WO2012096558A1 - System and method to provide integrity measurement of a machine without tpm using trusted agent - Google Patents
System and method to provide integrity measurement of a machine without tpm using trusted agent Download PDFInfo
- Publication number
- WO2012096558A1 WO2012096558A1 PCT/MY2011/000168 MY2011000168W WO2012096558A1 WO 2012096558 A1 WO2012096558 A1 WO 2012096558A1 MY 2011000168 W MY2011000168 W MY 2011000168W WO 2012096558 A1 WO2012096558 A1 WO 2012096558A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- machine
- tpm
- integrity measurement
- integrity
- trusted agent
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Definitions
- the present invention relates generally to a system and method to provide integrity measurement of a machine without TPM using trusted agents, wherein said trusted agents comprise of at least one Local Trusted Agent (LTA), at least one Remote Trusted Agent (RTA) and at least one Virtual Machine Monitor Trusted Agent (VTA) for capturing integrity measurements and thereby create a chain of trust between client machines without TPM and machine with TPM.
- LTA Local Trusted Agent
- RTA Remote Trusted Agent
- VTA Virtual Machine Monitor Trusted Agent
- Trusted Platform Module is used in machine as one of the security features to ensure trustworthy of the machine.
- Trusted Platform Module offers facilities for the secure generation of cryptographic keys and limitation of their use as well as to authenticate hardware devices. It is capable of performing platform authentication, for example, it can be used to verify that a system seeking access is the expected system. In the absence of TPM, machine could not provide platform integrity measurement which is used by application during attestation process and therefore may create the possibility of confidentiality violations.
- TCG Trusted Computing Groups
- Yet a further object of the present invention is to provide a system and method for integrity measurement of a machine without TPM which is capable of preventing information leakage when a client is accessing to cloud infrastructure.
- a system to provide integrity measurement of a machine with TPM comprising: at least a server (101); at least a client machine (111); characterised in that said server is a vTPM server (101) which comprises of at least one trusted agent; said client machine (111) comprises of at least one trusted agent; said system is able to perform integrity measurement without the use of TPM in said client machines (111).
- a method to provide integrity measurement of a machine without TPM comprising steps of: i. capturing integrity measurement of the vTPM server (101) by at least one Local Trusted Agent (103) and transmitting the said integrity measurement to at least one Resource Manager (105); ii. measuring integrity measurement of client machine (111) without TPM by at least one Remote Trusted Agent (113) and transmitting said integrity measurement to at least one Resource Manager (105); iii. measuring integrity measurement of virtual machine (119) in said client machine (111) by Virtual Machine Monitor Trusted Agent (115) and transmitting the said integrity measurement to at least one Resource Manager (105); iv. assembling said integrity measurements from said Trusted Agent by Resource Manager (105) and utilizing the said integrity measurement as initial value for at least one vTPM instances (107).
- FIG. 1 shows a schematic diagram illustrating a system to provide integrity measurement of a machine without TPM.
- FIG. 2 shows a schematic diagram of a system to provide integrity measurement of a machine without TPM in accordance with the preferred embodiment of the present invention.
- FIG. 3 shows a flowchart of a process flow that happens between the client machine, vTPM server and its subcomponents.
- FIG. 1 there is shown a schematic diagram illustrating a system to provide integrity measurement of a machine without TPM.
- vTPM Virtual Trusted Platform Module
- a security module comprises of at least one Local Trusted Agent (LTA) (103), at least one Resource Manager (RM) (105), at least one Virtual Trusted Platform Module (vTPM) Instance (107) and at least one Trusted Platform Module (TPM) (109).
- LTA Local Trusted Agent
- RM Resource Manager
- vTPM Virtual Trusted Platform Module
- TPM Trusted Platform Module
- Said client machine (111) comprises of Virtual Machine Monitor (VMM) (117) and trusted agents such as Remote Trusted Agent (RTA) (113) and Virtual Machine Monitor Trusted Agent (VTA) (115).
- VMM Virtual Machine Monitor
- RTA Remote Trusted Agent
- VTA Virtual Machine Monitor Trusted Agent
- LTA Local Trusted Agent
- RTA Remote Trusted Agent
- VTA Virtual Machine Monitor Trusted Agent
- Each of the trusted agents plays a role in collecting platform information.
- LTA Local Trusted Agent
- RTA Remote Trusted Agent
- VTA Virtual Machine Monitor Trusted Agent
- the trusted agents collect platform information and extend this information into vTPM.
- FIG. 2 there is shown a system to provide integrity measurement of a machine without TPM in accordance with the preferred embodiment of the present invention.
- the system comprises of two parties, which are the client machine (111) without TPM and the vTPM server (101).
- the purpose of the system architecture is to provide chain of trust from the physical TPM in vTPM server (101) to the physical client machine (111) and eventually up to the virtual machine (119) in said client machine (111).
- Two client machines (111) without TPM are shown in FIG. 2, in which one is for Client Machine 1 and one is for Client Machine 2.
- a plurality of the said client machine (111) without TPM can be used in the present invention, wherein each of the said client machine (111) comprises of at least one Remote Trusted Agent (RTA) (113), at least one Virtual Trusted Agent (VTA) (115), at least one VMM BIOS (211) and at least one virtual machine (VM) (119).
- RTA Remote Trusted Agent
- VTA Virtual Trusted Agent
- VM virtual machine
- Said RTA (113) in client machine (111) communicates with said LTA (103) in vTPM server (101) to establish root chain of trust in client machine (111).
- Said RTA (113) is first check for low level integrity value in client machine (111) such as BIOS and bootloader value. The control is then passed to virtual machine (119) and after all the value is validated and trust is established, the virtual machine (119) can utilize vTPM that created for it.
- Said vTPM Server (101) comprises of at least one physical TPM (109), at least one vTPM resource manager (RM) (105), at least one Local Trusted Agent (LTA) (103) and a plurality of vTPM instance (107) with vTPM Secure Storage (201).
- Each of the virtual machine (119) is assigned to respective vTPM instance (107). Therefore, the number of vTPM and vTPM Secure Storage (201) contained in said vTPM server (101) is depending on the number of virtual machine which is connected to it.
- LTA Local Trusted Agent
- MLR Memory Buffer Register
- RTA Remote Trusted Agent
- VTA Virtual Machine Monitor Trusted Agent
- VTA Virtual Machine Monitor Trusted Agent
- PCRs Platform Configuration Registers
- Resource Manager (105) assembles integrity measurement from the Trusted Agents and utilizes these integrity measurements as initial value for vTPM instances (107).
- FIG. 3 there is shown a process flow that happens between the client machine (111), vTPM server (101) and its subcomponents.
- the process starts with the commencing of vTPM server (101) and Resource Manager (105) ) to receive client's request or demand and to response by providing vTPM instance.
- Local Trusted Agent (LTA) (103) is used to capture the integrity measurement of the vTPM server (101), at least a Remote Trusted Agent (RTA) (113) is used to measure the integrity of client machine (111) without TPM, and Virtual Machine Monitor Trusted Agent
- VTA virtual machine
- RM Resource Manager
- the chain of trust which is extended from the physical TPM in vTPM server (101) to each of the physical client machine (111) and up to the virtual machine (119) is properly established.
- the integrity data stored in the vTPM Secure Storage (201) is securely maintained and could not be accessed by unauthorized parties or other virtual machines (119).
Abstract
The present invention relates generally to a system and method to provide integrity measurement of a machine without TPM using trusted agents, wherein said trusted agents comprise of at least one Local Trusted Agent (LTA) (103), at least one Remote Trusted Agent (RTA) (113) and at least one Virtual Machine Monitor Trusted Agent (VTA) (115) for capturing integrity measurements and thereby create a chain of trust between client machines (111) without TPM and machine with TPM.
