Computer system operable to revert to a trusted state
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/24
H04L-012/26
출원번호
US-0110950
(2001-08-17)
우선권정보
GB-0020488(2000-08-18)
국제출원번호
PCT/GB01/003712
(2001-08-17)
§371/§102 date
20020416
(20020416)
국제공개번호
WO02/017076
(2002-02-28)
발명자
/ 주소
Griffin,Jonathan
출원인 / 주소
Hewlett Packard Development Company, L.P.
인용정보
피인용 횟수 :
40인용 특허 :
8
초록▼
When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availabilit
When software is loaded into an operating system kernel and so has access the same memory space as the operating system a problem occurs if the operating system cannot determine in advance whether the operating system will afterwards be in a suitably trusted state or not. By using a high availability cluster in which each System Processing Unit (S1, S2) has a trusted device, it is possible to gain more trust and a more flexible approach to trust whilst maintaining the high availability properties of the cluster. Software can be loaded onto one of at least two computing platforms (S1) of a computing system. Another of the platforms (S2) performs integrity tests on the platform (S1) carrying the new software to check whether the platform (S1) is still in a trusted state. If the tests are passed, then the test results are signed and sent to the platform (S1) with the new software and the new software is copied onto the other computing platform (S2). If the tests are failed, then the first platform (S1) can either be rebooted or returned to the state of the testing platform (S2).
대표청구항▼
What is claimed is: 1. A computer system comprises at least two computing platforms (S1, S2) each having a trusted device (TD), the computing platforms (S1, S2) having a communications link (10) therebetween, wherein the system is operable to move one or more applications from a first of the comput
What is claimed is: 1. A computer system comprises at least two computing platforms (S1, S2) each having a trusted device (TD), the computing platforms (S1, S2) having a communications link (10) therebetween, wherein the system is operable to move one or more applications from a first of the computing platforms (S 1) to a second of the computing platforms (S2); to load software onto said first computing platform (S1 ); to perform integrity tests on the first platform (S1); and if the integrity tests are passed the system is operable to move the application back to the first computing platform (S1) and load the software onto the second platform (S2); and if the integrity tests are failed the system is operable to return the first computing platform (S1) to the state of the second computing platform (S1). 2. A computer system as claimed in claim 1, which is operable to load software unknown to the computer system, which software is unknown in that the software does not have a trusted status with the computer system. 3. A computer system as claimed in claim 1, which is operable to perform the integrity tests with the second platform (S2). 4. A computer system as claimed in claim 1, in which the second computing platform (S2) is operable to digitally sign the results of the integrity tests with its TD. 5. A computer system as claimed in claim 1, in which in the event of the first computing platform (S1) failing the integrity tests, the first computing platform (S1) is operable to be rebooted. 6. A computer system as claimed in claim 1, in which in the event of the first computing platform (S1) failing the integrity tests, the system may be operable to complete open transactions between third parties and the second computing platform (S2), to save a copy of the active state of the second computing platform (S2) and restore that active state to the first computing platform (S1). 7. A method of maintaining a trusted state in a computer system comprises: moving one or more applications from a first computing platform (S1) having a trusted device (TD) to a second computing platform (S2) having a TD by a communications link ( 10) of the communication system; loading software onto the first computing platform (S1) ; performing integrity tests on the first computing platform (S1); and if the integrity tests are passed the applications are moved back to the first computing platform (S1) and the software is loaded onto the second platform (S2); if the integrity tests are not passed the first computing platform (S1) is returned to the state of the second computing platform (S2). 8. A method as claimed in claim 7, in which the software is unknown to the computer system. 9. A method as claimed in claim 7, in which the integrity tests are performed by the second computing platform (S2). 10. A method as claimed in claim 7, in which the tests involve a comparison with previous results obtained from the first computing platform (S1). 