Identity verification and associated platform
US-2024403403-A1 · Dec 5, 2024 · US
Enabling a secure OEM platform feature in a computing environment
US10361864B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10361864-B2 |
| Application number | US-86495407-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 29, 2007 |
| Priority date | Sep 29, 2007 |
| Publication date | Jul 23, 2019 |
| Grant date | Jul 23, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A platform feature licensing module (e.g., a USB Smart Card Token) securely stores and communicates a platform feature enabling license, corresponding to a selectable platform feature, to an authenticated platform. The module includes a secure microcontroller, a secure communication port, and secure non-volatile memory in which is stored the platform feature enabling license. The module is configured to securely communicate with, and to authenticate the identity of the platform, via an integrated embedded controller embedded into the platform. The integrated embedded controller enables the selectable platform feature in response to a platform feature enabling license received from the platform feature licensing module. The integrated embedded controller and platform feature licensing module communicate securely using a predetermined public-key cryptography technique, with each having a PKI-based key pair to provide authentication and cryptographic services.
First claim
Opening claim text (preview).
What is claimed is: 1. A platform feature licensing device (PFLD) comprising: a non-volatile memory to store a platform feature enabling license (PFEL) corresponding to a selectable platform feature of a platform in an unfinished state and a PFEL count, wherein the selectable platform feature is to comprise an existing platform feature implemented in circuitry of the platform and the PFEL is operative to enable the circuitry to provide the selectable platform feature; a communications port for communicating with the platform; and a microcontroller utilized by an original equipment manufacturer (OEM) to modify functionality of an unfinished platform to meet a functional condition for a finished platform, the microcontroller configured to store the PFEL and the PFEL count in the non-volatile memory, to detect coupling of the communications port to the platform in the unfinished state, to receive via the communications port, a request, from an integrated embedded controller (IEC) of the platform, to determine whether the microcontroller is authorized to transmit one of the PFEL to the platform, to check the PFEL count based on the coupling of the communications port to the platform and based on the request to determine whether the microcontroller is authorized to transmit one of the PFEL to the platform, to transmit the PFEL to the platform by way of the communications port based on a determination that the microcontroller is authorized to transmit one of the PFEL to the platform and based on the coupling of the of the communications port to the platform to trigger the IEC to enable the circuitry to provide the selectable platform feature, wherein enabling the circuitry of the platform to provide the selectable platform feature with the microcontroller utilized by the OEM converts the platform from the unfinished state to a finished state, and to update the PFEL count within the non-volatile memory to indicate a reduction in number of platforms to which the microcontroller is authorized to transmit the PFEL, wherein the PFLD is a device external to the platform. 2. The PFLD of claim 1 , wherein the microcontroller is configured to transmit the PFEL to the platform via the communications port upon mutual authentication of the PFLD and the platform by the microcontroller in cooperation with the IEC through the communications port. 3. The PFLD of claim 2 , wherein the microcontroller is configured to perform the mutual authentication with the IEC using a pre-selected public key pair cryptography technique. 4. The PFLD of claim 1 , wherein the communications port implements universal serial bus (USB) and the PFLD is one of a USB provision key or a USB smart card. 5. A computer-implemented method, comprising: receiving, by a microcontroller of a platform feature licensing device (PFLD) and at a communications port of the PFLD, from a manufacturer feature provisioning system to which the microcontroller is coupled via the communications port, a platform feature enabling license (PFEL) corresponding to a selectable platform feature and authorization for the microcontroller to transmit the PFEL up to a predetermined number of platforms, the microcontroller utilized by an original equipment manufacturer (OEM) to modify functionality of an unfinished platform to meet a functional condition for a finished platform; storing, by the microcontroller, the PFEL and a PFEL count equal to the predetermined number in a non-volatile memory of the PFLD that is accessible to the microcontroller and not accessible to the communications port, the PFEL count indicating a number of platforms to which the microcontroller is authorized to transmit the PFEL; detecting, by the microcontroller, coupling of the communications port to a platform in an unfinished state; receiving, via the communications port, a request, from an integrated embedded controller (IEC) of the platform, to determine whether the microcontroller is authorized to transmit one of the PFEL to the platform; checking, by the microcontroller based on the request and based on the coupling of the communications port to the platform, the PFEL count to determine, by the microcontroller, whether the PFLD is authorized to transmit one of the PFEL to the platform; transmitting, by the microcontroller, the PFEL to the platform by way of the communications port based on a determination that the PFLD is authorized to transmit one of the PFEL to the platform and based on the coupling of the communications port to the platform, transmission of the PFEL to trigger the IEC to enable circuitry of the platform to provide the selectable platform feature, wherein enabling the circuitry of the platform to provide the selectable platform feature with the microcontroller utilized by the OEM converts the platform from the unfinished state to a finished state, and wherein the selectable platform feature is to comprise an existing platform feature implemented in the circuitry of the platform; and updating the PFEL count, by the microcontroller, within the non-volatile memory to indicate a reduction in the number of platforms to which the microcontroller is authorized to transmit the PFEL as a result of the transmission of the PFEL to the platform. 6. The computer-implemented method of claim 5 , comprising: performing, by the microcontroller in cooperation with the IEC through the communications port, mutual authentication of the PFLD and the platform; and transmitting, by the microcontroller and via the communications port, the PFEL to the platform upon the mutual authentication. 7. The computer-implemented method of claim 6 , comprising: performing the mutual authentication using a pre-selected public key pair cryptography technique. 8. The computer-implemented method of claim 5 , wherein the communications port implements universal serial bus (USB) and the PFLD is one of a USB provision key or a USB smart card. 9. An article comprising a non-transitory computer-readable storage medium containing instructions that if executed by a processor enable a system to: store a platform feature enabling license (PFEL) corresponding to a selectable platform feature of a platform in an unfinished state and a PFEL count in a first non-volatile memory of a platform feature licensing device (PFLD), wherein the selectable platform feature is to comprise an existing platform feature implemented in circuitry of the platform, the PFLD utilized by an original equipment manufacturer (OEM) to modify functionality of an unfinished platform to meet a functional condition for a finished platform; detect coupling of a communications port of the PFLD to the platform in the unfinished state; receive, via the communications port, a request, from an integrated embedded controller (IEC) of the platform, to determine whether the microcontroller is authorized to transmit one of the PFEL to the platform; check the PFEL count based on the coupling of the communications port to the platform and based on the request to determine whether the PFLD is authorized to transmit one of the PFEL to the platform; transmit the PFEL to the platform by way of the communications port based on a determination that the PFLD is authorized to transmit one of the PFEL to the platform and based on the coupling of the communications port to the platform, transmission of the PFEL to trigger the platform to enable the circuitry to provide the selectable platform feature, wherein enabling the circuitry to provide the selectable platform feature with the PFLD utilized by the OEM converts the platform from the unfinished state to a finished state; and update the PFEL count within the non-volatile memory to indicate a reduction in number of platforms to which the PFLD is authorized t
Assignees
Inventors
Classifications
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Wireless · CPC title
- H04L9/3234Primary
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10361864B2 cover?
- A platform feature licensing module (e.g., a USB Smart Card Token) securely stores and communicates a platform feature enabling license, corresponding to a selectable platform feature, to an authenticated platform. The module includes a secure microcontroller, a secure communication port, and secure non-volatile memory in which is stored the platform feature enabling license. The module is conf…
- Who is the assignee on this patent?
- Glendinning Duncan, Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3234. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 23 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).