IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0728827
(2000-11-28)
|
등록번호 |
US-7302698
(2007-11-27)
|
우선권정보 |
EP-99307380(1999-09-17) |
발명자
/ 주소 |
- Proudler,Graeme John
- Chan,David
|
출원인 / 주소 |
- Hewlett Packard Development Company, L.P.
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
48 인용 특허 :
129 |
초록
▼
A computing entity comprises a trusted monitoring component having a first processing means and a first memory means, the trusted monitoring component being a self-contained autonomous data processing unit, and a computer platform having a main processing means and a main memory area, along with a p
A computing entity comprises a trusted monitoring component having a first processing means and a first memory means, the trusted monitoring component being a self-contained autonomous data processing unit, and a computer platform having a main processing means and a main memory area, along with a plurality of associated physical and logical resources such as peripheral devices including printers, modems, application programs, operating systems and the like. The computer platform is capable of entering a plurality of different states of operation, each state of operation having a different level of security and trustworthiness. Selected ones of the states comprise trusted states in which a user can enter sensitive confidential information with a high degree of certainty that the computer platform has not been compromised by external influences such as viruses, hackers or hostile attacks. To enter a trusted state, references made automatically to the trusted component, and to exit a trusted state reference must be made to the trusted component. On exiting the trusted state, all references to the trusted state are deleted from the computer platform. On entering the trusted state, the state is entered in a reproducible and known manner, having a reproducible and known configuration which is confirmed by the trusted component.
대표청구항
▼
The invention claimed is: 1. A computing entity comprising: a computer platform comprising a plurality of physical and logical resources including a first data processor and a first memory; a monitoring component comprising a second data processor and a second memory; wherein, said computer platfor
The invention claimed is: 1. A computing entity comprising: a computer platform comprising a plurality of physical and logical resources including a first data processor and a first memory; a monitoring component comprising a second data processor and a second memory; wherein, said computer platform is capable of operating in a plurality of different states, each said state utilising a corresponding respective set of individual ones of said physical and logical resources; wherein said monitoring component operates to determine which of said plurality of states is the current operating state of said computer platform. 2. The computing entity as claimed in claim 1, wherein said first memory means contains a set of instructions for configuration of said plurality of physical and logical resources of said computer platform into a pre-determined state. 3. The computing entity as claimed in claim 1, in which exit of said computer platform from each said operating state is monitored by said monitoring component. 4. The computing entity as claimed in claim 1, wherein said monitoring component includes a BIOS file. 5. The computing entity as claimed in claim 1, wherein said computer platform comprises an internal firmware component configured to compute a digest data of a BIOS file data stored in a predetermined memory space occupied by a BIOS file of said computer platform. 6. A method of activating a computing entity comprising a computer platform having a first data processor and a first memory and a monitoring component having a second data processor and a second memory, into an operational state of a plurality of pre-configured operational states into which said computer platform can be activated, said method comprising the steps of: selecting a state of said plurality of pre-configured operational states to activate for said computer platform; activating said selected state for said computer platform according to a set of stored instructions; wherein said monitoring component monitors activation of said selected state by recording data describing which of said plurality of pre-configured states is activated. 7. The method as claimed in claim 6, wherein said monitoring component continues to monitor said selected state after said state has been activated. 8. The method as claimed in claim 7, in which said step of selecting a state of said plurality of pre-configured operational states comprises receiving a selection signal from a smartcard device, said selection signal instructing a BIOS of said computer platform to activate the said computer platform into a said selected state. 9. The method as claimed in claim 6, wherein said monitoring component generates a state signal in response to a signal input directly to said monitoring component by a user of said computing entity, said state signal indicating which said state said computer platform has entered. 10. The method as claimed in claim 9, comprising the step of generating a user menu displayed on a user interface for selection of a said pre-configured state from said plurality of pre-configured states, and said step of generating a state signal comprises generating a state signal in response to a user input accepted through said user interface. 11. The method as claimed in claim 6, wherein said set of stored instructions are stored in a BIOS file resident within said monitoring component. 12. The method as claimed in claim 6, comprising the step of generating a menu for selection of a said pre-configured state from said plurality of pre-configured states. 13. The method as claimed in claim 6, wherein said step of selecting a state of said plurality of pre-configured operational states comprises receiving a selection message from a network connection, said selection message instructing a BIOS file of said computer platform to activate said computer platform into a selected state. 14. The method as claimed in claim 6, wherein said step of monitoring a selected state comprises: immediately before activating said computer platform, creating by means of a firmware component a digest data of a first pre-allocated memory space occupied by a BIOS file of said computer platform; writing said digest data to a second pre-allocated memory space to which only said firmware component has write access; and said monitoring component reading said digest data from said second pre-allocated memory space. 15. The method as claimed in claim 6, wherein said step of monitoring said state into which said computer platform is activated comprises: executing a firmware component to compute a digest data of a BIOS file of said computer platform; writing said digest data to a predetermined location in said second memory of said monitoring component. 16. The method as claimed in claim 6, wherein said step of activating selected state comprises: at a memory location of said first memory, said location occupied by a BIOS file of said computer platform, storing an address of said monitoring component which transfers control of said first processor to said monitoring component; storing in said monitoring component a set of native instructions which are accessible immediately after reset of said first processor, wherein said native instructions instruct said first processor to calculate a digest of said BIOS file and store said digest data in said second memory of said monitoring component; and said monitoring component passing control of said activation process to said BIOS file, once said digest data is stored in said second memory. 17. The method as claimed in claim 6, wherein said step of monitoring said activated state comprises: after said step of activating said selected sate, monitoring a plurality of logical and physical components to obtain a first set of metric data signals from those components, said metric data signals describing a status and condition of said components; comparing said first set of metric data signals determined from said plurality of physical and logical components of said computer platform with a set of pre-recorded metric data stored in a memory area reserved for access only by said monitoring component; and comparing said first set of metric data signals obtained directly from said plurality of physical and logical components with said set of pre-stored metric data signals stored in said reserved memory area. 18. The method as claimed in claim 6, further comprising the step of importing from a storage medium data generated when the computer platform was previously in the same selected state. 19. The method as claimed in claim 18, wherein the monitoring component monitors the data imported from the storage medium before it is loaded. 20. A method of storing data at a computing entity comprising a computer platform having a first data processor and a first memory and a monitoring component having a second data processor and a second memory, said method comprising the steps of: initiating a session on the computing platform; the monitoring component recording state data describing a current operational state of the computing platform; generating data in the session; and storing the generated data with reference to the state data so that the generated data may be recovered in a future session of the computing platform in the same operational state. 21. The method as claimed in claim 20, wherein the generated data is encrypted to ensure recovery only in a future session of the computing platform in the same operational state.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.