Device attestation provides assurance that a physical device such as a computer, smartphone or tablet, is a trusted and secure device. In conventional device attestation, each device is given a unique private key, which is then attested one way or another (usually by involving a third party). Unfortunately, in many cases, this unique private key (and/or associated public key cryptography) may be prohibitively expensive to deploy and in many other cases, the “third party” requirement becomes inconvenient. In some other device attestations known in the art (such as High-bandwidth Digital Content Protection (HDCP)), attestation is based on one single key common for all devices, and as soon as this single key is extracted (and potentially published), such attestation becomes insecure.
In addition, conventional attestation methods (based on device private key) can be circumvented by extracting the private key from the device and running a software emulator using this extracted private key.
Therefore, there is a need in the art for device attestation that eliminates the private device key and the third party attestation service, while avoiding relying on the single shared key. Additionally, there is a need for device attestation that can complement the conventional attestation methods to prevent an attacker from using purely software emulators even if the private key of the device has been extracted by the attacker.