US2013080756A1PendingUtilityA1

Attesting a Component of a System During a Boot Process

47
Assignee: MACKINTOSH DAVID NPriority: Oct 1, 2010Filed: Apr 28, 2012Published: Mar 28, 2013
Est. expiryOct 1, 2030(~4.2 yrs left)· nominal 20-yr term from priority
G06F 21/575G06F 2221/2141G06F 21/31
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for attesting a component of a system during a boot process, comprising steps of:
 verifying that the system is in a trusted state;   in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system;   retrieving current input data associated with the component of the system;   comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state;   if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; and   accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.   
     
     
         2 . The method of  claim 1 , the method further comprising the steps of:
 retrieving updated current input data associated with the component in response to a notification being received; and   storing the updated current input data.   
     
     
         3 . The method of  claim 2 , further comprising the steps of:
 retrieving further current input data associated with the component of the system; and   comparing the further current input data against the updated current input data in order to determine whether the system can retain its trusted state.   
     
     
         4 . The method of  claim 3 , wherein if the further current input data matches the updated current input data in response to the comparing the further current input data step, the system retains its trusted state. 
     
     
         5 . The method of  claim 4 , wherein the enrollment data is replaced with the updated current input data. 
     
     
         6 . The method of  claim 5 , further comprising:
 setting values associated with the updated current input data to null.   
     
     
         7 . The method of  claim 1 , wherein the enrollment data comprises a measurement value of the component; an event log identifier and a public key of the system. 
     
     
         8 . The method of  claim 2 , wherein the updated current input data comprises an updated measurement value of the component; an updated event log identifier and a public key of the system. 
     
     
         9 . The method of  claim 1 , wherein the verifying step comprises at least one of: inspection of the system and asserting a trusted state assumption associated with a period between initial installation of the system and the current input data being generated.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.