CN102177678A - 可信和机密的远程tpm初始化 - Google Patents
可信和机密的远程tpm初始化 Download PDFInfo
- Publication number
- CN102177678A CN102177678A CN2009801405591A CN200980140559A CN102177678A CN 102177678 A CN102177678 A CN 102177678A CN 2009801405591 A CN2009801405591 A CN 2009801405591A CN 200980140559 A CN200980140559 A CN 200980140559A CN 102177678 A CN102177678 A CN 102177678A
- Authority
- CN
- China
- Prior art keywords
- tpm
- platform module
- credible platform
- takeownership
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
提供了一种允许对可信平台模块远程初始化的技术。即使目标设备具有正在运行的恶意操作系统或其它软件,结果也是可信的和机密的。
Description
背景
可信平台模块(TPM)是存储了密钥、口令和数字证书的硬件微控制器。TPM还提供了允许对例如台式计算机、膝上型计算机或蜂窝电话等设备进行认证的能力。一旦初始化,TPM就可以被用来生成数字签名和加密密钥,从而允许确认消息是来自于该消息声称是其来源的设备。TPM支持各个命令,包括例如用于初始化TPM的Init(初始化)、用于设置拥有者值的TakeOwnership(取得所有权)、以及用于在内部生成密钥对的CreateEndorsementKey(创建背书密钥)。
TPM通常被用于企业环境以允许系统验证信息源。在由设备提供的密钥和服务可以被信任之前,TPM应该被安全地且机密地初始化。
概述
本文尤其描述了一种用于安全地且机密地远程初始化可信平台模块的技术。例如,如果TPM没有被安全地且机密地初始化,则恶意机器或操作系统会在软件中植入一种仿真的TPM,由此欺骗用户和应用程序使他们认为能够信赖真实的TPM信任属性。以这种方式仿真的TPM可以例如允许恶意软件获得对秘密的密钥材料的访问,或者错误地报告系统配置。
在一种实施方式中,可以通过利用由设备制造商提供的密钥来启动安全通信。该安全通信可以接着允许系统管理员来远程地执行TakeOwnership操作,而不是在每个设备本地执行并且没有将敏感信息暴露给本地软件的风险。
附图说明
以下结合附图提供的详细描述旨在作为对各示例实现的描述,并且不旨在表示可以执行TPM的可信和机密的远程初始化的唯一形式。该描述阐述了各示例实现的功能以及用于构造和操作各示例的步骤序列。然而,相同的或者等价的功能和序列可以通过替换实施方式来实现。
根据附图阅读以下详细描述,将更好地理解本说明书,附图中:
附图1是其中可以实现可信和机密的远程TPM初始化的操作环境的示例。
附图2提供了附图1的各部分的补充细节,并增加了示例性数据流的指示。
附图3是示出了可信和机密的远程TPM初始化的实现的一个示例的流程图。
附图4示出了根据一个实施例的计算设备的组件图。
详细描述
本文尤其描述了允许可信和机密的远程TPM初始化的各种方法和技术的示例。尽管各示例在本文中被描述为并被示为是在个人计算机系统中实现的,但所描述的系统是作为而非限制来提供的。如本领域技术人员将理解的,本发明的各示例适于各种不同类型的系统中的应用。
在附图中,相同的参考数字在全部若干附图中被用来表示相似的组件。
附图1是其中可以实现可信和机密的远程TPM初始化的操作环境100的示例。服务器150包括由客户机110、120和130的制造商提供的背书密钥(Endorsement Key)列表155。该EK(背书密钥)列表155允许服务器150在局域网170上安全地通信,以远程地初始化TPM 115、125和135。
在附图2中可以看到附加细节,其中示出了在服务器150和TPM 115之间的数据流的示例。在这个示例中,服务器150使用TPM 115的EK的公钥来加密模板数据来作为TakeOwnership指令200的一部分,并将它提交到TPM 115。
虽然该示例使用由客户机110、120和130的制造商提供的背书密钥列表155,但在其它实施方式中,它可以是来自可信TPM供应商的单独证书。该领域技术人员将认识到,可以有若干种用来认证TPM的技术。
附图3是提供了与这一过程的一个可能的实现有关的更多细节的流程图。客户机通过将EK证书从TPM发送310到服务器来启动该过程。服务器使用客户机的制造商提供的EK信息来确认320该证书。服务器接着计算330TakeOwnership命令,包括TPM的OwnerAuth(所有者授权值)和SRKAuth(SRK授权值)的服务器指定值,并利用TPM的EK的公钥部分加密该命令。服务器接着将该经加密的命令发送到客户机,该客户机将它传递340到TPM。客户机软件不能读取该数据,因为它用受保护的TPM密钥加密了。
TPM接着利用EK私钥来解密该经加密的数据,并执行350 TakeOwnership命令。TPM接着创建存储根密钥(SRK),计算键控散列消息认证码(HMAC),并将该数据发送360回到服务器。因为它仅仅是摘要,所以即使客户机是恶意的,该客户机也不能读取它。通过使用370由制造商提供的EK,服务器可以校验该HMAC(因为它包含SRK的共享秘密),并信任该数据是机密的且信任该数据是来自从制造商获得的EK证书指定的TPM。
在该过程中的这一时刻,客户机不能在TPM上使用或者创建密钥,因为该SRK被设置为秘密值。为了解决这个问题,服务器利用SRK公钥启动到TPM的加密隧道。客户机不能假装作为TPM,因为它不具有SRK私钥。一旦建立了该隧道,服务器可以生成密钥、创建身份、并建立委托表。服务器还可以生成能够被用于TPM操作CertifyKey(证明密钥)的可信签署密钥,这将允许该服务器确认任何将来的密钥实际上是来自TPM的。
