Many companies and other organizations operate computer networks that interconnect computing systems to support their operations. In particular, public data centers housing significant numbers of interconnected computing systems have become commonplace. As these public data centers emerge in the marketplace, use of various hardware security systems such as trusted platform modules or TPMs have also gained more prominence. TPMs, in particular, are designed provide trusted information about a piece of computer hardware (e.g., via a TPM quote) which may be used to verify the hardware before it is used.
However, it is notoriously difficult to establish a persistent one-to-one mapping between an identifier and the TPM. The reason for making the mapping difficult is privacy concerns and this means that it is generally impossible to use manufacturer provisioned unique secrets like the Endorsement Key (EK) for this purpose. The suggested workaround is to use yet another user generated identifier called the Attestation Identity Key (AIK). The AIK is certified using the EK, and can then be used as an identity proxy for the EK. However, the AIK is not a persistent identifier because it is tied to the impermanent TPM Storage Root Key (SRK), which can be reset using the TPM reset operation. For example, resetting the TPM will result in the generation of a new SRK, which effectively destroys all derived keys, including the AIK. Furthermore, since the EK is limited to decryption only, it cannot be used as a signing key of the TPM. The lack of a usable persistent identifier for the TPM and a set of persistent keys for the TPM make TPM-based device more difficult to use and less trustworthy.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include,” “including,” and “includes” mean including, but not limited to.
It will also be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first contact could be termed a second contact, and, similarly, a second contact could be termed a first contact, without departing from the scope of the present invention. The first contact and the second contact are both contacts, but they are not the same contact.