Abstract: A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

Abstract: A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

Abstract: A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterised by the algorithms and associated parameters that are selected to perform an operation.

Abstract: An apparatus includes a processor and a memory to implement a method to provide a proof that two or more instances of a data structure type are as trustworthy as each other.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

Abstract: An information security system is disclosed having a considerably simplified access control infrastructure. The number of secrets in a computer system domain is reduced to a minimum, yet individual users may still be identified and access to applications may still be individually controlled. The trusted entity in each of a plurality of platforms (100, 200, 202, 203) of the computer system may store an identity secret of the platform (100, 200, 202, 203) and may be trusted to use that secret in conjunction with an information label only when the platform (100, 200, 202, 203) is running the correct software to provide and/or take part in a particular service associated with that information label.

Abstract: A method includes generating a randomized base point and causing the randomized base point and a private key to be loaded into a signature engine device. The method also includes signing a message using the randomized base point and the private key as a base point as well as the private key in an elliptic curve cryptographic (ECC) signature.

Abstract: A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement.

Abstract: A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

Abstract: The present invention relates to trust in computing platforms and the like. In particular, embodiments of the invention provide a trusted computing entity (64), providing an environment comprising one or more of a set or sets of available security algorithms (62), the entity (64) being adapted to operate on data (702), which data has associated security criteria (704), only if the environment meets the associated security criteria.

Abstract: A method is described by which the possessor of a secret certified in a particular manner can prove to a party with which the possessor of a secret needs to interact that it does indeed possess a secret formed in the proper manner. In the context of trusted computing apparatus, this can be used to show that the secret has been provided by a legitimate manufacturer of such apparatus. A method and an architecture for revocation operable in this context is also described.

Abstract: Systems, methods, and other embodiments associated with updating firmware for a chip are described. One example method may include performing an external verification of updated firmware received and stored external to the chip to determine if the updated firmware is authentic. Upon determining that the updated firmware is authentic, the updated firmware is loaded into the chip. An internal verification of the updated firmware within the chip is performed to determine that the updated firmware is authentic. The internal verification is assured to succeed based on the external verification. Because the internal verification will succeed, the chip avoids reverting to a default firmware.

Abstract: A computing platform for receiving one or more electronic sites or services from a remote target computing platform is adapted to indicate, visually or otherwise, to a user thereof that the target computing platform includes a physically and logically protected computing environment.

Abstract: A data structure has within it the following elements: an identification of a data structure type; and a proof that two or more instances of the data structure type are as trustworthy as each other. Methods and devices using such data structures are described.

Abstract: An apparatus includes a processor and a memory to implement a method to provide a proof that two or more instances of a data structure type are as trustworthy as each other.

Abstract: A method includes generating a randomized base point and causing the randomized base point and a private key to be loaded into a signature engine device. The method also includes signing a message using the randomized base point and the private key as a base point as well as the private key in an elliptic curve cryptographic (ECC) signature.

Abstract: The present application describes a computing platform incorporating a trusted entity and storing, in non-volatile memory, one or more indicators, which indicate a current update status of an executable program code, and one or more expected values associated with measurement of the program code, the trusted entity being programmed to update the one or more indicators, by reference to the expected values, in response to a measured change in a current update status of the program code.

Abstract: A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement.