1. Technical Field
The present invention relates to a system and method that authenticates a user to a computer system. More particularly, the present invention relates to a system and method that authenticates use of an encryption key based on a requested environment and user-supplied authentication data corresponding to the requested environment.
2. Description of the Related Art
A Trusted Platform Module (TPM) is a microchip that is included in a computer system's motherboard during manufacturing. A TPM provides facilities for secure generation of cryptographic keys, facilities to limit the use of keys for a particular purpose (e.g., for either signing, verification or encryption, decryption, etc.). The TPM also provides a hardware-based Random Number Generator.
In addition, the TPM can be used to authenticate a hardware device, such as the computer system where the TPM is installed. Because each TPM chip is unique to a particular device (e.g., computer system, etc.), it can perform platform authentication. While a TPM provide cryptographic functions that can be used to protect sensitive information, it does face certain challenges.
One challenge faced by a TPM is difficulty moving cryptographic keys from one system to another system. Because each TPM is a hardware-based cryptographic device unique to a particular device, keys generated using one computer system's TPM cannot easily be moved to another computer system without re-encrypting the keys using the new system's TPM.
Another challenge of a traditional TPM approach is that the computer system acts as a single environment. Users that use a common computer system often have to share keys in order to access sensitive information from the computer system. Removing access to one of the users often involves creating a new key shared with the remaining users.