Attesting to establish trust between computer entities
First Claim
1. A method of establishing trust between a first computer entity and a server, the method comprising:
- the first computer entity seeking a granting of trust from the server by sending an inquiry in the form of a can-attest message to the server, the can-attest message stating that the first computer entity can send an attestation message but that the first computer entity would like to know from the server whether such an attestation message is required, and if so any requirements that such server has with regard to such attestation message; and
the server sending an attestation-wanted message to the first computer entity in response to the can-attest message, the attestation-wanted message stating that the server does in fact require an attestation message from the first computer entity and that the attestation message as sent by the first computer entity must adhere to certain requirements as defined in such attestation-wanted message,one of the certain requirements being that the attestation message is to include a code identifier (code ID) associated with the first computer entity and calculated by using a security ID associated with the first computer entity, the security ID including security information relating to the first computer entity, the security information being expressed as a number of name-value security attribute parameters, the first computer entity being an executable and referring to the parameters in the security information in the security ID to determine whether particular security behavior is allowed, the code identifier (code ID) being representative of the first computer entity and calculated as a one-way hash of a combination of the executable of the first computer entity and the security ID so that modification of the security information in the security ID causes the calculated code ID to change and the server can interpret the change as an indication that the first computer entity should not be trusted.
2 Assignments
0 Petitions
Accused Products
Abstract
To establish trust between first and second entities, the first entity sends an attestation message to the second entity, including a code ID, relevant data, a digital signature based on the code ID and data, and a certificate chain. The second entity verifies the signature and decides whether to in fact enter into a trust-based relationship with the first entity based on the code ID and the data in the attestation message. Upon so deciding, the second entity sends a trust message to the first entity, including a secret to be shared between the first and second entities. The first entity obtains the shared secret in the trust message and employs the shared secret to exchange information with the second entity.
-
Citations
28 Claims
-
1. A method of establishing trust between a first computer entity and a server, the method comprising:
-
the first computer entity seeking a granting of trust from the server by sending an inquiry in the form of a can-attest message to the server, the can-attest message stating that the first computer entity can send an attestation message but that the first computer entity would like to know from the server whether such an attestation message is required, and if so any requirements that such server has with regard to such attestation message; and the server sending an attestation-wanted message to the first computer entity in response to the can-attest message, the attestation-wanted message stating that the server does in fact require an attestation message from the first computer entity and that the attestation message as sent by the first computer entity must adhere to certain requirements as defined in such attestation-wanted message, one of the certain requirements being that the attestation message is to include a code identifier (code ID) associated with the first computer entity and calculated by using a security ID associated with the first computer entity, the security ID including security information relating to the first computer entity, the security information being expressed as a number of name-value security attribute parameters, the first computer entity being an executable and referring to the parameters in the security information in the security ID to determine whether particular security behavior is allowed, the code identifier (code ID) being representative of the first computer entity and calculated as a one-way hash of a combination of the executable of the first computer entity and the security ID so that modification of the security information in the security ID causes the calculated code ID to change and the server can interpret the change as an indication that the first computer entity should not be trusted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of establishing trust between two computer entities, the method comprising:
-
a first computer entity seeking a granting of trust from a server by sending an inquiry in the form of a can-attest message to the server, the can-attest message stating that the first computer entity can send an attestation message but that the first computer entity would like to know from the server whether such an attestation message is required, and if so any requirements that such server has with regard to such attestation message; the server sending an attestation-wanted message to the first computer entity in response to the can-attest message, the attestation-wanted message stating that the server does in fact require an attestation message from the first computer entity and that the attestation message as sent by the first computer entity must adhere to certain requirements as defined in such attestation-wanted message; transmitting an attestation message from a first computer entity to a second computer entity, the attestation message including a code identifier (code ID) associated with the first computer entity that is calculated by using a security ID associated with the first computer entity and corresponding to a behavior parameter that is associated with a computing operation having security implications; ensuring that the security ID corresponding to the behavior parameter has not been tampered with, by verifying the validity of the code ID in the second computer entity, the verifying comprising determining that the first computer entity is not included in a do-not-trust list; transmitting a trust message from the second computer entity to the first computer entity upon successfully verifying the validity of the code ID, the trust message including a first secret that is shared between the first and the second computer entities for communicating securely over a first period of time, wherein the first period of time is determined by the second computer entity, and the security ID including security information relating to the first computer entity, the security information being expressed as a number of name-value security attribute parameters, the first computer entity being an executable and referring to the parameters in the security information in the security ID to determine whether particular security behavior is allowed, the code identifier (code ID) being representative of the first computer entity and calculated as a one-way hash of a combination of the executable of the first computer entity and the security ID so that modification of the security information in the security ID causes the calculated code ID to change and the second computer entity can interpret the change as an indication that the first computer entity should not be trusted. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification