Method and apparatus for trusted authentication and logon

摘要

A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider.

主权项

1. A method for trusted authentication and access from a user platform associated with a user, the user platform comprising a trusted module, the method comprising:
logging onto a service provider using a predetermined identity associated with the user, wherein the user platform is directed to an identity provider that is associated with the predetermined identity; the user platform receiving an authentication challenge from the identity provider; in response to the authentication challenge, performing an authentication of the user; when the authentication is successful, the user platform obtaining a certificate that indicates a certification of the trusted module by a certification authority; generating, at the trusted module; an authentication response to the authentication challenge wherein the authentication response comprises the certificate, and the certificate indicates the certification of the trusted module by the certification authority; if a verification of the authentication response is successful, the user platform accessing the service provider upon receiving a status message indicating that the verification was successful, thereby ensuring that the user of the user platform is legitimate; and if the verification fails, receiving a message associated with a cause of the failed verification.