Platform attestation and registration for servers
US-10708067-B2 · Jul 7, 2020 · US
Platform attestation and registration for servers
US11489678B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11489678-B2 |
| Application number | US-202016856968-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 23, 2020 |
| Priority date | Jun 18, 2016 |
| Publication date | Nov 1, 2022 |
| Grant date | Nov 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. A non-transitory computer readable storage medium comprising instructions which, when executed, cause one or more processors to at least: obtain signed data from a first remote device via a front end service, the signed data based on a cryptographic key of the first remote device; confirm software of the first remote device is authentic based on the signed data; generate a credential to enable communication between the first remote device and a second remote device; and cause the front end service to transmit the credential to the first remote device. 2. The non-transitory computer readable storage medium of claim 1 , wherein the signed data is based on hardware of the first remote device. 3. The non-transitory computer readable storage medium of claim 1 , wherein the cryptographic key generated in and protected by the first remote device. 4. The non-transitory computer readable storage medium of claim 1 , wherein the software of the first remote device is authentic when the software is trustworthy. 5. The non-transitory computer readable storage medium of claim 1 , wherein the first remote device uses the credential to connect to the second remote device. 6. The non-transitory computer readable storage medium of claim 1 , wherein the instructions cause the one or more processors to cause the front end service to transmit the credential to the second remote device. 7. The non-transitory computer readable storage medium of claim 1 , wherein the signed data attests to an authenticity of the software of the first remote device. 8. An apparatus comprising: memory: instructions included in the apparatus; and processor circuitry to execute the instructions to: obtain signed data from a first remote device via a front end service, the signed data signed using a cryptographic key of the first remote device; confirm software of the first remote device is authentic based on the signed data; generate a credential to enable communication between the first remote device and a second remote device; and cause the front end service to transmit the credential to the first remote device. 9. The apparatus of claim 8 , wherein the signed data is based on hardware of the first remote device. 10. The apparatus of claim 8 , wherein the signed data is based on a root key of the first remote device. 11. The apparatus of claim 8 , wherein the software of the first remote device is authentic when the software is trustworthy. 12. The apparatus of claim 8 , wherein the first remote device uses the credential to connect to the second remote device. 13. The apparatus of claim 8 , wherein the processor circuitry is to cause the front end service to transmit the credential to the second remote device. 14. The apparatus of claim 8 , wherein the signed data attests to an authenticity of the software of the first remote device. 15. A system comprising: a processing device to: sign data using a cryptographic key of the processing device to attest to software running on the processing device; and transmit the signed data to a first server; and the first server to: obtain the signed data from the processing device; confirm the software of the processing device is authentic based on the signed data; generate a credential to enable communication between the processing device and a second server; and transmit the credential to the processing device; and the processing device to access services of the second server using the credential from the first server. 16. The system of claim 15 , wherein the processing device is to measure a trustworthiness of the software running locally on a device platform the processing device. 17. The system of claim 15 , wherein the cryptographic key is generated in the processing device. 18. The system of claim 15 , wherein the processing device is to access the services of the second server by transmitting the credential to the second server. 19. The system of claim 15 , wherein the first server is to transmit the credential to the second server. 20. The system of claim 15 , wherein the second server provides the services to the second server in response to confirming that credential.
Assignees
Inventors
Classifications
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
involving digital signatures · CPC title
Providing cryptographic facilities or services · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11489678B2 cover?
- Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registr…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).