CPC H04L 9/14 (2013.01) [G06F 3/067 (2013.01); G06F 3/0622 (2013.01); G06F 3/0653 (2013.01); H04L 9/0822 (2013.01); H04L 9/0877 (2013.01); H04L 9/3234 (2013.01)] | 20 Claims |
8. A method performed by instructions executed by at least one computing device, the method comprising:
generating, by a management service, a volume encryption key for a gateway device that is associated with a gateway-specific account with the management service;
storing, in the gateway-specific account, a predetermined platform configuration register (PCR) mask that is identified based on a particular gateway model of the gateway device, the predetermined PCR mask specifying at least one PCR that measures extractor code of the gateway device that unseals volume encryption keys;
generating, by the management service, a sealing authorization policy based on the predetermined PCR mask and expected PCR values, wherein the management service identifies the predetermined PCR mask based on the gateway-specific account; and
transmitting, from the management service to the gateway device, a command to seal the volume encryption key in a non-volatile memory of a trusted platform module (TPM) of the gateway device based on the predetermined PCR mask and the expected PCR values.
|