Measured restart of microcontrollers
US-2023020838-A1 · Jan 19, 2023 · US
Provisioning multiple platform root of trust entities of a hardware device using role-based identity certificates
US12216753B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12216753-B2 |
| Application number | US-202217973803-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 26, 2022 |
| Priority date | Oct 26, 2022 |
| Publication date | Feb 4, 2025 |
| Grant date | Feb 4, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are provided for provisioning multiple platform root of trust (PRoT) entities using role-based identity certificates. One method comprises obtaining a designation of a PRoT entity of a hardware device as a PRoT leader associated with a leader role; recording the leader role as a role attribute in an identity certificate; and providing the identity certificate to the hardware device during a provisioning of the hardware device, wherein the given PRoT entity assumes the leader role of the hardware device and initiates security actions of the PRoT leader upon an initiation of the hardware device. Leader responsibilities can be assigned to the PRoT leader and the one or more leader responsibilities of the PRoT leader may be recorded as a leader responsibility attribute in the identity certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: obtaining a designation of a given platform root of trust entity of a plurality of platform root of trust entities of a hardware device as a platform root of trust leader associated with a leader role; recording the leader role of the platform root of trust leader as a role attribute in an identity certificate associated with the platform root of trust leader; and providing the identity certificate to the hardware device during a provisioning of the hardware device, wherein the given platform root of trust entity assumes the leader role of the hardware device and initiates one or more security actions of the platform root of trust leader upon an initiation of the hardware device in response to the given platform root of trust entity parsing the leader role attribute of the identity certificate associated with the platform root of trust leader; wherein the method is performed by at least one processing device comprising a processor coupled to a memory. 2. The method of claim 1 , further comprising assigning one or more leader responsibilities to the platform root of trust leader and recording the one or more leader responsibilities of the platform root of trust leader as a leader responsibility attribute in the identity certificate associated with the platform root of trust leader, and wherein the platform root of trust leader assumes the one or more leader responsibilities upon the initiation of the hardware device in response to the platform root of trust leader parsing the leader responsibility attribute of the identity certificate associated with the platform root of trust leader. 3. The method of claim 1 , further comprising obtaining a designation of one or more additional platform root of trust entities as one or more respective platform root of trust backup leaders associated with a backup leader role; assigning one or more backup leader responsibilities to the one or more platform root of trust backup leaders; and recording the backup leader role as a role attribute in an identity certificate associated with the respective backup leader and the one or more backup leader responsibilities of the platform root of trust backup leader as a backup responsibility attribute in the identity certificate associated with the respective backup leader, wherein the one or more platform root of trust backup leaders assume the backup leader role and the one or more backup leader responsibilities of the hardware device upon the initiation of the hardware device in response to the one or more platform root of trust backup leaders parsing the backup leader role attribute and the backup leader responsibility attribute of the identity certificate associated with the respective backup leader. 4. The method of claim 1 , wherein the platform root of trust leader cross-signs the identity certificate associated with the platform root of trust leader with the identity certificate associated with each of the one or more platform root of trust backup leaders. 5. The method of claim 4 , further comprising the platform root of trust leader signing an identity leaf certificate signing request with a cross-signed leader identity key from the cross-signed identity certificate of the platform root of trust leader. 6. The method of claim 5 , further comprising the platform root of trust leader providing the signed identity leaf key to the one or more platform root of trust backup leaders and wherein each of the one or more platform root of trust backup leaders sign the signed identity leaf certificate signing request with a respective cross-signed backup leader identity key from the cross-signed identity certificate of the respective platform root of trust backup leader. 7. The method of claim 1 , further comprising providing a hardware certificate to the platform root of trust leader and the one or more platform root of trust backup leaders during a provisioning of the hardware device. 8. The method of claim 7 , further comprising the platform root of trust leader cross-signing the hardware certificate of the platform root of trust leader with the hardware certificate of each of the one or more platform root of trust backup leaders and signing a hardware leaf certificate signing request with a cross-signed leader hardware key from the cross-signed hardware certificate of the platform root of trust leader. 9. The method of claim 1 , wherein a hardware security module associated with a factory that produces the hardware device endorses the platform root of trust leader as one or more of an embedded hardware certificate authority and an embedded identify certificate authority. 10. An apparatus comprising: at least one processing device comprising a processor coupled to a memory; the at least one processing device being configured to implement the following steps: obtaining a designation of a given platform root of trust entity of a plurality of platform root of trust entities of a hardware device as a platform root of trust leader associated with a leader role; recording the leader role of the platform root of trust leader as a role attribute in an identity certificate associated with the platform root of trust leader; and providing the identity certificate to the hardware device during a provisioning of the hardware device, wherein the given platform root of trust entity assumes the leader role of the hardware device and initiates one or more security actions of the platform root of trust leader upon an initiation of the hardware device in response to the given platform root of trust entity parsing the leader role attribute of the identity certificate associated with the platform root of trust leader. 11. The apparatus of claim 10 , further comprising assigning one or more leader responsibilities to the platform root of trust leader and recording the one or more leader responsibilities of the platform root of trust leader as a leader responsibility attribute in the identity certificate associated with the platform root of trust leader, and wherein the platform root of trust leader assumes the one or more leader responsibilities upon the initiation of the hardware device in response to the platform root of trust leader parsing the leader responsibility attribute of the identity certificate associated with the platform root of trust leader. 12. The apparatus of claim 10 , further comprising obtaining a designation of one or more additional platform root of trust entities as one or more respective platform root of trust backup leaders associated with a backup leader role; assigning one or more backup leader responsibilities to the one or more platform root of trust backup leaders; and recording the backup leader role as a role attribute in an identity certificate associated with the respective backup leader and the one or more backup leader responsibilities of the platform root of trust backup leader as a backup responsibility attribute in the identity certificate associated with the respective backup leader, wherein the one or more platform root of trust backup leaders assume the backup leader role and the one or more backup leader responsibilities of the hardware device upon the initiation of the hardware device in response to the one or more platform root of trust backup leaders parsing the backup leader role attribute and the backup leader responsibility attribute of the identity certificate associated with the respective backup leader. 13. The apparatus of claim 10 , further comprising the platform root of trust leader cross-signing a hardware certificate of the platform root of trust leader with a hardware certificate of each of the one or more platfo
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12216753B2 cover?
- Techniques are provided for provisioning multiple platform root of trust (PRoT) entities using role-based identity certificates. One method comprises obtaining a designation of a PRoT entity of a hardware device as a PRoT leader associated with a leader role; recording the leader role as a role attribute in an identity certificate; and providing the identity certificate to the hardware device d…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).