Apparatus and method for establishing trust

US 7,437,568 B2
Filed: 08/16/2001
Issued: 10/14/2008
Est. Priority Date: 08/18/2000
Status: Active Grant

First Claim

Patent Images

1. A method for establishing communications with a computer entity, comprising:

requesting a trusted device associated with a computer entity to provide an integrity metric calculated for the entity by the trusted device and containing values indicative of one or more characteristics of the entity;

receiving a response from the trusted device including an integrity metric calculated for the entity by the trusted device;

comparing values in the integrity metric calculated for the entity by the trusted device with authenticated values provided for the entity by a trusted party; and

selecting a level of trust for the entity from a plurality of predefined levels of trusts based on at least one value in the integrity metric calculated for the entity by the trusted device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer apparatus comprising a receiver for receiving an integrity metric for a computer entity via a trusted device associated with the computer entity, the integrity metric having values for a plurality of characteristics associated with the computer entity; a controller for assigning a trust level to the computer entity from a plurality of trust levels, wherein the assigned trust level is based upon the value of at least one of the characteristics of the received integrity metric.

Citations

37 Claims

1. A method for establishing communications with a computer entity, comprising:
- requesting a trusted device associated with a computer entity to provide an integrity metric calculated for the entity by the trusted device and containing values indicative of one or more characteristics of the entity;
  
  receiving a response from the trusted device including an integrity metric calculated for the entity by the trusted device;
  
  comparing values in the integrity metric calculated for the entity by the trusted device with authenticated values provided for the entity by a trusted party; and
  
  selecting a level of trust for the entity from a plurality of predefined levels of trusts based on at least one value in the integrity metric calculated for the entity by the trusted device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the trusted device is hardwired to the computer entity.
  - 3. The method of claim 2, wherein the trusted device is configured to control the boot process of the computer entity.
  - 4. The method of claim 3, wherein the trusted device is configured to not respond to the request for the integrity metric if the boot process of the computer entity was not controlled by the trusted device.
  - 5. The method of claim 2, wherein the trusted device is comprised of a plurality of components hardwired to the computer entity.
  - 6. The method of claim 1, wherein the trusted device is configured to contain one or more of a public encryption key, a private encryption key, and one or more authenticated values provided for the entity integrity metric by the trusted party.
  - 7. The method of claim 6, wherein the trusted device is configured to calculate the integrity metric by generating a digest of BIOS instructions in the BIOS memory of the entity.
  - 8. The method of claim 6, wherein the trusted device is configured to calculate the integrity metric by measuring one or more values of configuration information regarding one or more components of the entity.
  - 9. The method of claim 8, wherein the components of the entity are selected from among the group of components comprising hardware components and software components.
  - 10. The method of claim 9, wherein the components of the entity are selected from among the group of components comprising the BIOS, ROM, operating system loader, and operating system of the entity.
  - 11. The method of claim 9, wherein the configuration information measured for at least one of the components comprises one or more of certificate information, last update information, latest update version information, and previous update information.
  - 12. The method of claim 6, wherein the trusted device is configured to calculate the integrity metric by engaging in predetermined interactions with one or more components of the entity and acquiring the values of the responses of the one or more components.
  - 13. The method of claim 6, wherein the response received from the trusted device includes the authenticated values provided by the trusted party.
  - 14. The method of claim 1, wherein requesting the trusted device for the integrity metric comprises:
    - generating a nonce to pass to the trusted device with the request.
  - 15. The method of claim 14, wherein the response from the trusted device includes the nonce received with the request.
  - 16. The method of claim 1, further comprising:
    - initiating data transfer to the entity in accordance with the selected trust level.
  - 17. The method of claim 16, wherein initiating data transfer to the entity in accordance with the selected trust level comprises transferring no data.

18. A method for establishing communications between a computer entity and a user, comprising:
- presenting a request from the user to a trusted device associated with a computer entity to provide an integrity metric calculated for the entity by the trusted device and containing values indicative of one or more characteristics of the entity;
  
  presenting to the user a response from the trusted device including an integrity metric calculated for the entity by the trusted device;
  
  comparing at the user values in the integrity metric calculated for the entity by the trusted device with authenticated values provided for the entity by a trusted party; and
  
  selecting at the user a level of trust for the entity from a plurality of predefined levels of trusts available to the user based on at least one value in the integrity metric calculated for the entity by the trusted device.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 19. The method of claim 18, wherein the trusted device is hardwired to the computer entity.
  - 20. The method of claim 19, wherein the trusted device is configured to control the boot process of the computer entity.
  - 21. The method of claim 20, wherein the trusted device is configured to not respond to the request for the integrity metric if the boot process of the computer entity was not controlled by the trusted device.
  - 22. The method of claim 19, wherein the trusted device is comprised of a plurality of components hardwired to the computer entity.
  - 23. The method of claim 18, further comprising:
    - passing from the trusted party to the trusted device one or more of a public encryption key, a private encryption key, and one or more authenticated values for the entity integrity metric.
  - 24. The method of claim 23, wherein the trusted device is configured to calculate the integrity metric by generating a digest of BIOS instructions in the BIOS memory of the entity.
  - 25. The method of claim 23, wherein the trusted device is configured to calculate the integrity metric by measuring one or more values of configuration information regarding one or more components of the entity.
  - 26. The method of claim 25, wherein the components of the entity are selected from among the group of components comprising hardware components and software components.
  - 27. The method of claim 26, wherein the components of the entity are selected from among the group of components comprising the BIOS, ROM, operating system loader, and operating system of the entity.
  - 28. The method of claim 25, wherein the components of the entity are selected from among the group of components comprising hardware components and software components.
  - 29. The method of claim 26, wherein the configuration information measured for at least one of the components comprises one or more of certificate information, last update information, latest update version information, and previous update information.
  - 30. The method of claim 23, wherein the trusted device is configured to calculate the integrity metric by engaging in predetermined interactions with one or more components of the entity and acquiring the values of the responses of the one or more components.
  - 31. The method of claim 23, wherein the response received from the trusted device includes the authenticated values provided by the trusted party.
  - 32. The method of claim 23, wherein the request includes input data.
  - 33. The method of claim 32, wherein the response includes the input data processed with the private encryption key.
  - 34. The method of claim 18, wherein the request includes a nonce.
  - 35. The method of claim 34, wherein the response includes the nonce received with the request.
  - 36. The method of claim 18, further comprising:
    - initiating data transfer from the user to the entity in accordance with the selected trust level.
  - 37. The method of claim 36, wherein initiating data transfer from the user to the entity in accordance with the selected trust level comprises transferring no data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Chen, Liqun, Pearson, Siani Lynne, Das-Purkayastha, Arindam
Primary Examiner(s)
Chai; Longbit

Application Number

US09/931,526
Publication Number

US 20020026576A1
Time in Patent Office

2,616 Days
Field of Search

380/30, 380277-285, 713200-201, 713187-189, 713/161, 713164-176, 713193-194, 707/9, 726 28- 30, 726 21- 26
US Class Current

713/187
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2211/009   Trust

G06F 2221/2103   Challenge-response

G06F 2221/2151   Time stamp

G06F 2221/2153   Using hardware token as a s...

Apparatus and method for establishing trust

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for establishing trust

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links