Towards an open, trusted digital rights management platform
Proceedings of the ACM workshop on Digital rights management
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
The Trusted Execution Module: Commodity General-Purpose Trusted Computing
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hidden credential retrieval from a reusable password
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Towards user-friendly credential transfer on open credential platforms
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Secure data management in trusted computing
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Enabling fairer digital rights management with trusted computing
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.02 |
Hardware-based trusted execution environments (TEEs) allow remote provisioning of secure credentials. In a closed credential platform installation of credentials to a TEE is controlled by a centralized authority. Due to the central control point credential life cycle management in closed credential platforms is straight-forward to implement, but credential installation is limited to credentials approved by the control point. Open credential platforms allow free credential provisioning by any credential issuer, but subsequent credential life cycle management is more challenging to realize. In this paper we identify requirements for credential life cycle management and outline a model that meets the needs of both credential issuers and end users. We compare credential life cycle management in open and closed platforms, and conclude that contrary to a common perception open provisioning model does not have to imply reduced security or usability in subsequent credential management.