Apparatus and method for creating a trusted environment
First Claim
Patent Images
1. A computer apparatus for creating a trusted environment comprising:
- a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said trusted device being a physical device which binds an identity of the computer apparatus to first reliably measured data by means of said first integrity metric;
a software trust routine which binds an identity of at least a first operating system environment to second reliably measured data by means of at least a second integrity metric;
a processor arranged to allow execution of said software trust routine and said at least a first operating environment, andmeans for restricting a privilege level of the at least a first operating system environment to a lower privilege level than that assigned to the software trust routine, wherein the software trust routine is arranged to acquire (i) the first integrity metric of said trusted device as an indicator of whether a user of said computer apparatus should trust that said computer apparatus is operating consistently with said first reliably measured data and (ii) the second integrity metric to allow determination by the user as to whether the at least a first operating system environment is operating in a trusted manner consistently with said second reliably measured data.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer apparatus for creating a trusted environment comprising a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and associated first operating environment, and means for restricting the first operating environment access to resources available to the trust routine, wherein the trust routine being arranged to acquire the first integrity metric and a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner.
-
Citations
25 Claims
-
1. A computer apparatus for creating a trusted environment comprising:
-
a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said trusted device being a physical device which binds an identity of the computer apparatus to first reliably measured data by means of said first integrity metric; a software trust routine which binds an identity of at least a first operating system environment to second reliably measured data by means of at least a second integrity metric; a processor arranged to allow execution of said software trust routine and said at least a first operating environment, and means for restricting a privilege level of the at least a first operating system environment to a lower privilege level than that assigned to the software trust routine, wherein the software trust routine is arranged to acquire (i) the first integrity metric of said trusted device as an indicator of whether a user of said computer apparatus should trust that said computer apparatus is operating consistently with said first reliably measured data and (ii) the second integrity metric to allow determination by the user as to whether the at least a first operating system environment is operating in a trusted manner consistently with said second reliably measured data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer apparatus for creating a trusted environment, the computer apparatus comprising:
-
a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said trusted device being a physical device which binds an identity of the computer apparatus to reliably measured data by means of said first integrity metric, and a processor arranged to allow execution of a first trust routine and an associated first operating environment, the processor is arranged to restrict access of the first operating environment from resources available to the trust routine, wherein the trust routine is arranged to acquire the first integrity metric and is further arranged to acquire a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner, wherein the trust routine, in response to acguiring the first integrity metric of said trusted device, indicates to a user of said computer apparatus whether the user should trust that said computer apparatus is operating in its trusted manner, and wherein the trust routine, in response to acquiring the second integrity metric, indicates to the user whether the user should trust that the first operating system environment is operating in its trusted manner.
-
-
7. A computer apparatus for creating a trusted environment, the computer apparatus comprising:
-
a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said trusted device being a physical device which binds an identity of the computer apparatus to reliably measured data by means of said first integrity metric, and a processor arranged to allow execution of a plurality trust routines in a first privilege level of the processor and to allow execution of respective associated operating environments in a second privilege level of the processor such that access to resources available to code executed in the first privilege level is restricted to code executed in the second privilege level, wherein each trust routine is arranged to acquire the first integrity metric and an integrity metric associated with the respective associated operating environment to allow determination as to whether the respective operating environment is operating in a trusted manner. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for creating a trusted environment in a computer apparatus, the method comprising
acquiring a first integrity metric to allow determination as to whether a computer apparatus has a trusted device binding an identity of the computer apparatus to first reliably measured data by means of said first integrity metric; -
acquiring a second integrity metric to allow determination as to whether a computer apparatus has a first trusted operating environment binding an identity of the first trusted operating environment to second reliably measured data by means of said second integrity metric; executing a first trust routine which acquires (i) the first integrity metric as an indicator of whether a user of said computer apparatus should trust that said computer apparatus is operating consistently with said first reliably measured data and (ii) acquires the second integrity metric to allow determination by the user as to whether the at least a first operating system environment is operating in a trusted manner consistently with said second reliably measured data, and restricting a privilege level of the first operating environment to a lower privilege level than that assigned to the trust routine.
-
-
23. A method for creating a trusted environment in a computer apparatus, the method comprising:
-
acquiring a first integrity metric to allow determination by a user of the computer apparatus as to whether the computer apparatus is operating in a trusted manner based upon externally obtained reliable data and executing a first trust routine and an associated first operating environment, restricting the first operating environment'"'"'s access from resources available to the trust routine, acquiring the first integrity metric and a second integrity metric to allow determination by said user as to whether the first operating environment is operating in a trusted manner also based upon externally obtained reliable data.
-
-
24. A computer system for creating a trusted environment comprising:
-
a physical trusted device which is installed in said computer system and is arranged to acquire a first integrity metric to allow determination as to whether the computer system is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and an associated first operating environment, and means for restricting access of the first operating environment from resources available to the trust routine, wherein the trust routine is arranged to acquire (i) the first integrity metric to allow a determination to be made by a user of the computer system whether the hardware of the computer system may be utilized in a trusted manner based upon externally obtained reliable data and (ii) a second integrity metric to allow a determination by said user whether the first operating environment is operating in a trusted manner based upon externally obtained reliable data.
-
-
25. A computer apparatus for creating a trusted environment comprising:
- a physical trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said physical trusted device binding an identity of the computer apparatus to reliably measured data by means of said first integrity metric;
a virtual trusted device arranged to acquire a second integrity metric to allow determination as to whether the computer apparatus has an operating system capable of operating in a trusted manner, said virtual trusted device binding an identity of the operating system to reliably measured data by means of said second integrity metric; a processor arranged to allow execution of said operating system and at least one application program, said processor having at least four different privilege levels of operation, PL0, PL1, PL2 and PL3, with PL0 being the highest of these four privilege levels and PL4 being the lowest of these four privilege levels, the processor also having certain privileged instructions which may be used only at PL0; a security kernel which runs at privilege level PL0, the security kernel having code allowing execution of the virtual trusted device and for accessing the physical trusted device, code for trap and interrupt handling as well as code for memory management; a global service module which runs at privilege level PL1, the global service module having code which does need to respond to trap and interrupt handling but which handles interfacing between the operating system and the security kernel; and means for restricting the at least one application program to a privilege level no higher than privilege level PL3, and means for restricting the operating system to a privilege level no higher than PL2.
- a physical trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said physical trusted device binding an identity of the computer apparatus to reliably measured data by means of said first integrity metric;
Specification