Re: Intel EPID For Device Onboarding


Drasko DRASKOVIC
 

On Tue, Oct 31, 2017 at 2:16 PM, Gardner, Doug <Doug.Gardner@...> wrote:
Hello Drasko,

We have looked into EPID also. It is interesting if the customer is concerned about privacy (consumer). The issues with the system is you must get all your keys from Intel as they are the only EPID key provider today.
I actually understood that they pushed this as a open ISO standard, so
that everybody would be capable to implement both server side (key
production and storage) and device side SW.

They say in the paper:
"To help take Intel EPID adoption to the next level, Intel has
contributed Intel EPID technology to leading industry organizations
for certification. As a result, Intel EPID is now:
- An International Standards Organization standard for identity and
privacy (ISO/IEC 20008, 20009)
- A Trusted Computing Group (TCG) standard for attestation.
Intel has also made Intel EPID technology available to processor,
microcontroller, and device manufacturers as open source under the
Apache 2 license."

These are the standards they are mentioning:
https://www.iso.org/standard/57018.html and
https://www.iso.org/standard/50341.html.

Best regards,
Drasko DRASKOVIC
Mainflux Author and Technical Advisor

www.mainflux.com | Industrial IoT Cloud
-------------------------------------------------------------------
Engineering Division | Paris, France

LinkedIn: https://www.linkedin.com/in/draskodraskovic
Twitter: @draskodraskovic

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.