Attesting use of an interactive component during a boot process
First Claim
1. A method for attesting a boot process of a managed system, said managed system having an interactive component for receiving an optional interactive user input as part of the boot process, the method comprising the computer-executed steps of:
- retrieving a record of events occurring during said boot process, the record of events being generated in said managed system during said boot process;
determining, using said record of events, whether an interactive user input was received in said managed system using said interactive component as part of said boot process;
in response to determining that an interactive user input was received in said managed system using said interactive component;
comparing a cryptographic value derived from the interactive user input with a record of any trusted cryptographic values to determine whether the interactive user input which was received using said interactive component as part of said boot process should be trusted;
if the cryptographic value derived from the interactive user input matches a trusted cryptographic value in the record of any trusted cryptographic values, then determining that the interactive user input should be trusted;
if the cryptographic value derived from the interactive user input does not match any trusted cryptographic value in the record of any trusted cryptographic values, then parsing an event log containing the interactive user input to determine whether the interactive user input should be trusted; and
in response to determining that the interactive user input should be trusted as a result of parsing the event log containing the interactive user input to determine whether the interactive user input should be trusted, processing the interactive user input to create a first trusted cryptographic value and adding the first trusted cryptographic value to the record of any trusted cryptographic values.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for attesting use of an interactive component during a boot process, comprising the steps of: reading, in response to determining use of the interactive component, associated interactive input; determining whether the input should be trusted; and in response to determining that the input should be trusted, processing the input to create a trusted cryptographic value, further comprising: matching, in response to a subsequent interactive input being read, the subsequent interactive input with one or more of the trusted cryptographic values in order to determine whether the subsequent interactive input is trusted.
68 Citations
9 Claims
-
1. A method for attesting a boot process of a managed system, said managed system having an interactive component for receiving an optional interactive user input as part of the boot process, the method comprising the computer-executed steps of:
-
retrieving a record of events occurring during said boot process, the record of events being generated in said managed system during said boot process; determining, using said record of events, whether an interactive user input was received in said managed system using said interactive component as part of said boot process; in response to determining that an interactive user input was received in said managed system using said interactive component; comparing a cryptographic value derived from the interactive user input with a record of any trusted cryptographic values to determine whether the interactive user input which was received using said interactive component as part of said boot process should be trusted; if the cryptographic value derived from the interactive user input matches a trusted cryptographic value in the record of any trusted cryptographic values, then determining that the interactive user input should be trusted; if the cryptographic value derived from the interactive user input does not match any trusted cryptographic value in the record of any trusted cryptographic values, then parsing an event log containing the interactive user input to determine whether the interactive user input should be trusted; and in response to determining that the interactive user input should be trusted as a result of parsing the event log containing the interactive user input to determine whether the interactive user input should be trusted, processing the interactive user input to create a first trusted cryptographic value and adding the first trusted cryptographic value to the record of any trusted cryptographic values. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program comprising computer program code stored on a non-transitory computer readable medium to, when loaded into a computer system and executed thereon, cause said computer system to perform the steps of:
-
retrieving a record of events occurring during a boot process of a managed system, said managed system having an interactive component for receiving an optional interactive user input as part of the boot process, the record of events being generated in said managed system during said boot process; determining, using said record of events whether an interactive user in gut was received in said managed system using said interactive component as part of said boot process; in response to determining that an interactive user input was received in said managed system using said interactive component; comparing a cryptographic value derived from the interactive user input with a record of any trusted cryptographic values to determine whether the interactive user input which was received using said interactive component as part of said boot process should be trusted; if the cryptographic value derived from the interactive user input matches a trusted cryptographic value in the record of any trusted cryptographic values, then determining that the interactive user input should be trusted; if the cryptographic value derived from the interactive user input does not match any trusted cryptographic value in the record of any trusted cryptographic values, then parsing an event log containing the interactive user input to determine whether the interactive user input should be trusted; and in response to determining that the interactive user input should be trusted as a result of parsing the event log containing the interactive user input to determine whether the interactive user input should be trusted, processing the interactive user input to create a first trusted cryptographic value and adding the first trusted cryptographic value to the record of any trusted cryptographic values. - View Dependent Claims (9)
-
Specification