SECURE APPLICATION ATTESTATION USING DYNAMIC MEASUREMENT KERNELS
First Claim
Patent Images
1. A method comprising:
- receiving an attestation request at an application;
loading an attestation kernel into a storage unit in response to the attestation request;
executing one or more operations, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest;
generating an attestation of data stored in the storage unit;
verifying a state of the application based on the generated attestation of the data stored in the storage unit and the manifest;
generating a statement of application measurement based on a hash of the manifest; and
transmitting the application measurement and the attestation data to the application.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus to provide secure application attestation using dynamic measurement kernels are described. In some embodiments, secure application attestation is provided by using dynamic measurement kernels. In various embodiments, P-MAPS (Processor-Measured Application Protection Service), Secure Enclaves (SE), and/or combinations thereof may be used to provide dynamic measurement kernels to support secure application attestation. Other embodiments are also described.
137 Citations
30 Claims
-
1. A method comprising:
-
receiving an attestation request at an application; loading an attestation kernel into a storage unit in response to the attestation request; executing one or more operations, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest; generating an attestation of data stored in the storage unit; verifying a state of the application based on the generated attestation of the data stored in the storage unit and the manifest; generating a statement of application measurement based on a hash of the manifest; and transmitting the application measurement and the attestation data to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable medium comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to:
-
receive an attestation request at an application; load an attestation kernel into a storage unit in response to the attestation request; execute one or more operations, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest; generate an attestation of data stored in the storage unit; verify a state of the application based on the generated attestation of the data stored in the storage unit and the manifest; generate a statement of application measurement based on a hash of the manifest; and transmit the application measurement and the attestation data to the application. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system comprising:
-
a memory to store one or more instructions corresponding to a container; and a processor to execute the one or more instructions to; receive an attestation request at an application; load an attestation kernel into a storage unit in response to the attestation request; execute one or more operations, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest; generate an attestation of data stored in the storage unit; verify a state of the application based on the generated attestation of the data stored in the storage unit and the manifest; generate a statement of application measurement based on a hash of the manifest; and transmit the application measurement and the attestation data to the application. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification