Mutual authentication procedure for Trusted Platform Modules with exchange of credentials

摘要

According to the invention Trusted Platform Modules (TPM)are given binding policies which specify the conditions under which they are allowed to interact with each other. Upon initiating communication or similar the TPMs exchange information about themselves with the other party. The receiver then checks this information against its policy and either allows or denies the communication accordingly. The information exchanged could relate to CPUs, BIOS, memory or other hardware details, user signatures, passwords or other security information. Policies may specify binding time-outs, limit the number of bindings, security levels or other things. The TPMs may exchange public keys to establish secure channels for exchanging this information and may establish encrypted tunnels for subsequent communication. Bindings may be peer to peer or master-slave. In the latter case the master may be able to modify characteristics and settings of the slave.