METHOD TO VERIFY THE INTEGRITY OF COMPONENTS ON A TRUSTED PLATFORM USING INTEGRITY DATABASE SERVICES
First Claim
1. A system, comprising:
- a client platform capable of being connected to a network, including an integrity report generator to generate an integrity report;
an integrity authority capable of being connected to the network including a database to store a plurality of integrity records;
an authentication server capable of being connected to the network to authenticate the client platform; and
a verification server capable of being connected to the network to receive said integrity report from the client platform, to compare said integrity report with said plurality of integrity records from the integrity authority, and to provide a trust report to the authentication server.
12 Assignments
0 Petitions
Accused Products
Abstract
A client platform can be verified prior to being granted access to a resource or service on a network by validating individual hardware and software components of the client platform. Digests are generated for the components of the client platform. The digests can be collected into an integrity report. An authenticator entity receives the integrity report and compares the digests with digests stored in either a local signature database, a global signature database in an integrity authority, or both. Alternatively, the digests can be collected and stored on a portable digest-collector dongle. Once digests are either validated or invalidated, an overall integrity/trust score can be generated. She overall integrity/trust score can be used to determine whether the client platform should be granted access to the resource on the network using a policy.
-
Citations
46 Claims
-
1. A system, comprising:
-
a client platform capable of being connected to a network, including an integrity report generator to generate an integrity report;
an integrity authority capable of being connected to the network including a database to store a plurality of integrity records;
an authentication server capable of being connected to the network to authenticate the client platform; and
a verification server capable of being connected to the network to receive said integrity report from the client platform, to compare said integrity report with said plurality of integrity records from the integrity authority, and to provide a trust report to the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method for verifying the integrity of components on a client platform, comprising:
-
receiving the client platform for deployment;
installing at least one component on the client platform;
generating an integrity report for the at least one component; and
generating an integrity/trust score from the integrity report to verify the at least one component. - View Dependent Claims (17, 18)
-
-
19. A computer-implemented method for verifying the integrity of components on a client platform, comprising:
-
authenticating the client platform;
receiving an integrity report from the client platform; and
verifying components in the integrity report with an integrity authority. - View Dependent Claims (20, 21)
-
-
22. A computer-implemented method for verifying the integrity of components, comprising:
-
generating an integrity report for at least one component; and
generating a trust report including an integrity/trust score using the integrity report, the integrity/trust score being determined in part by a Trusted Platform Module (TPM) certificate used to sign the integrity report. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer-implemented method for verifying the integrity of components on a client platform, comprising:
-
authenticating the client platform;
generating an integrity report for at least one component of the client platform;
signing the integrity report with a digital signature; and
gaining access to a resource according to the integrity report. - View Dependent Claims (31)
-
-
32. An article comprising a machine-accessible medium having associated data that, when accessed, results in a machine:
-
receiving a client platform for deployment;
installing at least one component on the client platform;
generating an integrity report for the at least one component; and
generating an integrity/trust score from the integrity report to verify the at least one component. - View Dependent Claims (33, 34)
-
-
35. A system, comprising:
-
an integrity authority capable of being connected to a network including a database to store a plurality of integrity records;
an authentication server capable of being connected to the network to authenticate a client platform;
a verification server capable of being connected to the network to receive an integrity report from said client platform, to compare said integrity report with said plurality of integrity records from the integrity authority, and to provide a trust report to the authentication server;
- View Dependent Claims (36)
-
-
37. A system, comprising:
-
a client platform capable of being connected to a network, the client platform comprising;
an integrity report generator to generate an integrity report of at least one component of the client platform including at least one hash of said at least one component;
a digital signer to sign said integrity report; and
means to receive access to a resource on the network according to said integrity report. - View Dependent Claims (38)
-
-
39. An article comprising a machine-accessible medium having associated data that, when accessed, results in a machine:
-
generating an integrity report for at least one component; and
generating a trust report including an integrity/trust score using the integrity report, the integrity/trust score being determined in part by a Trusted Platform Module (TPM) certificate used to sign the integrity report. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
-
Specification