SSL Client Authentication with TPM

Shohei KAKEI  Masami MOHRI  Yoshiaki SHIRAISHI  Masakatu MORII  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E99-D   No.4   pp.1052-1061
Publication Date: 2016/04/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2015CYP0012
Type of Manuscript: Special Section PAPER (Special Section on Cyberworlds)
Category: 
Keyword: 
Trusted Platform Module,  public key certificate,  OpenID,  SSL,  client certificate,  

Full Text: PDF(1.8MB)
>>Buy this Article


Summary: 
TPM-embedded devices can be used as authentication tokens by issuing certificates to signing keys generated by TPM. TPM generates Attestation Identity Key (AIK) and Binding Key (BK) that are RSA keys. AIK is used to identify TPM. BK is used to encrypt data so that specific TPM can decrypt it. TPM can use for device authentication by linking a SSL client certificate to TPM. This paper proposes a method of an AIK certificate issuance with OpenID and a method of the SSL client certificate issuance to specific TPM using AIK and BK. In addition, the paper shows how to implement device authentication system using the SSL client certificate related to TPM.