JP2013538404A - 起動プロセスの際の対話型コンポーネントの使用の認証 - Google Patents
起動プロセスの際の対話型コンポーネントの使用の認証 Download PDFInfo
- Publication number
- JP2013538404A JP2013538404A JP2013528589A JP2013528589A JP2013538404A JP 2013538404 A JP2013538404 A JP 2013538404A JP 2013528589 A JP2013528589 A JP 2013528589A JP 2013528589 A JP2013528589 A JP 2013528589A JP 2013538404 A JP2013538404 A JP 2013538404A
- Authority
- JP
- Japan
- Prior art keywords
- input
- interactive
- trusted
- response
- component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
【解決手段】 対話型コンポーネントの使用を判断することに応答して、関連した対話型入力を読み取るステップと、入力を信頼すべきかどうかを判断するステップと、入力を信頼すべきであると判断することに応答して、入力を処理して信頼できる暗号値を作成するステップとを含み、後続の対話型入力を読み取ることに応答して、後続の対話型入力を信頼できる暗号値の1つ又は複数と照合して、後続の対話型入力が信頼できるかどうかを判断するステップをさらに含む、起動プロセスの際に対話型コンポーネントの使用を認証するための方法が提供される。
【選択図】 図4
Description
105、305:管理システム
110、310:エミュレータ
115、325:データベース
120、200:管理されるシステム
125、225:TPM(Trusted Platform Module)
205:ユーザ空間プログラム
210:オペレーティング・システム
215:ファームウェア
217:対話型コンポーネント
220:Core Root of Trust for Measurement(CRTM)
230:PCR(Platform Configuration Register)
235:イベント・ログ
Claims (10)
- 起動プロセスの際に対話型コンポーネントの使用を認証するための方法であって、
前記対話型コンポーネントの使用を判断することに応答して、関連した対話型入力を読み取るステップと、
前記入力を信頼すべきかどうかを判断するステップと、
前記入力を信頼すべきであると判断することに応答して、前記入力を処理して信頼できる暗号値を作成するステップと
を含み、
後続の対話型入力を読み取ることに応答して、前記後続の対話型入力を前記信頼できる暗号値の1つ又は複数と照合して、前記後続の対話型入力が信頼できるかどうかを判断するステップをさらに含む方法。 - PCRを前記入力に割り当てるステップと、
前記入力を前記割り当てられたPCRにextend命令を用いて書き込むステップと
をさらに含む、請求項1に記載の方法。 - 前記信頼できる暗号値と関連したメタデータを生成するステップをさらに含む、請求項1又は請求項2に記載の方法。
- 前記後続する対話型入力が信頼できる暗号値に一致することに応答して、前記対話型コンポーネントと関連したシステムが信頼できると判断するステップ
をさらに含む、前記請求項のいずれかに記載の方法。 - 前記後続の対話型入力が信頼できる暗号値に一致しないことに応答して、関連したイベント・ログ・エントリを構文解析するステップと、
前記イベント・ログ・エントリを既知の入力のデータ構造と照合するステップと、
をさらに含む、前記請求項のいずれかに記載の方法。 - 前記イベント・ログ・エントリが前記既知の入力のデータ構造に一致しないことに応答して、前記対話型コンポーネントと関連したシステムが信頼できないと判断するステップをさらに含む、請求項5に記載の方法。
- 前記イベント・ログ・エントリが前記既知の信頼できる入力のデータ構造に一致することに応答して、前記後続の対話型入力と関連した暗号値を、前記信頼できる暗号値を含むデータ構造に付加するステップをさらに含む、請求項5に記載の方法。
- 前記入力を信頼すべきかどうかを判断するステップは、
前記入力を既知の入力のデータ構造と比較するステップをさらに含む、前記請求項のいずれかに記載の方法。 - 起動プロセスの際に対話型コンポーネントの使用を認証するための装置であって、
前記対話型コンポーネントの使用の判断に応答して、関連した対話型入力を読み取るための手段と、
前記入力を信頼すべきであるかどうかを判断するための手段と、
入力を信頼すべきであるという判断に応答して、前記入力を処理して信頼できる暗号値を作成するための手段と、
を備え、
後続の対話型入力を読み取ることに応答して、前記後続の対話型入力を前記信頼できる暗号値の1つ又は複数と照合して、前記後続の対話型入力が信頼できるかどうかを判断するための手段
をさらに備える装置。 - コンピュータ・システムにロードされ、そこで実行されたときに、前記コンピュータ・システムに、請求項1から請求項8までのいずれかに記載の方法の全てのステップを実行させる、コンピュータ可読媒体上に格納されたコンピュータ・プログラム・コードを含むコンピュータ・プログラム。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10178162 | 2010-09-22 | ||
EP10178162.3 | 2010-09-22 | ||
PCT/EP2011/064979 WO2012038211A1 (en) | 2010-09-22 | 2011-08-31 | Attesting use of an interactive component during a boot process |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2013538404A true JP2013538404A (ja) | 2013-10-10 |
JP5745061B2 JP5745061B2 (ja) | 2015-07-08 |
Family
ID=44514764
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2013528589A Active JP5745061B2 (ja) | 2010-09-22 | 2011-08-31 | 起動プロセスの際の対話型コンポーネントの使用の認証 |
Country Status (5)
Country | Link |
---|---|
US (1) | US9342696B2 (ja) |
EP (1) | EP2619701B1 (ja) |
JP (1) | JP5745061B2 (ja) |
CN (1) | CN103124973B (ja) |
WO (1) | WO2012038211A1 (ja) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103124973B (zh) | 2010-09-22 | 2015-09-30 | 国际商业机器公司 | 证明引导过程期间交互式组件的使用 |
