WO2008024135A3 - Method to verify the integrity of components on a trusted platform using integrity database services - Google Patents

Method to verify the integrity of components on a trusted platform using integrity database services Download PDF

Info

Publication number
WO2008024135A3
WO2008024135A3 PCT/US2006/061811 US2006061811W WO2008024135A3 WO 2008024135 A3 WO2008024135 A3 WO 2008024135A3 US 2006061811 W US2006061811 W US 2006061811W WO 2008024135 A3 WO2008024135 A3 WO 2008024135A3
Authority
WO
WIPO (PCT)
Prior art keywords
integrity
digests
client platform
components
verify
Prior art date
Application number
PCT/US2006/061811
Other languages
French (fr)
Other versions
WO2008024135A2 (en
Inventor
Thomas Parasu Hardjono
David Maurits Bleckmann
William Wyatt Starnes
Bradley Douglas Andersen
Original Assignee
Signacert Inc
Thomas Parasu Hardjono
David Maurits Bleckmann
William Wyatt Starnes
Bradley Douglas Andersen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Signacert Inc, Thomas Parasu Hardjono, David Maurits Bleckmann, William Wyatt Starnes, Bradley Douglas Andersen filed Critical Signacert Inc
Priority to CA002632590A priority Critical patent/CA2632590A1/en
Priority to JP2008544666A priority patent/JP2009518762A/en
Publication of WO2008024135A2 publication Critical patent/WO2008024135A2/en
Publication of WO2008024135A3 publication Critical patent/WO2008024135A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Abstract

A client platform can be verified prior to being granted access to a resource or service on a network by validating individual hardware and software components of the client platform. Digests are generated for the components of the client platform. The digests can be collected into an integrity report. An authenticator entity receives the integrity report and compares the digests with digests stored in either a local signature database, a global signature database in an integrity authority, or both. Alternatively, the digests can be collected and stored on a portable digest-collector dongle. Once digests are either validated or invalidated, an overall integrity /trust score can be generated. The overall integrity/trust score can be used to determine whether the client platform should be granted access to the resource on the network using a policy.
PCT/US2006/061811 2005-12-09 2006-12-08 Method to verify the integrity of components on a trusted platform using integrity database services WO2008024135A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CA002632590A CA2632590A1 (en) 2005-12-09 2006-12-08 Method to verify the integrity of components on a trusted platform using integrity database services
JP2008544666A JP2009518762A (en) 2005-12-09 2006-12-08 A method for verifying the integrity of a component on a trusted platform using an integrity database service

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US74936805P 2005-12-09 2005-12-09
US60/749,368 2005-12-09
US75974206P 2006-01-17 2006-01-17
US60/759,742 2006-01-17

Publications (2)

Publication Number Publication Date
WO2008024135A2 WO2008024135A2 (en) 2008-02-28
WO2008024135A3 true WO2008024135A3 (en) 2008-12-04

Family

ID=39107257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/061811 WO2008024135A2 (en) 2005-12-09 2006-12-08 Method to verify the integrity of components on a trusted platform using integrity database services

Country Status (3)

Country Link
JP (1) JP2009518762A (en)
CA (1) CA2632590A1 (en)
WO (1) WO2008024135A2 (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8327131B1 (en) 2004-11-29 2012-12-04 Harris Corporation Method and system to issue trust score certificates for networked devices using a trust scoring service
US8266676B2 (en) 2004-11-29 2012-09-11 Harris Corporation Method to verify the integrity of components on a trusted platform using integrity database services
US7487358B2 (en) 2004-11-29 2009-02-03 Signacert, Inc. Method to control access between network endpoints based on trust scores calculated from information system component analysis
US9450966B2 (en) 2004-11-29 2016-09-20 Kip Sign P1 Lp Method and apparatus for lifecycle integrity verification of virtual machines
US7733804B2 (en) 2004-11-29 2010-06-08 Signacert, Inc. Method and apparatus to establish routes based on the trust scores of routers within an IP routing domain
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
EP2110766A1 (en) * 2008-04-16 2009-10-21 Robert Bosch Gmbh Electronic control unit, software and/or hardware component and method to reject wrong software and/or hardware components with respect to the electronic control unit
CN101729289B (en) * 2008-11-03 2012-04-04 华为技术有限公司 Method and system for authenticating platform completeness, wireless access equipment and network equipment
US8595491B2 (en) * 2008-11-14 2013-11-26 Microsoft Corporation Combining a mobile device and computer to create a secure personalized environment
NZ592063A (en) * 2008-12-24 2014-02-28 Commw Of Australia Digital video guard
TWI531254B (en) * 2009-03-05 2016-04-21 內數位專利控股公司 Method and apparatus for h(e)nb integrity verification and validation
CN101588244A (en) * 2009-05-08 2009-11-25 中兴通讯股份有限公司 Method and system for authenticating network device
CN101572704B (en) * 2009-06-08 2012-05-23 西安西电捷通无线网络通信股份有限公司 Access control method suitable for tri-element peer authentication trusted network connect architecture
US9531695B2 (en) * 2009-06-12 2016-12-27 Microsoft Technology Licensing, Llc Access control to secured application features using client trust levels
IT1398578B1 (en) * 2010-03-05 2013-03-01 Elsag Datamat Spa PORTABLE ELECTRONIC DEVICE INTERFACEABLE TO A CALCULATOR
CN101909058B (en) 2010-07-30 2013-01-16 天维讯达无线电设备检测(北京)有限责任公司 Platform authentication strategy management method and system suitable for credible connecting architecture
US9208318B2 (en) * 2010-08-20 2015-12-08 Fujitsu Limited Method and system for device integrity authentication
US9111079B2 (en) * 2010-09-30 2015-08-18 Microsoft Technology Licensing, Llc Trustworthy device claims as a service
US9032494B2 (en) * 2011-11-10 2015-05-12 Sony Corporation Network-based revocation, compliance and keying of copy protection systems
FR2989197B1 (en) 2012-04-05 2014-05-02 Toucan System METHOD FOR SECURING ACCESS TO A COMPUTER DEVICE
US9407638B2 (en) * 2013-08-26 2016-08-02 The Boeing Company System and method for trusted mobile communications
US9973481B1 (en) * 2015-06-16 2018-05-15 Amazon Technologies, Inc. Envelope-based encryption method
US10033703B1 (en) 2015-06-16 2018-07-24 Amazon Technologies, Inc. Pluggable cipher suite negotiation
CN109714185B (en) 2017-10-26 2022-03-04 阿里巴巴集团控股有限公司 Strategy deployment method, device and system of trusted server and computing system
JP6794383B2 (en) 2018-01-15 2020-12-02 株式会社東芝 Electronics, methods, programs and servers, methods, programs