Description
SYSTEM AND METHOD TO PROVIDE INTEGRITY MEASUREMENT OF A MACHINE WITHOUT TPM USING TRUSTED AGENT
TECHNICAL FIELD OF THE INVENTION
The present invention relates generally to a system and method to provide integrity measurement of a machine without TPM using trusted agents, wherein said trusted agents comprise of at least one Local Trusted Agent (LTA), at least one Remote Trusted Agent (RTA) and at least one Virtual Machine Monitor Trusted Agent (VTA) for capturing integrity measurements and thereby create a chain of trust between client machines without TPM and machine with TPM.
2. BACKGROUND OF THE INVENTION
Trusted Platform Module (TPM) is used in machine as one of the security features to ensure trustworthy of the machine. Generally Trusted Platform Module offers facilities for the secure generation of cryptographic keys and limitation of their use as well as to authenticate hardware devices. It is capable of performing platform authentication, for example, it can be used to verify that a system seeking access is the expected system. In the absence of TPM, machine could not provide platform integrity measurement which is
used by application during attestation process and therefore may create the possibility of confidentiality violations.
Most of the TPMs today are conforming to the Trusted Computing Groups (TCG). Consequently, a client is not able to execute the TCG enable application such as Trusted Online Banking on the machine without TPM. Furthermore, machine without the TPM could not provide privacy protection for the online application which is running in cloud computing environment because all the client information or some private information may be exposed to a third party during online transaction. Subsequently, there is high possibility of information leakage when a client is trying to access cloud infrastructure. Therefore, stringent security requirements must always be complied for workloads that share the same platform or when client is accessing to cloud infrastructure.
Nowadays, cloud service providers are making substantial efforts to secure their systems in order to minimize the threat of insider attacks as well as to reinforce the confidence of customers. However, no method or system is available to provide integrity measurement and chain of trust between machine without TPM and machine with TPM for ensuring the confidentiality and integrity of computations. Thus there is an essential need to seek for a technical solution that could secure the confidentiality and
integrity of computation, in a way that is verifiable by the customers of the service.
It would hence be extremely advantageous if the above shortcoming is alleviated by having a proactive approach to provide integrity measurement of a machine without TPM by using of trusted agents, whereby the trusted agents collect platform information and extend this information into vTPM.
SUMMARY OF THE INVENTION
Accordingly, it is the primary aim of the present invention to provide a system and method for integrity measurement of a machine without TPM by using of trusted agents for capturing integrity measurement.
It is yet another object of the present invention to provide a system and method for integrity measurement of a machine without TPM whereby chain of trust between machine without TPM and machine with TPM is generated.
It is yet another object of the present invention to provide a system and method for integrity measurement of a machine without TPM whereby
trusted agents are able to establish chain of trust by collecting integrity measurement from vTPM server, client machine and client virtual machine.
It is yet a further object of the present invention to provide a system and method for integrity measurement of a machine without TPM which is capable to provide privacy protection for online application running in cloud computing environment.
Yet a further object of the present invention is to provide a system and method for integrity measurement of a machine without TPM which is capable of preventing information leakage when a client is accessing to cloud infrastructure.
Other and further objects of the invention will become apparent with an understanding of the following detailed description of the invention or upon employment of the invention in practice.
According to an embodiment of the present invention there is provided,
A system to provide integrity measurement of a machine with TPM comprising: at least a server (101);
at least a client machine (111); characterised in that said server is a vTPM server (101) which comprises of at least one trusted agent; said client machine (111) comprises of at least one trusted agent; said system is able to perform integrity measurement without the use of TPM in said client machines (111).
