WO2012064171A1 - A method for enabling a trusted platform in a computing system - Google Patents

A method for enabling a trusted platform in a computing system Download PDF

Info

Publication number
WO2012064171A1
WO2012064171A1 PCT/MY2011/000082 MY2011000082W WO2012064171A1 WO 2012064171 A1 WO2012064171 A1 WO 2012064171A1 MY 2011000082 W MY2011000082 W MY 2011000082W WO 2012064171 A1 WO2012064171 A1 WO 2012064171A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
services
integrity
kernel
drivers
Prior art date
Application number
PCT/MY2011/000082
Other languages
French (fr)
Inventor
Mohd Anuar Mat Isa
Sharipah Setapa
Nazri Abdullah
Jamalul-Lail Ab Manan
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2012064171A1 publication Critical patent/WO2012064171A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a method for enabling a trusted processing platform in a computing system.
  • TPM trusted platform module
  • TOS trusted operating systems
  • SOS secure operating systems
  • STOS secure and trusted operating systems
  • the present invention aims at providing a method that establishes a trusted platform in a computing system when modules, such as drivers or services, are loaded and executed.
  • Values e.g., hash values, signatures, etc.
  • modules are loaded and executed.
  • Values e.g., hash values, signatures, etc.
  • modules are loaded and executed.
  • Values e.g., hash values, signatures, etc.
  • the system can discontinue further operation, restrict operations, indicate that the system security has been breached or take other actions.
  • PCR Platform Configuration Register
  • TPM Trusted Platform Manager
  • the present invention relates to a method for checking module integrity in a computing system having a plurality of drivers or services comprising the steps of: a) storing a predetermined integrity parameter of each said driver or service into a kernel;
  • the measurement is done by a trusted service located within the said kernel.
  • the said trusted service measures other modules before loading them into said kernel.
  • the said identity detection can be done using a SHA-1 hash function.
  • the resulting measurements are then securely stored within a platform configuration register (PCR).
  • PCR platform configuration register
  • the stored measurements can then be used by local or remote systems to verify the software configuration.
  • the method may further comprise a boot sequence comprising the steps of:
  • This invention also relates to a method for establishing a trusted platform in a computing system comprising the steps of:
  • the method may further comprise the step of executing said compiled kernel into said system.
  • Figure 1 shows a diagram of a method according to the first prior art.
  • Figure 2 shows a diagram of a method according to the second prior art.
  • Figure 3 shows a diagram of boot and compilation processes in a method for establishing a trusted platform in an embodiment of this invention.
  • Figure 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention.
  • Figure 1 shows a diagram of a method according to prior art US7.716,494 (Liu, et al.).
  • the grub (50) measures (510) the kernel (10) and compares the measurement with stored values in a config file.
  • the kernel (10) measures (520) other modules (40) and compares those measurements with stored values in the config file.
  • FIG 2 shows a diagram of a method according to prior art US7,318,150 (Zimmer, et al.).
  • the bios hardware (60) measures (610) the grub (50) and compares the measurement with stored values in a config file.
  • the bios hardware (60) measures (620) the kernel (10) and compares those measurements with stored values in the config file.
  • Figure 3 shows the boot and compilation processes of this invention.
  • One major difference between this invention and the two prior arts above is the storing of the integrity measurements in the kernel (10) and not a config file.
  • hardware including a trusted platform module and virtual trusted platform module (62), system BIOS (64) and the CPU (65).
  • the main functionality of the GRUB (50) extensions is a connection to the Trusted Platform Module (TPM) or virtual trusted platform module (vTPM) (62) to measure the binary configuration (i.e., the identity) of modules to be loaded.
  • TPM Trusted Platform Module
  • vTPM virtual trusted platform module
  • the measurement is done using a SHA-1 hash function.
  • the resulting measurements are then securely stored within "Platform Configuration Registers (PCR) of the TPM (62). These values can then be used by local and remote systems to verify the software configuration running on the TPM-enabled platform.
  • Grub (50) will measure kernel and store its value at PCR 8 (1 10). Grub will point PCR 6 to measure boot loader (120).
  • TPM driver (20) and trusted services measurement is stored (210) in the kernel (10).
  • TPM driver (20) and trusted services (30) are compiled and stored at the user space by using some scripts / interface at the kernel level (310). TPM driver (20) is measured. This driver (20) needs to be loaded to communicate with the TPM hardware (62). TPM driver (20) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. TPM driver (20) measurement is stored and loaded (320).
  • Trusted service (30) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. Kernel (10) will then pass control to trusted services (30). Trusted service (30) is then allowed to measure other modules (40) before loading (340).
  • VTPM driver (20) The method to load VTPM driver (20) is identical to that of TPM driver (20). This method works as long as people use trusted computing.
  • FIG. 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention.
  • a kernel 10 measures (210) a Trusted Platform Module (TPM) driver (20) and trusted services (30). These measurements are compared to values for the same integrity measurements stored securely beforehand in the kernel (10). If the measurements match the stored values, the integrity of the measurement is verified. Trusted service (30) is then allowed to measure other modules (40) before loading (340). All other measurements are also compared with previously stored values to check integrity.
  • the TPM (62) is a hardware chip designed to enable the computer to achieve greater levels of security than was previously possible. TPM (62) offers three kinds of functionality:
  • a platform can create reports of its integrity and configuration state that can be relied on by a remote verifier
  • Platform authentication A platform can obtain keys by which it can authentication itself reliably
  • the TP (62) contains a number of 160-bit registers called platform configuration registers (PCRs) intended to enable a relying party to obtain unforgeable information about the platform state.
  • Platform consists of several components which may receive control and pass on control to another component. Typical components are the BIOS, the master boot record, boot sectors, the boot loader, and ultimately the operating system and applications software.
  • a component can measure another component (compute its hash) and insert that measurement into a PCR. This insertion is known as extending.
  • Kernel (10) is a computer kernel that provides the mechanism needed to implement an operating system. If the hardware (60) provides multiple privilege levels, then the kernel is the only software executing at the most privileged level. Actual operating system services, such as device drivers, protocol stacks, file systems and user interface code are contained in user space.

Abstract

A method that establishes a trusted platform in a computing system when modules, such as drivers (20) or services (30), are loaded and executed. Values (e.g., hash values, signatures, etc.) of modules are compiled and stored so that measurements can be compared and matched to confirm integrity before being loaded. If a measurement does not match the stored data then the system can discontinue further operation, restrict operations, indicate that the system security has been breached or take other actions. In one embodiment, if a driver (20) or service does not pass the integrity check then the failed measurement is extended into a Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trusted based on the return of the PCR value.

Description

A Method for Enabling a Trusted Platform in a Computing System
FIELD OF INVENTION The present invention relates to a method for enabling a trusted processing platform in a computing system.
BACKGROUND OF INVENTION Malicious attacks on computer systems and servers occur very frequently. Hackers spend a great deal of time trying to identify holes in security via which they can embed viruses, Trojans, etc. Almost as soon as an operating system (OS) vendor publishes a security patch to defeat a particular attack scheme, the hackers have figured out another way to defeat the software. Once viruses and the like appear on servers, an entire network of computers is susceptible to attack by those viruses. Other than attacks that cause widespread system damage, and perhaps even worse are security breaches that enable data to be "stolen". Banks and financial institutions are particularly at risk. Attacks have been made on various electronic storefront servers to steal credit card information and other user information. These types of attacks have lead to an escalating need for substantially improved security measures.
One method of improving security is by using a trusted platform module (TPM) within the computing system. These can be complete or partial trusted operating systems (TOS), secure operating systems (SOS), and secure and trusted operating systems (STOS).
What is needed is a method that enables a trusted platform within a computing system to secure the entire system. SUMMARY OF INVENTION
The present invention aims at providing a method that establishes a trusted platform in a computing system when modules, such as drivers or services, are loaded and executed. Values (e.g., hash values, signatures, etc.) of modules are compiled and stored so that measurements can be compared and matched to confirm integrity before being loaded. If a measurement does not match the stored data then the system can discontinue further operation, restrict operations, indicate that the system security has been breached or take other actions. In one embodiment, if a driver or service does not pass the integrity check then the failed measurement is extended into a Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trusted based on the return of the PCR value. Prior arts US7,716,494 (Liu, et al.) and US7,318,150 (Zimmer, et al.) disclose various methods for maintaining a trusted platform for checking module integrity. Both these documents describe using a kernel, device drivers, Trusted Platform Module (TPM) driver and a boot sequence. However, neither of these documents suggest compiling kernel information when it only contains the measurement of TPM driver and trusted services, before verifying the integrity of other modules.
Neither of these documents suggest using measured trusted devices from the kernel to measure other modules without having to go back to the boot or the kernel.
The present invention relates to a method for checking module integrity in a computing system having a plurality of drivers or services comprising the steps of: a) storing a predetermined integrity parameter of each said driver or service into a kernel;
b) measuring said predetermined integrity parameter of each said driver or service; c) loading each said driver or service into said kernel if said integrity parameter measurement matches said stored measurement; and
d) detecting the identity of said drivers or services to be loaded using a binary configuration.
The measurement is done by a trusted service located within the said kernel. The said trusted service measures other modules before loading them into said kernel. The said identity detection can be done using a SHA-1 hash function.
The resulting measurements are then securely stored within a platform configuration register (PCR). The stored measurements can then be used by local or remote systems to verify the software configuration.
The method may further comprise a boot sequence comprising the steps of:
a) storing a trusted platform module driver and trusted services measurement in said kernel;
b) loading said trusted platform module driver;
c) measuring said trusted services;
d) loading said trusted services into said kernel if said trusted services matches a stored value;
e) passing control of module to said trusted services; and
f) measuring other modules by said trusted services.
This invention also relates to a method for establishing a trusted platform in a computing system comprising the steps of:
a) compiling and storing integrity measurements of a trusted computing base into a kernel;
b) measuring integrity of at least a trusted services and a trusted platform module driver;
c) loading said trusted services and a trusted platform module driver if said integrity measurement matches said stored measurements; and
d) measuring other modules using said trusted services. The said kernel is modified by inserting said integrity measurements of said trusted services and trusted platform module driver. The method may further comprise the step of executing said compiled kernel into said system.
These and other objects of the present invention will become more readily apparent from the detailed description given hereinafter. However, it should be understood that the detailed description and specific examples, while indicating the preferred embodiments of the invention, are given by way of illustration only, since various changes and modifications within the spirit and scope of the invention will become apparent to those skilled in the art from this detailed description.
BRIEF DESCRIPTION OF DRAWINGS Figure 1 shows a diagram of a method according to the first prior art.
Figure 2 shows a diagram of a method according to the second prior art.
Figure 3 shows a diagram of boot and compilation processes in a method for establishing a trusted platform in an embodiment of this invention.
Figure 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention. DETAILED DESCRIPTION OF INVENTION
It should be noted that the following detailed description is directed to a method for establishing a trusted platform in a computing system and is not limited to any particular size or configuration but in fact a multitude of sizes and configurations within the general scope of the following description.
Figure 1 shows a diagram of a method according to prior art US7.716,494 (Liu, et al.). In this prior art, the grub (50) measures (510) the kernel (10) and compares the measurement with stored values in a config file. The kernel (10) then measures (520) other modules (40) and compares those measurements with stored values in the config file.
Figure 2 shows a diagram of a method according to prior art US7,318,150 (Zimmer, et al.). In this prior art, the bios hardware (60) measures (610) the grub (50) and compares the measurement with stored values in a config file. The bios hardware (60) then measures (620) the kernel (10) and compares those measurements with stored values in the config file. Figure 3 shows the boot and compilation processes of this invention. One major difference between this invention and the two prior arts above is the storing of the integrity measurements in the kernel (10) and not a config file.
There is shown hardware (60) including a trusted platform module and virtual trusted platform module (62), system BIOS (64) and the CPU (65).
Boot process:
The main functionality of the GRUB (50) extensions is a connection to the Trusted Platform Module (TPM) or virtual trusted platform module (vTPM) (62) to measure the binary configuration (i.e., the identity) of modules to be loaded. The measurement is done using a SHA-1 hash function. The resulting measurements are then securely stored within "Platform Configuration Registers (PCR) of the TPM (62). These values can then be used by local and remote systems to verify the software configuration running on the TPM-enabled platform. Grub (50) will measure kernel and store its value at PCR 8 (1 10). Grub will point PCR 6 to measure boot loader (120).
Before the compilation:
TPM driver (20) and trusted services measurement is stored (210) in the kernel (10).
During the compilation:
The TPM driver (20) and trusted services (30) are compiled and stored at the user space by using some scripts / interface at the kernel level (310). TPM driver (20) is measured. This driver (20) needs to be loaded to communicate with the TPM hardware (62). TPM driver (20) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. TPM driver (20) measurement is stored and loaded (320).
Trusted service (30) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. Kernel (10) will then pass control to trusted services (30). Trusted service (30) is then allowed to measure other modules (40) before loading (340).
The method to load VTPM driver (20) is identical to that of TPM driver (20). This method works as long as people use trusted computing.
Figure 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention. A kernel (10) measures (210) a Trusted Platform Module (TPM) driver (20) and trusted services (30). These measurements are compared to values for the same integrity measurements stored securely beforehand in the kernel (10). If the measurements match the stored values, the integrity of the measurement is verified. Trusted service (30) is then allowed to measure other modules (40) before loading (340). All other measurements are also compared with previously stored values to check integrity. The TPM (62) is a hardware chip designed to enable the computer to achieve greater levels of security than was previously possible. TPM (62) offers three kinds of functionality:
• Secure storage. User processes can store content that is encrypted by keys only available to the TPM
· Platform measurement and reporting. A platform can create reports of its integrity and configuration state that can be relied on by a remote verifier
• Platform authentication. A platform can obtain keys by which it can authentication itself reliably The TP (62) contains a number of 160-bit registers called platform configuration registers (PCRs) intended to enable a relying party to obtain unforgeable information about the platform state. Platform consists of several components which may receive control and pass on control to another component. Typical components are the BIOS, the master boot record, boot sectors, the boot loader, and ultimately the operating system and applications software. A component can measure another component (compute its hash) and insert that measurement into a PCR. This insertion is known as extending. Kernel (10) is a computer kernel that provides the mechanism needed to implement an operating system. If the hardware (60) provides multiple privilege levels, then the kernel is the only software executing at the most privileged level. Actual operating system services, such as device drivers, protocol stacks, file systems and user interface code are contained in user space.
While several particularly preferred embodiments of the present invention have been described and illustrated, it should now be apparent to those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the invention. Accordingly, the following claims are intended to embrace such changes, modifications, and areas of application that are within the spirit and scope of this invention.

Claims

A method for checking module integrity in a system having a plurality of drivers or services comprising the steps of:
a. storing a predetermined integrity parameter of each said driver (20) or service into a kernel (10);
b. measuring said predetermined integrity parameter of each said driver (20) or service; and
c. loading each said driver (20) or service into said kernel (10) if said integrity parameter measurement matches said stored measurement.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 1 wherein the said measurement is done by a trusted service located within the said kernel (10).
A method for checking module integrity in a system having a plurality of drivers or services according to claim 2 wherein the said trusted service measures other modules before loading them into said kernel (10).
A method for checking module integrity in a system having a plurality of drivers or services according to any of the preceding claims further comprising the step of:
a. detecting the identity of said drivers (20) or services (30) to be loaded using a binary configuration.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 4 wherein the said identity detection is done using a SHA-1 hash function.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 4 or 5 wherein the resulting measurements are securely stored within a platform configuration register.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 6 wherein the said stored measurements can then be used by local or remote systems to verify the software configuration.
A method for checking module integrity in a system having a plurality of drivers or services according to any of the preceding claims further comprising the steps of:
a. storing a trusted platform module driver (20) and trusted services (30) measurement in said kernel (10)
b. loading said trusted platform module driver (20);
c. measuring said trusted services (30);
d. loading said trusted services (30) into said kernel (10) if said trusted services (30) matches a stored value;
e. passing control of module to said trusted services (30); and f. measuring other modules (40) by said trusted services (30).
9. A method for establishing a trusted platform in a computing system comprising the steps of:
a. compiling and storing integrity measurements of a trusted computing base into a kernel (10);
b. measuring integrity of at least trusted services (30) and a trusted platform module driver (20);
c. loading said trusted services (30) and a trusted platform module driver (20) if said integrity measurement matches said stored measurements; and
d. measuring other modules (40) using said trusted services (30).
0. A method for establishing a trusted platform in a computing system according to claim 9 wherein the said kernel (10) is modified by inserting said integrity measurements of said trusted services (30) and trusted platform module driver (20).
1. A method for establishing a trusted platform in a computing system according to claim 9 or 10 further comprising the step of executing said compiled kernel (10) into said system.
PCT/MY2011/000082 2010-11-08 2011-06-07 A method for enabling a trusted platform in a computing system WO2012064171A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2010005232 2010-11-08
MYPI2010005232 2010-11-08

Publications (1)

Publication Number Publication Date
WO2012064171A1 true WO2012064171A1 (en) 2012-05-18

Family

ID=46051147

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2011/000082 WO2012064171A1 (en) 2010-11-08 2011-06-07 A method for enabling a trusted platform in a computing system

Country Status (1)

Country Link
WO (1) WO2012064171A1 (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880826A (en) * 2012-08-29 2013-01-16 华南理工大学 Dynamic integrity measurement method for security of electronic government cloud platform
CN103150523A (en) * 2013-03-07 2013-06-12 太原科技大学 Simple embedded-type credible terminal system and method thereof
CN104301211A (en) * 2014-09-26 2015-01-21 广东广联电子科技有限公司 Internet of Things gateway and intelligent housing system
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9171243B1 (en) 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US9384498B1 (en) 2012-08-25 2016-07-05 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
CN105930732A (en) * 2016-04-12 2016-09-07 中国电子科技集团公司第五十四研究所 Credible starting method suitable for service board in VPX device
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9613208B1 (en) * 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9906958B2 (en) 2012-05-11 2018-02-27 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US10311246B1 (en) 2015-11-20 2019-06-04 Sprint Communications Company L.P. System and method for secure USIM wireless network access
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SAILER, R ET AL.: "IBM Research Report: Design and Implementation of a TCG-Based Integrity Measurement Architecture", IBM RESEARCH DIVISION, 16 January 2004 (2004-01-16), Retrieved from the Internet <URL:http://www.ece.cmu.edu/adrian/731-sp04/readings/rc23064.pdf> [retrieved on 20110823] *

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9906958B2 (en) 2012-05-11 2018-02-27 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US10154019B2 (en) 2012-06-25 2018-12-11 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US9811672B2 (en) 2012-08-10 2017-11-07 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US9384498B1 (en) 2012-08-25 2016-07-05 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
CN102880826A (en) * 2012-08-29 2013-01-16 华南理工大学 Dynamic integrity measurement method for security of electronic government cloud platform
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9769854B1 (en) 2013-02-07 2017-09-19 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
CN103150523A (en) * 2013-03-07 2013-06-12 太原科技大学 Simple embedded-type credible terminal system and method thereof
US9613208B1 (en) * 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9712999B1 (en) 2013-04-04 2017-07-18 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9171243B1 (en) 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
US9949304B1 (en) 2013-06-06 2018-04-17 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
CN104301211A (en) * 2014-09-26 2015-01-21 广东广联电子科技有限公司 Internet of Things gateway and intelligent housing system
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US10311246B1 (en) 2015-11-20 2019-06-04 Sprint Communications Company L.P. System and method for secure USIM wireless network access
CN105930732B (en) * 2016-04-12 2018-11-06 中国电子科技集团公司第五十四研究所 A kind of credible startup method of suitable VPX appliance services board
CN105930732A (en) * 2016-04-12 2016-09-07 中国电子科技集团公司第五十四研究所 Credible starting method suitable for service board in VPX device
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network

Similar Documents

Publication Publication Date Title
WO2012064171A1 (en) A method for enabling a trusted platform in a computing system
US8966642B2 (en) Trust verification of a computing platform using a peripheral device
US9674183B2 (en) System and method for hardware-based trust control management
US9690498B2 (en) Protected mode for securing computing devices
US7200758B2 (en) Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem
US8850212B2 (en) Extending an integrity measurement
US8261332B2 (en) Establishing a trust relationship between computing entities
EP3275159B1 (en) Technologies for secure server access using a trusted license agent
US8332930B2 (en) Secure use of user secrets on a computing platform
US9270467B1 (en) Systems and methods for trust propagation of signed files across devices
US20190384918A1 (en) Measuring integrity of computing system
US20080162932A1 (en) Authenticating suspect data using key tables
US11349651B2 (en) Measurement processing of high-speed cryptographic operation
EP3217310B1 (en) Hypervisor-based attestation of virtual environments
US9026803B2 (en) Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms
CN113906424A (en) Apparatus and method for disk authentication
US10733300B2 (en) Basic input/output system (BIOS)/unified extensible firmware interface (UEFI) hard drive authentication
US20100037065A1 (en) Method and Apparatus for Transitive Program Verification
Hosseinzadeh et al. Recent trends in applying TPM to cloud computing
CN114651253A (en) Virtual environment type verification for policy enforcement
Yalew et al. TruApp: A TrustZone-based authenticity detection service for mobile apps
CN113127873A (en) Credible measurement system of fortress machine and electronic equipment
US11290471B2 (en) Cross-attestation of electronic devices
CN112988262B (en) Method and device for starting application program on target platform
WO2013028059A1 (en) Verification system for trusted platform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11840061

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11840061

Country of ref document: EP

Kind code of ref document: A1