Attesting a Component of a System During a Boot Process
Abstract
A method for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for attesting a component of a system during a boot process, comprising steps of:
verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.
2 . The method of claim 1 , the method further comprising the steps of:
retrieving updated current input data associated with the component in response to a notification being received; and storing the updated current input data.
3 . The method of claim 2 , further comprising the steps of:
retrieving further current input data associated with the component of the system; and comparing the further current input data against the updated current input data in order to determine whether the system can retain its trusted state.
4 . The method of claim 3 , wherein if the further current input data matches the updated current input data in response to the comparing the further current input data step, the system retains its trusted state.
5 . The method of claim 4 , wherein the enrollment data is replaced with the updated current input data.
6 . The method of claim 5 , further comprising:
setting values associated with the updated current input data to null.
7 . The method of claim 1 , wherein the enrollment data comprises a measurement value of the component; an event log identifier and a public key of the system.
8 . The method of claim 2 , wherein the updated current input data comprises an updated measurement value of the component; an updated event log identifier and a public key of the system.
9 . The method of claim 1 , wherein the verifying step comprises at least one of: inspection of the system and asserting a trusted state assumption associated with a period between initial installation of the system and the current input data being generated.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.