I have read this interesting blog post by Bruno
/community/openportit/vproexpert/blog/2011/03/08/identity-protection-built-into-the-chip http://communities.intel.com/community/openportit/vproexpert/blog/2011/03/08/identity-protection-bui... and several announcements from the INTEL newsroom about the Identity Protection Technology coming out now with the second generation of core i3/5/7 chips.
Until now I haven't found any exact technical specifications. It is said that IPT uses the same algorithms as for hardware tokens and also supports challenge response protocols.
My major question is however how does a website like ebay or paypal knows the secret with which this "hardware-token-on-a-chip" is initialized with. Is there some kind of central service providing this information for website owners?
Could someone please give a little more insight about that topic?
I appreciate any comments and information related to that topic.
Thanks for your help.
Basically, the provisioning process is composed of 4 steps;
1. Client initialize the provisioning process using the selected ISV (i.e. actually, Symantec or VASCO);
2. Server receive the request and randomly generate OTP seed, encrypted with a pre-shared key (ISV server must contact an Intel Server to do it);
3. Client receive and ACK the OTP seed;
4. Server confirm the provisioning;
We can have variations of this model, but basically is the overall process of provisioning.
I would recommend you read my blog post about this subject "/community/openportit/vproexpert/blog/2011/04/21/build-your-own-pc-with-identity-protection-technology-ipt-capable Build your own PC with Identity Protection Technology (IPT) capable"
-- Bruno Domingues