Multiple trusted computing environments with verifiable environment identities

US 20020194482A1
Filed: 06/18/2002
Published: 12/19/2002
Est. Priority Date: 06/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method for verifying integrity of a computing environment, comprising the steps of:

identifying a computing environment which it is desired to verify;

obtaining an integrity metric associated with the identified computing environment;

signing the integrity metric with a signature key, to form a signed integrity metric, the signed integrity metric including information identifying a computing environment; and

transmitting the signed integrity metric to a challenger.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A host computing platform 20 provides one or more computing environments 24 and includes a trusted device 213 arranged to form an integrity metric individual to each computing environment 24. The integrity metric is provided to a user 10 in response to an integrity challenge, signed for authentication using a signature key 213 held by the trusted device. In one embodiment the trusted device 213 selects a signature key unique to the computing environment 24, or in a second embodiment the trusted device forms the signed integrity metric including an identity label, in each case such that the user 10 can verify that the signed integrity metric corresponds to the expected computing environment 24.

Citations

55 Claims

1. A method for verifying integrity of a computing environment, comprising the steps of:
- identifying a computing environment which it is desired to verify;
  
  obtaining an integrity metric associated with the identified computing environment;
  
  signing the integrity metric with a signature key, to form a signed integrity metric, the signed integrity metric including information identifying a computing environment; and
  
