Methods, devices and data structures for trusted data
First Claim
Patent Images
1. A method of providing evidence of a state of a computer platform, comprising:
- measuring a state of the computer platform, wherein measuring a state comprises a measurement of a first data structure in the computer platform, to provide a first measured state;
using the first measured state in evidence of the state of the computer platform;
replacing the first data structure with a second data structure in the computer platform;
measuring the state of the computer platform with the first data structure replaced by the second data structure to provide a second measured state that includes a second measured state value;
verifying that the second measured state is as trustworthy as the first measured state, wherein the verifying comprises determining whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; and
upon verifying that the second measured state is as trustworthy as the first measured state, substituting the second measured state for the first measured state in evidence of the state of the computer platform.
1 Assignment
0 Petitions
Accused Products
Abstract
A data structure has within it the following elements: an identification of a data structure type; and a proof that two or more instances of the data structure type are as trustworthy as each other. Methods and devices using such data structures are described.
-
Citations
21 Claims
-
1. A method of providing evidence of a state of a computer platform, comprising:
-
measuring a state of the computer platform, wherein measuring a state comprises a measurement of a first data structure in the computer platform, to provide a first measured state; using the first measured state in evidence of the state of the computer platform; replacing the first data structure with a second data structure in the computer platform; measuring the state of the computer platform with the first data structure replaced by the second data structure to provide a second measured state that includes a second measured state value; verifying that the second measured state is as trustworthy as the first measured state, wherein the verifying comprises determining whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; and upon verifying that the second measured state is as trustworthy as the first measured state, substituting the second measured state for the first measured state in evidence of the state of the computer platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15)
-
-
9. A method as claimed in 1, wherein the second data structure is a null data structure.
-
16. A computer platform comprising:
-
a processor; and a trusted device protected against subversion, the trusted device to; measure a first state of the computing platform from measurements including a measurement relating to a first data structure; replace the first data structure with a second data structure; measure a second state of the computing platform from measurements including a measurement relating to the second data structure; determine whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; and upon a determination based on the linked list that the second measured state is related to the first measured state, determine that the second data structure is as trustworthy as the first data structure. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification