Patent application number | Description | Published |
20090025067 | GENERIC EXTENSIBLE PRE-OPERATING SYSTEM CRYPTOGRAPHIC INFRASTRUCTURE - A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier. | 01-22-2009 |
20090031408 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 01-29-2009 |
20100082987 | TRANSPARENT TRUST VALIDATION OF AN UNKNOWN PLATFORM - A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components. | 04-01-2010 |
20100095120 | TRUSTED AND CONFIDENTIAL REMOTE TPM INITIALIZATION - Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running. | 04-15-2010 |
20110087896 | SECURE STORAGE OF TEMPORARY SECRETS - Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation. | 04-14-2011 |
20110099367 | KEY CERTIFICATION IN ONE ROUND TRIP - Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM. | 04-28-2011 |
20110099625 | TRUSTED PLATFORM MODULE SUPPORTED ONE TIME PASSWORDS - A Trusted Platform Module (TPM) can be utilized to implement One Time Password (OTP) mechanisms. One or more delegation blobs can be created by the TPM and the delegation authentication values of the delegation blobs can be based on the version number of the delegation blobs. A data blob with a protected secret can comprise a pointer to the delegation table of the TPM. The version number can be provided to an authority from which an OTP (a delegation authentication value) can be received. The OTP can be utilized to gain access to the secret and an authentication value of the key blob, which can be utilized to increase the version number of all associated delegation blobs. Policy limitations can be associated with the delegation blobs and can be enforced by policy enforcement mechanisms that can reference the TPM tick counter to enforce temporal policy restrictions. | 04-28-2011 |
20110167503 | TPM-BASED LICENSE ACTIVATION AND VALIDATION - A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices. | 07-07-2011 |
20110176682 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 07-21-2011 |
20110179282 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 07-21-2011 |
20110179283 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 07-21-2011 |
20110246785 | HARDWARE SUPPORTED VIRTUALIZED CRYPTOGRAPHIC SERVICE - A Trusted Platform Module (TPM) can be utilized to provide hardware-based protection of cryptographic information utilized within a virtual computing environment. A virtualized cryptographic service can interface with the virtual environment and enumerate a set of keys that encryption mechanisms within the virtual environment can utilize to protect their keys. The keys provided by the virtualized cryptographic service can be further protected by the TPM-specific keys of the TPM on the computing device hosting the virtual environment. Access to the protected data within the virtual environment can, thereby, only be granted if the virtualized cryptographic service's keys have been protected by the TPM-specific keys of the TPM on the computing device that is currently hosting the virtual environment. The virtualized cryptographic service's keys can be protected by TPM-specific keys of TPMs on selected computing devices to enable the virtual environment to be hosted by other computing devices. | 10-06-2011 |
20110307711 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 12-15-2011 |
20110314279 | Single-Use Authentication Methods for Accessing Encrypted Data - Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user. | 12-22-2011 |
20120110644 | GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT - An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations. | 05-03-2012 |
20120204020 | SELF REGULATION OF THE SUBJECT OF ATTESTATION - Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication. | 08-09-2012 |
20120275596 | CRYPTOGRAPHIC KEY ATTACK MITIGATION - Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data. | 11-01-2012 |
20120297200 | POLICY BOUND KEY CREATION AND RE-WRAP SERVICE - One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine. | 11-22-2012 |
20130013928 | Secure Credential Unlock Using Trusted Execution Environments - Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data. | 01-10-2013 |
20130031374 | FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices. | 01-31-2013 |
20130054946 | DIGITAL SIGNING AUTHORITY DEPENDENT PLATFORM SECRET - In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret. | 02-28-2013 |
20130145139 | REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE - Described herein are techniques for regulating access to a portable storage drive, that stores an operating system securely, using information regarding a host machine. In accordance with some of the techniques described herein, when a portable storage drive that stores an operating system securely is to be accessed by a host machine, information regarding the host machine, such as information regarding the hardware of the host machine, may be retrieved and evaluated to determine whether to grant access to the host machine. When the host machine is granted access, the host machine may access secured data stored on the portable storage drive in any suitable manner. In some cases, accessing the secured data may include decrypting the secured data and transferring decrypted data to another storage of the host machine. The decrypted information may include an operating system that is booted by the host machine. | 06-06-2013 |
20130145440 | REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE - Described herein are techniques for regulating access to a remote resource using two-factor authentication based on information regarding a host machine of a portable storage drive that stores an operating system that is booted by the host machine. The information regarding the host machine of a portable storage drive may be used as a second factor in a two-factor authentication. Such information regarding the host machine may include, in some embodiments, information retrieved from a secure storage of the host machine, such as from a cryptoprocessor of the host machine. The information may include an identifier for the host machine or may be a user credential pre-provisioned to the host machine to be used in two-factor authentication. | 06-06-2013 |
20130159729 | SOFTWARE-BASED TRUSTED PLATFORM MODULE - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices. | 06-20-2013 |
20130290724 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 10-31-2013 |
20130297944 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 11-07-2013 |
20130311786 | Cryptographic Key Attack Mitigation - Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data. | 11-21-2013 |
20130339729 | NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS - A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity. | 12-19-2013 |
20140040890 | TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINE CLONING - Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine. | 02-06-2014 |
20140089664 | TRUSTED AND CONFIDENTIAL REMOTE TPM INITIALIZATION - Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running. | 03-27-2014 |
20140101454 | SECURE CREDENTIAL UNLOCK USING TRUSTED EXECUTION ENVIRONMENTS - Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data. | 04-10-2014 |
20140129817 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 05-08-2014 |
20140137178 | ATTACK PROTECTION FOR TRUSTED PLATFORM MODULES - A trusted platform module stores information in a protected object having an associated policy. A program requesting access to the information is allowed to access the information if the policy is satisfied, and is denied access to the information if the policy is not satisfied. The trusted platform module uses one or more monotonic counters associated with the protected object to track attempts to access the information. If a threshold number of unsuccessful requests to access the information are received, then the trusted platform module locks the information to prevent the program from accessing the information for an indefinite amount of time. | 05-15-2014 |
20140304506 | NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS - A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity. | 10-09-2014 |
20150052610 | GLOBAL PLATFORM HEALTH MANAGEMENT - The use of one or more device health values to indicate the health status of a computing device may enable operating system developers to directly manage the security configuration of the computing device. The generation of a device health value involves initializing hardware components of a computing device and loading the operating system according to configuration settings during boot up of the computing device. The device health value is then generated based on a state of the hardware component and/or a state of a software stack that includes the operating system at boot up. The device health value may be compared to a reference health value to determine whether the computing device is in a secured state. | 02-19-2015 |