IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0908920
(2006-03-22)
|
등록번호 |
US-8539587
(2013-09-17)
|
우선권정보 |
GB-0505746.8 (2005-03-22); GB-0510558.0 (2005-05-25); GB-0512370.8 (2005-06-17); GB-0516534.5 (2005-08-12); GB-0521836.7 (2005-10-27); GB-0522598.2 (2005-11-07) |
국제출원번호 |
PCT/GB2006/050063
(2006-03-22)
|
§371/§102 date |
20080512
(20080512)
|
국제공개번호 |
WO2006/100522
(2006-09-28)
|
발명자
/ 주소 |
- Proudler, Graeme John
- Burton, William
- Kuhlmann, Dirk
- Plaquin, David
|
출원인 / 주소 |
- Hewlett-Packard Development Company, L.P.
|
인용정보 |
피인용 횟수 :
3 인용 특허 :
174 |
초록
A data structure has within it the following elements: an identification of a data structure type; and a proof that two or more instances of the data structure type are as trustworthy as each other. Methods and devices using such data structures are described.
대표청구항
▼
1. A method of providing evidence of a state of a computer platform, comprising: measuring a state of the computer platform, wherein measuring a state comprises a measurement of a first data structure in the computer platform, to provide a first measured state;using the first measured state in evide
1. A method of providing evidence of a state of a computer platform, comprising: measuring a state of the computer platform, wherein measuring a state comprises a measurement of a first data structure in the computer platform, to provide a first measured state;using the first measured state in evidence of the state of the computer platform;replacing the first data structure with a second data structure in the computer platform;measuring the state of the computer platform with the first data structure replaced by the second data structure to provide a second measured state that includes a second measured state value;verifying that the second measured state is as trustworthy as the first measured state, wherein the verifying comprises determining whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; andupon verifying that the second measured state is as trustworthy as the first measured state, substituting the second measured state for the first measured state in evidence of the state of the computer platform. 2. A method as claimed in claim 1, wherein the computer platform comprises a trusted device protected against subversion and the steps of measuring, verifying and substituting are carried out by the trusted device. 3. A method as claimed in claim 2, wherein the trusted device comprises one or more platform configuration registers, the method further comprising: storing measurements of the state of the computer platform in the platform configuration registers by concatenating a current platform configuration register value with measurement data;hashing the result; andreplacing the current platform configuration register value with the hashed result,wherein the first measured state is derived from platform configuration register values for the first data structure and the second measured state is derived from platform configuration register values after the first data structure has been replaced by the second data structure, and the verifying step comprises determining that the platform configuration register values for the first data structure are related to the platform configuration register values after the first data structure has been replaced by the second data structure. 4. A method as claimed in claim 3, wherein the first and second measured states each comprise a value derived from a plurality of platform configuration registers, and the verifying step comprises determining that the first measured state value is related to the second measured state value. 5. A method as claimed in claim 4, wherein the first and second measured state values are derived from the plurality of platform configuration registers by concatenating the values in the plurality of platform configuration registers and hashing the concatenated values. 6. A method according to claim 3, wherein the trusted device is to establish that one sequence of platform configuration register values is trust equivalent to another sequence of platform configuration register values by determining that a next key value of the one sequence is a current key of the another sequence. 7. A method as claimed in claim 1, wherein the evidence comprises data sealed against a value derived from a measured state such that the data may only be accessed when a current value of the measured state of the computer platform corresponds to the measured value. 8. A method as claimed in claim 1, wherein the second data structure is a plurality of data structures. 9. A method as claimed in 1, wherein the second data structure is a null data structure. 10. A method as claimed in claim 1, wherein the first and second data structures comprise first software and second software each provided for a common functional purpose. 11. A method as claimed in claim 1, wherein the second software is more trusted than the first software. 12. A method as claimed in claim 10, wherein said first and second measured states comprise or are derived from digests of the first software and the second software respectively, and wherein the verifying further comprises determining that the digest of the second software is related to the digest of the first software. 13. A method as claimed in claim 12, wherein the linked list of statements is attested by a trusted software provider, the statements stating the relation between the digest of the first software and the digest of the second software. 14. A method as claimed in claim 1 wherein the first and second data structures comprise a first key and a second key each provided for a common purpose. 15. A method as claimed in claim 14 wherein the common purpose is as an attestation key for a trusted device. 16. A computer platform comprising: a processor; anda trusted device protected against subversion, the trusted device to: measure a first state of the computing platform from measurements including a measurement relating to a first data structure;replace the first data structure with a second data structure;measure a second state of the computing platform from measurements including a measurement relating to the second data structure;determine whether a linked list of statements relates the first data structure to the second data structure, the statements comprising forward linking metrics, backward linking metrics, and a flag to indicate whether one of the forward linking metrics is an acceptable replacement for one of the backward linking metrics; andupon a determination based on the linked list that the second measured state is related to the first measured state, determine that the second data structure is as trustworthy as the first data structure. 17. A computer platform as claimed in claim 16, wherein the trusted device comprises a platform configuration register that includes a hash value of a current platform configuration register concatenated with the measurements for the first and second states, the hash value replacing the current platform configuration register value, wherein the trusted device is to determine whether a first platform state, represented by platform configuration register values determined by measurements including a measurement relating to the first data structure, is equivalent to a second platform state represented by platform configuration register values determined by measurements including a measurement relating to the second data structure and verification of the linked list of statements relating the first data structure to the second data structure. 18. A computer platform as claimed in claim 16, wherein the trusted device is adapted to provide evidence of platform states. 19. A computer platform as claimed in claim 16, wherein the trusted device is adapted to seal data against a value derived from a measured platform state such that the data may only be accessed when a current value of the platform state corresponds to the measured value. 20. A computer platform as claimed in claim 16, wherein the first data structure comprises first software and the second data structure comprises second software, and wherein the first software and second software are each provided for a common functional purpose and are functionally consistent. 21. A computer platform as claimed in claim 20 wherein the trusted device determines functional consistency and trust from the linked list of statements attested by a trusted software provider by verifying the statement.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.