Reliability platform configuration measurement, authentication, attestation and disclosure

US 20090070573A1
Filed: 07/01/2008
Published: 03/12/2009
Est. Priority Date: 04/09/2004
Status: Active Grant

First Claim

Patent Images

1. A platform configuration measurement device which comprises:

a register;

means for executing extension processing in which a predetermined operation is performed on a content of the register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for anew content of the register;

measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values; and

random extension means for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A platform configuration measurement device including: a configuration register; means for executing extension processing in which a predetermined operation is performed on a content of the configuration register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the configuration register; and measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values, random extension means is provided for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.

10 Citations

View as Search Results

21 Claims

1. A platform configuration measurement device which comprises:
- a register;
  
  means for executing extension processing in which a predetermined operation is performed on a content of the register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for anew content of the register;
  
  measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values; and
  
  random extension means for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21)
- - 2. The platform configuration measurement device according to claim 1, wherein the random extension means executes the extension processing repeatedly at a predetermined timing using the random value as an additional value.
  - 3. The platform configuration measurement device according to claim 1, wherein following the extension processing using the measured value as an additional value, extension processing is executed using the random value as an additional value.
  - 4. The platform configuration measurement device according to claim 1, wherein means for creating a log to store a history of each extension processing is included.
  - 5. The platform configuration measurement device according to claim 1, wherein the register and the extension processing using measured value are a PCR register and extension processing specified in the TCG specification respectively.
  - 6. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of a platform configuration measurement device, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 1.
  - 8. A platform configuration authentication device comprising:
    - the platform configuration measurement device of claim 1;
      
      means for sending a third party a content of the register of the device together with a log storing records of extension processes executed in the device, the content of the register and the log being digitally signed, in response to an authentication request including a nonce from a client;
      
      means for receiving a digitally signed credential sent from the third party in response to the sending action, the credential vouching for trustworthiness of a platform configuration according to the content of the register to be appended; and
      
      means for sending the client the received credential together with the digitally signed nonce and content of the register.
  - 9. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of a platform configuration measurement device, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 8.
  - 10. A method of authenticating a platform configuration, comprising the steps of:
    - sending a third party a content of the register of the platform configuration measurement device of claim 1 together with a log storing records of extension processes executed in the device, the content of the register and the log being digitally signed, in response to an authentication request including a nonce from a client;
      
      receiving digitally signed credential sent from the third party in response to the sending action, the credential vouching for trustworthiness of a platform configuration according to the content of the register to be appended; and
      
      sending the client the received credential together with the digitally signed nonce and content of the register.
  - 11. A platform configuration attestation device comprising:
    - means for receiving a content of a register and a log sent from the platform configuration authentication device of claim 8;
      
      means for checking trustworthiness of a platform configuration according to the content of the register, based on the received content of the register and the received log; and
      
      means for sending the platform configuration authentication device a digitally signed credential which vouches for the trustworthiness of the platform configuration according to the content of the register to be appended to the credential.
  - 12. The platform configuration attestation device according to claim 11, wherein the checking means executes the checking on the basis of whether platform configuration stored in the log is reliable or not, and further whether a register value obtained by reproduction of each extension processing stored in the log is equal to a content of the register or not.
  - 13. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of a platform configuration attestation device, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 11.
  - 14. A method of attesting a platform configuration, comprising the steps of:
    - by receiving means, receiving a content of the register and a log sent from the platform configuration authentication device of claim 8;
      
      by checking means, checking trustworthiness of a platform configuration according to the content of the register, based on the received content of the register and the received log; and
      
      by sending means, sending the platform configuration authentication device a digitally signed credential which vouches for the trustworthiness of the platform configuration according to the content of the register to be appended to the credential.
  - 15. A platform configuration disclosure device comprising:
    - the platform configuration measurement device of claim 1;
      
      means for sending a requester a content of the register of the device, in response to a request; and
      
      means for sending the requester a log storing records of extension processes executed in the device, with addition of a restriction depending on an attribute of the requester.
  - 16. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of a platform configuration disclosure device, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of claim 15.
  - 17. A method of disclosing a platform configuration, comprising the steps of:
    - sending a requester a content of the register of the platform configuration measurement device of claim 1, in response to a request; and
      
      sending the requester a log storing records of extension processes executed in the device, with addition of a restriction on the contents depending on an attribute of the requester.
  - 19. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for authenticating a platform configuration, said method steps comprising the steps of claim 10.
  - 20. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for attesting a platform configuration, said method steps comprising the steps of claim 14.
  - 21. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for disclosing a platform configuration, said method steps comprising the steps of claim 17.

7. A method for measuring a platform configuration, comprising the steps of:
- executing extension processing in which a predetermined operation is performed on a content of a register by using a given additional value, a hash value is obtained by applying a predetermined Hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the register;
  
  obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and executing the extension processing steps using the measured values as the additional values; and
  
  executing the extension processing step using a random value as the additional value.
- View Dependent Claims (18)
- - 18. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing measurement of a platform configuration, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of claim 7.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hiroshi Maruyama, Sachiko Yoshihama, Seiji Munetoh, Timothy David Ebringer
Original Assignee
Hiroshi Maruyama, Sachiko Yoshihama, Seiji Munetoh, Timothy David Ebringer
Inventors
Ebringer, Timothy David, Maruyama, Hiroshi, Munetoh, Seiji, Yoshihama, Sachiko

Granted Patent

US 7,930,563 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/1
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/57   Certifying or maintaining t...

G06F 21/645   using a third party

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

G06F 2221/2129   Authenticate client device ...

G06F 2221/2153   Using hardware token as a s...

Reliability platform configuration measurement, authentication, attestation and disclosure

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Reliability platform configuration measurement, authentication, attestation and disclosure

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links