一旦服务器已经完成了初始化TPM所需要的操作,它会将SRKAuth重置380回到全零的公知值,使得客户机可以使用TPM来生成并使用密钥,但是防止了客户机执行所有者(Owner)特权操作。在初始配置成功之后,服务器还可以在随后的时间再次打开加密的通道并修改TPM的配置。
附图4示出了根据一个实施例的计算设备的组件图。计算设备600可以被用来实现这里所述的一个或多个计算设备、计算机过程或者软件模块。在一个示例中,计算设备600可以被用来处理计算、执行指令、接收和传送数字信号。在另一个示例中,视服务器150或客户机110、120和130的需要,该计算设备600可以被用来处理计算、执行指令、接收和传送数字信号、接收和传送搜索查询以及超文本、编译计算机代码。
计算设备600可以是能够以软件、硬件、固件或其组合中执行本文中描述的步骤和/或执行本文中描述的功能的目前已知或将要变得已知的任何通用或专用计算机。
在其最基本配置中,计算设备600典型地包括至少一个中央处理单元(CPU)602和存储器604。取决于计算设备的确切配置和类型,存储器604可以是易失性的(例如RAM)、非易失性的(例如ROM、闪存等)或者二者的某种组合。另外,计算设备600还可以具有附加特征/功能。例如,计算设备600可以包括多个CPU。所描述的方法可以由计算设备600中的任何处理单元以任何方式来执行。例如,所描述的过程可以由多个CPU来并行执行。
计算设备600还可以包括附加存储(可移动的和/或不可移动的),包括但不限于,磁盘或光盘或者磁带。这些附加存储在附图6中由存储206示出。计算机存储介质包括以用于存储例如计算机可读指令、数据结构、程序模块或其他数据等信息的任何方式或技术实现的易失性的和非易失性的、可移动的和不可移动的介质。存储器604和存储606都是计算机存储介质的示例。计算机存储介质包括但不限于,RAM、ROM、EEPROM、闪存或其它存储器技术,CD-ROM、数字多功能盘(DVD)或其它光存储器,磁带盒、磁带、磁盘存储或其它磁存储设备,或者可以被用来存储所需信息并能够被计算设备600访问的任何其它介质。任何这种计算机存储介质可以是计算设备600的一部分。
计算设备600还可以包括允许该设备与其它设备进行通信的(诸)通信设备612。(诸)通信设备612是通信介质的示例。通信介质通常以例如载波或其它传输机制等已调制数据信号来体现计算机可读指令、数据结构、程序模块或其它数据,并包括任何信息传递介质。术语“已调制数据信号”指的是其特征中的一个或多个以在该信号中编码信息的方式被设置或改变的信号。作为示例而非限制,通信介质包括有线介质,例如有线网络或直接线连接,以及无线介质,例如声学、RF、红外和其它无线介质。这里所用的术语计算机可读介质包括计算机存储介质和通信介质两者。所描述的方法可以按例如数据、计算机可执行指令编码等任何形式来编码在任何计算机可读介质中。
计算设备600还可以具有(诸)输入设备610,例如键盘、鼠标、笔、语音输入设备、触摸输入设备等。还可以包括(诸)输出设备608,例如显示器、扬声器、打印机等。所有这些设备在本领域是公知的,因而不需要详细论述。
计算设备600还可以具有可信平台模块(TPM)。
本领域技术人员会认识到,用于存储程序指令的存储设备可以分布在网络中。例如,远程计算机可以存储该过程的被描述为软件的示例。本地或终端计算机可以访问远程计算机,并下载该软件的一部分或者全部来运行程序。或者,本地计算机可以按需下载该软件的各段,或者在本地终端执行一些软件指令并在远程计算机(或计算机网络)执行一些软件指令。本领域技术人员还会认识到,通过利用本领域技术人员已知的常规技术,这些软件指令的全部或者部分可以通过例如DSP、可编程逻辑阵列等专用电路来执行。
Claims (6)
1.一种从第一设备(150)供应耦合到第二设备(110、120、130)的可信平台模块的方法,包括:
接收所述可信平台模块的背书密钥的公共部分(步骤310);
利用来自可信源的数据来验证背书密钥的真实性(步骤320);
利用临时授权值来格式化所述可信平台模块的TPM_TakeOwnership命令(步骤330);
利用所述可信平台模块的背书密钥的公共部分来加密经格式化的TPM_TakeOwnership命令;
将经加密的格式化的TPM_TakeOwnership命令发送到所述可信平台模块(步骤340);
从所述可信平台模块接收消息(步骤360);以及
验证所接收到的消息源于所述可信平台模块(步骤370)。
2.如权利要求1的方法,其特征在于,所接收的消息是散列摘要。
3.如权利要求1的方法,其特征在于,所述可信源是由所述可信平台模块的所有者收集的列表(115)。
4.如权利要求1的方法,其特征在于,还包括:
发送命令来将所述可信平台模块的存储根密钥(250)授权值全部重置为零(步骤380)。
5.一种供应可信平台模块(115)的方法,包括:
从远程设备接收经加密的格式化的TPM_TakeOwnership命令(步骤310);
利用背书密钥验证所述TPM_TakeOwnership命令的真实性(步骤320);
执行所述TPM_TakeOwnership命令(步骤350);以及
向远程设备发送消息(步骤380)。
6.如权利要求5的方法,其特征在于,还包括从存储根密钥(250)计算散列摘要。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/249,042 US8607065B2 (en) | 2008-10-10 | 2008-10-10 | Trusted and confidential remote TPM initialization |
US12/249,042 | 2008-10-10 | ||
PCT/US2009/059846 WO2010042621A2 (en) | 2008-10-10 | 2009-10-07 | Trusted and confidential remote tpm initialization |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102177678A true CN102177678A (zh) | 2011-09-07 |
CN102177678B CN102177678B (zh) | 2014-11-26 |
