Developer Guide

  • 10/27/2020
  • Public Content

Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)

SIGMA is a proprietary Intel algorithm for establishing a secure session between a trusted platform component (e.g., Intel® Management Engine (Intel® MEI)) and a remote server without any previous root of trust. The protocol is exposed to trusted applications to allow initial provisioning of the trusted application in a secure manner. It assures the verifier that the communication originated from an Intel DAL applet running on Intel® Converged Security Engine (Intel® CSE), but does not provide any information identifying the specific platform, thus maintaining the platform owner’s privacy.
  • SIGMA 1.0 supported since Intel ME 7.1, SIGMA 1.1 since Intel ME 8.0
  • Allows the establishment of a session with zero-additional information for the trusted application (when one-time provisioning of the Intel® Enhanced Privacy ID (Intel® EPID) key has taken place)
  • Allows mutual authentication of the trusted application and the remote server
  • Supports client revocation
  • Supports server revocation using OCSP (from SIGMA 1.1)
  • Use SIGMA 1.1 when possible (not SIGMA 1.0).
  • Use the Signature Revocation List (SIGRL) (recommended but not mandatory)
See the Sigma Sample for more details.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at