DRM with remote attestation (Re: A talk on Intellectual Property and National Defense)
Adam Back
adam at cypherspace.org
Tue Feb 4 17:16:50 EST 2003
No that's not the way it would work.
There would be a secure remote attestation certified by the
endoresment key which is signed by the hw manufacturer and never
leaves the device. Bound to this attestation would be a key exchange
which results the device negotiating a shared key with the music
server. The music server keys would be sealed with keys derived from
your current software state (OS, BIOS etc).
Then you can boot anyway you like, online or offline, just if you ever
boot without the right state the TPM can't recompute the sealing keys
and so you can't access data sealed under that state.
Adam
--
(Personal comments only)
On Tue, Feb 04, 2003 at 12:36:25PM -0500, Trei, Peter wrote:
> 'secure remote attestation that the boot
> sequence was followed'
>
> seems to imply that a net connection back
> to Hollywood would be required to boot.
>
> 'All your computer are belong to us'.
>
> Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list