In another aspect there is provided,
A method to provide integrity measurement of a machine without TPM comprising steps of: i. capturing integrity measurement of the vTPM server (101) by at least one Local Trusted Agent (103) and transmitting the said integrity measurement to at least one Resource Manager (105); ii. measuring integrity measurement of client machine (111) without TPM by at least one Remote Trusted Agent (113) and transmitting said integrity measurement to at least one Resource Manager (105);
iii. measuring integrity measurement of virtual machine (119) in said client machine (111) by Virtual Machine Monitor Trusted Agent (115) and transmitting the said integrity measurement to at least one Resource Manager (105); iv. assembling said integrity measurements from said Trusted Agent by Resource Manager (105) and utilizing the said integrity measurement as initial value for at least one vTPM instances (107). BRIEF DESCRIPTION OF THE DRAWINGS
Other aspect of the present invention and their advantages will be discerned after studying the Detailed Description in conjunction with the accompanying drawings in which:
FIG. 1 shows a schematic diagram illustrating a system to provide integrity measurement of a machine without TPM.
FIG. 2 shows a schematic diagram of a system to provide integrity measurement of a machine without TPM in accordance with the preferred embodiment of the present invention.
FIG. 3 shows a flowchart of a process flow that happens between the client machine, vTPM server and its subcomponents.
DETAILED DESCRIPTION OF THE DRAWINGS
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those or ordinary skill in the art that the invention may be practised without these specific details. In other instances, well known methods, procedures and/or components have not been described in detail so as not to obscure the invention.
The invention will be more clearly understood from the following description of the embodiments thereof, given by way of example only with reference to the accompanying drawings which are not drawn to scale.
Referring to FIG. 1, there is shown a schematic diagram illustrating a system to provide integrity measurement of a machine without TPM. At least a Virtual Trusted Platform Module (vTPM) server (101) and a plurality of client machines (111) is shown in FIG. 1 wherein said vTPM server (101) includes a security module comprises of at least one Local Trusted Agent (LTA) (103), at least one Resource Manager (RM) (105), at least one Virtual Trusted Platform Module (vTPM) Instance (107) and at least one Trusted
Platform Module (TPM) (109). Said client machine (111) comprises of Virtual Machine Monitor (VMM) (117) and trusted agents such as Remote Trusted Agent (RTA) (113) and Virtual Machine Monitor Trusted Agent (VTA) (115). Each of the trusted agents plays a role in collecting platform information. For example, Local Trusted Agent (LTA) (103) is used to capture the integrity measurement of the vTPM server (101), at least a Remote Trusted Agent (RTA) (113) is used to measure the integrity of client machine (111) without TPM, and Virtual Machine Monitor Trusted Agent (VTA) (115) is used to measure integrity of virtual machine (119) in said client machine (111). The trusted agents collect platform information and extend this information into vTPM.
Referring to FIG. 2, there is shown a system to provide integrity measurement of a machine without TPM in accordance with the preferred embodiment of the present invention. The system comprises of two parties, which are the client machine (111) without TPM and the vTPM server (101). The purpose of the system architecture is to provide chain of trust from the physical TPM in vTPM server (101) to the physical client machine (111) and eventually up to the virtual machine (119) in said client machine (111). Two client machines (111) without TPM are shown in FIG. 2, in which one is for Client Machine 1 and one is for Client Machine 2. A plurality of the said client machine (111) without TPM can be used in the present invention,
wherein each of the said client machine (111) comprises of at least one Remote Trusted Agent (RTA) (113), at least one Virtual Trusted Agent (VTA) (115), at least one VMM BIOS (211) and at least one virtual machine (VM) (119). Said RTA (113) in client machine (111) communicates with said LTA (103) in vTPM server (101) to establish root chain of trust in client machine (111). Said RTA (113) is first check for low level integrity value in client machine (111) such as BIOS and bootloader value. The control is then passed to virtual machine (119) and after all the value is validated and trust is established, the virtual machine (119) can utilize vTPM that created for it.
Said vTPM Server (101) comprises of at least one physical TPM (109), at least one vTPM resource manager (RM) (105), at least one Local Trusted Agent (LTA) (103) and a plurality of vTPM instance (107) with vTPM Secure Storage (201). Each of the virtual machine (119) is assigned to respective vTPM instance (107). Therefore, the number of vTPM and vTPM Secure Storage (201) contained in said vTPM server (101) is depending on the number of virtual machine which is connected to it.
In said vTPM server (101), Local Trusted Agent (LTA) (103) is used to capture the integrity measurement of the vTPM server (101). This is further comprises of at least measuring BIOS, option ROM, Memory Buffer Register (MBR), Boot Loader, CMOS Memory, PCRs Integrity Metrics and Firmware instruction. In client machine (111) without TPM, at least a Remote Trusted
Agent (RTA) (113) is used to measure the said client machine (111) without TPM. This is further comprises of at least measuring BIOS, option ROM, Memory Buffer Register (MBR), Boot Loader, CMOS Memory and Firmware instruction. In addition, Virtual Machine Monitor Trusted Agent (VTA) (115) is used to measure integrity of virtual machine (119) in said client machine
(111). These integrity measurements of physical hardware components are then combined using hashing algorithm. The collected platform information by the said Trusted Agents is then transmitted as integrity measurement to the Resource Manager (RM) (105) using secure communication channel. On the vTPM server (101), said Resource Manager (RM) (105) generates a virtual
Platform Configuration Registers (PCRs) value through combination of the integrity measurement using hashing algorithm to concatenate multiple integrity measurements into single digest, wherein at least these measurement consist of physical machine PCR(s), physical machine measurement of remote machine and virtual machine measurement.
Resource Manager (RM) (105) assembles integrity measurement from the Trusted Agents and utilizes these integrity measurements as initial value for vTPM instances (107).
Referring to FIG. 3, there is shown a process flow that happens between the client machine (111), vTPM server (101) and its subcomponents. The process starts with the commencing of vTPM server (101) and Resource
Manager (105) ) to receive client's request or demand and to response by providing vTPM instance. Local Trusted Agent (LTA) (103) is used to capture the integrity measurement of the vTPM server (101), at least a Remote Trusted Agent (RTA) (113) is used to measure the integrity of client machine (111) without TPM, and Virtual Machine Monitor Trusted Agent
(VTA) (115) is used to measure integrity of virtual machine (119) in said client machine (111). The Trusted Agents are then independently transmitting its integrity measurement to the Resource Manager (RM) (105). Resource Manager (105) assembles integrity measurements that are obtained from the Trusted Agents and utilizes this integrity measurement as initial value for vTPM instances (107).
By having such methodology, the chain of trust, which is extended from the physical TPM in vTPM server (101) to each of the physical client machine (111) and up to the virtual machine (119) is properly established. In addition, the integrity data stored in the vTPM Secure Storage (201) is securely maintained and could not be accessed by unauthorized parties or other virtual machines (119).
While the preferred embodiment of the present invention and its advantages has been disclosed in the above Detailed Description, the invention is not limited thereto but only by the spirit and scope of the appended claim.
Claims
1. A system to provide integrity measurement of a machine without
Trusted Platform Module (TPM) comprising; at least a server (101); at least a client machine (111); characterised in that said server (101) is a Virtual Trusted Platform Module (vTPM) server (101) which comprises of at least one trusted agent; said client machine (111) comprises of at least one trusted agent; said system is able to perform integrity measurement without the use of TPM in said client machine (111).
2. A system to provide integrity measurement of a machine without
TPM as in Claim 1 wherein said trusted agent comprises of at least one of the following:
Local Trusted Agent (LTA) (103);
Remote Trusted Agent (RTA) (113); Virtual Machine Monitor Trusted Agent (VTA) (115).
3. A system to provide integrity measurement of a machine without
TPM as in Claim 1 or Claim 2 wherein said vTPM server (101) comprises of at least one said Local Trusted Agent (103) to capture the integrity measurement of said vTPM server (101).
4. A system to provide integrity measurement of a machine without
TPM as in Claim 3 wherein said vTPM server (101) further comprises of at least one physical TPM (109), at least one vTPM Resource Manager (RM) (105) and a plurality of vTPM instance (107) with vTPM Secure Storage (201)
5. A system to provide integrity measurement of a machine without
TPM as in Claim 1 or Claim 2 wherein said client machine (111) comprises of at least one said Remote Trusted Agent (113) for measuring integrity of said client machine (111) without TPM.
