WO2012064171A1 - A method for enabling a trusted platform in a computing system - Google Patents
A method for enabling a trusted platform in a computing system Download PDFInfo
- Publication number
- WO2012064171A1 WO2012064171A1 PCT/MY2011/000082 MY2011000082W WO2012064171A1 WO 2012064171 A1 WO2012064171 A1 WO 2012064171A1 MY 2011000082 W MY2011000082 W MY 2011000082W WO 2012064171 A1 WO2012064171 A1 WO 2012064171A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- trusted
- services
- integrity
- kernel
- drivers
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Definitions
- the present invention relates to a method for enabling a trusted processing platform in a computing system.
- TPM trusted platform module
- TOS trusted operating systems
- SOS secure operating systems
- STOS secure and trusted operating systems
- the present invention aims at providing a method that establishes a trusted platform in a computing system when modules, such as drivers or services, are loaded and executed.
- Values e.g., hash values, signatures, etc.
- modules are loaded and executed.
- Values e.g., hash values, signatures, etc.
- modules are loaded and executed.
- Values e.g., hash values, signatures, etc.
- the system can discontinue further operation, restrict operations, indicate that the system security has been breached or take other actions.
- PCR Platform Configuration Register
- TPM Trusted Platform Manager
- the present invention relates to a method for checking module integrity in a computing system having a plurality of drivers or services comprising the steps of: a) storing a predetermined integrity parameter of each said driver or service into a kernel;
- the measurement is done by a trusted service located within the said kernel.
- the said trusted service measures other modules before loading them into said kernel.
- the said identity detection can be done using a SHA-1 hash function.
- the resulting measurements are then securely stored within a platform configuration register (PCR).
- PCR platform configuration register
- the stored measurements can then be used by local or remote systems to verify the software configuration.
- the method may further comprise a boot sequence comprising the steps of:
- This invention also relates to a method for establishing a trusted platform in a computing system comprising the steps of:
- the method may further comprise the step of executing said compiled kernel into said system.
- Figure 1 shows a diagram of a method according to the first prior art.
- Figure 2 shows a diagram of a method according to the second prior art.
- Figure 3 shows a diagram of boot and compilation processes in a method for establishing a trusted platform in an embodiment of this invention.
- Figure 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention.
- Figure 1 shows a diagram of a method according to prior art US7.716,494 (Liu, et al.).
- the grub (50) measures (510) the kernel (10) and compares the measurement with stored values in a config file.
- the kernel (10) measures (520) other modules (40) and compares those measurements with stored values in the config file.
- FIG 2 shows a diagram of a method according to prior art US7,318,150 (Zimmer, et al.).
- the bios hardware (60) measures (610) the grub (50) and compares the measurement with stored values in a config file.
- the bios hardware (60) measures (620) the kernel (10) and compares those measurements with stored values in the config file.
- Figure 3 shows the boot and compilation processes of this invention.
- One major difference between this invention and the two prior arts above is the storing of the integrity measurements in the kernel (10) and not a config file.
- hardware including a trusted platform module and virtual trusted platform module (62), system BIOS (64) and the CPU (65).
- the main functionality of the GRUB (50) extensions is a connection to the Trusted Platform Module (TPM) or virtual trusted platform module (vTPM) (62) to measure the binary configuration (i.e., the identity) of modules to be loaded.
- TPM Trusted Platform Module
- vTPM virtual trusted platform module
- the measurement is done using a SHA-1 hash function.
- the resulting measurements are then securely stored within "Platform Configuration Registers (PCR) of the TPM (62). These values can then be used by local and remote systems to verify the software configuration running on the TPM-enabled platform.
- Grub (50) will measure kernel and store its value at PCR 8 (1 10). Grub will point PCR 6 to measure boot loader (120).
- TPM driver (20) and trusted services measurement is stored (210) in the kernel (10).
