https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079780#M545 <P>Hi, Francis.</P> <P>You can find the information about the EPID provisioning here:&nbsp;https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services</P> <P>Cheers,</P> <P>Rodolfo</P> Tue, 08 Nov 2016 18:08:06 GMT Rodolfo_S_ 2016-11-08T18:08:06Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079779#M544 <P>Hi Intel!</P> <P>With Regards to Remote Attestation:</P> <P>As I understood the documentation so far, it revolves around the fact that client already has an Attestation Key.&nbsp;<SPAN style="font-size: 1em;">Which it will use to sign/create a QUOTE that will serve as a response to a challenge by a Challenger/Server...</SPAN></P> <P>&nbsp;</P> <P>Question is: Where did this Attestation Key come from? Is it already there in the Intel CPU out of the box like the Root Provisioning Key?</P> Tue, 08 Nov 2016 16:35:00 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079779#M544 francis_l_ 2016-11-08T16:35:00Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079780#M545 <P>Hi, Francis.</P> <P>You can find the information about the EPID provisioning here:&nbsp;https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services</P> <P>Cheers,</P> <P>Rodolfo</P> Tue, 08 Nov 2016 18:08:06 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079780#M545 Rodolfo_S_ 2016-11-08T18:08:06Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079781#M546 <P></P><BLOCKQUOTE>Rodolfo S. wrote:<BR /><P></P> <P>Hi, Francis.</P> <P>You can find the information about the EPID provisioning here:&nbsp;<A href="https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services">https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisi...</A></P> <P>Cheers,</P> <P>Rodolfo</P> <P></P></BLOCKQUOTE><P></P> <P>&nbsp;</P> <P>Hi Rodolfo,</P> <P>Thanks! It's getting a bit clearer now...&nbsp;<SPAN style="font-size: 1em;">Just a few more clarification to finish the big picture:</SPAN></P> <P>1) In "4.4.3 Message 3: Client Response" it mentioned that:<BR /> "<EM>...the provisioning enclave conducts the EPID blind join protocol with Intel, including the liveness challenge issued in message 2. At the completion of this protocol, the provisioning enclave will have a private EPID key, and Intel will not know what it is. </EM>"</P> <P>So after proving its TCB to the Provisioning server, does this mean that the EPID/Attestation_Key won't travel along the wire, rather it is computed by the SGx client application itself?</P> <P>&nbsp;</P> <P>2) In "4.4.4 Message 4: Server Completion":</P> <P>What is then the "<EM>...the verification of the proof of platform TCB and the blind join are verified and the member’s key is certified...</EM>"?</P> <P>I mean, since the client now has computed its own EPID, what is this data being sent in Message 4, what it will be used for making it security sensitive that a secured connection is needed for it?</P> Tue, 08 Nov 2016 20:36:28 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079781#M546 francis_l_ 2016-11-08T20:36:28Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079782#M547 <P>Hi Rodolfo, ive got the same question as you..did you have a clearer answer about it now? thanks</P> <P>Hi Rodolfo,</P> <P>Thanks! It's getting a bit clearer now...&nbsp;Just a few more clarification to finish the big picture:</P> <P>1) In "4.4.3 Message 3: Client Response" it mentioned that:<BR /> "<EM>...the provisioning enclave conducts the EPID blind join protocol with Intel, including the liveness challenge issued in message 2. At the completion of this protocol, the provisioning enclave will have a private EPID key, and Intel will not know what it is. </EM>"</P> <P>So after proving its TCB to the Provisioning server, does this mean that the EPID/Attestation_Key won't travel along the wire, rather it is computed by the SGx client application itself?</P> <P>&nbsp;</P> <P>2) In "4.4.4 Message 4: Server Completion":</P> <P>What is then the "<EM>...the verification of the proof of platform TCB and the blind join are verified and the member’s key is certified...</EM>"?</P> <P>I mean, since the client now has computed its own EPID, what is this data being sent in Message 4, what it will be used for making it security sensitive that a secured connection is needed for it?</P> <P></P> Wed, 11 Oct 2017 14:04:25 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Attestation-Key-source-entity/m-p/1079782#M547 jamason 2017-10-11T14:04:25Z