TPM Identity

• Owner of a TP can create a pseudo ID

• Platform Identity not a user Identity

• The TPM will create an identity-binding

• Identity-binding, data and credentials are send encrypted with the P-CA public key

• P-CA checks all supplied data for consistency (Platform, Endorsement, Conformance Certificates, identity-binding)

  • Creates Attestation Credential and is encrypted so that only the specific TPM can decrypt it

• TPM decrypts and checks for the identity key sent to the P-CA

• And finally if the signed identity key matches to the TPM created one it will release the ID to the host platform

• User choice for the P-CA

Notes: