Attesting a component of a system during a boot process
First Claim
1. An apparatus for attesting a component of a system during a boot process, comprising a processor coupled to a memory that contains instructions that are executable by the processor to perform steps of:
- verifying that the system is in a trusted state;
in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system;
retrieving current input data associated with the component of the system;
comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state;
if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; and
accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and program product for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.
39 Citations
23 Claims
-
1. An apparatus for attesting a component of a system during a boot process, comprising a processor coupled to a memory that contains instructions that are executable by the processor to perform steps of:
-
verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for attesting a component of a system during a boot process, comprising a processor coupled to a memory that contains instructions that are executable by the processor to perform steps of:
-
verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system; receiving the notification from the system that the component of the system has been updated; retrieving updated current input data associated with the component in response to the notification being received; storing the updated current input data; retrieving further current input data associated with the component of the system; comparing the further current input data against the updated current input data in order to determine whether the system can retain its trusted state; and setting values associated with the updated current input data to null if the further current input data matches the updated current input data in response to the comparing of the further current input data.
-
-
11. A computer program product comprising computer program code stored on a non-transitory computer readable storage medium to, when loaded into a computer system and executed thereon, cause said computer system to perform the steps of:
-
verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising computer program code stored on a non-transitory computer readable storage medium to, when loaded into a computer system and executed thereon, cause said computer system to perform the steps of:
-
verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system; receiving the notification from the system that the component of the system has been updated; retrieving updated current input data associated with the component in response to the notification being received; storing the updated current input data;
retrieving further current input data associated with the component of the system;comparing the further current input data against the updated current input data in order to determine whether the system can retain its trusted state; and setting values associated with the updated current input data to null if the further current input data matches the updated current input data in response to the comparing of the further current input data.
-
-
21. An apparatus for attesting a component of a system during a boot process, comprising a processor coupled to a memory that contains instructions that are executable by the processor to perform steps of:
-
verifying that the system is in a trusted state during the boot process; in response to verifying that the system is in a trusted state, requesting an enrollment of the system with the apparatus, wherein the requesting step further comprises receiving enrollment data associated with the system; responsive to re-booting the system, verifying that the system is in a trusted state during the re-booting process using the enrollment data, wherein the enrollment data was received when requesting the enrollment of the system with the apparatus, in lieu of trusted values provided by a trusted source. - View Dependent Claims (22, 23)
-
Specification