| CPC H04L 9/3073 (2013.01) [H04L 9/0866 (2013.01); H04L 9/3234 (2013.01); H04L 9/3265 (2013.01); H04L 9/3268 (2013.01); H04L 9/0877 (2013.01); H04L 9/50 (2022.05)] | 14 Claims |
|
1. A device comprising:
a hardware backed key store configured to:
generate a device key pair, the device key pair including a device private key and a device public key; and
based on the device private key, sign a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware backed key store;
generate a first application key pair, the first application key pair including first application private key and a first application public key;
based on the device private key, sign a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware backed key store;
communications circuitry configured to:
based on the device public key and the signed first attestation, register the device with a trusted authority;
based on the first application public key and the signed second attestation, register a first application of the device to a first server;
receive, from the trusted authority, a certificate attesting the device private key originated from the hardware backed key store; and
wherein registering the first application of the device includes providing the certificate to the first server.
|