Family
ID=42099965
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200980140559.1A Active CN102177678B (zh) | 2008-10-10 | 2009-10-07 | 可信和机密的远程tpm初始化 |
Country Status (6)
Country | Link |
---|---|
US (3) | US8607065B2 (zh) |
EP (1) | EP2335375B1 (zh) |
CN (1) | CN102177678B (zh) |
AR (1) | AR075283A1 (zh) |
TW (1) | TW201017465A (zh) |
WO (1) | WO2010042621A2 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104618096A (zh) * | 2014-12-30 | 2015-05-13 | 华为技术有限公司 | 保护密钥授权数据的方法、设备和tpm密钥管理中心 |
WO2015131607A1 (zh) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | 可信环境创建方法和装置及基站异常恢复方法和装置 |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007044500A2 (en) * | 2005-10-06 | 2007-04-19 | C-Sam, Inc. | Transactional services |
US8959363B2 (en) | 2010-06-03 | 2015-02-17 | Intel Corporation | Systems, methods, and apparatus to virtualize TPM accesses |
US8953790B2 (en) * | 2011-11-21 | 2015-02-10 | Broadcom Corporation | Secure generation of a device root key in the field |
US8949818B2 (en) | 2012-06-29 | 2015-02-03 | Intel Corporation | Mechanism for facilitating dynamic and trusted cloud-based extension upgrades for computing systems |
US9912771B2 (en) | 2014-04-14 | 2018-03-06 | Arris Enterprises Llc | Real time key collection in device provisioning |
US9735968B2 (en) | 2014-10-20 | 2017-08-15 | Microsoft Technology Licensing, Llc | Trust service for a client device |
US10146916B2 (en) * | 2015-11-17 | 2018-12-04 | Microsoft Technology Licensing, Llc | Tamper proof device capability store |
US10218696B2 (en) | 2016-06-30 | 2019-02-26 | Microsoft Technology Licensing, Llc | Targeted secure software deployment |
CN109309690B (zh) * | 2018-12-28 | 2019-04-02 | 中国人民解放军国防科技大学 | 一种基于报文认证码的软件白名单控制方法 |
US11546176B2 (en) * | 2020-08-26 | 2023-01-03 | Rockwell Collins, Inc. | System and method for authentication and cryptographic ignition of remote devices |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1617587A1 (en) * | 2004-07-12 | 2006-01-18 | International Business Machines Corporation | Method, system and computer program product for privacy-protecting integrity attestation of computing platform |
US20060026693A1 (en) * | 2004-07-29 | 2006-02-02 | International Business Machines Corporation | Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment |
US20060242428A1 (en) * | 2005-04-21 | 2006-10-26 | Nokia Corporation | User-controlled management of TPM identities |
US20080060068A1 (en) * | 2006-08-31 | 2008-03-06 | Mabayoje Bukie O | Methods and arrangements for remote communications with a trusted platform module |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7299354B2 (en) * | 2003-09-30 | 2007-11-20 | Intel Corporation | Method to authenticate clients and hosts to provide secure network boot |
