Outbound authentication for programmable secure coprocessors

A programmable secure coprocessor platform can help solve many security problems in distributed computing, particularly if coprocessor applications can participate as full-fledged parties in distributed cryptographic protocols. Thus, a generic platform must not only provide programmability, maintenance, and configuration in the hostile field, it must also provide outbound authentication for the entities that result. This paper offers our experiences in solving this problem for a high-end secure coprocessor product. This work required synthesis of a number of techniques, so that parties with different and dynamic views of trust can draw sound and complete conclusions about remote coprocessor applications.