Attesting a component of a system during a boot process
First Claim
Patent Images
1. A method for attesting a component of a managed system during a boot process, comprising steps of:
- verifying that the managed system is in a trusted state;
in response to verifying that the managed system is in a trusted state, requesting an enrollment of the managed system, wherein the requesting step further comprises retrieving enrollment data associated with the managed system;
retrieving, by a managing system, current input data associated with the component of the managed system;
comparing, by the managing system, the current input data against the enrollment data in order to determine whether the managed system can retain a trusted state for the managed system;
if the current input data matches the enrollment data in response to the comparing step, the managed system retains the trusted state;
accepting, by the managing system, the trusted state until receipt of a notification, from the managed system having a retained trusted state, of an update to the managed system;
receiving, by the managing system, the notification from the managed system that the component of the managed system has been updated;
retrieving, by the managing system, updated current input data associated with the component in response to the notification being received;
retrieving, by the managing system, further current input data associated with the component of the managed system; and
comparing, by the managing system, the further current input data against the updated current input data in order to determine whether the managed system can retain the trusted state, wherein the enrollment data is replaced with the updated current input data if the further current input data matches the updated current input data in response to the comparing of the further current input data, wherein the enrollment data that is replaced was retrieved when requesting the enrollment of the managed system by the managing system in response to verifying that the managed system is in a trusted state, and the updated current input data that replaces the enrollment data was retrieved by the managing system in response to the notification being received by the managing system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for attesting a component of a system during a boot process. The method includes steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.
-
Citations
6 Claims
-
1. A method for attesting a component of a managed system during a boot process, comprising steps of:
-
verifying that the managed system is in a trusted state; in response to verifying that the managed system is in a trusted state, requesting an enrollment of the managed system, wherein the requesting step further comprises retrieving enrollment data associated with the managed system; retrieving, by a managing system, current input data associated with the component of the managed system; comparing, by the managing system, the current input data against the enrollment data in order to determine whether the managed system can retain a trusted state for the managed system; if the current input data matches the enrollment data in response to the comparing step, the managed system retains the trusted state; accepting, by the managing system, the trusted state until receipt of a notification, from the managed system having a retained trusted state, of an update to the managed system; receiving, by the managing system, the notification from the managed system that the component of the managed system has been updated; retrieving, by the managing system, updated current input data associated with the component in response to the notification being received; retrieving, by the managing system, further current input data associated with the component of the managed system; and comparing, by the managing system, the further current input data against the updated current input data in order to determine whether the managed system can retain the trusted state, wherein the enrollment data is replaced with the updated current input data if the further current input data matches the updated current input data in response to the comparing of the further current input data, wherein the enrollment data that is replaced was retrieved when requesting the enrollment of the managed system by the managing system in response to verifying that the managed system is in a trusted state, and the updated current input data that replaces the enrollment data was retrieved by the managing system in response to the notification being received by the managing system. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMackintosh, David N., Perez, Jose J. P., Walker, James W.
-
Primary Examiner(s)Sholeman, Abu
-
Assistant Examiner(s)LWIN, MAUNG T
-
Application NumberUS14/487,948Publication NumberTime in Patent Office721 DaysField of SearchNoneUS Class Current1/1CPC Class CodesG06F 21/31 User authenticationG06F 21/575 Secure bootG06F 2221/2141 Access rights, e.g. capabil...
