Techniques for attesting data processing systems
First Claim
Patent Images
1. A method for attesting a plurality of data processing systems included in a datacenter, comprising:
- generating, by a managing data processing system, respective logical groupings for each of the data processing systems, wherein the logical groupings are associated with a rule that describes a condition that must be met in order for the data processing systems to be considered trusted, and wherein the datacenter includes a plurality of machine pools each of which includes two or more of the data processing systems, where each of the plurality of data processing systems includes a plurality of virtual machines each of which has an associated platform configuration register (PCR) that stores a measurement value;
retrieving, by the managing data processing system, a list of one or more children associated with each of the logical groupings;
attesting, by the managing data processing system, the one or more children to determine whether each of the one or more children is trusted, wherein the attesting includes comparing the measurement value to an expected attestation value; and
subsequent to the attesting, applying, by the managing data processing system, the rule to determine whether the condition has been met in order for the data processing systems to be considered trusted, wherein based on the rule a first one of the logical groupings is deemed trusted when all of the children of the first one of the logical groupings have a same untrusted state and a same trusted state, and wherein a child is associated with a PCR or a further logical grouping and when the child is associated with the further logical grouping the retrieving is repeated until another child associated with the PCR is found.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique for attesting a plurality of data processing systems includes generating a logical grouping for a data processing system. The logical grouping is associated with a rule that describes a condition that must be met in order for the data processing system to be considered trusted. A list of one or more children associated with the logical grouping is retrieved. The one or more children are attested to determine whether each of the one or more children is trusted. In response to the attesting, the rule is applied to determine whether the condition has been met in order for the data processing system to be considered trusted. A plurality of logical groupings is associated to determine whether an associated plurality of data processing systems can be considered trusted.
-
Citations
5 Claims
-
1. A method for attesting a plurality of data processing systems included in a datacenter, comprising:
-
generating, by a managing data processing system, respective logical groupings for each of the data processing systems, wherein the logical groupings are associated with a rule that describes a condition that must be met in order for the data processing systems to be considered trusted, and wherein the datacenter includes a plurality of machine pools each of which includes two or more of the data processing systems, where each of the plurality of data processing systems includes a plurality of virtual machines each of which has an associated platform configuration register (PCR) that stores a measurement value; retrieving, by the managing data processing system, a list of one or more children associated with each of the logical groupings; attesting, by the managing data processing system, the one or more children to determine whether each of the one or more children is trusted, wherein the attesting includes comparing the measurement value to an expected attestation value; and subsequent to the attesting, applying, by the managing data processing system, the rule to determine whether the condition has been met in order for the data processing systems to be considered trusted, wherein based on the rule a first one of the logical groupings is deemed trusted when all of the children of the first one of the logical groupings have a same untrusted state and a same trusted state, and wherein a child is associated with a PCR or a further logical grouping and when the child is associated with the further logical grouping the retrieving is repeated until another child associated with the PCR is found. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsHaikney, David, Mackintosh, David Nigel, Perez, Jose Juan Palacios
-
Primary Examiner(s)Siddiqi, Mohammad A
-
Application NumberUS14/042,267Publication NumberTime in Patent Office855 DaysField of Search718/1, 718/100, 718/101, 713/1, 726/22US Class Current1/1CPC Class CodesG06F 21/57 Certifying or maintaining t...G06F 9/46 Multiprogramming arrangements