US8869264B2 (en) | 2010-10-01 | 2014-10-21 | International Business Machines Corporation | Attesting a component of a system during a boot process |
US20120131334A1 (en) | 2010-11-18 | 2012-05-24 | International Business Machines Corporation | Method for Attesting a Plurality of Data Processing Systems |
GB2521101B (en) | 2010-11-18 | 2019-01-30 | Ibm | A method for attesting a plurality of data processing systems |
KR20130114672A (ko) | 2011-01-19 | 2013-10-17 | 인터내셔널 비지네스 머신즈 코포레이션 | 소프트웨어를 업데이트하는 장치 및 방법 |
CN103488937B (zh) * | 2013-09-16 | 2017-02-22 | 华为技术有限公司 | 一种度量方法、电子设备及度量系统 |
CN103501303B (zh) * | 2013-10-12 | 2017-02-22 | 武汉大学 | 一种针对云平台虚拟机度量的主动远程证明方法 |
US9405912B2 (en) * | 2013-11-14 | 2016-08-02 | Microsoft Technology Licensing, Llc | Hardware rooted attestation |
CN104268461B (zh) * | 2014-09-16 | 2018-03-06 | 华为技术有限公司 | 一种可信度量方法及装置 |
US9537833B2 (en) | 2014-12-31 | 2017-01-03 | Google Inc. | Secure host communications |
US9760727B2 (en) | 2014-12-31 | 2017-09-12 | Google Inc. | Secure host interactions |
US9547773B2 (en) * | 2014-12-31 | 2017-01-17 | Google Inc. | Secure event log management |
US10528739B2 (en) | 2016-04-20 | 2020-01-07 | Sophos Limited | Boot security |
US10482034B2 (en) * | 2016-11-29 | 2019-11-19 | Microsoft Technology Licensing, Llc | Remote attestation model for secure memory applications |
DE102017204081A1 (de) * | 2017-03-13 | 2018-09-13 | Siemens Aktiengesellschaft | Verfahren und Vorrichtung zur Überprüfung der Integrität von in einem vorbestimmten Speicherbereich eines Speichers gespeicherten Daten |
US10417429B2 (en) | 2017-06-02 | 2019-09-17 | Apple Inc. | Method and apparatus for boot variable protection |
US11263326B2 (en) | 2017-06-02 | 2022-03-01 | Apple Inc. | Method and apparatus for secure system boot |
WO2019112972A1 (en) * | 2017-12-07 | 2019-06-13 | Apple Inc. | Method and apparatus for boot variable protection |
GB2578628B (en) * | 2018-11-01 | 2021-09-15 | Trustonic Ltd | Device attestation techniques |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009015818A (ja) * | 2007-04-13 | 2009-01-22 | Hewlett-Packard Development Co Lp | 動的信頼管理 |
JP2010511209A (ja) * | 2006-07-27 | 2010-04-08 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー. | ユーザ認証に基づいて完全性測定値を修正するための方法及びシステム |
Family Cites Families (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB9302225D0 (en) | 1993-02-05 | 1993-03-24 | Int Computers Ltd | Data processing system |
US6539480B1 (en) | 1998-12-31 | 2003-03-25 | Intel Corporation | Secure transfer of trust in a computing system |
US6546392B1 (en) | 1999-06-25 | 2003-04-08 | Mediaone Group, Inc. | Self service gateway |
GB2376765B (en) | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments with verifiable environment identities |
US7191464B2 (en) | 2001-10-16 | 2007-03-13 | Lenovo Pte. Ltd. | Method and system for tracking a secure boot in a trusted computing environment |
US7490250B2 (en) | 2001-10-26 | 2009-02-10 | Lenovo (Singapore) Pte Ltd. | Method and system for detecting a tamper event in a trusted computing environment |
US6928526B1 (en) | 2002-12-20 | 2005-08-09 | Datadomain, Inc. | Efficient data storage system |
US7269747B2 (en) | 2003-04-10 | 2007-09-11 | Lenovo (Singapore) Pte. Ltd. | Physical presence determination in a trusted platform |
US7275263B2 (en) * | 2003-08-11 | 2007-09-25 | Intel Corporation | Method and system and authenticating a user of a computer system that has a trusted platform module (TPM) |
