In many situations, a computing platform is verified by another computing system as being “trusted” meaning, for example, that the latter computing system is assured of a particular configuration for the computing system being verified (e.g., that certain software loaded on the computing platform). For example, the computing system wishing to verify a computing platform may not want to provide access to the computing platform unless the platform has a particular operating system, certain anti-virus software, etc.
Direct Anonymous Attestation (DAA) is a scheme in which an issuing entity is in charge of verifying the legitimacy of a particular platform which, in turn, verifies itself to a remote system. The issuing entity issues a DAA credential to the platform once the platform has verified itself to the issuing entity. The platform then may prove to the remote system that the platform holds a valid DAA credential by providing a DAA signature to the remote system. Using DAA, the privacy of the platform being verified is preserved during the process that the platform proves its legitimacy to the remote system.