Reliability platform configuration measurement, authentication, attestation and disclosure
First Claim
1. A platform configuration measurement device which comprises:
- a platform configuration register (PCR) specified in a Trusted Computing Group specification, said PCR register configured for storing content relating to configuration information;
at least one processor configured to;
perform execution extension processing in which a predetermined operation of concatenation of an additional value to a content of the PRC register is performed on a content of the register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for anew content of the register;
obtain measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values; and
executing extension processing using a random value as the additional value repeatedly at a predetermined time;
store a history of each extension processing in a log; and
memory for storing a platform configuration measurement program causing the processor to function to constitute the platform configuration measurement device.
0 Assignments
0 Petitions
Accused Products
Abstract
A platform configuration measurement device including: a configuration register; means for executing extension processing in which a predetermined operation is performed on a content of the configuration register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the configuration register; and measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values, random extension means is provided for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.
8 Citations
16 Claims
-
1. A platform configuration measurement device which comprises:
-
a platform configuration register (PCR) specified in a Trusted Computing Group specification, said PCR register configured for storing content relating to configuration information; at least one processor configured to; perform execution extension processing in which a predetermined operation of concatenation of an additional value to a content of the PRC register is performed on a content of the register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for anew content of the register; obtain measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values; and executing extension processing using a random value as the additional value repeatedly at a predetermined time; store a history of each extension processing in a log; and memory for storing a platform configuration measurement program causing the processor to function to constitute the platform configuration measurement device. - View Dependent Claims (2, 3, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16)
-
-
4. A non-transitory computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing functions of a platform configuration measurement device, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer processor to perform steps of:
-
using a platform configuration register (PCR register) specified in a Trusted Computing Group specification, the PCR register storing content relating to configuration information of a computing platform; using at least one processor configured to; execute extension processing in which a predetermined operation of concatenation of an additional value to the content of the PRC register is performed on the content of the register by using a given random value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the PRC register; store a history of each extension processing in a log; obtain measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for executing the extension processing using the measured values as the additional values; perform random extension for executing extension processing to execute the extension processing using a random value as the additional value repeatedly at a predetermined time; send a third party content of the register together with a log storing records of extension processes executed in the device, the content of the register and the log being digitally signed, in response to an authentication request including a nonce from a client; receive a digitally signed credential sent from the third party in response to the send a third party content action, the credential vouching for trustworthiness of a platform configuration according to the content of the register to be appended; send to the client the received digitally signed credential with the digitally signed nonce and content of the register; and operate functioning for constituting the platform configuration measurement device.
-
-
5. A method for measuring a platform configuration, comprising the steps of:
-
executing extension processing in which a predetermined operation is performed on a content of a register by using a given additional value, a hash value is obtained by applying a predetermined Hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the register; obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and executing the extension processing steps using the measured values as the additional values; storing a history of each extension processing in a log; and executing the extension processing step using a random value as the additional value repeatedly at a predetermined time. - View Dependent Claims (13)
-
Specification