Man-In-The-Middle Extender Defense In Data Communications
US-2024356933-A1 · Oct 24, 2024 · US
Platform attestation and registration for servers
US2017366359A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017366359-A1 |
| Application number | US-201615201400-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 2, 2016 |
| Priority date | Jun 18, 2016 |
| Publication date | Dec 21, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
First claim
Opening claim text (preview).
What is claimed is: 1 . At least one computer readable storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to: for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit the data structure to the registration service to register the platform root key for the first processor of the platform. 2 . The computer readable storage medium of claim 1 , wherein the instructions when executed on the machine, cause the machine to encrypt a copy of the data structure using a platform registration key for the first processor. 3 . The computer readable storage medium of claim 1 , wherein the instructions when executed on the machine, cause the machine to derive a platform seal key and derive a platform provisioning key. 4 . The computer readable storage medium of claim 1 , wherein the data structure comprising information about a second processor of the platform. 5 . The computer readable storage medium of claim 4 , wherein the information about the second processor comprises a unique public key derived from a device key associated with the second processor. 6 . The computer readable storage medium of claim 1 , wherein the instructions when executed on the machine, cause the machine to: identify a unique identifier from a new processor for the platform; transmit, to the registration service, a request to add the new processor to the platform, the request comprising a unique identifier for the platform and the unique identifier for the new processor; receive approval to add the new processor the platform; and provide, to the new processor, one or more platform root keys for the platform. 7 . The computer readable storage medium of claim 1 , wherein the instructions when executed on the machine, cause the machine to: deriving a registration seal key from a device key; encrypting the platform root key using the registration seal key. 8 . A method comprising: generating a platform root key; creating a data structure to encapsulate the platform root key, the data structure comprising a platform root key and an identification of a registration service; and transmitting, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. 9 . The method of claim 8 further comprising encrypting a copy of the data structure using a device key for the first processor. 10 . The method of claim 8 , wherein the platform root key comprises one or both of a platform root provisioning key or a platform root seal key. 11 . The method of claim 8 , wherein the data structure comprises information about a second processor of the platform wherein the information about the second processor comprises a unique public key for the second processor derived from a device key associated with the second processor. 12 . At least one computer readable storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to: store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate. 13 . The computer readable storage medium of claim 12 , wherein the instructions when executed on the machine, cause the machine to authenticate the manifest using a platform registration certificate associated with the processor identified in the manifest. 14 . The computer readable storage medium of claim 12 , wherein the instructions when executed on the machine, cause the machine to issue a provisioning attestation certificate for the platform. 15 . The computer readable storage medium of claim 14 , wherein the instructions when executed on the machine, cause the machine to distribute the provisioning attestation certificate to a provisioning service. 16 . The computer readable storage medium of claim 12 , wherein the instructions when executed on the machine, cause the machine to: receive a request to add a new processor to a platform, the request comprising a unique platform identifier and a unique identifier for the new processor; authenticate the new processor using a platform registration certificate for the new processor; and transmitting to an existing processor in the platform an approval message that includes a platform registration key for the new processor. 17 . A system comprising: at least one processor; at least one memory element; and a registration service module executable by the at least one processor to: store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate. 18 . The system of claim 17 , wherein the registration service module is executable by the at least one processor to authenticate the manifest using the device certificate associated with the processor identified in the manifest. 19 . The system of claim 17 , wherein the registration service module is executable by the at least one processor to issue a provisioning attestation certificate for the platform. 20 . The system of claim 17 , wherein the registration service module is executable by the at least one processor to distribute the provisioning attestation certificate to a provisioning service. 21 . The system of claim 17 , wherein the registration service module is executable by the at least one processor to: receive a request to add a new processor to a platform, the request comprising a unique platform identifier and a unique identifier for the new processor; authenticate the new processor using a platform registration certificate for the new processor; and transmit to an existing processor in the platform an approval message that includes a platform registration key for the new processor.
Assignees
Inventors
Classifications
- H04L9/3263Primary
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use · CPC title
- H04L9/14Primary
using a plurality of keys or algorithms · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017366359A1 cover?
- Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registr…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).