- TPM driver (20) and trusted services (30) are compiled and stored at the user space by using some scripts / interface at the kernel level (310). TPM driver (20) is measured. This driver (20) needs to be loaded to communicate with the TPM hardware (62). TPM driver (20) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. TPM driver (20) measurement is stored and loaded (320).
- Trusted service (30) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. Kernel (10) will then pass control to trusted services (30). Trusted service (30) is then allowed to measure other modules (40) before loading (340).
- VTPM driver (20) The method to load VTPM driver (20) is identical to that of TPM driver (20). This method works as long as people use trusted computing.
- FIG. 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention.
- a kernel 10 measures (210) a Trusted Platform Module (TPM) driver (20) and trusted services (30). These measurements are compared to values for the same integrity measurements stored securely beforehand in the kernel (10). If the measurements match the stored values, the integrity of the measurement is verified. Trusted service (30) is then allowed to measure other modules (40) before loading (340). All other measurements are also compared with previously stored values to check integrity.
- the TPM (62) is a hardware chip designed to enable the computer to achieve greater levels of security than was previously possible. TPM (62) offers three kinds of functionality:
- a platform can create reports of its integrity and configuration state that can be relied on by a remote verifier
- Platform authentication A platform can obtain keys by which it can authentication itself reliably
- the TP (62) contains a number of 160-bit registers called platform configuration registers (PCRs) intended to enable a relying party to obtain unforgeable information about the platform state.
- Platform consists of several components which may receive control and pass on control to another component. Typical components are the BIOS, the master boot record, boot sectors, the boot loader, and ultimately the operating system and applications software.
- a component can measure another component (compute its hash) and insert that measurement into a PCR. This insertion is known as extending.
- Kernel (10) is a computer kernel that provides the mechanism needed to implement an operating system. If the hardware (60) provides multiple privilege levels, then the kernel is the only software executing at the most privileged level. Actual operating system services, such as device drivers, protocol stacks, file systems and user interface code are contained in user space.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
A method that establishes a trusted platform in a computing system when modules, such as drivers (20) or services (30), are loaded and executed. Values (e.g., hash values, signatures, etc.) of modules are compiled and stored so that measurements can be compared and matched to confirm integrity before being loaded. If a measurement does not match the stored data then the system can discontinue further operation, restrict operations, indicate that the system security has been breached or take other actions. In one embodiment, if a driver (20) or service does not pass the integrity check then the failed measurement is extended into a Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trusted based on the return of the PCR value.
Description
A Method for Enabling a Trusted Platform in a Computing System
FIELD OF INVENTION The present invention relates to a method for enabling a trusted processing platform in a computing system.
BACKGROUND OF INVENTION Malicious attacks on computer systems and servers occur very frequently. Hackers spend a great deal of time trying to identify holes in security via which they can embed viruses, Trojans, etc. Almost as soon as an operating system (OS) vendor publishes a security patch to defeat a particular attack scheme, the hackers have figured out another way to defeat the software. Once viruses and the like appear on servers, an entire network of computers is susceptible to attack by those viruses. Other than attacks that cause widespread system damage, and perhaps even worse are security breaches that enable data to be "stolen". Banks and financial institutions are particularly at risk. Attacks have been made on various electronic storefront servers to steal credit card information and other user information. These types of attacks have lead to an escalating need for substantially improved security measures.
One method of improving security is by using a trusted platform module (TPM) within the computing system. These can be complete or partial trusted operating systems (TOS), secure operating systems (SOS), and secure and trusted operating systems (STOS).
What is needed is a method that enables a trusted platform within a computing system to secure the entire system.
SUMMARY OF INVENTION
The present invention aims at providing a method that establishes a trusted platform in a computing system when modules, such as drivers or services, are loaded and executed. Values (e.g., hash values, signatures, etc.) of modules are compiled and stored so that measurements can be compared and matched to confirm integrity before being loaded. If a measurement does not match the stored data then the system can discontinue further operation, restrict operations, indicate that the system security has been breached or take other actions. In one embodiment, if a driver or service does not pass the integrity check then the failed measurement is extended into a Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trusted based on the return of the PCR value. Prior arts US7,716,494 (Liu, et al.) and US7,318,150 (Zimmer, et al.) disclose various methods for maintaining a trusted platform for checking module integrity. Both these documents describe using a kernel, device drivers, Trusted Platform Module (TPM) driver and a boot sequence. However, neither of these documents suggest compiling kernel information when it only contains the measurement of TPM driver and trusted services, before verifying the integrity of other modules.
Neither of these documents suggest using measured trusted devices from the kernel to measure other modules without having to go back to the boot or the kernel.
The present invention relates to a method for checking module integrity in a computing system having a plurality of drivers or services comprising the steps of: a) storing a predetermined integrity parameter of each said driver or service into a kernel;
b) measuring said predetermined integrity parameter of each said driver or service;
c) loading each said driver or service into said kernel if said integrity parameter measurement matches said stored measurement; and
d) detecting the identity of said drivers or services to be loaded using a binary configuration.
The measurement is done by a trusted service located within the said kernel. The said trusted service measures other modules before loading them into said kernel. The said identity detection can be done using a SHA-1 hash function.
The resulting measurements are then securely stored within a platform configuration register (PCR). The stored measurements can then be used by local or remote systems to verify the software configuration.
The method may further comprise a boot sequence comprising the steps of:
a) storing a trusted platform module driver and trusted services measurement in said kernel;
b) loading said trusted platform module driver;
c) measuring said trusted services;
d) loading said trusted services into said kernel if said trusted services matches a stored value;
e) passing control of module to said trusted services; and
f) measuring other modules by said trusted services.
This invention also relates to a method for establishing a trusted platform in a computing system comprising the steps of:
a) compiling and storing integrity measurements of a trusted computing base into a kernel;
b) measuring integrity of at least a trusted services and a trusted platform module driver;
c) loading said trusted services and a trusted platform module driver if said integrity measurement matches said stored measurements; and
d) measuring other modules using said trusted services.
The said kernel is modified by inserting said integrity measurements of said trusted services and trusted platform module driver. The method may further comprise the step of executing said compiled kernel into said system.
These and other objects of the present invention will become more readily apparent from the detailed description given hereinafter. However, it should be understood that the detailed description and specific examples, while indicating the preferred embodiments of the invention, are given by way of illustration only, since various changes and modifications within the spirit and scope of the invention will become apparent to those skilled in the art from this detailed description.
BRIEF DESCRIPTION OF DRAWINGS Figure 1 shows a diagram of a method according to the first prior art.
Figure 2 shows a diagram of a method according to the second prior art.
Figure 3 shows a diagram of boot and compilation processes in a method for establishing a trusted platform in an embodiment of this invention.
Figure 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention. DETAILED DESCRIPTION OF INVENTION
It should be noted that the following detailed description is directed to a method for establishing a trusted platform in a computing system and is not limited to any particular size or configuration but in fact a multitude of sizes and configurations within the general scope of the following description.
Figure 1 shows a diagram of a method according to prior art US7.716,494 (Liu, et al.). In this prior art, the grub (50) measures (510) the kernel (10) and compares the measurement with stored values in a config file. The kernel (10) then measures
(520) other modules (40) and compares those measurements with stored values in the config file.
Figure 2 shows a diagram of a method according to prior art US7,318,150 (Zimmer, et al.). In this prior art, the bios hardware (60) measures (610) the grub (50) and compares the measurement with stored values in a config file. The bios hardware (60) then measures (620) the kernel (10) and compares those measurements with stored values in the config file. Figure 3 shows the boot and compilation processes of this invention. One major difference between this invention and the two prior arts above is the storing of the integrity measurements in the kernel (10) and not a config file.
There is shown hardware (60) including a trusted platform module and virtual trusted platform module (62), system BIOS (64) and the CPU (65).
Boot process:
The main functionality of the GRUB (50) extensions is a connection to the Trusted Platform Module (TPM) or virtual trusted platform module (vTPM) (62) to measure the binary configuration (i.e., the identity) of modules to be loaded. The measurement is done using a SHA-1 hash function. The resulting measurements are then securely stored within "Platform Configuration Registers (PCR) of the TPM (62). These values can then be used by local and remote systems to verify the software configuration running on the TPM-enabled platform. Grub (50) will measure kernel and store its value at PCR 8 (1 10). Grub will point PCR 6 to measure boot loader (120).
Before the compilation:
TPM driver (20) and trusted services measurement is stored (210) in the kernel (10).
During the compilation:
The TPM driver (20) and trusted services (30) are compiled and stored at the user space by using some scripts / interface at the kernel level (310).
TPM driver (20) is measured. This driver (20) needs to be loaded to communicate with the TPM hardware (62). TPM driver (20) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. TPM driver (20) measurement is stored and loaded (320).
Trusted service (30) is measured before being loaded into the kernel (10). Once there is a match with a stored value, the integrity of the measurement is verified. Kernel (10) will then pass control to trusted services (30). Trusted service (30) is then allowed to measure other modules (40) before loading (340).
The method to load VTPM driver (20) is identical to that of TPM driver (20). This method works as long as people use trusted computing.
Figure 4 shows a diagram of a method for establishing a trusted platform in a computing system in an embodiment of this invention. A kernel (10) measures (210) a Trusted Platform Module (TPM) driver (20) and trusted services (30). These measurements are compared to values for the same integrity measurements stored securely beforehand in the kernel (10). If the measurements match the stored values, the integrity of the measurement is verified. Trusted service (30) is then allowed to measure other modules (40) before loading (340). All other measurements are also compared with previously stored values to check integrity. The TPM (62) is a hardware chip designed to enable the computer to achieve greater levels of security than was previously possible. TPM (62) offers three kinds of functionality:
• Secure storage. User processes can store content that is encrypted by keys only available to the TPM
· Platform measurement and reporting. A platform can create reports of its integrity and configuration state that can be relied on by a remote verifier
• Platform authentication. A platform can obtain keys by which it can authentication itself reliably
The TP (62) contains a number of 160-bit registers called platform configuration registers (PCRs) intended to enable a relying party to obtain unforgeable information about the platform state. Platform consists of several components which may receive control and pass on control to another component. Typical components are the BIOS, the master boot record, boot sectors, the boot loader, and ultimately the operating system and applications software. A component can measure another component (compute its hash) and insert that measurement into a PCR. This insertion is known as extending. Kernel (10) is a computer kernel that provides the mechanism needed to implement an operating system. If the hardware (60) provides multiple privilege levels, then the kernel is the only software executing at the most privileged level. Actual operating system services, such as device drivers, protocol stacks, file systems and user interface code are contained in user space.
While several particularly preferred embodiments of the present invention have been described and illustrated, it should now be apparent to those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the invention. Accordingly, the following claims are intended to embrace such changes, modifications, and areas of application that are within the spirit and scope of this invention.
Claims
A method for checking module integrity in a system having a plurality of drivers or services comprising the steps of:
a. storing a predetermined integrity parameter of each said driver (20) or service into a kernel (10);
b. measuring said predetermined integrity parameter of each said driver (20) or service; and
c. loading each said driver (20) or service into said kernel (10) if said integrity parameter measurement matches said stored measurement.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 1 wherein the said measurement is done by a trusted service located within the said kernel (10).
A method for checking module integrity in a system having a plurality of drivers or services according to claim 2 wherein the said trusted service measures other modules before loading them into said kernel (10).
A method for checking module integrity in a system having a plurality of drivers or services according to any of the preceding claims further comprising the step of:
a. detecting the identity of said drivers (20) or services (30) to be loaded using a binary configuration.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 4 wherein the said identity detection is done using a SHA-1 hash function.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 4 or 5 wherein the resulting measurements are securely stored within a platform configuration register.
A method for checking module integrity in a system having a plurality of drivers or services according to claim 6 wherein the said stored measurements can then be used by local or remote systems to verify the software configuration.
A method for checking module integrity in a system having a plurality of drivers or services according to any of the preceding claims further comprising the steps of:
a. storing a trusted platform module driver (20) and trusted services (30) measurement in said kernel (10)
b. loading said trusted platform module driver (20);
c. measuring said trusted services (30);
d. loading said trusted services (30) into said kernel (10) if said trusted services (30) matches a stored value;
e. passing control of module to said trusted services (30); and f. measuring other modules (40) by said trusted services (30).
9. A method for establishing a trusted platform in a computing system comprising the steps of:
a. compiling and storing integrity measurements of a trusted computing base into a kernel (10);
b. measuring integrity of at least trusted services (30) and a trusted platform module driver (20);
c. loading said trusted services (30) and a trusted platform module driver (20) if said integrity measurement matches said stored measurements; and
d. measuring other modules (40) using said trusted services (30).
0. A method for establishing a trusted platform in a computing system according to claim 9 wherein the said kernel (10) is modified by inserting said integrity measurements of said trusted services (30) and trusted platform module driver (20).
1. A method for establishing a trusted platform in a computing system according to claim 9 or 10 further comprising the step of executing said compiled kernel (10) into said system.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2010005232 | 2010-11-08 | ||
MYPI2010005232 | 2010-11-08 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012064171A1 true WO2012064171A1 (en) | 2012-05-18 |
Family
ID=46051147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/MY2011/000082 WO2012064171A1 (en) | 2010-11-08 | 2011-06-07 | A method for enabling a trusted platform in a computing system |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2012064171A1 (en) |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102880826A (en) * | 2012-08-29 | 2013-01-16 | 华南理工大学 | Dynamic integrity measurement method for security of electronic government cloud platform |
CN103150523A (en) * | 2013-03-07 | 2013-06-12 | 太原科技大学 | Simple embedded-type credible terminal system and method thereof |
CN104301211A (en) * | 2014-09-26 | 2015-01-21 | 广东广联电子科技有限公司 | Internet of Things gateway and intelligent housing system |
US9161227B1 (en) | 2013-02-07 | 2015-10-13 | Sprint Communications Company L.P. | Trusted signaling in long term evolution (LTE) 4G wireless communication |
US9171243B1 (en) | 2013-04-04 | 2015-10-27 | Sprint Communications Company L.P. | System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device |
US9185626B1 (en) | 2013-10-29 | 2015-11-10 | Sprint Communications Company L.P. | Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning |
US9183606B1 (en) | 2013-07-10 | 2015-11-10 | Sprint Communications Company L.P. | Trusted processing location within a graphics processing unit |
US9183412B2 (en) | 2012-08-10 | 2015-11-10 | Sprint Communications Company L.P. | Systems and methods for provisioning and using multiple trusted security zones on an electronic device |
US9191388B1 (en) | 2013-03-15 | 2015-11-17 | Sprint Communications Company L.P. | Trusted security zone communication addressing on an electronic device |
US9191522B1 (en) | 2013-11-08 | 2015-11-17 | Sprint Communications Company L.P. | Billing varied service based on tier |
US9210576B1 (en) | 2012-07-02 | 2015-12-08 | Sprint Communications Company L.P. | Extended trusted security zone radio modem |
US9208339B1 (en) | 2013-08-12 | 2015-12-08 | Sprint Communications Company L.P. | Verifying Applications in Virtual Environments Using a Trusted Security Zone |
US9215180B1 (en) | 2012-08-25 | 2015-12-15 | Sprint Communications Company L.P. | File retrieval in real-time brokering of digital content |
US9226145B1 (en) | 2014-03-28 | 2015-12-29 | Sprint Communications Company L.P. | Verification of mobile device integrity during activation |
US9230085B1 (en) | 2014-07-29 | 2016-01-05 | Sprint Communications Company L.P. | Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services |
US9268959B2 (en) | 2012-07-24 | 2016-02-23 | Sprint Communications Company L.P. | Trusted security zone access to peripheral devices |
US9282898B2 (en) | 2012-06-25 | 2016-03-15 | Sprint Communications Company L.P. | End-to-end trusted communications infrastructure |
US9324016B1 (en) | 2013-04-04 | 2016-04-26 | Sprint Communications Company L.P. | Digest of biographical information for an electronic device with static and dynamic portions |
US9374363B1 (en) | 2013-03-15 | 2016-06-21 | Sprint Communications Company L.P. | Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device |
US9384498B1 (en) | 2012-08-25 | 2016-07-05 | Sprint Communications Company L.P. | Framework for real-time brokering of digital content delivery |
CN105930732A (en) * | 2016-04-12 | 2016-09-07 | 中国电子科技集团公司第五十四研究所 | Credible starting method suitable for service board in VPX device |
US9443088B1 (en) | 2013-04-15 | 2016-09-13 | Sprint Communications Company L.P. | Protection for multimedia files pre-downloaded to a mobile device |
US9454723B1 (en) | 2013-04-04 | 2016-09-27 | Sprint Communications Company L.P. | Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device |
US9473945B1 (en) | 2015-04-07 | 2016-10-18 | Sprint Communications Company L.P. | Infrastructure for secure short message transmission |
US9560519B1 (en) | 2013-06-06 | 2017-01-31 | Sprint Communications Company L.P. | Mobile communication device profound identity brokering framework |
US9578664B1 (en) | 2013-02-07 | 2017-02-21 | Sprint Communications Company L.P. | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system |
US9613208B1 (en) * | 2013-03-13 | 2017-04-04 | Sprint Communications Company L.P. | Trusted security zone enhanced with trusted hardware drivers |
US9779232B1 (en) | 2015-01-14 | 2017-10-03 | Sprint Communications Company L.P. | Trusted code generation and verification to prevent fraud from maleficent external devices that capture data |
US9819679B1 (en) | 2015-09-14 | 2017-11-14 | Sprint Communications Company L.P. | Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers |
US9838869B1 (en) | 2013-04-10 | 2017-12-05 | Sprint Communications Company L.P. | Delivering digital content to a mobile device via a digital rights clearing house |
US9838868B1 (en) | 2015-01-26 | 2017-12-05 | Sprint Communications Company L.P. | Mated universal serial bus (USB) wireless dongles configured with destination addresses |
US9906958B2 (en) | 2012-05-11 | 2018-02-27 | Sprint Communications Company L.P. | Web server bypass of backend process on near field communications and secure element chips |
US10282719B1 (en) | 2015-11-12 | 2019-05-07 | Sprint Communications Company L.P. | Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit |
US10311246B1 (en) | 2015-11-20 | 2019-06-04 | Sprint Communications Company L.P. | System and method for secure USIM wireless network access |
US10499249B1 (en) | 2017-07-11 | 2019-12-03 | Sprint Communications Company L.P. | Data link layer trust signaling in communication network |
-
2011
- 2011-06-07 WO PCT/MY2011/000082 patent/WO2012064171A1/en active Application Filing
Non-Patent Citations (1)
Title |
---|
SAILER, R ET AL.: "IBM Research Report: Design and Implementation of a TCG-Based Integrity Measurement Architecture", IBM RESEARCH DIVISION, 16 January 2004 (2004-01-16), Retrieved from the Internet <URL:http://www.ece.cmu.edu/adrian/731-sp04/readings/rc23064.pdf> [retrieved on 20110823] * |
Cited By (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9906958B2 (en) | 2012-05-11 | 2018-02-27 | Sprint Communications Company L.P. | Web server bypass of backend process on near field communications and secure element chips |
US10154019B2 (en) | 2012-06-25 | 2018-12-11 | Sprint Communications Company L.P. | End-to-end trusted communications infrastructure |
US9282898B2 (en) | 2012-06-25 | 2016-03-15 | Sprint Communications Company L.P. | End-to-end trusted communications infrastructure |
US9210576B1 (en) | 2012-07-02 | 2015-12-08 | Sprint Communications Company L.P. | Extended trusted security zone radio modem |
US9268959B2 (en) | 2012-07-24 | 2016-02-23 | Sprint Communications Company L.P. | Trusted security zone access to peripheral devices |
US9811672B2 (en) | 2012-08-10 | 2017-11-07 | Sprint Communications Company L.P. | Systems and methods for provisioning and using multiple trusted security zones on an electronic device |
US9183412B2 (en) | 2012-08-10 | 2015-11-10 | Sprint Communications Company L.P. | Systems and methods for provisioning and using multiple trusted security zones on an electronic device |
US9215180B1 (en) | 2012-08-25 | 2015-12-15 | Sprint Communications Company L.P. | File retrieval in real-time brokering of digital content |
US9384498B1 (en) | 2012-08-25 | 2016-07-05 | Sprint Communications Company L.P. | Framework for real-time brokering of digital content delivery |
CN102880826A (en) * | 2012-08-29 | 2013-01-16 | 华南理工大学 | Dynamic integrity measurement method for security of electronic government cloud platform |
US9769854B1 (en) | 2013-02-07 | 2017-09-19 | Sprint Communications Company L.P. | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system |
US9578664B1 (en) | 2013-02-07 | 2017-02-21 | Sprint Communications Company L.P. | Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system |
US9161227B1 (en) | 2013-02-07 | 2015-10-13 | Sprint Communications Company L.P. | Trusted signaling in long term evolution (LTE) 4G wireless communication |
CN103150523A (en) * | 2013-03-07 | 2013-06-12 | 太原科技大学 | Simple embedded-type credible terminal system and method thereof |
US9613208B1 (en) * | 2013-03-13 | 2017-04-04 | Sprint Communications Company L.P. | Trusted security zone enhanced with trusted hardware drivers |
US9374363B1 (en) | 2013-03-15 | 2016-06-21 | Sprint Communications Company L.P. | Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device |
US9191388B1 (en) | 2013-03-15 | 2015-11-17 | Sprint Communications Company L.P. | Trusted security zone communication addressing on an electronic device |
US9454723B1 (en) | 2013-04-04 | 2016-09-27 | Sprint Communications Company L.P. | Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device |
US9712999B1 (en) | 2013-04-04 | 2017-07-18 | Sprint Communications Company L.P. | Digest of biographical information for an electronic device with static and dynamic portions |
US9171243B1 (en) | 2013-04-04 | 2015-10-27 | Sprint Communications Company L.P. | System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device |
US9324016B1 (en) | 2013-04-04 | 2016-04-26 | Sprint Communications Company L.P. | Digest of biographical information for an electronic device with static and dynamic portions |
US9838869B1 (en) | 2013-04-10 | 2017-12-05 | Sprint Communications Company L.P. | Delivering digital content to a mobile device via a digital rights clearing house |
US9443088B1 (en) | 2013-04-15 | 2016-09-13 | Sprint Communications Company L.P. | Protection for multimedia files pre-downloaded to a mobile device |
US9949304B1 (en) | 2013-06-06 | 2018-04-17 | Sprint Communications Company L.P. | Mobile communication device profound identity brokering framework |
US9560519B1 (en) | 2013-06-06 | 2017-01-31 | Sprint Communications Company L.P. | Mobile communication device profound identity brokering framework |
US9183606B1 (en) | 2013-07-10 | 2015-11-10 | Sprint Communications Company L.P. | Trusted processing location within a graphics processing unit |
US9208339B1 (en) | 2013-08-12 | 2015-12-08 | Sprint Communications Company L.P. | Verifying Applications in Virtual Environments Using a Trusted Security Zone |
US9185626B1 (en) | 2013-10-29 | 2015-11-10 | Sprint Communications Company L.P. | Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning |
US9191522B1 (en) | 2013-11-08 | 2015-11-17 | Sprint Communications Company L.P. | Billing varied service based on tier |
US9226145B1 (en) | 2014-03-28 | 2015-12-29 | Sprint Communications Company L.P. | Verification of mobile device integrity during activation |
US9230085B1 (en) | 2014-07-29 | 2016-01-05 | Sprint Communications Company L.P. | Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services |
CN104301211A (en) * | 2014-09-26 | 2015-01-21 | 广东广联电子科技有限公司 | Internet of Things gateway and intelligent housing system |
US9779232B1 (en) | 2015-01-14 | 2017-10-03 | Sprint Communications Company L.P. | Trusted code generation and verification to prevent fraud from maleficent external devices that capture data |
US9838868B1 (en) | 2015-01-26 | 2017-12-05 | Sprint Communications Company L.P. | Mated universal serial bus (USB) wireless dongles configured with destination addresses |
US9473945B1 (en) | 2015-04-07 | 2016-10-18 | Sprint Communications Company L.P. | Infrastructure for secure short message transmission |
US9819679B1 (en) | 2015-09-14 | 2017-11-14 | Sprint Communications Company L.P. | Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers |
US10282719B1 (en) | 2015-11-12 | 2019-05-07 | Sprint Communications Company L.P. | Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit |
US10311246B1 (en) | 2015-11-20 | 2019-06-04 | Sprint Communications Company L.P. | System and method for secure USIM wireless network access |
CN105930732B (en) * | 2016-04-12 | 2018-11-06 | 中国电子科技集团公司第五十四研究所 | A kind of credible startup method of suitable VPX appliance services board |
CN105930732A (en) * | 2016-04-12 | 2016-09-07 | 中国电子科技集团公司第五十四研究所 | Credible starting method suitable for service board in VPX device |
US10499249B1 (en) | 2017-07-11 | 2019-12-03 | Sprint Communications Company L.P. | Data link layer trust signaling in communication network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012064171A1 (en) | A method for enabling a trusted platform in a computing system | |
US8966642B2 (en) | Trust verification of a computing platform using a peripheral device | |
US9674183B2 (en) | System and method for hardware-based trust control management | |
US9690498B2 (en) | Protected mode for securing computing devices | |
US7200758B2 (en) | Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem | |
US8850212B2 (en) | Extending an integrity measurement | |
US8261332B2 (en) | Establishing a trust relationship between computing entities | |
EP3275159B1 (en) | Technologies for secure server access using a trusted license agent | |
US8332930B2 (en) | Secure use of user secrets on a computing platform | |
US11714910B2 (en) | Measuring integrity of computing system | |
US9270467B1 (en) | Systems and methods for trust propagation of signed files across devices | |
US8024579B2 (en) | Authenticating suspect data using key tables | |
US11349651B2 (en) | Measurement processing of high-speed cryptographic operation | |
US9026803B2 (en) | Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms | |
EP3217310B1 (en) | Hypervisor-based attestation of virtual environments | |
US9122864B2 (en) | Method and apparatus for transitive program verification | |
CN113906424A (en) | Apparatus and method for disk authentication | |
Hosseinzadeh et al. | Recent trends in applying TPM to cloud computing | |
CN114651253A (en) | Virtual environment type verification for policy enforcement | |
US20190121982A1 (en) | Basic input/output system (bios)/unified extensible firmware interface (uefi) hard drive authentication | |
Yalew et al. | TruApp: A TrustZone-based authenticity detection service for mobile apps | |
CN113127873A (en) | Credible measurement system of fortress machine and electronic equipment | |
US11290471B2 (en) | Cross-attestation of electronic devices | |
CN112988262B (en) | Method and device for starting application program on target platform | |
WO2013028059A1 (en) | Verification system for trusted platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11840061 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11840061 Country of ref document: EP Kind code of ref document: A1 |