Computer system operable to revert to a trusted state
First Claim
1. A computer system comprises at least two computing platforms (S1, S2) each having a trusted device (TD), the computing platforms (S1, S2) having a communications link (10) therebetween, wherein the system is operableto move one or more applications from a first of the computing platforms (S1) to a second of the computing platforms (S2);
- to load software onto said first computing platform (S1);
to perform integrity tests on the first platform (S1); and
if the integrity tests are passed the system is operable to move the application back to the first computing platform (S1) and load the software onto the second platform (S2); and
if the integrity tests are failed the system is operable to return the first computing platform (S1) to the state of the second computing platform (S1).
3 Assignments
0 Petitions
Accused Products
Abstract
When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availability cluster in which each System Processing Unit (S1, S2) has a trusted device, it is possible to gain more trust and a more flexible approach to trust whilst maintaining the high availability properties of the cluster. Software can be loaded onto one of at least two computing platforms (S1) of a computing system. Another of the platforms (S2) performs integrity tests on the platform (S1) carrying the new software to check whether the platform (S1) is still in a trusted state. If the tests are passed, then the test results are signed and sent to the platform (S1) with the new software and the new software is copied onto the other computing platform (S2). If the tests are failed, then the first platform (S1) can either be rebooted or returned to the state of the testing platform (S2).
-
Citations
27 Claims
-
1. A computer system comprises at least two computing platforms (S1, S2) each having a trusted device (TD), the computing platforms (S1, S2) having a communications link (10) therebetween, wherein the system is operable
to move one or more applications from a first of the computing platforms (S1) to a second of the computing platforms (S2); -
to load software onto said first computing platform (S1); to perform integrity tests on the first platform (S1); and if the integrity tests are passed the system is operable to move the application back to the first computing platform (S1) and load the software onto the second platform (S2); and if the integrity tests are failed the system is operable to return the first computing platform (S1) to the state of the second computing platform (S1). - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of maintaining a trusted state in a computer system comprises:
-
moving one or more applications from a first computing platform (S1) having a trusted device (TD) to a second computing platform (S2) having a TD by a communications link (10) of the communication system; loading software onto the first computing platform (S1); performing integrity tests on the first computing platform (S1); and if the integrity tests are passed the applications are moved back to the first computing platform (S1) and the software is loaded onto the second platform (S2); if the integrity tests are not passed the first computing platform (S1) is returned to the state of the second computing platform (S2). - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer system programmed to perform a method of maintaining a trusted state in the computer system, comprising the following steps:
-
moving one or more applications from a first computing platform to a second computing platform by a communications link of the communication system; loading software onto the first computing platform; performing integrity tests on the first computing platform; and if the integrity tests are passed the applications are moved back to the first computing platform and the software is loaded onto the second platform; if the integrity tests are not passed the first computing platform is returned to the state of the second computing platform. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
15. A medium carrying a program operable to perform a method of maintaining a trusted state in a computer system, comprising the following steps:
-
moving one or more applications from a first computing platform to a second computing platform by a communications link of the communication system; loading software onto the first computing platform; performing integrity tests on the first computing platform; and if the integrity tests are passed the applications are moved back to the first computing platform and the software is loaded onto the second platform; if the integrity tests are not passed the first computing platform is returned to the state of the second computing platform. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification