Implicit Identity Based Device Attestation


This reference describes the foundational elements for Identity-Based Device Attestation.  In addition to providing a strong Device Identity rooted in hardware, Device Attestation is an extension to typical attestation schemes in that it also relies, implicitly, on a device’s statistically unique, cryptographically strong, identity.  This solution is compatible with IEEE 802.1AR – Secure Device Identity and is intended for devices containing a Device Identifier Composition Engine.

The approach described in this document builds on the Trusted Platform Architecture Hardware Requirements for a Device Identifier Composition Engine specification developed by the TCG Root of Trust for Measurement SG under the Embedded Systems WG.

The Implicit Identity Based Device Attestation architecture describes keys, cryptographic operations, and certificates for a cryptographic Device Attestation scheme.  In addition to strong Device Identity and Device Attestation, one possible use for this architecture is as a foundation for a secure storage (Sealing) implementation in resource constrained devices.