| 发明名称 |
MIGRATING SECRETS USING HARDWARE ROOTS OF TRUST FOR DEVICES |
| 摘要 |
Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource. |
| 申请公布号 |
US2017104580(A1) |
申请公布日期 |
2017.04.13 |
| 申请号 |
US201514880813 |
申请日期 |
2015.10.12 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Wooten David R.;Marochko Andrey;Mattoon Dennis;England Paul |
| 分类号 |
H04L9/00;G06F9/445;G06F21/57;G06F21/71;H04L9/08 |
主分类号 |
H04L9/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A device comprising:
a processor; and a computer-readable medium including modules, the modules when executed by the processor, configure the device to perform a secure boot process based at least in part on receiving an update for software, the modules comprising:
a cryptographic module configured to secure the device by:
generating a sealing seed;generating a migration key based at least in part on the sealing seed and at least one software descriptor associated with a previous version of the software; andgenerating a sealing key based at least in part on the sealing seed and at least one software descriptor associated with a new version of the software. |
| 地址 |
Redmond WA US |
