FIELD: information encryption.
SUBSTANCE: invention relates to the generation of a key attestation certificate with ensuring the anonymity of a device. A computing device sends a request for an attestation certificate to an attestation service along with information regarding the hardware and/or software of the device. The attestation service processes the request and verifies information received from the device. After verifying information, the attestation service selects a public/secret key pair from a set of repeatedly used public/secret key pairs and generates an attestation certificate for the device and a public key of the public/secret key pair. This attestation certificate is digitally signed by the attestation service and returned to the device. A secret key of the selected public/secret key pair is also encrypted into a trusted secure component of the device, ensuring that the key cannot be stolen by malicious software and reused on another device, and returned to the device. The device uses this attestation certificate to provide access to trusted parties and optionally generates additional public/secret key pairs and attestation certificates.
EFFECT: preserving the confidentiality of information, ensuring the anonymity of devices when generating key attestation.
20 cl, 6 dwg
