Patent application number | Description | Published |
20080270786 | APPARATUS AND METHOD FOR DIRECT ANONYMOUS ATTESTATION FROM BILINEAR MAPS - A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed. | 10-30-2008 |
20080270790 | APPARATUS AND METHOD FOR ENHANCED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for enhanced revocation of direct proof and direct anonymous attestation are described. In one embodiment a trusted hardware device verifies that membership of the device within a trusted membership group is not revoked according to a revocation list received with a challenge request from a verifier. Once such verification is performed, the device convinces the verifier of possessing cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. In one embodiment, the trusted hardware device computes a digital signature on a message received with the challenge request to the verifier if membership of the anonymous hardware device within a trusted membership group is verified. In one embodiment, the verifier authenticates the digital signature according to a public key of the trusted membership group to enable a trusted member device to remain anonymous to the verifier. Other embodiments are described and claimed. | 10-30-2008 |
20080307223 | APPARATUS AND METHOD FOR ISSUER BASED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for issuer based revocation of direct proof and direct anonymous attestation are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of revocation request to the trusted hardware device, including a base value B | 12-11-2008 |
20100082973 | Direct anonymous attestation scheme with outsourcing capability - A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer. | 04-01-2010 |
20100169650 | STORAGE MINIMIZATION TECHNIQUE FOR DIRECT ANONYMOUS ATTESTATION KEYS - A storage minimization technique for direct anonymous attestation (DAA) keys is presented. In one embodiment, the method includes deriving a random portion of a (DAA) private key from a device's fuse key, computing a point on an elliptical curve from the derived random portion and a master private key, and storing only one coordinate of the point in fuses within the device. Other embodiments are described and claimed. | 07-01-2010 |
20120023334 | METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 01-26-2012 |
20120137137 | METHOD AND APPARATUS FOR KEY PROVISIONING OF HARDWARE DEVICES - Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform. | 05-31-2012 |
20120159155 | Direct Anonymous Attestation Scheme with Outsourcing Capability - A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer. | 06-21-2012 |
20120284518 | METHOD OF ANONYMOUS ENTITY AUTHENTICATION USING GROUP-BASED ANONYMOUS SIGNATURES - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 11-08-2012 |
20130080771 | APPARATUS AND METHOD FOR DIRECT ANONYMOUS ATTESTATION FROM BILINEAR MAPS - A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed. | 03-28-2013 |
20130147511 | Offline Device Authentication and Anti-Counterfeiting Using Physically Unclonable Functions - The output of a physically unclonable function (PUF) may be processed to reduce its size. The post-processing result is served as a device intrinsic unclonable identifier and is signed by the device manufacturer to create a certificate stored on board the same device that includes the physically unclonable function. This scheme may not require online verification and complex error correction on PUFs in some cases. | 06-13-2013 |
20140082362 | METHOD OF ANONYMOUS ENTITY AUTHENTICATION USING GROUP-BASED ANONYMOUS SIGNATURES - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 03-20-2014 |
20140089659 | Method and apparatus for key provisioning of hardware devices - Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform. | 03-27-2014 |
20140091832 | INTEGRATED CIRCUITS HAVING ACCESSIBLE AND INACCESSIBLE PHYSICALLY UNCLONABLE FUNCTIONS - An integrated circuit substrate of an aspect includes a plurality of exposed electrical contacts. The integrated circuit substrate also includes an inaccessible set of Physically Unclonable Function (PUF) cells to generate an inaccessible set of PUF bits that are not accessible through the exposed electrical contacts. The integrated circuit substrate also includes an accessible set of PUF cells to generate an accessible set of PUF bits that are accessible through the exposed electrical contacts. Other apparatus, methods, and systems are also disclosed. | 04-03-2014 |
