For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
SSL Client Authentication with TPM
Shohei KAKEI Masami MOHRI Yoshiaki SHIRAISHI Masakatu MORII
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2016/04/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Cyberworlds)
Trusted Platform Module, public key certificate, OpenID, SSL, client certificate,
Full Text: PDF(1.8MB)
>>Buy this Article
TPM-embedded devices can be used as authentication tokens by issuing certificates to signing keys generated by TPM. TPM generates Attestation Identity Key (AIK) and Binding Key (BK) that are RSA keys. AIK is used to identify TPM. BK is used to encrypt data so that specific TPM can decrypt it. TPM can use for device authentication by linking a SSL client certificate to TPM. This paper proposes a method of an AIK certificate issuance with OpenID and a method of the SSL client certificate issuance to specific TPM using AIK and BK. In addition, the paper shows how to implement device authentication system using the SSL client certificate related to TPM.