What is involved in writing some kind of abstraction layer for Intel IPT hardware?
For those unfamiliar with Intel IPT, it is an embedded co-processor used to generate unique 6 character one-time passwords every 30 seconds starting from a secret seed.
For an example of real-world usage, check out Valve's SteamGuard which allows the user to register a PC with their steam account such that their PC now acts as a second factor of authentication, much like the RSA securid tokens, but built into your computer. Another client would be Symantec's VIP which, as far as I can tell, acts as a middle-man between your IPT hardware and websites that seek extra authentication (you can use this with ebay as of now - probably other examples out there as well).
My search for technical documentation has turned up nothing useful so far and what I've found is more marketing directed and not useful for an implementer. Do you have to become one of Intel's "Trusted partners" (Symantec is listed as one) in order to obtain the necessary resources? Is there an audit process involved?
It should have the Intel IPT with PKI software stack installed, along with a certificate that is approved for client authentication by the server. For PTD, the Intel® HD Graphics driver should also be installed. Once properly set up, the client should be able to access the web server via most browsers, such as Internet Explorer* v9 or Chrome*.
Intel IPT with PKI can only be used on systems that have the Intel®Management Engine (Intel® ME) and that have third generation or later Intel® Core™ i5 or i7 vPro™ processors or Intel®-based SoC processors. Intel IPT with PKI software features are exposed as a Cryptographic Service Provider (CSP) via the Microsoft CryptoAPI software layer.
The Intel Chipset Software Installation Utility (also known as Intel® Chipset Device Software) is often called the chipset driver or chipset drivers, a common misconception. What is a driver? A driver is a program that allows a computer to communicate (or talk to) a piece of hardware.
Intel® Identity Protection Technology (Intel® IPT)1with Public Key Infrastructure (PKI) offers better hardware security by augmenting the features of Intel IPT and by increasing the protection of RSA cryptographic keys.
I looked into this myself, and discovered that you have to partner with Intel. It's a closed project at the moment and there's no public documentation or SDK. In order to become a partner there's an auditing process that involves looking at your hardware and software scenarios, plus the training of your staff. They also told me there's fees involved.
Sorry I can't be of much help on the technological aspects of it, as I didn't pursue that avenue further.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With