Attestation using a combined measurement and its constituent measurements

US 9,747,450 B2
Filed: 02/10/2015
Issued: 08/29/2017
Est. Priority Date: 02/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed by a challenger computer system (“

challenger”

) to verify an assertion of a prover computer system (“

prover”

), the method comprising;

receiving from the prover an assertion asserting a combined measurement of constituent measurements of resources and a constituent measurement for each of the resources;

checking whether a list of known-good combined measurements includes the asserted combined measurement;

in response to the list including the asserted combined measurement, indicating that the assertion is verified; and

in response to the list not including the asserted combined measurement,for each of the asserted constituent measurements of resources, determining whether that constituent measurement matches a known-good constituent measurement for the corresponding resource;

generating a combined measurement from the asserted constituent measurements;

determining whether the asserted combined measurement matches the generated combined measurement; and

in response to each constituent measurement matching a known-good measurement and the asserted combined measurement matches the generated combined measurement, indicating that the assertion is verified; and

adding the asserted combined measurement to the list to avoid the overhead of verifying the asserted constituent measurements and generating a combined measurement when the same asserted combined measurement is subsequently received.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An attestation system for asserting and verifying assertions of a known-good state of a computer system is provided. The attestation system allows a challenger and a prover to conduct an attestation so that the challenger can verify an assertion of the prover. To conduct the attestation, the prover sends, as an assertion of its state, a combined measurement of resources along with a constituent measurement of each resource to the challenger. The challenger verifies the assertion by verifying that the asserted constituent measurements represent known-good measurements and verifying that the asserted combined measurement can be generated from the asserted constituent measurements. To verify the asserted constituent measurements, the challenger determines whether each asserted constituent measurement for a resource is a known-good measurement for that resource. To verify the asserted combined measurement, the challenger generates a combined measurement from the asserted constituent measurements received from the prover.

Citations

20 Claims

1. A method performed by a challenger computer system (“
- challenger”
  
  ) to verify an assertion of a prover computer system (“
  
  prover”
  
  ), the method comprising;
  
  receiving from the prover an assertion asserting a combined measurement of constituent measurements of resources and a constituent measurement for each of the resources;
  
  checking whether a list of known-good combined measurements includes the asserted combined measurement;
  
  in response to the list including the asserted combined measurement, indicating that the assertion is verified; and
  
  in response to the list not including the asserted combined measurement,for each of the asserted constituent measurements of resources, determining whether that constituent measurement matches a known-good constituent measurement for the corresponding resource;
  
  generating a combined measurement from the asserted constituent measurements;
  
  determining whether the asserted combined measurement matches the generated combined measurement; and
  
  in response to each constituent measurement matching a known-good measurement and the asserted combined measurement matches the generated combined measurement, indicating that the assertion is verified; and
  
  adding the asserted combined measurement to the list to avoid the overhead of verifying the asserted constituent measurements and generating a combined measurement when the same asserted combined measurement is subsequently received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the asserted combined measurement is a value from a platform configuration register of the prover.
  - 3. The method of claim 1 wherein the generated combined measurement is generated as a chain of hashes of asserted constituent measurements.
  - 4. The method of claim 1 wherein the asserted combined measurement is generated by a trusted computing platform of a computing system of the prover.
  - 5. The method of claim 4 wherein the asserted combined measurement is a value from a platform configuration register of the trusted computing platform.
  - 6. The method of claim 1 wherein the resources include software components of the prover.
  - 7. The method of claim 1, further comprising, when an asserted constituent measurement does not match a known-good measurement, indicating that the assertion is not verified.
  - 8. The method of claim 7, further comprising, when an asserted constituent measurement does not match a known-good measurement, suppressing the generating of the combined measurement.
  - 9. The method of claim 1 wherein the challenger and prover are computer systems.