US7313679B2 (en) | 2003-10-17 | 2007-12-25 | Intel Corporation | Extended trusted computing base |
US7533274B2 (en) | 2003-11-13 | 2009-05-12 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the core root of trust measurement is embedded in the boot block code |
US20050132031A1 (en) | 2003-12-12 | 2005-06-16 | Reiner Sailer | Method and system for measuring status and state of remotely executing programs |
US8161197B2 (en) | 2003-12-19 | 2012-04-17 | Broadcom Corporation | Method and system for efficient buffer management for layer 2 (L2) through layer 5 (L5) network interface controller applications |
US7222062B2 (en) * | 2003-12-23 | 2007-05-22 | Intel Corporation | Method and system to support a trusted set of operational environments using emulated trusted hardware |
JP4144880B2 (ja) | 2004-04-09 | 2008-09-03 | インターナショナル・ビジネス・マシーンズ・コーポレーション | プラットフォーム構成測定装置、プログラム及び方法、プラットフォーム構成認証装置、プログラム及び方法、プラットフォーム構成証明装置、プログラム及び方法、並びに、プラットフォーム構成開示装置、プログラム及び方法 |
US7380119B2 (en) | 2004-04-29 | 2008-05-27 | International Business Machines Corporation | Method and system for virtualization of trusted platform modules |
US7480804B2 (en) * | 2004-04-29 | 2009-01-20 | International Business Machines Corporation | Method and system for hierarchical platform boot measurements in a trusted computing environment |
WO2005109184A1 (en) * | 2004-05-08 | 2005-11-17 | Intel Corporation | Firmware interface runtime environment protection field |
EP1617587A1 (en) | 2004-07-12 | 2006-01-18 | International Business Machines Corporation | Method, system and computer program product for privacy-protecting integrity attestation of computing platform |
US7716494B2 (en) | 2004-07-15 | 2010-05-11 | Sony Corporation | Establishing a trusted platform in a digital processing system |
US7143287B2 (en) | 2004-10-21 | 2006-11-28 | International Business Machines Corporation | Method and system for verifying binding of an initial trusted device to a secured processing system |
JP4433401B2 (ja) | 2004-12-20 | 2010-03-17 | レノボ シンガポール プライヴェート リミテッド | 情報処理システム、プログラム、及び情報処理方法 |
CN100358303C (zh) * | 2005-02-28 | 2007-12-26 | 联想(北京)有限公司 | 一种对被管理设备进行监控的方法 |
EP2194476B1 (en) | 2005-03-22 | 2014-12-03 | Hewlett-Packard Development Company, L.P. | Method and apparatus for creating a record of a software-verification attestation |
US7770000B2 (en) | 2005-05-02 | 2010-08-03 | International Business Machines Corporation | Method and device for verifying the security of a computing platform |
US7613921B2 (en) | 2005-05-13 | 2009-11-03 | Intel Corporation | Method and apparatus for remotely provisioning software-based security coprocessors |
US7571312B2 (en) | 2005-05-13 | 2009-08-04 | Intel Corporation | Methods and apparatus for generating endorsement credentials for software-based security coprocessors |
US8074262B2 (en) | 2005-05-13 | 2011-12-06 | Intel Corporation | Method and apparatus for migrating virtual trusted platform modules |
US20070079120A1 (en) * | 2005-10-03 | 2007-04-05 | Bade Steven A | Dynamic creation and hierarchical organization of trusted platform modules |
US8522018B2 (en) * | 2006-08-18 | 2013-08-27 | Fujitsu Limited | Method and system for implementing a mobile trusted platform module |
US8201216B2 (en) | 2006-09-11 | 2012-06-12 | Interdigital Technology Corporation | Techniques for database structure and management |
US8117429B2 (en) | 2006-11-01 | 2012-02-14 | Nokia Corporation | System and method for a distributed and flexible configuration of a TCG TPM-based local verifier |
US8433924B2 (en) | 2006-12-18 | 2013-04-30 | Lenovo (Singapore) Pte. Ltd. | Apparatus, system, and method for authentication of a core root of trust measurement chain |
US7840801B2 (en) | 2007-01-19 | 2010-11-23 | International Business Machines Corporation | Architecture for supporting attestation of a virtual machine in a single step |
US20080235754A1 (en) | 2007-03-19 | 2008-09-25 | Wiseman Willard M | Methods and apparatus for enforcing launch policies in processing systems |
US20080244746A1 (en) | 2007-03-28 | 2008-10-02 | Rozas Carlos V | Run-time remeasurement on a trusted platform |
US8151262B2 (en) * | 2007-03-30 | 2012-04-03 | Lenovo (Singapore) Pte. Ltd. | System and method for reporting the trusted state of a virtual machine |
US20080281654A1 (en) | 2007-05-09 | 2008-11-13 | Novell, Inc. | Data center life cycle management |
US8032741B2 (en) | 2007-08-22 | 2011-10-04 | Intel Corporation | Method and apparatus for virtualization of a multi-context hardware trusted platform module (TPM) |
US20090204964A1 (en) | 2007-10-12 | 2009-08-13 | Foley Peter F | Distributed trusted virtualization platform |
US8620708B2 (en) | 2007-11-09 | 2013-12-31 | Hitachi-Ge Nuclear Energy, Ltd. | Progress status management method, program, and progress status management device |
US7921286B2 (en) | 2007-11-14 | 2011-04-05 | Microsoft Corporation | Computer initialization for secure kernel |
US8042190B2 (en) * | 2007-12-31 | 2011-10-18 | Intel Corporation | Pre-boot protected memory channel |
US8032942B2 (en) | 2007-12-31 | 2011-10-04 | Intel Corporation | Configuration of virtual trusted platform module |
KR101709456B1 (ko) | 2008-02-19 | 2017-02-22 | 인터디지탈 패튼 홀딩스, 인크 | 안전하고 신뢰성있는 시간 기술을 위한 방법 및 장치 |
CN101960464B (zh) | 2008-02-25 | 2013-01-16 | 松下电器产业株式会社 | 信息处理装置 |
US7953778B2 (en) | 2008-05-20 | 2011-05-31 | International Business Machines Corporation | Efficient support of consistent cyclic search with read-copy update and parallel updates |
US8943491B2 (en) | 2008-06-26 | 2015-01-27 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Systems and methods for maintaining CRTM code |
US20100083002A1 (en) | 2008-09-30 | 2010-04-01 | Liang Cui | Method and System for Secure Booting Unified Extensible Firmware Interface Executables |
GB2466071B (en) * | 2008-12-15 | 2013-11-13 | Hewlett Packard Development Co | Associating a signing key with a software component of a computing platform |
US8738932B2 (en) | 2009-01-16 | 2014-05-27 | Teleputers, Llc | System and method for processor-based security |
WO2010113266A1 (ja) | 2009-03-31 | 2010-10-07 | 富士通株式会社 | 情報処理装置,情報処理装置の起動制御方法及び起動プログラム |
CN103124973B (zh) | 2010-09-22 | 2015-09-30 | 国际商业机器公司 | 证明引导过程期间交互式组件的使用 |
US8869264B2 (en) | 2010-10-01 | 2014-10-21 | International Business Machines Corporation | Attesting a component of a system during a boot process |
GB2521101B (en) | 2010-11-18 | 2019-01-30 | Ibm | A method for attesting a plurality of data processing systems |
US20120131334A1 (en) | 2010-11-18 | 2012-05-24 | International Business Machines Corporation | Method for Attesting a Plurality of Data Processing Systems |
