP090103901 2008-10-10 2009-10-09 Metodo sistema y dispositivo para proveer un modulo de plataforma confiable (tpm) AR075283A1 (es)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/249,042 US8607065B2 (en) 2008-10-10 2008-10-10 Trusted and confidential remote TPM initialization

Publications (1)

Publication Number Publication Date
AR075283A1 true AR075283A1 (es) 2011-03-23

Family

ID=42099965

Family Applications (1)

Application Number Title Priority Date Filing Date
ARP090103901 AR075283A1 (es) 2008-10-10 2009-10-09 Metodo sistema y dispositivo para proveer un modulo de plataforma confiable (tpm)

Country Status (6)

Country Link
US (3) US8607065B2 (es)
EP (1) EP2335375B1 (es)
CN (1) CN102177678B (es)
AR (1) AR075283A1 (es)
TW (1) TW201017465A (es)
WO (1) WO2010042621A2 (es)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2962648C (en) 2005-10-06 2019-07-23 Mastercard Mobile Transactions Solutions, Inc. Three-dimensional transaction authentication
US8959363B2 (en) 2010-06-03 2015-02-17 Intel Corporation Systems, methods, and apparatus to virtualize TPM accesses
US8953790B2 (en) * 2011-11-21 2015-02-10 Broadcom Corporation Secure generation of a device root key in the field
US8949818B2 (en) * 2012-06-29 2015-02-03 Intel Corporation Mechanism for facilitating dynamic and trusted cloud-based extension upgrades for computing systems
US9912771B2 (en) 2014-04-14 2018-03-06 Arris Enterprises Llc Real time key collection in device provisioning
CN105516967A (zh) * 2014-09-25 2016-04-20 中兴通讯股份有限公司 可信环境创建方法和装置及基站异常恢复方法和装置
US9735968B2 (en) 2014-10-20 2017-08-15 Microsoft Technology Licensing, Llc Trust service for a client device
CN104618096B (zh) * 2014-12-30 2018-10-30 华为技术有限公司 保护密钥授权数据的方法、设备和tpm密钥管理中心
US10146916B2 (en) * 2015-11-17 2018-12-04 Microsoft Technology Licensing, Llc Tamper proof device capability store
US10218696B2 (en) 2016-06-30 2019-02-26 Microsoft Technology Licensing, Llc Targeted secure software deployment
CN109309690B (zh) * 2018-12-28 2019-04-02 中国人民解放军国防科技大学 一种基于报文认证码的软件白名单控制方法
US11546176B2 (en) * 2020-08-26 2023-01-03 Rockwell Collins, Inc. System and method for authentication and cryptographic ignition of remote devices

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7299354B2 (en) * 2003-09-30 2007-11-20 Intel Corporation Method to authenticate clients and hosts to provide secure network boot
US7644278B2 (en) * 2003-12-31 2010-01-05 International Business Machines Corporation Method for securely creating an endorsement certificate in an insecure environment
US7382880B2 (en) * 2004-01-26 2008-06-03 Hewlett-Packard Development Company, L.P. Method and apparatus for initializing multiple security modules
EP1617587A1 (en) * 2004-07-12 2006-01-18 International Business Machines Corporation Method, system and computer program product for privacy-protecting integrity attestation of computing platform
US7484099B2 (en) * 2004-07-29 2009-01-27 International Business Machines Corporation Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment
US20060095505A1 (en) * 2004-09-30 2006-05-04 Zimmer Vincent J Providing a trustworthy configuration server
US20060184785A1 (en) * 2005-02-16 2006-08-17 David Carroll Challener Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system
US7640593B2 (en) * 2005-04-21 2009-12-29 Nokia Corporation User-controlled management of TPM identities
US7849312B2 (en) * 2006-03-24 2010-12-07 Atmel Corporation Method and system for secure external TPM password generation and use
US20080046752A1 (en) * 2006-08-09 2008-02-21 Stefan Berger Method, system, and program product for remotely attesting to a state of a computer system
US7900058B2 (en) * 2006-08-31 2011-03-01 Intel Corporation Methods and arrangements for remote communications with a trusted platform module
US20080184028A1 (en) * 2007-01-29 2008-07-31 Dell Products L.P. Methods, Apparatus and Products for Establishing a Trusted Information Handling System
US8543799B2 (en) * 2008-05-02 2013-09-24 Microsoft Corporation Client authentication during network boot

