AUTOMATIC RECOVERY OF TPM KEYS

Information

  • Patent Application
  • 20080025513
  • Publication Number
    20080025513
  • Date Filed
    July 31, 2006
    18 years ago
  • Date Published
    January 31, 2008
    16 years ago
Abstract
A trusted platform module (TPM) is a silicon chip that constitutes a secure encryption key-pair generator and key management device. A TPM provides a hardware-based root-of-trust contingent on the generation of the first key-pair that the device creates: the SRK (storage root key). Each SRK is unique, making each TPM unique, and an SRK is never exported from a TPM. Broadly contemplated herein is an arrangement for determining automatically whether a TPM has been replaced or cleared via loading a TPM blob into the TPM prior to the first time it is to be used (e.g. when a security-related software application runs). If the TPM blob loads successfully, then it can be concluded that the TPM is the same TPM that was used previously. If the TPM blob cannot be loaded, then corrective action will preferably take place automatically to configure the new TPM.
Description

BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a schematic overview of a process according to the present invention.





DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to FIG. 1, in accordance with a presently preferred embodiment of the present invention, before configuring a TPM for the first time, a software key-pair (or base key) 106 is generated outside of the TPM. This base key is encrypted with a symmetric key that is derived from a password 100 that the security administrator specifies. This encrypted base key is then stored to disk, and designated as the backup base key (114).


An owner-auth 102 is then specified to take ownership of the TPM. The owner-auth 102 is preferably derived from the same password (specified by the security administrator) 100 that was used to encrypt the base key 106. This process generates a unique SRK 104 for the TPM and prepares the TPM for use. The base key 106 that was generated previously is imported into the TPM, with the SRK 104 as its parent. As a result of importing the base key into the TPM, a TPM blob is returned and stored to disk. Other TPM keys (e.g., as indicated at 108 and 110) can be generated as “children” of this base key, and used for various practical applications.


Each time a security-related software application runs, the TPM blob of the stored base key 106 is preferably loaded into the TPM. The TPM blob preferably contains components that are specific to the SRK 104 that existed at the time the TPM blob was generated, and will not load into any TPM whose SRK is different than the SRK that existed at the time the TPM blob was generated. If the TPM blob loads successfully, then it can be concluded that the TPM being used is the same TPM that was used previously. If the TPM blob does not load into the TPM, then this means the TPM has been replaced, and an automatic process will preferably recover the previous TPM's configuration and allow the base key 106 (and its child keys 108/110) to load.


To configure the new TPM identically to the one that was used to generate the original base key blob, the security administrator will be prompted for the password (100) that was used to configure the original TPM. A key will be derived from this password that will decrypt (112) the stored backup base key 114 that was previously used. Then, a TPM owner-auth will be derived from that password, which will be used to take ownership of the new TPM and generate a new SRK. The decrypted software base key will be imported into the TPM, with the new SRK as its parent. A new base key TPM blob will be generated that is specific to this new SRK, and this new TPM blob will be stored to disk. As a result of this automatic process, the new TPM is now ready for service with the same owner-auth 102 that had been configured previously.


It is to be understood that the present invention, in accordance with at least one presently preferred embodiment, includes elements that may be implemented on at least one general-purpose computer running suitable software programs. These may also be implemented on at least one Integrated Circuit or part of at least one Integrated Circuit. Thus, it is to be understood that the invention may be implemented in hardware, software, or a combination of both.


If not otherwise stated herein, it is to be assumed that all patents, patent applications, patent publications and other publications (including web-based publications) mentioned and cited herein are hereby fully incorporated by reference herein as if set forth in their entirety herein.


Although illustrative embodiments of the present invention have been described herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various other changes and modifications may be affected therein by one skilled in the art without departing from the scope or spirit of the invention.

Claims
  • 1. An apparatus comprising: an arrangement for generating a base key outside of a trusted platform module;an arrangement for importing the generated base key into a trusted platform module;said importing arrangement acting to produce a trusted platform module blob;an arrangement for ascertaining the usability of a trusted platform module in further operations via employing the trusted platform module blob.
  • 2. The apparatus according to claim 1, wherein said arrangement for ascertaining usability acts to load a trusted platform module blob upon initiation of a further operation.
  • 3. The apparatus according to claim 2, wherein said arrangement for ascertaining usability acts to load a trusted platform module blob upon initiation of a security-related software application run.
  • 4. The apparatus according to claim 2, wherein said arrangement for ascertaining usability acts to indicate that a currently used trusted platform module is the same as a previously used trusted platform module upon a successful load of a trusted platform module blob.
  • 5. The apparatus according to claim 2, wherein said arrangement for ascertaining usability acts to indicate that a currently used trusted platform module is the not the same as a previously used trusted platform module upon an unsuccessful load of a trusted platform module blob.
  • 6. The apparatus according to claim 5, further comprising an arrangement for automatically reconfiguring a new trusted platform module upon an unsuccessful load of a trusted platform module blob.
  • 7. The apparatus according to claim 6, further comprising: an arrangement for providing a backup base key corresponding to the generated base key; andan arrangement for providing a storage root key corresponding to the generated base key.
  • 8. The apparatus according to claim 7, wherein said arrangement for automatically reconfiguring acts to decrypt the backup base key and generate a new storage root key.
  • 9. The apparatus according to claim 8, wherein said arrangement for automatically reconfiguring acts to import the decrypted backup base key into the trusted platform module and produce a new trusted platform module blob.
  • 10. A method comprising: generating a base key outside of a trusted platform module;importing the generated base key into a trusted platform module, producing a trusted platform module blob;ascertaining the usability of a trusted platform module in further operations via employing the trusted platform module blob.
  • 11. The method according to claim 1, wherein wherein said ascertaining step comprises loading a trusted platform module blob upon initiation of a further operation.
  • 12. The method according to claim 11, wherein said ascertaining step comprises loading a trusted platform module blob upon initiation of a security-related software application run.
  • 13. The method according to claim 11, wherein said ascertaining step comprises indicating that a currently used trusted platform module is the same as a previously used trusted platform module upon a successful load of a trusted platform module blob.
  • 14. The method according to claim 11, wherein said ascertaining step comprises indicating that a currently used trusted platform module is the not the same as a previously used trusted platform module upon an unsuccessful load of a trusted platform module blob.
  • 15. The method according to claim 14, further comprising automatically reconfiguring a new trusted platform module upon an unsuccessful load of a trusted platform module blob.
  • 16. The method according to claim 15, further comprising: providing a backup base key corresponding to the generated base key; andproviding a storage root key corresponding to the generated base key.
  • 17. The method according to claim 16, wherein said arrangement for automatically reconfiguring acts to decrypt the backup base key and generate a new storage root key.
  • 9. The apparatus according to claim 8, wherein said automatically reconfiguring step comprises importing the decrypted backup base key into the trusted platform module and producing a new trusted platform module blob.
  • 20. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps, said method steps comprising: generating a base key outside of a trusted platform module;importing the generated base key into a trusted platform module, producing a trusted platform module blob;ascertaining the usability of a trusted platform module in further operations via employing the trusted platform module blob.