TW201241662A (en) | 2010-12-21 | 2012-10-16 | Ibm | Virtual machine validation |
-
2011
- 2011-08-31 CN CN201180045663.XA patent/CN103124973B/zh active Active
- 2011-08-31 US US13/820,039 patent/US9342696B2/en active Active
- 2011-08-31 EP EP20110749201 patent/EP2619701B1/en active Active
- 2011-08-31 WO PCT/EP2011/064979 patent/WO2012038211A1/en active Application Filing
- 2011-08-31 JP JP2013528589A patent/JP5745061B2/ja active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010511209A (ja) * | 2006-07-27 | 2010-04-08 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー. | ユーザ認証に基づいて完全性測定値を修正するための方法及びシステム |
JP2009015818A (ja) * | 2007-04-13 | 2009-01-22 | Hewlett-Packard Development Co Lp | 動的信頼管理 |
Also Published As
Publication number | Publication date |
---|---|
WO2012038211A1 (en) | 2012-03-29 |
JP5745061B2 (ja) | 2015-07-08 |
EP2619701B1 (en) | 2015-04-22 |
US20130212369A1 (en) | 2013-08-15 |
CN103124973B (zh) | 2015-09-30 |
EP2619701A1 (en) | 2013-07-31 |
US9342696B2 (en) | 2016-05-17 |
CN103124973A (zh) | 2013-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5745061B2 (ja) | 起動プロセスの際の対話型コンポーネントの使用の認証 | |
US11861372B2 (en) | Integrity manifest certificate | |
US9436827B2 (en) | Attesting a component of a system during a boot process | |
EP3125149B1 (en) | Systems and methods for securely booting a computer with a trusted processing module | |
US8028172B2 (en) | Systems and methods for updating a secure boot process on a computer with a hardware security module | |
US8544092B2 (en) | Integrity verification using a peripheral device | |
US7565553B2 (en) | Systems and methods for controlling access to data on a computer with a secure boot process | |
US11579893B2 (en) | Systems and methods for separate storage and use of system BIOS components | |
US20060212939A1 (en) | Virtualization of software configuration registers of the TPM cryptographic processor | |
CN104850792A (zh) | 一种服务器信任链的构建方法和装置 | |
US11550899B2 (en) | Systems and methods for hardening security systems using live patching | |
US10776493B2 (en) | Secure management and execution of computing code including firmware | |
CN109992973B (zh) | 一种利用oprom机制的启动度量方法及装置 | |
KR20190062797A (ko) | 클라우드 서비스를 사용하는 사용자 단말기, 단말기의 보안 통합 관리 서버 및 단말기의 보안 통합 관리 방법 | |
CN111177703A (zh) | 操作系统数据完整性的确定方法及装置 | |
US9286459B2 (en) | Authorized remote access to an operating system hosted by a virtual machine | |
CN113448681B (zh) | 一种虚拟机监控器公钥的注册方法、设备和存储介质 | |
CN110363011A (zh) | 用于验证基于uefi的bios的安全性的方法和设备 | |
CN111158771B (zh) | 处理方法、装置及计算机设备 | |
Alam et al. | Analysis of existing remote attestation techniques | |
US20230297682A1 (en) | Computing device quarantine action system | |
KR102369874B1 (ko) | 무결성 검증 대상 디바이스에 대한 os 및 무결성 정보의 통합 업데이트 방법 및 원격 검증 시스템, os 배포 서버 및 무결성 검증 대상 디바이스 | |
Lioy et al. | Trust in SDN/NFV environments | |
CN114818006A (zh) | 一种系统内核引导完整性度量的方法及系统 | |
CN117688551A (zh) | 启动路径白名单更新方法、装置、电子设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20130325 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20140411 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20150309 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20150407 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20150430 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5745061 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |