Apparatus and method for creating a trusted environment

US 7,467,370 B2
Filed: 03/25/2005
Issued: 12/16/2008
Est. Priority Date: 11/22/2001
Status: Active Grant

First Claim

Patent Images

1. A computer apparatus for creating a trusted environment comprising:

a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said trusted device being a physical device which binds an identity of the computer apparatus to first reliably measured data by means of said first integrity metric, wherein the trusted device is a tamper resistant device;

a software trust routine which binds an identity of at least an operating system environment to second reliably measured data by means of at least a second integrity metric;

a processor arranged to allow execution of the trust routine and associated operating environment, and means for restricting access of the operating system environment to resources available to the trust routine, wherein the trust routine is arranged to acquire (i) the first integrity metric of said trusted device as an indicator of whether a user of said computer apparatus should trust that said computer apparatus and (ii) a second integrity metric to allow determination as to whether the operating system environment is operating in a trusted manner consistently with said second reliably measured data;

wherein the means for restricting access of the operating environment comprises a control layer of software and an operating system of the operating system environment adapted such that any instructions in the operating system of the operating system environment with potential to affect any environment outside the operating system environment cause a transition to a control layer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer apparatus for creating a trusted environment comprising a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and associated first operating environment, and means for restricting the first operating environment access to resources available to the trust routine, wherein the trust routine being arranged to acquire the first integrity metric and a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner.

154 Citations

View as Search Results

11 Claims

1. A computer apparatus for creating a trusted environment comprising:
- a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner, said trusted device being a physical device which binds an identity of the computer apparatus to first reliably measured data by means of said first integrity metric, wherein the trusted device is a tamper resistant device;
  
  a software trust routine which binds an identity of at least an operating system environment to second reliably measured data by means of at least a second integrity metric;
  
  a processor arranged to allow execution of the trust routine and associated operating environment, and means for restricting access of the operating system environment to resources available to the trust routine, wherein the trust routine is arranged to acquire (i) the first integrity metric of said trusted device as an indicator of whether a user of said computer apparatus should trust that said computer apparatus and (ii) a second integrity metric to allow determination as to whether the operating system environment is operating in a trusted manner consistently with said second reliably measured data;
  
  wherein the means for restricting access of the operating environment comprises a control layer of software and an operating system of the operating system environment adapted such that any instructions in the operating system of the operating system environment with potential to affect any environment outside the operating system environment cause a transition to a control layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer apparatus according to claim 1, wherein the trust routine is arranged to incorporate cryptographical functionality for restricting access to data associated with the trust routine.
  - 3. A computer apparatus according to claim 1, wherein the trusted device has an attestation identity and an attestation identity certificate containing attestation by a third party that the trusted device comprises a valid trusted platform module and that the computer apparatus comprises a valid trusted platform.
  - 4. A computer apparatus according to claim 3, wherein the trust routine has an endorsement credential providing attestation by the trusted device that the trust routine comprises a valid virtual trusted platform module and a platform credential providing attestation by the trusted device that the trust routine and the operating environment comprises a valid virtual trusted platform.
  - 5. A computer apparatus according to claim 4, wherein the trust routine has an attestation identity and an attestation identity certificate containing attestation that the trusted device comprises a valid trusted platform module and that the computer apparatus comprises a valid trusted platform.
  - 6. A computer apparatus according to claim 5, wherein the attestation is provided by a third party.
  - 7. A computer apparatus according to claim 5, wherein the attestation is provided by the trusted device.
  - 8. A computer apparatus according to claim 5, wherein the trusted device is arranged on powering down of the computer apparatus to store the endorsement credential, the platform credential and the attestation identity certificate of the trust routine.

9. A method for creating a trusted environment in a computer apparatus, the method comprising:
- acquiring a first integrity metric to allow determination as to whether a computer apparatus has a trusted device wherein the trusted device is a tamper resistant device;
  
  binding an identity of the computer apparatus to first reliably measured data by means of said first integrity metric acquired by a trusted device in the computing apparatus, the trusted device having an attestation identity attested by a third party;
  
  executing a trust routine and an associated operating system environment;
  
  acquiring (i) the first integrity metric of said trusted device as an indicator of whether a user of said computer apparatus should trust that said computer apparatus and (ii) a second integrity metric to allow determination as to whether the operating system environment is operating in a trusted manner consistently with said second reliably measured data;
  
  determining as to whether the operating system environment is operating in a trusted manner consistently with said second reliably measured data; and
  
  restricting the operating system environment'"'"'s access to resources available to the trust routine by means of a control layer of software and an operating system of the operating system environment adapted such that any instruction in the operating system of the operating system environment with potential to affect any environment outside the operating system environment cause a transition to a control layer.
- View Dependent Claims (10, 11)
- - 10. A method according to claim 9, further comprising the trust routine generating an attestation identity and obtaining an attestation identity certificate using the endorsement credential and the platform credential.
  - 11. A method according to claim 9, further comprising:
    - the trusted device providing the trust routine with an endorsement credential providing attestation by the trusted device that the trust routine comprises a valid virtual trusted platform module and a platform credential providing attestation by the trusted device that the trust routine and the operating system environment comprises a valid virtual trusted platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Proudler, Graeme John, Plaquin, David, Balacheff, Boris
Primary Examiner(s)
Zhen; Wei Y
Assistant Examiner(s)
Nguyen; Phillip H

Application Number

US11/090,964
Publication Number

US 20050223221A1
Time in Patent Office

1,362 Days
Field of Search

717/100, 713/268, 713/194, 726/4, 726/10
US Class Current

717/100
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/62   Protecting access to data v...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

Apparatus and method for creating a trusted environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

154 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for creating a trusted environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links