US 12,069,040 B2
Credential dependency encoding and verification based on other credential resources
Ned M. Smith, Beaverton, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Appl. No. 16/957,693
Filed by Intel Corporation, Santa Clara, CA (US)
PCT Filed Sep. 28, 2018, PCT No. PCT/US2018/053456
§ 371(c)(1), (2) Date Jun. 24, 2020,
PCT Pub. No. WO2019/172959, PCT Pub. Date Sep. 12, 2019.
Claims priority of provisional application 62/639,849, filed on Mar. 7, 2018.
Prior Publication US 2020/0366668 A1, Nov. 19, 2020
Int. Cl. H04L 9/40 (2022.01); H04L 67/142 (2022.01); H04L 67/02 (2022.01)
CPC H04L 63/0823 (2013.01) [H04L 63/20 (2013.01); H04L 67/142 (2013.01); H04L 67/02 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A device, comprising:
processing circuitry; and
a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations comprising:
receiving a request for a credential resource;
identifying the credential resource stored at a first location, the credential resource comprising data that includes at least one authentication credential and a credential path that indicates a dependency to an entity at a second location associated with the at least one authentication credential, wherein the credential path links to at least one dependent authentication credential at the second location, and wherein the respective authentication credentials comprise a key or a certificate used to attest to one or more trust properties;
identifying dependency characteristics of the credential resource, based on the dependency indicated in the credential path;
retrieving the at least one dependent authentication credential from the second location indicated in the credential path, wherein the at least one dependent authentication credential is retrieved based on a type of the dependency and at least one trust anchor specified by the credential path;
populating the credential resource to include data from the at least one dependent authentication credential, wherein the at least one dependent authentication credential is populated in the credential resource based on the dependency characteristics including a use and format of the at least one dependent authentication credential; and
transmitting the populated credential resource in response to the request; wherein the credential resource includes an end-entity key, and wherein the dependency indicated in the credential path is linked to a trusted computing key of a trusted computing module that attests to trust properties of the end-entity key.