Baseband secure boot with remote storage
US-2016232343-A1 · Aug 11, 2016 · US
Migrating secrets using hardware roots of trust for devices
US9917687B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9917687-B2 |
| Application number | US-201514880813-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 12, 2015 |
| Priority date | Oct 12, 2015 |
| Publication date | Mar 13, 2018 |
| Grant date | Mar 13, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.
First claim
Opening claim text (preview).
What is claimed is: 1. A device comprising: a processor; and a computer-readable storage device including modules, the modules when executed by the processor, configure the device to perform a secure boot process based at least in part on receiving an update for software, the modules comprising: a cryptographic module configured to secure the device by: generating a sealing seed, based at least in part on a fuse-derived secret value of the device, by hashing a concatenation of the fuse-derived secret value of the device to a device sealing constant; generating a migration key based at least in part on the sealing seed and at least one software descriptor associated with a previous version of the software; generating a sealing key based at least in part on the sealing seed and at least one software descriptor associated with a new version of the software, wherein the sealing key is used to generate one or more encryption keys; and encrypting secrets of the software based on the generating sealing key. 2. A device as claim 1 recites, wherein: the cryptographic module is configured to execute a cryptographic function to generate the migration key from the at least one software descriptor associated with the previous version of the software using the sealing seed; and the cryptographic module is configured to execute a cryptographic function to generate the sealing key from the at least one software descriptor associated with the new version of the software using the sealing seed. 3. A device as claim 1 recites, wherein: the software includes a first software component and a second software component; to generate the migration key, the cryptographic module is configured to: execute a first cryptographic function to generate an intermediate migration key from a first software descriptor associated with a previous version of the first software component using the sealing seed; and execute a second cryptographic function to generate the migration key from a second software descriptor associated with a previous version of the second software component using the intermediate migration key; and to generate the sealing key, the cryptographic module is configured to: execute a third cryptographic function to generate an intermediate sealing key from a first software descriptor associated with a new version of the first software component using the sealing seed; and execute a fourth cryptographic function to generate the sealing key from a second software descriptor associated with a new version of the second software component using the intermediate key. 4. A device as claim 1 recites, the modules further comprising a migration module configured to retrieve secrets associated with the previous version of the software using the migration key. 5. A device as claim 4 recites, wherein the cryptographic module is further configured to generate one or more decryption keys using the migration key, and wherein to retrieve the secrets the migration module is configured to decrypt the secrets using the one or more decryption keys. 6. A device as claim 4 recites, the modules further comprising a sealing module configured to seal the secrets for the new version of the software using the sealing key. 7. A device as claim 6 recites, wherein the cryptographic module is further configured to generate one or more encryption keys using the sealing key, and wherein to seal the secrets the sealing module is configured to encrypt the secrets using the one or more encryption keys. 8. A method comprising: receiving an update for a software; generating a sealing seed, based at least in part on a fuse-derived secret value of a device executing the software, by hashing a concatenation of the fuse-derived secret value of the device to a device sealing constant; generating a migration key based at least in part on the sealing seed and at least one software descriptor associated with a previous version of the software; generating a sealing key based at least in part on the sealing seed and at least one software descriptor associated with a new version of the software, wherein the sealing key is used to generate one or more encryption keys; and encrypting secrets of the software based on the generating sealing key; wherein the above steps are performed by the device. 9. A method as claim 8 recites, wherein: generating the migration key comprises executing a cryptographic function to generate the migration key from the at least one software descriptor associated with the previous version of the software using the sealing seed; and generating the sealing key comprises executing a cryptographic function to generate the sealing key from the at least one software descriptor associated with the new version of the software using the sealing seed. 10. A method as claim 8 recites, wherein: the software includes a first software module and a second software module; generating the migration key comprises: executing a first cryptographic function to generate an intermediate migration key from a first software descriptor associated with a previous version of the first software module using the sealing seed; and executing a second cryptographic function to generate the migration key from a second software descriptor associated with a previous version of the second software module using the intermediate migration key; and generating the sealing key comprises: executing a third cryptographic function to generate an intermediate sealing key from a first software descriptor associated with a new version of the first software module using the sealing seed; and executing a fourth cryptographic function to generate the sealing key from a second software descriptor associated with a new version of the second software module using the intermediate key. 11. A method as claim 8 recites, further comprising retrieving secrets associated with the previous version of the software using the migration key. 12. A method as claim 11 recites, further comprising generating one or more decryption keys using the migration key, and wherein retrieving the secrets comprises decrypting the secrets using the one or more decryption keys. 13. A method as claim 11 recites, further comprising sealing the secrets for the new version of the software using the sealing key. 14. A method as claim 13 recites, further comprising generating one or more encryption keys using the sealing key, and wherein sealing the secrets comprises encrypting the secrets using the one or more encryption keys. 15. A computer-readable storage device having computer-executable instructions to program a device to perform operations comprising: receiving an update for a software; generating a sealing seed, based at least in part on a fuse-derived secret value of the device, by hashing a concatenation of the fuse-derived secret value of the device to a device sealing constant; generating a migration key based at least in part on the sealing seed and at least one software descriptor associated with a previous version of the software; generate a sealing key based at least in part on the sealing seed and at least one software descriptor associated with a new version of the software, wherein the sealing key is used to generate one or more encryption keys; and encrypting secrets of the software based on the generating sealing key. 16. A computer-readable storage device as claim 15 recites, wherein: generating the migration key comprises executing a cryptographic function to generate the migration key from the at least one software descriptor associated
Assignees
Inventors
Classifications
- G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
to assure secure computing or processing of information · CPC title
Test or assess a computer or a system · CPC title
Secure boot · CPC title
- H04L9/002Primary
Countermeasures against attacks on cryptographic mechanisms (network architectures or network communication protocols for protection against malicious traffic H04L63/1441) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9917687B2 cover?
- Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with …
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 13 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).