Also Published As

Publication number Publication date
US9787674B2 (en) 2017-10-10
EP2335375A2 (en) 2011-06-22
EP2335375B1 (en) 2017-07-26
US20100095120A1 (en) 2010-04-15
EP2335375A4 (en) 2015-05-27
WO2010042621A2 (en) 2010-04-15
US20140089664A1 (en) 2014-03-27
US20170078279A1 (en) 2017-03-16
TW201017465A (en) 2010-05-01
US8607065B2 (en) 2013-12-10
CN102177678B (zh) 2014-11-26
WO2010042621A3 (en) 2010-07-08
CN102177678A (zh) 2011-09-07
US9237135B2 (en) 2016-01-12

Similar Documents

Publication Publication Date Title
AR075283A1 (es) Metodo sistema y dispositivo para proveer un modulo de plataforma confiable (tpm)
CO2019007876A2 (es) Direccionamiento de un entorno de ejecución confiable utilizando clave de cifrado
CL2019002026A1 (es) Direccionamiento de un entorno de ejecución confiable utilizando clave de firma.
WO2017062128A3 (en) Technologies for end-to-end biometric-based authentication and platform locality assertion
CL2009001359A1 (es) Método para generar una clave criptográfica para la protección de la comunicación entre dos entidades, realizada por la primera entidad como parte de una operación distribuida de seguridad iniciada por la segunda entidad; dispositivo; equipo; sistema.
AR047827A1 (es) Un dispositivo de computadora que presenta capacidad inalambrica para la ejecucion de programas no verificados en un entorno operado por dispositivo inalambrico
BR112015007854A2 (pt) sistema e método de execução de uma instância de máquina virtual, sistema servidor de chaves para emitir chaves para uma instância de máquina virtual, imagem de máquina virtual capaz de ter instância formada como uma instância de máquina virtual, e, método de emissão de chaves para uma instância de máquina virtual
BR112014012653A8 (pt) sistema e método para o gerenciamento de chave para domínio de segurança do emissor ao usar especificações da global platform
BR112017014632A2 (pt) ?método implementado por computador, e, sistema de computador?
AR072975A1 (es) Modulo integrado de seguridad criptografica para un nodo de red
ES2722533T3 (es) Sistema y método para gestionar la instalación de un paquete de aplicación que requiera un acceso a permisos de riesgo alto
BR112015026372B8 (pt) Dispositivo de comunicação que reforça a segurança para um arquivo armazenado em uma unidade virtual
WO2015134760A3 (en) Secure hardware for cross-device trusted applications
GB2460841B (en) Methods of providing access to I/O devices
ATE440336T1 (de) Verfahren zum schutz von ic-karten vor leistungsanalyse-attacken
FR2914378B1 (fr) Dispositif et clavette de verrouillage.
WO2008008623A3 (en) Systems and techniques for datapath security in a system-on-a-chip device
DE60324593D1 (de) Zuverlässiger systemzeitgeber
BRPI0519483A2 (pt) mÉtodo para produzir um dispositivo eletroluminescente, e, dispositivo eletroluminescente
BR112014010472A2 (pt) método para proporcionar um mecanismo de segurança para um código externo; aparelho; programa de computador incorporado em um meio legível por computador; e servidor de aplicação
DE602008000738D1 (de) Beschleunigung von Berechnungen im Galois-Counter-Modus
BRPI1011217A2 (pt) dispositivo, produto de programa de computador e método para usar strings de caracteres em sistemas de criptografia, estatísticas, simulação, randomização, máquinas de jogos e semelhantes.
BR112013001728A2 (pt) métodos para criptografar um valor introduzido em um dispositivo de usuário, para verificar um valor comunicado a um sistema de autenticação via uma rede de comunicações, e para comunicar um valor introduzido em um dispositivo de usuário a um sistema de autenticação via uma rede de comunicações, dispositivo de usuário, sistema, software, e, meio legível por computador.
GB2474200A (en) Ticket authorized secure installation and boot
PE20050854A1 (es) Metodos y aparatos para proporcionar credenciales de aplicacion

Legal Events

Date Code Title Description
FB Suspension of granting procedure