Trusted computing platform
First Claim
1. Computing apparatus comprising, mounted on an assembly, a main processor, a main memory and a trusted device, wherein the trusted device itself comprises a trusted device processor and a trusted device memory, whereby the trusted device processor is arranged to acquire a true value of an integrity metric of the computing apparatus and the trusted device memory contains a certificate signed by a trusted third party, whereby the trusted device is adapted to report the true value of the integrity metric together with the certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.
In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.
Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
35 Citations
10 Claims
- 1. Computing apparatus comprising, mounted on an assembly, a main processor, a main memory and a trusted device, wherein the trusted device itself comprises a trusted device processor and a trusted device memory, whereby the trusted device processor is arranged to acquire a true value of an integrity metric of the computing apparatus and the trusted device memory contains a certificate signed by a trusted third party, whereby the trusted device is adapted to report the true value of the integrity metric together with the certificate.
-
8. A trusted device for use as a functional component in a computing apparatus, the trusted device being adapted for mounting on an assembly of the computing apparatus and comprising:
-
an interface for communication with other functional components of the computing apparatus, a trusted device processor, and a trusted device memory storing a certificate signed by a trusted third party; the trusted device being adapted to acquire a true value of an integrity metric of the computing apparatus and to report this true value together with the certificate. - View Dependent Claims (9, 10)
-
Specification