US7644278B2 (en) * | 2003-12-31 | 2010-01-05 | International Business Machines Corporation | Method for securely creating an endorsement certificate in an insecure environment |
US7382880B2 (en) * | 2004-01-26 | 2008-06-03 | Hewlett-Packard Development Company, L.P. | Method and apparatus for initializing multiple security modules |
US20060095505A1 (en) * | 2004-09-30 | 2006-05-04 | Zimmer Vincent J | Providing a trustworthy configuration server |
US20060184785A1 (en) * | 2005-02-16 | 2006-08-17 | David Carroll Challener | Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system |
US8261072B2 (en) * | 2006-03-24 | 2012-09-04 | Atmel Corporation | Method and system for secure external TPM password generation and use |
US20080046752A1 (en) * | 2006-08-09 | 2008-02-21 | Stefan Berger | Method, system, and program product for remotely attesting to a state of a computer system |
US20080184028A1 (en) * | 2007-01-29 | 2008-07-31 | Dell Products L.P. | Methods, Apparatus and Products for Establishing a Trusted Information Handling System |
US8543799B2 (en) * | 2008-05-02 | 2013-09-24 | Microsoft Corporation | Client authentication during network boot |
-
2008
- 2008-10-10 US US12/249,042 patent/US8607065B2/en active Active
-
2009
- 2009-10-07 WO PCT/US2009/059846 patent/WO2010042621A2/en active Application Filing
- 2009-10-07 CN CN200980140559.1A patent/CN102177678B/zh active Active
- 2009-10-07 EP EP09819820.3A patent/EP2335375B1/en active Active
- 2009-10-08 TW TW98134180A patent/TW201017465A/zh unknown
- 2009-10-09 AR ARP090103901 patent/AR075283A1/es unknown
-
2013
- 2013-11-26 US US14/091,145 patent/US9237135B2/en active Active
-
2015
- 2015-12-28 US US14/981,024 patent/US9787674B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1617587A1 (en) * | 2004-07-12 | 2006-01-18 | International Business Machines Corporation | Method, system and computer program product for privacy-protecting integrity attestation of computing platform |
US20060026693A1 (en) * | 2004-07-29 | 2006-02-02 | International Business Machines Corporation | Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment |
US20060242428A1 (en) * | 2005-04-21 | 2006-10-26 | Nokia Corporation | User-controlled management of TPM identities |
US20080060068A1 (en) * | 2006-08-31 | 2008-03-06 | Mabayoje Bukie O | Methods and arrangements for remote communications with a trusted platform module |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015131607A1 (zh) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | 可信环境创建方法和装置及基站异常恢复方法和装置 |
CN105516967A (zh) * | 2014-09-25 | 2016-04-20 | 中兴通讯股份有限公司 | 可信环境创建方法和装置及基站异常恢复方法和装置 |
