Method, system and program product for verifying an attribute of a computing device

US 20060005009A1
Filed: 06/30/2004
Published: 01/05/2006
Est. Priority Date: 06/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of verifying an attribute of a computing device, the method comprising:

receiving a quoted value that defines the attribute from the computing device;

obtaining a valid value from an attestation server, wherein the valid value has been verified by a certification authority; and

comparing the quoted value to the valid value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A solution for verifying an attribute of a computing device. In particular, a computing device can obtain an attribute from another computing device. The attribute can be measure by, for example, a Trusted Platform Module integrated on the other computing device. The computing device can then use an attestation server to determine whether the attribute reflects a desirable value or indicates that the other computing device may have been compromised.

Citations

23 Claims

1. A method of verifying an attribute of a computing device, the method comprising:
- receiving a quoted value that defines the attribute from the computing device;
  
  obtaining a valid value from an attestation server, wherein the valid value has been verified by a certification authority; and
  
  comparing the quoted value to the valid value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - receiving an attestation identity key (AIK) from the computing device; and
      
      verifying an accuracy of the quoted value using the AIK.
  - 3. The method of claim 1, further comprising receiving a validation entry from the attestation server, wherein the validation entry includes the valid value and a location for a source certification authority.
  - 4. The method of claim 1, further comprising querying the attestation server for the valid value based on the quoted value.
  - 5. The method of claim 1, wherein the obtaining step comprises periodically receiving a set of valid values from the attestation server.
  - 6. The method of claim 1, wherein the quoted value comprises a PCR value and a peer PCR log, and wherein the comparing step comprises comparing a valid PCR log with the peer PCR log.

7. A method of verifying an attribute of a first computing device, the method comprising:
- obtaining a valid value that has been verified by a certification authority;
  
  receiving a quoted value that defines the attribute from a second computing device; and
  
  comparing the quoted value to the valid value.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the obtaining step comprises periodically receiving a set of valid values from at least one of the certification authority and an attestation server.
  - 9. The method of claim 7, further comprising providing the second computing device with a result of the comparing step.
  - 10. The method of claim 7, further comprising storing the valid value in a validation entry that includes a location of the certification authority.
  - 11. The method of claim 10, further comprising providing the second computing device with the location of the certification authority.
  - 12. The method of claim 7, further comprising:
    - receiving an attestation identity key (AIK) and the quoted value from the first computing device at the second computing device; and
      
      verifying an accuracy of the quoted value using the AIK.
  - 13. The method of claim 7, wherein the quoted value comprises a PCR value and a peer PCR log, and wherein the comparing step comprises comparing a valid PCR log with the peer PCR log.

14. A system for verifying an attribute of a computing device, the system comprising:
- an attestation server for storing a set of valid values, wherein each valid value has been certified by a certification authority;
  
  an assurance system for receiving an attestation identity key (AIK) and a quoted value from the computing device and verifying the quoted value using the AIK; and
  
  a validation system for validating the quoted value using the attestation server.
- View Dependent Claims (15, 16, 17)
- - 15. The system of claim 14, wherein the validation system obtains a valid value from the attestation server based on the quoted value.
  - 16. The system of claim 14, wherein the validation system provides the quoted value to the attestation server for validation.
  - 17. The system of claim 14, wherein the attestation server periodically receives a set of new valid values from at least one of another attestation server and the certification authority.

18. A program product stored on a recordable medium for verifying an attribute of a computing device, which when executed comprises:
- program code for receiving a quoted value that defines the attribute from the computing device;
  
  program code for obtaining a valid value from an attestation server, wherein the valid value has been verified by a certification authority; and
  
  program code for comparing the quoted value to the valid value.
- View Dependent Claims (19, 20, 21)
- - 19. The program product of claim 18, further comprising:
    - program code for receiving an attestation identity key (AIK) from the computing device; and
      
      program code for verifying an accuracy of the quoted value using the AIK.
  - 20. The program product of claim 18, wherein the program code for obtaining includes:
    - program code for periodically receiving a set of validation entries from the attestation server; and
      
      program code for verifying an accuracy of the set of validation entries, wherein each validation entry includes a valid value for an attribute.
  - 21. The program product of claim 18, further comprising program code for querying the attestation server for the valid value based on the quoted value.

22. A system for deploying an application for verifying an attribute of a first computing device, the system comprising a computer infrastructure being operable to:
- obtain a valid value that has been verified by a certification authority;
  
  receive a quoted value that defines the attribute from a second computing device;
  
  compare the quoted value to the valid value; and
  
  provide a result of the comparison to the second computing device.

23. Computer software embodied in a propagated signal for verifying an attribute of a computing device, the computer software comprising instructions to cause a computer system to perform the following functions:
- receive an attestation identity key (AIK) and a quoted value from the computing device;
  
  verify the quoted value using the AIK; and
  
  validate the quoted value using an attestation server that comprises a set of valid values, wherein each valid value has been certified by a certification authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hoff, James P., Ward, James P., Catherman, Ryan C., Ball, Charles D.

Application Number

US10/881,870
Publication Number

US 20060005009A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/80   Wireless

H04L 9/321   involving a third party or ...

Method, system and program product for verifying an attribute of a computing device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and program product for verifying an attribute of a computing device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links