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132122A1 (en) * 2003-12-16 2005-06-16 Rozas Carlos V. Method, apparatus and system for monitoring system integrity in a trusted computing environment
US20060048228A1 (en) * 2004-08-30 2006-03-02 Kddi Corporation; Keio University Communication system and security assurance device
US20070180495A1 (en) * 2004-11-29 2007-08-02 Signacert, Inc. Method and apparatus to establish routes based on the trust scores of routers within an ip routing domain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132122A1 (en) * 2003-12-16 2005-06-16 Rozas Carlos V. Method, apparatus and system for monitoring system integrity in a trusted computing environment
US20060048228A1 (en) * 2004-08-30 2006-03-02 Kddi Corporation; Keio University Communication system and security assurance device
US20070180495A1 (en) * 2004-11-29 2007-08-02 Signacert, Inc. Method and apparatus to establish routes based on the trust scores of routers within an ip routing domain

Also Published As

Publication number Publication date
CA2632590A1 (en) 2008-02-28
WO2008024135A2 (en) 2008-02-28
JP2009518762A (en) 2009-05-07

Similar Documents

Publication Publication Date Title
WO2008024135A3 (en) Method to verify the integrity of components on a trusted platform using integrity database services
Saad et al. Exploring the attack surface of blockchain: A comprehensive survey
US10826888B2 (en) Method for providing certificate service based on smart contract and server using the same
CN101834860B (en) Method for remote dynamic verification on integrality of client software
CN100542092C (en) Distributed access control method in multistage securities
WO2006118829A3 (en) Preventing fraudulent internet account access
Xue et al. RootAgency: A digital signature-based root privilege management agency for cloud terminal devices
WO2006065973A8 (en) Enabling trust in a federated collaboration of networks
US20100310077A1 (en) Method for generating a key pair and transmitting a public key or request file of a certificate in security
WO2007095242A3 (en) System and method for network-based fraud and authentication services
WO2005096701A3 (en) System and method for enabling authorization of a network device using attribute certificates
WO2008060820A3 (en) System and method for authenticating remote server access
WO2007115209A3 (en) Identity and access management framework
WO2008016567A3 (en) Method and system for access authentication
WO2009045317A3 (en) Method for authenticating mobile units attached to a femtocell in communication with a secure core network such as an ims
US20100058454A1 (en) Collecting anonymous and traceable telemetry
WO2006058313A3 (en) Method to control access between network endpoints based on trust scores calculated from information system component analysis
RU2008110057A (en) TRANSACTIONAL ISOLATED DATA STORAGE SYSTEM
DE602004016074D1 (en) Distributed authentication in a protocol-based trust ball
Park et al. An enhanced smartphone security model based on information security management system (ISMS)
SG131062A1 (en) System and method for providing code signing services
Lemieux In blockchain we trust? Blockchain technology for identity management and privacy protection
Rjaibi et al. Mean failure cost as a measure of critical security requirements: E-learning case study
CN104144054A (en) Login system based on server, login server and verification method of login server
Kim et al. Patch integrity verification method using dual electronic signatures

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06850910

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2632590

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2008544666

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06850910

Country of ref document: EP

Kind code of ref document: A2