11. A method as claimed in claim 7, in which the tests involve a comparison with the results of the same tests run on the second platform (S2). 12. A method as claimed in claim 7, in which the second computing platform (S2) digitally signs the results of the integrity tests with its TD. 13. A method as claimed in claim 12, in which the first platform (S1) uses the signed results as an integrity metric. 14. A computer system programmed to perform a method of maintaining a trusted state in the computer system, comprising the following steps: moving one or more applications from a first computing platform to a second computing platform by a communications link of the communication system; loading software onto the first computing platform; performing integrity tests on the first computing platform; and if the integrity tests are passed the applications are moved back to the first computing platform and the software is loaded onto the second platform; if the integrity tests are not passed the first computing platform is returned to the state of the second computing platform. 15. A medium carrying a program operable to perform a method of maintaining a trusted state in a computer system, comprising the following steps: moving one or more applications from a first computing platform to a second computing platform by a communications link of the communication system; loading software onto the first computing platform; performing integrity tests on the first computing platform; and if the integrity tests are passed the applications are moved back to the first computing platform and the software is loaded onto the second platform; if the integrity tests are not passed the first computing platform is returned to the state of the second computing platform. 16. The computer system as claimed in claim 14, wherein the software is unknown to the computer system. 17. The computer system as claimed in claim 14, wherein the integrity tests are performed by the second computing platform. 18. The computer system as claimed in claim 14, wherein the tests involve a comparison with previous results obtained from the first computing platform. 19. The computer system as claimed in claim 14, wherein the tests involve a comparison with the results of the same tests run on the second platform. 20. The computer system as claimed in claim 14, wherein the second computing platform digitally signs the results of the integrity tests with a trusted device. 21. The computer system as claimed in claim 20, wherein the first platform uses the signed results as an integrity metric. 22. The medium as claimed in claim 15, wherein the software is unknown to the computer system. 23. The medium as claimed in claim 15, wherein the integrity tests are performed by the second computing platform. 24. The medium as claimed in claim 15, wherein the tests involve a comparison with previous results obtained from the first computing platform. 25. The medium as claimed in claim 15, wherein the tests involve a comparison with the results of the same tests run on the second platform. 26. The medium as claimed in claim 15, wherein the second computing platform digitally signs the results of the integrity tests with a trusted device. 27. The medium as claimed in claim 26, wherein the first platform uses the signed results as an integrity metric.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (8)
Knecht Harry L. (Churchville PA), Apparatus for providing configurable safe-state outputs in a failure mode.
Ault Donald F. (Hyde Park NY) Petersen David B. (Wappingers Falls NY) Redding Ian G. (Winchester GBX) Schmandt Stephen J. (Tokyo JPX), Method and apparatus for cross-partition control in a partitioned process environment.
Tajalli Homayoon (Ellicott City MD) Badger Mark L. (Rockville MD) Dalva David I. (Rockville MD) Walker Stephen T. (Glenwood MD), System and method for controlling the use of a computer.
Bourne, Steve; Dillaway, Blair Brewster; Jacomet, Pierre; Malaviarachchi, Rushmi U.; Parambir, Kumar B.; Rozenfeld, Yevgeniy Eugene; Venkatesh, Chandramouli; Rose, Charles F., Issuing a publisher use license off-line in a digital rights management (DRM) system.
Bourne, Steve; Dillaway, Blair Brewster; Jacomet, Pierre; Malviarachchi, Rushmi U; Parambir, Kumar B; Rozenfeld, Yevgeniy Eugene; Venkatesh, Chandramouli; Rose, III, Charles F, Issuing a publisher use license off-line in a digital rights management (DRM) system.
Frank, Alexander; Steeb, Curt A.; Ahdout, Isaac P.; Duffus, James S.; Hall, Martin; Temple, Nicholas; Venkatachalam, Rajagopal; Phillips, Thomas; Xu, Zhangwei, Special PC mode entered upon detection of undesired state.
Sallam, Ahmed Said, System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.