Computer system operable to revert to a trusted state

US 6,986,042 B2
Filed: 08/17/2001
Issued: 01/10/2006
Est. Priority Date: 08/18/2000
Status: Active Grant

First Claim

Patent Images

1. A computer system comprises at least two computing platforms (S1, S2) each having a trusted device (TD), the computing platforms (S1, S2) having a communications link (10) therebetween, wherein the system is operableto move one or more applications from a first of the computing platforms (S1) to a second of the computing platforms (S2);

to load software onto said first computing platform (S1);

to perform integrity tests on the first platform (S1); and

if the integrity tests are passed the system is operable to move the application back to the first computing platform (S1) and load the software onto the second platform (S2); and

if the integrity tests are failed the system is operable to return the first computing platform (S1) to the state of the second computing platform (S1).

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availability cluster in which each System Processing Unit (S1, S2) has a trusted device, it is possible to gain more trust and a more flexible approach to trust whilst maintaining the high availability properties of the cluster. Software can be loaded onto one of at least two computing platforms (S1) of a computing system. Another of the platforms (S2) performs integrity tests on the platform (S1) carrying the new software to check whether the platform (S1) is still in a trusted state. If the tests are passed, then the test results are signed and sent to the platform (S1) with the new software and the new software is copied onto the other computing platform (S2). If the tests are failed, then the first platform (S1) can either be rebooted or returned to the state of the testing platform (S2).

Citations

27 Claims

1. A computer system comprises at least two computing platforms (S1, S2) each having a trusted device (TD), the computing platforms (S1, S2) having a communications link (10) therebetween, wherein the system is operableto move one or more applications from a first of the computing platforms (S1) to a second of the computing platforms (S2);
- to load software onto said first computing platform (S1);
  
  to perform integrity tests on the first platform (S1); and
  
  if the integrity tests are passed the system is operable to move the application back to the first computing platform (S1) and load the software onto the second platform (S2); and
  
  if the integrity tests are failed the system is operable to return the first computing platform (S1) to the state of the second computing platform (S1).
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A computer system as claimed in claim 1, which is operable to load software unknown to the computer system, which software is unknown in that the software does not have a trusted status with the computer system.
  - 3. A computer system as claimed in claim 1, which is operable to perform the integrity tests with the second platform (S2).
  - 4. A computer system as claimed in claim 1, in which the second computing platform (S2) is operable to digitally sign the results of the integrity tests with its TD.
  - 5. A computer system as claimed in claim 1, in which in the event of the first computing platform (S1) failing the integrity tests, the first computing platform (S1) is operable to be rebooted.
  - 6. A computer system as claimed in claim 1, in which in the event of the first computing platform (S1) failing the integrity tests, the system may be operable to complete open transactions between third parties and the second computing platform (S2), to save a copy of the active state of the second computing platform (S2) and restore that active state to the first computing platform (S1).

7. A method of maintaining a trusted state in a computer system comprises:
- moving one or more applications from a first computing platform (S1) having a trusted device (TD) to a second computing platform (S2) having a TD by a communications link (10) of the communication system;
  
  loading software onto the first computing platform (S1);
  
  performing integrity tests on the first computing platform (S1); and
  
  if the integrity tests are passed the applications are moved back to the first computing platform (S1) and the software is loaded onto the second platform (S2);
  
  if the integrity tests are not passed the first computing platform (S1) is returned to the state of the second computing platform (S2).
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. A method as claimed in claim 7, in which the software is unknown to the computer system.
  - 9. A method as claimed in claim 7, in which the integrity tests are performed by the second computing platform (S2).
  - 10. A method as claimed in claim 7, in which the tests involve a comparison with previous results obtained from the first computing platform (S1).
  - 11. A method as claimed in claim 7, in which the tests involve a comparison with the results of the same tests run on the second platform (S2).
  - 12. A method as claimed in claim 7, in which the second computing platform (S2) digitally signs the results of the integrity tests with its TD.
  - 13. A method as claimed in claim 12, in which the first platform (S1) uses the signed results as an integrity metric.

14. A computer system programmed to perform a method of maintaining a trusted state in the computer system, comprising the following steps:
- moving one or more applications from a first computing platform to a second computing platform by a communications link of the communication system;
  
  loading software onto the first computing platform;
  
  performing integrity tests on the first computing platform; and
  
  if the integrity tests are passed the applications are moved back to the first computing platform and the software is loaded onto the second platform;
  
  if the integrity tests are not passed the first computing platform is returned to the state of the second computing platform.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer system as claimed in claim 14, wherein the software is unknown to the computer system.
  - 17. The computer system as claimed in claim 14, wherein the integrity tests are performed by the second computing platform.
  - 18. The computer system as claimed in claim 14, wherein the tests involve a comparison with previous results obtained from the first computing platform.
  - 19. The computer system as claimed in claim 14, wherein the tests involve a comparison with the results of the same tests run on the second platform.
  - 20. The computer system as claimed in claim 14, wherein the second computing platform digitally signs the results of the integrity tests with a trusted device.
  - 21. The computer system as claimed in claim 20, wherein the first platform uses the signed results as an integrity metric.

15. A medium carrying a program operable to perform a method of maintaining a trusted state in a computer system, comprising the following steps:
- moving one or more applications from a first computing platform to a second computing platform by a communications link of the communication system;
  
  loading software onto the first computing platform;
  
  performing integrity tests on the first computing platform; and
  
  if the integrity tests are passed the applications are moved back to the first computing platform and the software is loaded onto the second platform;
  
  if the integrity tests are not passed the first computing platform is returned to the state of the second computing platform.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The medium as claimed in claim 15, wherein the software is unknown to the computer system.
  - 23. The medium as claimed in claim 15, wherein the integrity tests are performed by the second computing platform.
  - 24. The medium as claimed in claim 15, wherein the tests involve a comparison with previous results obtained from the first computing platform.
  - 25. The medium as claimed in claim 15, wherein the tests involve a comparison with the results of the same tests run on the second platform.
  - 26. The medium as claimed in claim 15, wherein the second computing platform digitally signs the results of the integrity tests with a trusted device.
  - 27. The medium as claimed in claim 26, wherein the first platform uses the signed results as an integrity metric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Griffin, Jonathan
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
Teslovich, Tamara

Application Number

US10/110,950
Publication Number

US 20020188763A1
Time in Patent Office

1,607 Days
Field of Search

713164-167, 714/13, 714/41, 711/162, 707/204
US Class Current

713/164
CPC Class Codes

G06F 21/53 by executing in a restricte...

Computer system operable to revert to a trusted state

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system operable to revert to a trusted state

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links