Technologies for device attestation
US-2022292203-A1 · Sep 15, 2022 · US
Electronic system and security authority delegation method thereof
US12536273B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12536273-B2 |
| Application number | US-202218081710-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 15, 2022 |
| Priority date | Oct 24, 2022 |
| Publication date | Jan 27, 2026 |
| Grant date | Jan 27, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An electronic system and a security authority delegation method thereof are provided. The electronic system includes a first host device, a second host device, a first security device, and a second security device. The first security device is connected to the first host device. The second security device is connected to the second host device and the first security device. The first security device performs an attestation process on the second security device. If the second security device passes the attestation process, the first security device enables the second security device to verify executable images of the second host device. If the second security device does not pass the attestation process, the first security device disables a function of the second security device, and the function includes verifying the executable image of the second host device.
First claim
Opening claim text (preview).
What is claimed is: 1 . An electronic system, comprising: a first host device; a second host device; a first security device, connected to the first host device; and a second security device, connected to the second host device and the first security device, wherein the first security device and the second security device are secure chips, wherein the first security device performs an attestation process on the second security device, the first security device enables the second security device to verify an executable image of the second host device if the second security device passes the attestation process, wherein the first security device delegates authority to the second security device to verify the executable image of the second host device, the first security device disables the second security device from verifying the executable image of the second host device if the second security device does not pass the attestation process. 2 . The electronic system according to claim 1 , further comprising: a first storage device, connected to the first security device and stores the executable image of the first host device, wherein the first security device verifies the executable image of the first host device; and a second storage device, connected to the second security device and stores the executable image of the second host device. 3 . The electronic system according to claim 1 , wherein the attestation process comprises: the first security device or the second security device generating a first random number; the first security device generating a first key according to a first original key and the first random number, and the second security device generating a second key according to a second original key and the first random number; the second security device encrypting verification data by using the second key and generating encrypted verification data, and transmitting the encrypted verification data to the first security device; the first security device decrypting the encrypted verification data by using the first key and obtaining decrypted verification data; and the first security device determining whether the second security device passes the attestation process according to the decrypted verification data. 4 . The electronic system according to claim 3 , wherein the attestation process comprises: the first security device determining that the second security device does not pass the attestation process if the decrypted verification data is invalid; the first security device determining whether device status information of the second security device is valid if the decrypted verification data is valid; the first security device determining that the second security device does not pass the attestation process if the device status information of the second security device is invalid; and the first security device determining that the second security device passes the attestation process if the device status information of the second security device is valid. 5 . The electronic system according to claim 4 , wherein the attestation process comprises: the second security device encrypting the device status information of the second security device by using the second key and generating encrypted device status information; the second security device transmitting the encrypted device status information to the first security device; and the first security device decrypting the encrypted device status information by using the first key and obtaining the device status information of the second security device. 6 . The electronic system according to claim 3 , wherein the verification data comprises a second random number generated by the first security device, the first security device transmits the second random number to the second security device, and the first security device determines whether the decrypted verification data is the same as the second random number, to determine whether the second security device passes the attestation process. 7 . The electronic system according to claim 3 , wherein the verification data comprises credential data of the second security device, and the first security device determines whether the credential data of the second security device is valid by using a public key, to determine whether the second security device passes the attestation process. 8 . The electronic system according to claim 7 , wherein the public key is recorded in a root credential data of the first security device, and the first security device obtains the public key from the root credential data after determining that the root credential data is valid. 9 . The electronic system according to claim 7 , wherein the public key is recorded in a key list of the first security device, the first security device obtains a list public key of the key list after determining that the root credential data is valid, and obtains the key list by using the list public key, the key list further comprises an image verification key used to verify the executable image of the first host device. 10 . The electronic system according to claim 3 , wherein the attestation process further comprises: the first security device determining whether a usage count of the first key is greater than a preset value; and the first security device generating the first random number if the usage count of the first key is greater than the preset value. 11 . The electronic system according to claim 1 , wherein the first security device regularly or irregularly performs the attestation process on the second security device. 12 . The electronic system according to claim 1 , wherein in response to the electronic system being powered on, the first security device performs an attestation process on the second security device. 13 . The electronic system according to claim 1 , further comprising: a third host device; and a third security device, connected to the third host device and the second security device, the second security device performing the attestation process on the third security device if the second security device passes the attestation process, the second security device enabling the third security device to verify an executable image of the third host device if the third security device passes the attestation process. 14 . A security authority delegation method, suitable for and electronic system comprising a first host, a second host, a first security device, and a second security device, the method comprising: performing an attestation process on the second security device by the first security device, wherein the first security device is connected to the first host device, the second security device is connected to the second host device and the first security device, and the first security device and the second security device are secure chips; enabling the second security device by the first security device to verify an executable image of the second host device if the second security device passes the attestation process, wherein the first security device delegates authority to the second security device to verify the executable image of the second host device; and disabling the second security device by the first security device from verifying the executable image of the second host device if the second security device does not pass the attestation process. 15 . The security authority delegation method according to claim 14 , wherein performing the attestation process on the second security device by the first security device comprises: generating a firs
Assignees
Inventors
Classifications
- G06F21/602Primary
Providing cryptographic facilities or services · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
- G06F21/54Primary
by adding security routines or objects to programs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12536273B2 cover?
- An electronic system and a security authority delegation method thereof are provided. The electronic system includes a first host device, a second host device, a first security device, and a second security device. The first security device is connected to the first host device. The second security device is connected to the second host device and the first security device. The first security d…
- Who is the assignee on this patent?
- Aspeed Technology Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/602. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 27 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).