Data integrity monitoring in trusted computing entity
First Claim
1. A method of security monitoring of a computing platform, said method comprising the steps of:
- (i) creating a data file in a portion of a memory area of said computing platform that is reserved for use by a trusted component associated with said computing platform;
(ii) generating a first digest data describing a data content of said data file;
(iii) waiting a predetermined time period;
(iv) repeating step (ii) to generate a second digest data;
(v) comparing said second digest data with said first digest data to determine a security status of the computing platform; and
(vi) repeating steps (iii) to (vi) if said second digest data is identical to said first digest data.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of security monitoring of data files in a computer platform is carried out by a trusted component having a processor and trusted memory area. The method comprises creating one or a plurality of data files in an untrusted memory area of said computing platform, for each created data file, periodically generating a digest data by applying a hash function to each data file, storing the digest data in a trusted memory area and for each file periodically comparing a current digest data of the file with a previously generated digest data of the file. Any differences between a previous and a current digest data indicate that a file in the untrusted memory area has been corrupted.
161 Citations
32 Claims
-
1. A method of security monitoring of a computing platform, said method comprising the steps of:
-
(i) creating a data file in a portion of a memory area of said computing platform that is reserved for use by a trusted component associated with said computing platform; (ii) generating a first digest data describing a data content of said data file; (iii) waiting a predetermined time period; (iv) repeating step (ii) to generate a second digest data; (v) comparing said second digest data with said first digest data to determine a security status of the computing platform; and (vi) repeating steps (iii) to (vi) if said second digest data is identical to said first digest data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer entity comprising:
-
a computer platform comprising a first data processing means and a first memory means; a monitoring component comprising a second data processing means and a second memory means; wherein said monitoring component comprises means for receiving a monitor data, said monitor data describing a content of a plurality of data files stored in said computer platform in a portion of said first memory means that is reserved for use by a trusted component associated with said computer platform; means for storing said plurality of monitor data in said monitoring component; and means for making comparisons of said monitor data, wherein said monitoring component periodically receives for each of a plurality of data files, a historical monitor data representing a state of said data file at a previous point in time, and a current monitor data representing a current state of said data file. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of security monitoring a computer platform comprising a first data processing means and a first memory means, said method comprising the steps of:
-
(i) receiving a first monitor data, said first monitor data describing a data content of a data file stored in a portion of a memory of said computer platform that is reserved for use by a trusted component associated with said computer platform; (ii) storing said first monitor data in a trusted memory area physically and logically distinct from said computer platform; (iii) receiving a second monitor data, said second monitor data describing a data content of said same data file stored in said computer platform; (iv) comparing said first monitor data with said second monitor data; (v) if said first monitor data differs from said second monitor data, generating an error data; and (vi) if said first monitor data does not differ from said second monitor data, repeating steps (iii) to (vi). - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method of monitoring a computer platform comprising a first data processing means and first memory means, said method comprising the steps of:
-
a) allocating a region of said first memory means for use by a monitoring entity comprising a second data processing means and a second memory means; b) creating in said allocated memory area a plurality of data files, each allocated to said monitoring entity; c) entering data into said plurality of allocated data files in said reserved memory region; d) creating for each of said data files a monitor data describing a data content of each of said data file; e) storing said monitor data in a second memory device, said second memory device being physically and logically distinct from said first memory device; f) repeating steps d) and e); and g) periodically comparing a recently received said monitor data for said data file with a previously received monitor data for the same said data file. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A computer entity programmed for security monitoring, comprising one or more processors and one or more memories, wherein:
-
one of said processors is programmed to generate random or pseudo-random data files in of one of said memories reserved for use by a trusted component; and one of said processors is programmed to monitor said data files by repeatedly obtaining digests of said data files and detecting when changes to said data files have occurred. - View Dependent Claims (28, 29, 30, 31, 32)
-
Specification