Developer Guide

  • 10/27/2020
  • Public Content
Contents

Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)

SIGMA is a proprietary Intel algorithm for establishing a secure session between a trusted platform component (e.g., Intel® Management Engine (Intel® MEI)) and a remote server without any previous root of trust. The protocol is exposed to trusted applications to allow initial provisioning of the trusted application in a secure manner. It assures the verifier that the communication originated from an Intel DAL applet running on Intel® Converged Security Engine (Intel® CSE), but does not provide any information identifying the specific platform, thus maintaining the platform owner’s privacy.
  • SIGMA 1.0 supported since Intel ME 7.1, SIGMA 1.1 since Intel ME 8.0
  • Allows the establishment of a session with zero-additional information for the trusted application (when one-time provisioning of the Intel® Enhanced Privacy ID (Intel® EPID) key has taken place)
  • Allows mutual authentication of the trusted application and the remote server
  • Supports client revocation
  • Supports server revocation using OCSP (from SIGMA 1.1)
  • Use SIGMA 1.1 when possible (not SIGMA 1.0).
  • Use the Signature Revocation List (SIGRL) (recommended but not mandatory)
 
See the Sigma Sample for more details.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.