10. A prover computer system (“
- prover”
  
  ) comprising;
  
  a trusted platform component for storing a combined measurement, in a list of known-good combined measurements, that is generated from constituent measurements for resources of the prover that can be trusted as representing the resources;
  
  a storage medium storing computer-executable instructions that send to a challenger computer system (“
  
  challenger”
  
  ) the combined measurement and the constituent measurements as assertions of the prover so that the challenger can check whether the asserted combined measurement is a known-good combined measurement by checking whether the list includes the asserted combined measurement, and in response to the list not including the asserted combined measurement, for each of the asserted constituent measurements of resources, determining whether that constituent measurement matches a known-good constituent measurement for the corresponding resource;
  
  generating a combined measurement from the asserted constituent measurements;
  
  determining whether the asserted combined measurement matches the generated combined measurements; and
  
  in response to each constituent measurement matches a known-good measurement and the asserted combined measurement matches the generated combined measurement, indicating that the assertion is verified; and
  
  adding the asserted combined measurement to the list to avoid the overhead of verifying the asserted constituent measurements and generating a combined measurement when the same asserted combined measurement is subsequently received; and
  
  a processor for executing the computer-executable instructions stored in the storage medium.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The prover of claim 10 wherein the computer-executable instructions further send to the challenger an indication of an algorithm used to generate a constituent measurement.
  - 12. The prover of claim 10 wherein the computer-executable instructions further send to the challenger a version number associated with a software component that generates a constituent measurement.
  - 13. The prover of claim 10 wherein the resources include computer instructions and configuration information.
  - 14. The prover of claim 10 wherein the resources include a measured launch environment and an operating system kernel.
  - 15. The prover of claim 10 wherein the trusted platform component generates the combined measurement using a hash chaining of the constituent measurements.
  - 16. The prover of claim 10 wherein the computer-executable instructions further generate a constituent measurement independently of the trusted platform component.

17. A computer-readable storage medium storing computer-executable instructions for controlling a challenger computer system (“
- challenger”
  
  ) to verify an assertion of a prover computer system (“
  
  prover”
  
  ), the computer-executable instructions comprising instructions that;
  
  receive the assertion of the prover asserting a combined measurement of constituent measurements of resources of the prover generated by a trusted platform module of the prover and, for at least some of the resources, asserting constituent measurements for the resources;
  
  determining whether a list of known-good combined measurements includes the asserted combined measurement;
  
  in response to the list including the asserted combined measurement, indicating that the assertion is verified; and
  
  in response to the list not including the asserted combined measurement for each of the asserted constituent measurements of the resources, determining whether the constituent measurement matches a known-good constituent measurement for the corresponding resource;
  
  generating a combined measurement from the asserted constituent measurements;
  
  determining whether the asserted combined measurement matches the generated combined measurement; and
  
  in response to each of the asserted constituent measurements matching a known-good constituent measurement and the asserted combined measurement matching a combined measurement generated from the asserted constituent measurements, indicating that the assertion is verified, and that the asserted combined measurement is a known-good combined measurement, and adding the asserted combined measurement to the list to avoid the overhead of verifying the asserted constituent measurements and generating a combined measurement when the same asserted combined measurement is subsequently received.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable storage medium of claim 17 wherein the asserted constituent measurements are output by the trusted platform module.
  - 19. The computer-readable storage medium of claim 17 wherein the asserted constituent measurements are generated by software of the prover that is not part of the trusted platform module.
  - 20. The computer-readable storage medium of claim 17, further comprising instructions that generate a known-good measurement for a resource from sub-constituent measurements of sub-resources of the resource asserted by the prover.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Horovitz, Oded, Rihan, Sahil, Weis, Stephen A., Arai, Daniel
Primary Examiner(s)
Edwards, Linglan

Application Number

US14/618,099
Publication Number

US 20150227744A1
Time in Patent Office

931 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 2221/034 Test or assess a computer o...

Attestation using a combined measurement and its constituent measurements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Attestation using a combined measurement and its constituent measurements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links