Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2001075564 - PLATE-FORME ET PROCEDE POUR L'ATTESTATION A DISTANCE D'UNE PLATE-FORME

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

CLA S

What is claimed is:

1. A platform comprising:
a processor including a remote attestation unit, the processor executing in one of a normal execution mode and an isolated execution mode;
a chipset to store an audit log; and
a link coupled to the processor and the chipset, the link to support predetermined bus cycles for the remote attestation unit to read contents of the audit log when a remote attestation request has been detected.

2. The platform of claim 1 , wherein the remote attestation unit of the processor includes keying material.

3 The platform of claim 2, wherein the remote attestation unit of the processor includes a digital signature unit to digitally sign the audit log with the keying material.

4. The platform of claim 3, wherein the keying material within the remote attestation unit includes a private key.

5. The platform of claim 3, wherein the chipset includes:
a system memory including an isolated area and a non-isolated area;
a memory control hub coupled to system memory and the processor via a first link partially forming the link; and
an input output control hub coupled to the memory control hub via a second link partially forming the link, the input/output control hub including single-write, multiple-read memory to store the audit log.

6. The platform of claim 5 further comprising a communications device coupled to the input/output control hub, the communications device enables
communications with a user opt-in device.

7. The platform of claim 6, wherein the communications device includes a wireless transmitter and a wireless receiver to communicate with the user opt-in device.

8. The platform of claim 6, wherein the user opt-in device enables a user to control a stage of operation of the remote attestation by preventing the creation of the digital signature.

9. The platform of claim 2, wherein the remote attestation request includes a primary query.

10. The platform of claim 9, wherein the remote attestation unit returns a message to a requestor in response to the primary query, the message includes the audit log and at least a digital signature being the audit log digitally signed with the keying material.

11. The platform of claim 10, wherein the message further includes a digital certificate for the keying material.

12. The platform of claim 9, wherein the remote attestation request includes a secondary query.

13. The platform of claim 12 , wherein the remote attestation unit returns a message to a requestor in response to the secondary query, the message includes a hash value of a selected applet, the audit log and a digital signature including the hash value and the audit log.

14. The platform of claim 13, wherein the message further includes a digital certificate for the keying material.

15. A platform comprising:
a component to contain an audit log; and
a device including a remote attestation unit to retrieve the audit log and digitally sign the audit log with keying material stored in the remote attestation unit, the audit log including representative data of software modules loaded within the platform after power-on.

16. The platform of claim 15 further comprising a processor to detect a remote attestation request and to issue cycles to the component to allow the device to access the audit log.

17. The platform of claim 15, wherein the device is a chipset.

18. The platform of claim 16 further comprising:
a chipset coupled to processor, the chipset including the component and a token link interface; and
a token link coupled to the chipset.

19. The platform of claim 15, wherein the device is a fixed token coupled to the token link.

20. The platform of claim 19, further comprising a user opt-in device in communication with the fixed token, the user opt-in device enables a user to cease operations of the remote attestation unit.

21. The platform of claim 18 further comprising a token reader coupled to the token link.

22. The platform of claim 21, wherein the device is a removable token in communication with the token reader.

23. The platform of claim 22, further comprising a user opt-in device in communication with the removable token, the user opt-in device enables a user to cease operations of the remote attestation unit.

24. A method comprising:
storing an audit log within protected memory of a platform, the audit log being a listing of data representing each of a plurality of IsoX software modules loaded into the platform;
retrieving the audit log from the protected memory in response to receiving a remote attestation request from a remotely located platform; and
digitally signing the audit log to produce a digital signature before transfer to the remotely located platform.

25. The method of claim 24, wherein the data representative of each of the plurality of software modules is a cryptographic hash value.