Methods, devices and data structures for trusted data

US 8,539,587 B2
Filed: 03/22/2006
Issued: 09/17/2013
Est. Priority Date: 03/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method of providing evidence of a state of a computer platform, comprising:

measuring a state of the computer platform, wherein measuring a state comprises a measurement of a first data structure in the computer platform, to provide a first measured state;

using the first measured state in evidence of the state of the computer platform;

replacing the first data structure with a second data structure in the computer platform;

measuring the state of the computer platform with the first data structure replaced by the second data structure to provide a second measured state that includes a second measured state value;

verifying that the second measured state is as trustworthy as the first measured state, wherein the verifying comprises determining whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; and

upon verifying that the second measured state is as trustworthy as the first measured state, substituting the second measured state for the first measured state in evidence of the state of the computer platform.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data structure has within it the following elements: an identification of a data structure type; and a proof that two or more instances of the data structure type are as trustworthy as each other. Methods and devices using such data structures are described.

207 Citations

21 Claims

1. A method of providing evidence of a state of a computer platform, comprising:
- measuring a state of the computer platform, wherein measuring a state comprises a measurement of a first data structure in the computer platform, to provide a first measured state;
  
  using the first measured state in evidence of the state of the computer platform;
  
  replacing the first data structure with a second data structure in the computer platform;
  
  measuring the state of the computer platform with the first data structure replaced by the second data structure to provide a second measured state that includes a second measured state value;
  
  verifying that the second measured state is as trustworthy as the first measured state, wherein the verifying comprises determining whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; and
  
  upon verifying that the second measured state is as trustworthy as the first measured state, substituting the second measured state for the first measured state in evidence of the state of the computer platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15)
- - 2. A method as claimed in claim 1, wherein the computer platform comprises a trusted device protected against subversion and the steps of measuring, verifying and substituting are carried out by the trusted device.
  - 3. A method as claimed in claim 2, wherein the trusted device comprises one or more platform configuration registers, the method further comprising:
    - storing measurements of the state of the computer platform in the platform configuration registers by concatenating a current platform configuration register value with measurement data;
      
      hashing the result; and
      
      replacing the current platform configuration register value with the hashed result,wherein the first measured state is derived from platform configuration register values for the first data structure and the second measured state is derived from platform configuration register values after the first data structure has been replaced by the second data structure, and the verifying step comprises determining that the platform configuration register values for the first data structure are related to the platform configuration register values after the first data structure has been replaced by the second data structure.
  - 4. A method as claimed in claim 3, wherein the first and second measured states each comprise a value derived from a plurality of platform configuration registers, and the verifying step comprises determining that the first measured state value is related to the second measured state value.
  - 5. A method as claimed in claim 4, wherein the first and second measured state values are derived from the plurality of platform configuration registers by concatenating the values in the plurality of platform configuration registers and hashing the concatenated values.
  - 6. A method according to claim 3, wherein the trusted device is to establish that one sequence of platform configuration register values is trust equivalent to another sequence of platform configuration register values by determining that a next key value of the one sequence is a current key of the another sequence.
  - 7. A method as claimed in claim 1, wherein the evidence comprises data sealed against a value derived from a measured state such that the data may only be accessed when a current value of the measured state of the computer platform corresponds to the measured value.
  - 8. A method as claimed in claim 1, wherein the second data structure is a plurality of data structures.
  - 10. A method as claimed in claim 1, wherein the first and second data structures comprise first software and second software each provided for a common functional purpose.
  - 11. A method as claimed in claim 1, wherein the second software is more trusted than the first software.
  - 12. A method as claimed in claim 10, wherein said first and second measured states comprise or are derived from digests of the first software and the second software respectively, and wherein the verifying further comprises determining that the digest of the second software is related to the digest of the first software.
  - 13. A method as claimed in claim 12, wherein the linked list of statements is attested by a trusted software provider, the statements stating the relation between the digest of the first software and the digest of the second software.
  - 14. A method as claimed in claim 1 wherein the first and second data structures comprise a first key and a second key each provided for a common purpose.
  - 15. A method as claimed in claim 14 wherein the common purpose is as an attestation key for a trusted device.

9. A method as claimed in 1, wherein the second data structure is a null data structure.

16. A computer platform comprising:
- a processor; and
  
  a trusted device protected against subversion, the trusted device to;
  
  measure a first state of the computing platform from measurements including a measurement relating to a first data structure;
  
  replace the first data structure with a second data structure;
  
  measure a second state of the computing platform from measurements including a measurement relating to the second data structure;
  
  determine whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; and
  
  upon a determination based on the linked list that the second measured state is related to the first measured state, determine that the second data structure is as trustworthy as the first data structure.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. A computer platform as claimed in claim 16, wherein the trusted device comprises a platform configuration register that includes a hash value of a current platform configuration register concatenated with the measurements for the first and second states, the hash value replacing the current platform configuration register value, wherein the trusted device is to determine whether a first platform state, represented by platform configuration register values determined by measurements including a measurement relating to the first data structure, is equivalent to a second platform state represented by platform configuration register values determined by measurements including a measurement relating to the second data structure and verification of the linked list of statements relating the first data structure to the second data structure.
  - 18. A computer platform as claimed in claim 16, wherein the trusted device is adapted to provide evidence of platform states.
  - 19. A computer platform as claimed in claim 16, wherein the trusted device is adapted to seal data against a value derived from a measured platform state such that the data may only be accessed when a current value of the platform state corresponds to the measured value.
  - 20. A computer platform as claimed in claim 16, wherein the first data structure comprises first software and the second data structure comprises second software, and wherein the first software and second software are each provided for a common functional purpose and are functionally consistent.
  - 21. A computer platform as claimed in claim 20 wherein the trusted device determines functional consistency and trust from the linked list of statements attested by a trusted software provider by verifying the statement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Proudler, Graeme John, Burton, William, Kuhlmann, Dirk, Plaquin, David
Primary Examiner(s)
Darrow, Justin T

Application Number

US11/908,920
Publication Number

US 20080282348A1
Time in Patent Office

2,736 Days
Field of Search

726/25, 713/164, 713/187
US Class Current

726/25
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/64 Protecting data integrity, ...

Methods, devices and data structures for trusted data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

207 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, devices and data structures for trusted data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

207 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links