CN104618096A (zh) * | 2014-12-30 | 2015-05-13 | 华为技术有限公司 | 保护密钥授权数据的方法、设备和tpm密钥管理中心 |
CN104618096B (zh) * | 2014-12-30 | 2018-10-30 | 华为技术有限公司 | 保护密钥授权数据的方法、设备和tpm密钥管理中心 |
Also Published As
Publication number | Publication date |
---|---|
CN102177678B (zh) | 2014-11-26 |
US9787674B2 (en) | 2017-10-10 |
US20140089664A1 (en) | 2014-03-27 |
US20170078279A1 (en) | 2017-03-16 |
EP2335375A2 (en) | 2011-06-22 |
WO2010042621A2 (en) | 2010-04-15 |
EP2335375A4 (en) | 2015-05-27 |
WO2010042621A3 (en) | 2010-07-08 |
TW201017465A (en) | 2010-05-01 |
US9237135B2 (en) | 2016-01-12 |
US8607065B2 (en) | 2013-12-10 |
US20100095120A1 (en) | 2010-04-15 |
AR075283A1 (es) | 2011-03-23 |
EP2335375B1 (en) | 2017-07-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102177678B (zh) | 可信和机密的远程tpm初始化 | |
CN108667608B (zh) | 数据密钥的保护方法、装置和系统 | |
EP3458999B1 (en) | Self-contained cryptographic boot policy validation | |
CN113545006B (zh) | 远程授权访问锁定的数据存储设备 | |
US8560820B2 (en) | Single security model in booting a computing device | |
CN110050273B (zh) | 利用系统产生的装置程序化 | |
US7392387B2 (en) | Apparatus and methods for providing secured communication | |
US9270466B2 (en) | System and method for temporary secure boot of an electronic device | |
JP5136012B2 (ja) | データ送付方法 | |
US20090259855A1 (en) | Code Image Personalization For A Computing Device | |
EP1712992A1 (en) | Updating of data instructions | |
US8638932B2 (en) | Security method and system and computer-readable medium storing computer program for executing the security method | |
KR102013983B1 (ko) | 애플리케이션 무결성 인증 방법 및 인증 서버 | |
CN111382397B (zh) | 升级软件包配置方法、软件升级方法、设备及存储装置 | |
CN101316168A (zh) | 认证装置以及认证方法 | |
CN115129332A (zh) | 固件烧录方法、计算机设备及可读存储介质 | |
CN110838919A (zh) | 通信方法、存储方法、运算方法及装置 | |
KR20070059891A (ko) | 어플리케이션 인증 보안 시스템 및 그 인증 보안 방법 | |
CN109960935B (zh) | 确定tpm可信状态的方法、装置及存储介质 | |
CN113545021B (zh) | 预先授权设备的注册 | |
JP2007274101A (ja) | 携帯電話端末及び改竄防止システム並びに改竄防止方法 | |
Lenard et al. | A Key to Embedded System Security: Locking and Unlocking Secrets with a Trusted Platform Module | |
KR101657932B1 (ko) | 자체확장인증을 이용한 키관리 및 사용자 인증방법 | |
KR100480377B1 (ko) | 스마트 카드를 이용한 네트워크 전용장치의 환경설정 및인증방법 | |
KR20100010012A (ko) | 인증 기능을 갖는 rfid 인증 장치 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
ASS | Succession or assignment of patent right |
Owner name: MICROSOFT TECHNOLOGY LICENSING LLC Free format text: FORMER OWNER: MICROSOFT CORP. Effective date: 20150508 |
|
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20150508 Address after: Washington State Patentee after: Micro soft technique license Co., Ltd Address before: Washington State Patentee before: Microsoft Corp. |