Preparing a Device

Table of Contents

• Bulk Provisioning
• Dynamic Provisioning
• Issuer Material
  • Issuer Material for Verifiers
  • Issuer Material for Members

In order to be an Intel® EPID device, members need to be provisioned with a member private key and group public key. Members can get member private keys through bulk or dynamic provisioning.

For Intel® EPID verifiers to function, they need access to a group public key and revocation lists.

All Intel® EPID keys and revocation lists are referred to collectively as issuer material.

This section describes how to:

• Provision member private keys through bulk provisioning
• Provision member private keys through dynamic provisioning
• Provision members and verifiers with sample issuer material

For information on obtaining real issuer material from iKGF (Intel Key Generation Facility), see Managing Groups with iKGF. For more general information on how the issuer provides material for members and verifiers, see Introduction to the Intel® EPID Scheme.

Bulk Provisioning

Bulk provisioning is typically done during manufacturing.

In bulk provisioning, the issuer provides complete member private keys to the device manufacturer.

In bulk provisioning, the manufacturer needs to do the following:

• Request member private keys from the issuer in bulk. These are complete member private keys, including the membership credential and the secret f component.
• Fuse the member private keys into each device.

Dynamic Provisioning

Dynamic provisioning was designed to allow a device to join a group post-manufacturing. While key generation is the key part of bulk provisioning, the key part of dynamic provisioning is the join protocol.

Dynamic provisioning relies on a two-way exchange of intermediate values to protect the secrecy of the final member private key. In dynamic provisioning, the issuer provides the membership credential component of each member private key, while the secret f value comes from the device and is never known to the issuer.

In dynamic provisioning, the manufacturer needs to do the following:

1. Generate the f value of the member private key.
2. Generate the join request using the f value and a nonce obtained from the issuer.
3. Send the join request to the issuer. The issuer will respond to the join request by returning the membership credential.
4. Provision the membership credential to the member device.

Issuer Material

Members and verifiers need issuer material to operate. The SDK includes sample material in example/data so that members and verifiers can operate without real issuer material. The following types of sample issuer material are included:

• Group public key, which corresponds to the issuing private key kept by the issuer
• Member private keys
• Signature based revocation list (SigRL)
• Private key based revocation list (PrivRL)
• Group revocation list (GroupRL)

For detailed information on what sample issuer material is included in the SDK, refer to Test Data.

For information on how to work with real issuer material, refer to Managing Groups with iKGF.

Issuer Material for Verifiers

To test a verifier, you can provide the verifier a sample group public key and sample revocation lists from example/data, and make sure that verification succeeds or fails based on the revoked or non-revoked status of the member.

Issuer Material for Members

To test a member, you can provision the member with a sample group public key, sample member private key, and sample SigRL from example/data.

You can provision the member with revoked material to make sure the verification process fails. For example, when you sign and verify using the member groupa/privrevokedmember0, and use the sample private key revocation list on which privrevokedmember0 is revoked, verification should fail.

Similarly, when you generate a signature using the member groupa/sigrevokedmember0, using sample SigRL groupa/sigrl.bin, verification should fail.