公开(公告)号：US20120216255A1

公开(公告)日：2012-08-23

申请号：US13460080

申请日：2012-04-30

申请人： David Haikney ,  David N. MacKintosh ,  Jose J.P. Perez

发明人： David Haikney ,  David N. MacKintosh ,  Jose J.P. Perez

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F9/4401 ,  G06F2009/45587 ,  G06F2221/034

摘要： A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively.

摘要翻译： 一种证明多个数据处理系统的技术。 该方法包括：配置数据处理系统链，其中第一数据处理系统负责检索与第二数据处理系统相关联的认证数据; 发送第一数据处理系统的认证请求; 响应于接收到所述请求，检索相关联的一个或多个子项的列表，其中所述一个或多个子组成所述第二数据处理系统; 检索和存储与每个孩子相关联的证明数据; 检索和存储与第一数据处理系统相关联的证明数据; 以及向所述请求者发送包含与所述第一和第二数据处理系统相关联的认证数据的级联响应，使得与所述第一和第二数据处理系统相关联的证明数据可以分别用于证明所述第一和第二数据处理系统 。

公开(公告)号：US20130080756A1

公开(公告)日：2013-03-28

申请号：US13459164

申请日：2012-04-28

申请人： David N. MacKintosh ,  Jose J.P. Perez ,  James W. Walker

发明人： David N. MacKintosh ,  Jose J.P. Perez ,  James W. Walker

IPC分类号： G06F9/00

CPC分类号： G06F21/575 ,  G06F21/31 ,  G06F2221/2141

摘要： A method for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.