20140095883 | HARDENING OF DIRECT ANONYMOUS ATTESTATION FROM SIDE-CHANNEL ATTACK - Various embodiments are generally directed to hardening the performance of calculations of a digital signature system for authenticating computing devices against side-channel attacks. An apparatus comprises a processor circuit and an interface operative to communicatively couple the processor circuit to a network; a storage communicatively coupled to the processor circuit and arranged to store instructions operative on the processor circuit to digitally sign a message to create a first signature using a modular arithmetic operation arranged to compensate for a value of a variable greater than a modulus without use of a branching instruction; and transmit the first signature to a verifying server via the network. Other embodiments are described and claimed herein. | 04-03-2014 |
20140185795 | FUSE ATTESTATION TO SECURE THE PROVISIONING OF SECRET KEYS DURING INTEGRATED CIRCUIT MANUFACTURING - Embodiments of an invention for fuse attestation to secure the provisioning of secret keys during integrated circuit manufacturing are disclosed. In one embodiment, an apparatus includes a storage location, a physically unclonable function (PUF) circuit, a PUF key generator, an encryption unit, and a plurality of fuses. The storage location is to store a configuration fuse value. The PUF circuit is to provide a PUF value. The PUF key generator is to generate a PUF key based on the PUF value. The encryption unit is to encrypt the configuration fuse value using the PUF key. The PUF key and the configuration fuse value are to be provided to a key server. The key server is to determine that the configuration fuse value indicates that the apparatus is a production component, and, in response, provide a fuse key to be stored in the plurality of fuses. | 07-03-2014 |
20140189365 | SECURE KEY DERIVATION AND CRYPTOGRAPHY LOGIC FOR INTEGRATED CIRCUITS - A processor of an aspect includes root key generation logic to generate a root key. The root key generation logic includes a source of static and entropic bits. The processor also includes key derivation logic coupled with the root key generation logic. The key derivation logic is to derive one or more keys from the root key. The processor also includes cryptographic primitive logic coupled with the root key generation logic. The cryptographic primitive logic is to perform cryptographic operations. The processor also includes a security boundary containing the root key generation logic, the key derivation logic, and the cryptographic primitive logic. Other processors, methods, and systems are also disclosed. | 07-03-2014 |
20140189890 | DEVICE AUTHENTICATION USING A PHYSICALLY UNCLONABLE FUNCTIONS BASED KEY GENERATION SYSTEM - At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails. | 07-03-2014 |
20140201540 | SECURE KEY STORAGE USING PHYSICALLY UNCLONABLE FUNCTIONS - Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor. | 07-17-2014 |
20140205090 | METHOD AND SYSTEM FOR SECURELY COMPUTING A BASE POINT IN DIRECT ANONYMOUS ATTESTATION - A method and system computes a basepoint for use in a signing operation of a direct anonymous attestation scheme. The method and system includes computing a basepoint at a host computing device and verifying the base point at a trusted platform module (TPM) device. | 07-24-2014 |
20140218067 | GROUPING OF PHYSICALLY UNCLONABLE FUNCTIONS - A physically unclonable function (PUF) includes a plurality of PUF elements to generate an N-bit PUF signature. For each bit in the N-bit PUF signature, a PUF group of K number of individual PUF elements indicating a single-bit PUF value is used to generate a group bit. The group bits are more repeatable than the individual PUF elements. The value K may be selected such that (K+ | 08-07-2014 |
20140270177 | HARDENING INTER-DEVICE SECURE COMMUNICATION USING PHYSICALLY UNCLONABLE FUNCTIONS - Embodiments of an invention for hardened inter-device secure communication using physically unclonable functions are disclosed. In one embodiment, an apparatus includes a first storage location, a second storage location, a physically unclonable function (PUF) circuit, a PUF key generator, and an encryption unit. The first storage location is to store an embedded key. The second storage location is to store a fuse key. The PUF circuit is to provide a PUF value. The PUF key generator is to generate a PUF key based on the PUF value. The encryption unit is to receive from a key server a global key encrypted using the embedded key, decrypt the global key using the embedded key, encrypt the global key using the PUF key, and store the global key encrypted using the PUF key in the second storage location. | 09-18-2014 |