  transmitting the signed integrity metric to a challenger.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 47, 48, 49, 50, 51, 52, 53)
- - 2. The method of claim 1, comprising receiving an integrity challenge from the challenger.
  - 3. The method of claim 2, wherein the integrity challenge includes challenge information identifying a computing environment which it is desired to verify.
  - 4. The method of claim 3, wherein the challenge information includes a computing environment identity label.
  - 5. The method of claim 4, wherein the identity label is an external computing environment identity label.
  - 6. The method of claim 5, comprising supplying an external computing environment identity label to a challenger, prior to the receiving step.
  - 7. The method of claim 2, comprising passing the integrity challenge through a computing environment.
  - 8. The method of claim 7, wherein the information identifying a computing environment comprises information identifying the challenging computing environment which passes the integrity challenge and/or information identifying a computing environment which it is desired to verify.
  - 9. The method of claim 8, wherein the information comprises an identity label for identifying the challenging computing environment and/or an identity label for identifying the computing environment to verify.
  - 10. The method of claim 9, wherein the or each identity label is an internal computing environment identity label.
  - 11. The method of claim 10, comprising applying the internal computing environment identity label to the computing environment, prior to receiving the integrity challenge.
  - 12. The method of claim 2, comprising checking that an identity label received in the integrity challenge corresponds to an identity label of a challenging computing environment passing the integrity challenge.
  - 13. The method of claim 2, comprising confirming that a computing environment passing the integrity challenge has authorisation to request verification of a computing environment which it is desired to verify.
  - 14. The method of claim 13, wherein the confirming step comprises restricting authorisation of a computing environment passing a challenge only to request verification of that computing environment.
  - 15. The method of claim 13, wherein the confirming step comprises selectively restricting the computing environment passing the integrity challenge to request verification of another computing environment.
  - 16. The method of claim 1, wherein the identifying step uses identity information supplied in an integrity challenge from a challenger and/or uses identity information about a computing environment which passes the integrity challenge.
  - 17. The method of claim 16, wherein the identity information is an external computing environment label or an internal computing environment label.
  - 18. The method of claim 1, comprising selecting one of a plurality of signature keys, the one signature key being associated with the identified computing environment.
  - 19. The method of claim 18, wherein the signing step comprises signing the integrity metric with the selected signature key.
  - 20. The method of claim 19, comprising supplying a verifying signature key to a challenger.
  - 21. The method of claim 20, wherein the verifying signature key and the signing signature key form a complimentary public key and private key pair.
  - 22. The method of claim 1, wherein the signing step includes forming the signed integrity metric with an external data field, the external data field including the information identifying a computing environment.
  - 23. The method of claim 22, comprising receiving an integrity challenge from a challenger, the integrity challenge including external data;
    - and forming a hash function of the received external data and the information identifying the computing environment, to form the external data field of the signed integrity metric.
  - 24. The method of claim 22, wherein the information comprises a computing environment identity label of the computing environment associated with the integrity metric.
  - 25. The method of claim 24, wherein the computing environment identity label is an internal computing environment identity label or an external computing environment identity label.
  - 26. The method of claim 22, wherein the information includes a challenging identity label of a computing environment which passes an integrity challenge.
  - 27. The method of claim 26, wherein the challenging identity label is an internal computing environment identity label or an external computing environment identity label.
  - 28. The method of claim 22, wherein the information includes both a computing environment identity label identifying a computing environment associated with the integrity metric, and a challenging computing environment label identifying a computing environment which passes an integrity challenge.
  - 29. The method of claim 22, wherein the information includes an identity of a virtual machine application running in the computing environment.
  - 30. The method of claim 29, wherein the information includes an identity of a guest operating system provided by the virtual machine application.
  - 31. The method of claim 30, wherein the information includes an identity of at least one process running on the guest operating system.
  - 32. The method of claim 1, comprising verifying the signed integrity metric received by the challenger.
  - 33. The method of claim 32, wherein the verifying step includes verifying the signature of the signed integrity metric.
  - 34. The method of claim 33, wherein verifying the signature uses a verifying signature key.
  - 35. The method of claim 34, wherein the verifying signature key and the signing signature key form a public key and private key pair.
  - 36. The method of claim 32, wherein the verifying step includes verifying the information identifying a computing environment.
  - 37. The method of claim 36, including verifying an identity of a computing environment associated with the integrity metric of the signed integrity metric.
  - 38. The method of claim 36, including verifying an identity of a challenging computing environment which passes an integrity challenge.
  - 39. The method of claim 36, wherein the verifying step uses an internal identity label and/or an external identity label associated with a computing environment.
  - 40. The method of claim 32, including verifying the integrity metric of the signed integrity metric.
  - 41. The method of claim 32, wherein the verifying step comprises comparing the signed integrity metric against expected values.
  - 42. The method of claim 1, wherein the computing environment is one of a plurality of computing environments provided on a single host computing platform.
  - 43. The method of claim 42, wherein the obtaining step comprises retrieving a stored integrity metric or group of integrity metrics associated with the identified computing environment.
  - 44. The method of claim 42, wherein the integrity metric or group of integrity metrics comprise one or more integrity metric values each stored in a platform configuration register of a trusted device.
  - 45. The method of claim 42, comprising forming an integrity metric or group of integrity metrics for the each computing environment, and storing the integrity metric or group of integrity metrics as one or more integrity metric values each in a platform configuration register of a trusted device.
  - 47. The computing platform of claim 46, wherein the trusted device unit comprises a trusted device and a trusted device driver.
  - 48. The computing platform of claim 47, wherein the trusted device driver is arranged to receive an integrity challenge from a challenger, identify a computing environment which it is desired to verify, and transmit the signed integrity metric to the challenger;
    - and the trusted device is arranged to retrieve a stored integrity metric associated with the identified computing environment, and sign the integrity metric with the signature key.
  - 49. The computing platform of claim 48, wherein the trusted device signs the integrity metric with a signature key associated with the identified computing environment.
  - 50. The computing platform of claim 49, wherein the trusted device is arranged to store a plurality of signature keys, and is arranged to select one of the signature keys associated with the identified computing environment.
  - 51. The computing platform of claim 48, wherein the trusted device is arranged to form the signed integrity metric including an external data field which includes the information identifying a computing environment.
  - 52. The computing platform of claim 51, wherein the trusted device receives the integrity challenge including an external data from the challenger, and is arranged to form the external data field of the signed integrity metric using a hash function of the received external data and the information identifying a computing environment.
  - 53. The computing platform of claim 46, wherein the computing platform supports a plurality of computing environments, and one of the plurality of computing environments is identified.

46. A computing platform supporting at least one computing environment, the computing platform comprising:
- a trusted device unit arranged to identify a computing environment which it is desired to verify, obtain an integrity metric associated with the identified computing environment, sign the integrity metric with a signature key to form a signed integrity metric, the signed integrity metric including information identifying a computing environment, and transmitting the signed integrity metric to a challenger.

54. A method for verifying a computing environment, substantially as hereinbefore described with reference to FIG. 7 of the accompanying drawings.

55. A computing platform substantially as hereinbefore described with reference to FIGS. 6 and 7 of the accompanying drawings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Chen, Liqun, Griffin, Jonathan

Granted Patent

US 7,076,655 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2103   Challenge-response

G06F 2221/2149   Restricted operating enviro...

Multiple trusted computing environments with verifiable environment identities

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple trusted computing environments with verifiable environment identities

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links