Credential validation

摘要

A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

主权项

1. A non-transitory computer-readable medium storing instructions that, when executed by a host computing device, cause the host computing device to:
receive, from a direct anonymous attestation (DAA) issuer computing system, a DAA credential; derive, from the DAA credential, a base name point; provide, to a trusted platform module embedded on the host computing device, a message and the base name point, the trusted platform module including computer storage for protecting security of a public key value associated with the base name point; issue a signature command to the trusted platform module requesting that the trusted platform module execute a signature routine to sign the message using the base name point as input to the signature routine; receive, from the trusted platform module, a version of the message signed by the trusted platform module and including the public key value; determine, based on the version of the message signed by the trusted platform module and the base name point, that the DAA credential is valid; and store the public key value in computer-readable memory.