IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0238440
(2005-09-29)
|
등록번호 |
US-7809957
(2010-10-26)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
Blakely, Sokoloff, Taylor & Zafman LLP
|
인용정보 |
피인용 횟수 :
11 인용 특허 :
179 |
초록
▼
Embodiments of a method and system for creating sealed data are disclosed herein. A trusted platform module (TPM) is used to seal data and other information in a sealed blob. In one embodiment, a monotonic counter parameter is included in the sealed blob. In another embodiment, a tick counter parame
Embodiments of a method and system for creating sealed data are disclosed herein. A trusted platform module (TPM) is used to seal data and other information in a sealed blob. In one embodiment, a monotonic counter parameter is included in the sealed blob. In another embodiment, a tick counter parameter is included in the sealed blob. In yet another embodiment, a session parameter is included in the sealed blob. In each instance, the data is only released if the associated parameter included in the blob corresponds to a current parameter. Other embodiments are described and claimed.
대표청구항
▼
What is claimed is: 1. A method for creating single use data, the method comprising: determining, with a trusted platform module of a computing device, a key for sealing the data; receiving a selection of a counter, from a plurality of currently available counters of the trusted platform module, to
What is claimed is: 1. A method for creating single use data, the method comprising: determining, with a trusted platform module of a computing device, a key for sealing the data; receiving a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a counter parameter for sealing the data; associating a counter parameter obtained from the selected counter with the data; and the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter. 2. The method of claim 1, further comprising associating at least one platform configuration register (PCR) with the data. 3. The method of claim 1, wherein the counter parameter includes monotonic counter parameters. 4. The method of claim 3, wherein the monotonic counter parameters comprise a counter ID, a minimum counter value, and a maximum counter value. 5. The method of claim 4, further comprising: unsealing the data, counter ID, minimum counter value, and maximum counter value, analyzing the unsealed counter ID, minimum counter value, and maximum counter value, releasing the data if the counter ID, minimum counter value, and maximum counter value correspond to current values, and automatically incrementing a counter parameter for a monotonic counter identified by the counter ID in response to the releasing. 6. The method of claim 2, wherein the counter parameter includes tick counter parameters. 7. The method of claim 6, wherein the tick counter parameters comprise a tick nonce, a minimum tick value, and a maximum tick value. 8. The method of claim 7, further comprising: unsealing the data, tick nonce, minimum tick value, and maximum tick value, analyzing the unsealed tick nonce, minimum tick value, and maximum tick value, and releasing the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values. 9. A computer-readable storage medium having stored thereon instructions, which when executed in a system operate to create single use data by: determining a key for sealing the data; receiving a selection of a counter, from a plurality of currently available counters of a trusted platform module, to provide a counter parameter for sealing the data; and associating a counter parameter obtained from the selected counter with the data; and the trusted platform module using the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected counter and the counter parameter. 10. The medium of claim 9, wherein the counter parameter comprises monotonic counter parameters. 11. The medium of claim 10, wherein the monotonic counter parameters comprise a counter ID, a minimum counter value, and a maximum counter value. 12. The medium of claim 11, wherein the operation further comprises: unsealing the data, counter ID, minimum counter value, and maximum counter value, and releasing the data if the counter ID, minimum counter value, and maximum counter value correspond to current values. 13. The medium of claim 9, wherein the counter parameter further comprises tick counter parameters. 14. The medium of claim 13, wherein the tick counter parameters further comprise a tick nonce, a minimum tick value, and a maximum tick value. 15. The medium of the 14, wherein the operation further comprises: unsealing the data, tick nonce, minimum tick value, and maximum tick value, and releasing the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values. 16. A system configured to create single use data, the system comprising: a trusted platform module (TPM) configured to, determine a key for sealing the data; receive a selection of a counter, from a plurality of currently available counters of the TPM, to provide a counter parameter for sealing the data; associate a counter parameter obtained from the selected counter with the data; and use the key to seal the data, a pointer to the selected counter, and the counter parameter into a secure storage blob to enable the TPM to enforce use limitations on the data utilizing the selected counter and the counter parameter. 17. The system of claim 16, wherein the counter parameter includes monotonic counter parameters. 18. The system of claim 17, wherein the monotonic counter parameters include a counter ID, a minimum counter value, and a maximum counter value. 19. The system of claim 18, wherein the TPM is further configured to: unseal the data, counter ID, minimum counter value, and maximum counter value, and release the data if the counter ID, minimum counter value, and maximum counter value correspond to current values. 20. The system of claim 16, wherein the counter parameter includes tick counter parameters. 21. The system of claim 20, wherein the tick counter parameters include a tick nonce, a minimum tick value, and a maximum tick value. 22. The system of claim 21, wherein the TPM is further configured to: unseal the data, tick nonce, minimum tick value, and maximum tick value, release the data if the tick nonce, minimum tick value, and maximum tick value correspond to current values. 23. A method of generating sealed data, the method comprising determining, with a trusted platform module of a computing device, a key for sealing the data; receiving at least one of a selection of a counter, from a plurality of currently available counters of the trusted platform module, to provide a parameter for sealing the data, or a selection of a session handle; associating a parameter with the data, wherein the parameter is selected from a group consisting of a counter parameter and a session parameter; and the trusted platform module using the key to seal the data and the parameter into a secure storage blob to enable the trusted platform module to enforce use limitations on the data utilizing the selected at least one of the counter or the session handle. 24. The method of claim 23, wherein the parameter comprises a session handle. 25. The method of claim 23, wherein the parameter comprises a monotonic counter parameter and a pointer to a selected monotonic counter. 26. The method of claim 23, wherein the parameter comprises a tick counter parameter and a pointer to a selected tick counter parameter.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.