Visible to Intel only — GUID: GUID-A6C1EE6E-3FF0-4636-B24E-370666548A2A
Visible to Intel only — GUID: GUID-A6C1EE6E-3FF0-4636-B24E-370666548A2A
Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)
SIGMA is a proprietary Intel algorithm for establishing a secure session between a trusted platform component (e.g., Intel® Management Engine (Intel® MEI)) and a remote server without any previous root of trust. The protocol is exposed to trusted applications to allow initial provisioning of the trusted application in a secure manner. It assures the verifier that the communication originated from an Intel DAL applet running on Intel® Converged Security Engine (Intel® CSE), but does not provide any information identifying the specific platform, thus maintaining the platform owner's privacy.
- SIGMA 1.0 supported since Intel ME 7.1, SIGMA 1.1 since Intel ME 8.0
- Allows the establishment of a session with zero-additional information for the trusted application (when one-time provisioning of the Intel® Enhanced Privacy ID (Intel® EPID) key has taken place)
- Allows mutual authentication of the trusted application and the remote server
- Supports client revocation
- Supports server revocation using OCSP (from SIGMA 1.1)
- Use SIGMA 1.1 when possible (not SIGMA 1.0).
- Use the Signature Revocation List (SIGRL) (recommended but not mandatory)
Class documentation: com.intel.crypto.SigmaAlg, com.intel.crypto.SigmaAlgEx, com.intel.crypto.SigmaAlgEx2
See the Sigma Sample for more details.