Location attestation service

US 8,332,928 B2
Filed: 02/22/2007
Issued: 12/11/2012
Est. Priority Date: 02/22/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

initiating, in a client computing device, a location attestation operation during a boot operation of the computing device prior to initiating an operating system of the computer device;

in response to initiating the location attestation operation, requesting by the client computing device a location attestation certificate from a source external to the client computing device by transmitting an identifier associated with the client computing device to the source external to the client computing device;

monitoring a status of the location attestation certificate, and when the location attestation certificate is invalid, requesting a new location attestation certificate;

communicating with a location attestation service managing participation by the computing device as a blade computing device in a blade pool, wherein a set of certificate authorities is assigned as trusted third parties allowing the blade computing device and blades at different locations to join the blade pool; and

completing the boot operation only after the location attestation certificate is granted, and terminating the boot operation when the location attestation certificate is not granted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment a computer system comprises a processor and a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium. The logic instructions, when executed, configure the processor to initiate, in a client computing device, a service request, in response to the service request, initiate a request for a location attestation certificate, and complete the client service request when the location attestation certificate is granted.

16 Citations

View as Search Results

19 Claims

1. A method, comprising:
- initiating, in a client computing device, a location attestation operation during a boot operation of the computing device prior to initiating an operating system of the computer device;
  
  in response to initiating the location attestation operation, requesting by the client computing device a location attestation certificate from a source external to the client computing device by transmitting an identifier associated with the client computing device to the source external to the client computing device;
  
  monitoring a status of the location attestation certificate, and when the location attestation certificate is invalid, requesting a new location attestation certificate;
  
  communicating with a location attestation service managing participation by the computing device as a blade computing device in a blade pool, wherein a set of certificate authorities is assigned as trusted third parties allowing the blade computing device and blades at different locations to join the blade pool; and
  
  completing the boot operation only after the location attestation certificate is granted, and terminating the boot operation when the location attestation certificate is not granted.
- View Dependent Claims (2, 3, 4, 5, 6, 15)
- - 2. The method of claim 1, further comprising after completing the boot operation initiating, in the client computing device, a service request by initiating a request to access a resource on a partitioned section of a hard drive in the client computing device, and wherein access to the resource is only granted when the client computing device possesses a valid location attestation certificate.
  - 3. The method of claim 1, further comprising after completing the boot operation initiating, in the client computing device, a service request by initiating a request to access a resource on a remote storage device, and wherein access to the resource is only granted when the client computing device possesses a valid location attestation certificate.
  - 4. The method of claim 1, further comprising after completing the boot operation initiating, in the client computing device, a service request by initiating a request to start an application, and wherein the application is only started when the client computing device possesses a valid location attestation certificate.
  - 5. The method of claim 1, wherein requesting a location attestation certificate comprises:
    - initiating a communication connection with a location attestation server;
      
      verifying that the location attestation server is trusted; and
      
      receiving the location attestation certificate from the location attestation server.
  - 6. The method of claim 1, further comprising after completing the boot operation:
    - monitoring the validity of the location attestation certificate; and
      
      terminating access to at least one service when the location attestation server is invalidated.
  - 15. The method of claim 1, wherein the identifier associated with the client computing device comprises at least one of an identifier associated with the client computing device, an identifier associated with a user of the client computing device, or an identifier associated with a location of the client computing device.

7. A computer system, comprising:
- a processor;
  
  a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium which, when executed, configure the processor to;
  
  initiate, in a client computing device, a location attestation operation during a boot operation of the client computing device prior to initiating an operating system of the client computing device;
  
  in response to initiating the location attestation operation requesting by the client computing device a location attestation certificate from a source external to the client computing device, wherein the location attestation certificate includes an indication of the location of the client computing device;
  
  monitoring a status of the location attestation certificate, and when the location attestation certificate is invalid, requesting a new location attestation certificate;
  
  communicating with a location attestation service managing participation by the client computing device as a computing device in a computing device pool, wherein a set of certificate authorities is assigned as trusted third parties allowing the computing device and computing devices at different locations to join the computing device pool; and
  
  complete the boot operation only after the location attestation certificate is granted, and terminating the boot operation when the location attestation certificate is not granted.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7, further comprising logic instructions stored in a computer readable medium which, when executed, cause the processor to request to access a resource on a partitioned section of a hard drive in the client computing device, and wherein access to the resource is only granted when the client computing device possesses a valid location attestation certificate.
  - 9. The computer system of claim 7, further comprising logic instructions stored in a computer readable medium which, when executed, cause the processor to initiate a request to access a resource on a remote storage device, and wherein access to the resource is only granted when the client computing devices possesses a valid location attestation certificate.
  - 10. The computer system of claim 7, further comprising logic instructions stored in a computer readable medium which, when executed, cause the processor to initiate a request to start an application, and wherein the application is only started when the client computing devices possesses a valid location attestation certificate.
  - 11. The computer system of claim 7, further comprising logic instructions stored in a computer readable medium which, when executed, cause the processor to:
    - initiate a communication connection with a location attestation server;
      
      verify that the location attestation server is trusted; and
      
      request a location attestation certificate from the location attestation server.
  - 12. The computer system of claim 7, further comprising logic instructions stored in a computer readable medium which, when executed, cause the processor to:
    - monitor the validity of the location attestation certificate; and
      
      terminate access to at least one service when the location attestation server is invalidated.

13. A computer system, comprising:
- system hardware comprising;
  
  a basic input output system (BIOS) configured to perform a system initialization of the computer system and configured to complete a boot of the computer system to initiate an operating system of the computer system only with a valid local attestation certificate;
  
  a local attestation module configured to request the location attestation certificate from a location attestation interface device external to the computer system by transmitting an identifier associated with the computer system to the location attestation interface device; and
  
  wherein the computer system is configured as a blade computing device connecting with a location attestation service managing participation of blade computing devices in a blade pool, such that a set of certificate authorities is assigned as trusted third parties allowing the computer system and blades at different locations to join the blade pool.
- View Dependent Claims (14, 16, 17, 18, 19)
- - 14. The computer system of claim 13, wherein the location attestation module is configured to:
    - initiate a communication connection with the location attestation interface device; and
      
      verify that the location attestation interface device is trusted.
  - 16. The computer system of claim 13, wherein the location attestation interface device is configured to certify location of the computer system by comparing the location identifier with a list of approved location identifiers.
  - 17. The computer system of claim 16, wherein the location attestation interface device is configured to present a user of the computer system with a challenge-response routine to establish location of the computer system before granting the location attestation certificate.
  - 18. The computer system of claim 13, wherein the location attestation module is configured to prevent computer system 100 from booting when the computer system 100 is outside an approved location when the computer is stolen or removed from a work premises without permission.
  - 19. The computer system of claim 13, further comprising a second location attestation interface module to monitor a status of the location attestation certificate, and when the location attestation certificate is invalid, requesting a new location attestation certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Ibrahim, Wael, Novoa, Manuel
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Gregory, Shaun

Application Number

US11/709,473
Publication Number

US 20080209515A1
Time in Patent Office

2,119 Days
Field of Search

380/258
US Class Current

726/17
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0823   using certificates cryptogr...

H04L 63/107   wherein the security polici...

Location attestation service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Location attestation service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links