Multiple trusted computing environments

US 20020194496A1
Filed: 06/18/2002
Published: 12/19/2002
Est. Priority Date: 06/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method for providing a trusted computing environment, comprising the steps of:

(a) providing a host operating system;

(b) obtaining an integrity metric for the host operating system;

(c) providing a computing environment including a guest operating system; and

(d) obtaining an integrity metric for the computing environment.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.

Citations

29 Claims

1. A method for providing a trusted computing environment, comprising the steps of:
- (a) providing a host operating system;
  
  (b) obtaining an integrity metric for the host operating system;
  
  (c) providing a computing environment including a guest operating system; and
  
  (d) obtaining an integrity metric for the computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29)
- - 2. The method of claim 1, wherein the step (b) includes obtaining the integrity metric during boot of the host operating system.
  - 3. The method of claim 2, wherein the step (b) includes obtaining an integrity metric for a BIOS and/or an OS loader and/or an operating system software of the host operating system.
  - 4. The method of claim 1, wherein the step (b) includes obtaining the integrity metric by performing data event logging, and/or by performing a hash function to all or selected data files associated with the host operating system.
  - 5. The method of claim 1, wherein the step (b) comprises updating at least part of the integrity metric for the host operating system.
  - 6. The method of claim 1, wherein the step (d) comprises obtaining an integrity metric of the guest operating system.
  - 7. The method of claim 1, wherein the step (c) comprises providing a virtual machine application running on the host operating system for providing the guest operating system.
  - 8. The method of claim 7, wherein the step (d) comprises obtaining an integrity metric of the virtual machine application.
  - 9. The method of claim 1, wherein the step (c) comprises providing a process running on the guest operating system.
  - 10. The method of claim 9, wherein the step (d) comprises obtaining an integrity metric of the process.
  - 11. The method of claim 1, wherein the step (c) comprises providing the computing environment in a compartment of the host operating system.
  - 12. The method of claim 11, wherein the host operating system is a compartmented operating system.
  - 13. The method of claim 11, wherein the compartment confines the guest operating system.
  - 14. The method of claim 11, wherein the step (d) comprises obtaining an integrity metric from a history of all processes launched in the compartment.
  - 15. The method of claim 1, wherein the step (d) comprises updating at least part of the integrity metric for the computing environment.
  - 16. The method of claim 1, wherein the step (b) comprises storing the integrity metric for the host operating system, and/or the step (d) comprises storing the integrity metric for the computing environment.
  - 17. The method of claim 16, wherein the integrity metric for the computing environment is stored associated with an identity of the computing environment.
  - 18. The method of claim 1, wherein the step (b) and/or the step (d) comprises obtaining the integrity metric using a trusted device.
  - 19. The method of claim 18, comprising storing each integrity metric in a platform configuration register of the trusted device.
  - 20. The method of claim 19, comprising storing the integrity metric for the computing environment in a platform configuration register or group of platform configuration registers associated with the computing environment.
  - 21. The method of claim 1, comprising the step of verifying the trusted computing environment including the steps of:
    - (e) identifying the computing environment;
      
      (f) supplying the integrity metric for the host operating system; and
      
      (g) supplying the integrity metric for the computing environment.
  - 22. The method of claim 1, wherein the step (c) comprises providing a plurality of computing environments each including a guest operating system, and the step (d) comprises obtaining an integrity metric of each computing environment.
  - 24. The method of claim 23, wherein the step (a) comprises receiving identity information associated with the computing environment.
  - 25. The method of claim 24, comprising receiving information about a process running in a computing environment, and determining the computing environment which contains that process.
  - 27. The computing platform of claim 26, wherein the trusted device stores the integrity metric for the host operating system and the integrity metric for each guest operating system.
  - 28. The computing platform of claim 27, wherein the trusted device stores each integrity metric in a platform configuration register or a group of platform configuration registers.
  - 29. The computing platform of claim 28, wherein the trusted device allocates a platform configuration register or group of platform configuration registers to each computing environment.

23. A method for verifying integrity of a trusted computing environment amongst many on a single host computing platform running a host operating system, each computing environment comprising a guest operating system running on the host operating system, the method comprising the steps of:
- (a) identifying the computing environment;
  
  (b) supplying an integrity metric of the host operating system; and
  
  (c) supplying an integrity metric associated with the identified computing environment.

26. A computing platform, comprising:
- a host operating system;
  
  a plurality of computing environments each comprising a guest operating system running on the host operating system; and
  
  a trusted device for obtaining an integrity metric of the host operating system and an integrity metric of each computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Child, Michael, Chen, Liqun, Griffin, Jonathan, Dalton, Christopher I., Norman, Andrew Patrick

Granted Patent

US 7,865,876 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2211/009   Trust

G06F 2211/1097   Boot, Start, Initialise, Power

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

Multiple trusted computing environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple trusted computing environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links