6. A system to provide integrity measurement of a machine without
TPM as in Claim 5 wherein said client machine (111) further comprises of at lea&t one VMM BIOS (211) and at least one virtual machine (119).
7. A system to provide integrity measurement of a machine without TPM as in Claim 5 or Claim 6 wherein said client machine (111) further comprises of at least one Virtual Machine Monitor Trusted Agent (115) for measuring integrity of said virtual machine (119) in said client machine (111).
8. A system to provide integrity measurement of a machine without
TPM as in Claim 1 wherein said trusted agents transmit the captured integrity measurement to at least one Resource Manager (RM) (105) in said vTPM server (101).
9. A system to provide integrity measurement of a machine without
TPM as in Claim 8 wherein said Resource Manager (105) assembles integrity measurements from the said trusted agents and utilizes the said integrity measurements as initial value for said vTPM instances (107).
10 A method to provide integrity measurement of a machine without
TPM comprising steps of: i. capturing integrity measurement of the vTPM server (101) by at least one Local Trusted Agent (103) and transmitting the said integrity measurement to at least one Resource Manager (105); ii. measuring integrity measurement of client machine (111) without TPM by at least one Remote Trusted Agent (113) and transmitting said integrity measurement to at least one Resource Manager (105); iii. measuring integrity measurement of virtual machine (119) in said client machine (111) by Virtual Machine Monitor Trusted Agent (115) and transmitting the said integrity measurement to at least one Resource Manager (105); iv. assembling said integrity measurements from said Trusted Agent by Resource Manager (105) and utilizing the said integrity measurement as initial value for at least one vTPM instances (107).
11. A method to provide integrity measurement of a machine without
TPM as in Claim .10 wherein said step of capturing integrity measurement of the vTPM server (101) by Local Trusted Agent (103) further comprises of at least measuring of hardware components such as BIOS, option ROM, Memory Buffer Register (MBR), Boot Loader, CMOS Memory, PCRs Integrity Metrics and Firmware instruction by Local Trusted Agent (103).
12. A method to provide integrity measurement of a machine without
TPM as in Claim 10 wherein said step of measuring client machine (111) without TPM by Remote Trusted Agent (113) further comprises of at least measuring hardware components such as BIOS, option ROM, Memory Buffer Register (MBR), Boot Loader, CMOS Memory and Firmware instruction by Remote Trusted Agent (113).
13. A method to provide integrity measurement of a machine without
TPM as in Claim 11 or Claim 12 further comprises of concatenating the integrity measurements of hardware components using hashing algorithm and then transferring the said integrity measurements to the Resource Manager (105) using secure communication channel.
14. A method to provide integrity measurement of a machine without
TPM as in Claim 10 wherein said Resource Manager (105) generates a virtual Platform Configuration Registers (PCRs) value through a combination of the integrity measurements from LTA (103) and RTA (113) using hashing algorithm, wherein at least the said measurement comprises of physical machine PCR(s), physical machine measurement of remote machine and virtual machine measurement.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2011000166A MY155582A (en) | 2011-01-13 | 2011-01-13 | System and method to provide integrity measurement of a machine without tpm using trusted agent |
MYPI2011000166 | 2011-01-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012096558A1 true WO2012096558A1 (en) | 2012-07-19 |
Family
ID=46507311
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/MY2011/000168 WO2012096558A1 (en) | 2011-01-13 | 2011-07-11 | System and method to provide integrity measurement of a machine without tpm using trusted agent |
Country Status (2)
Country | Link |
---|---|
MY (1) | MY155582A (en) |
WO (1) | WO2012096558A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114666103A (en) * | 2022-03-04 | 2022-06-24 | 阿里巴巴(中国)有限公司 | Credible measuring device, equipment and system and credible identity authentication method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060020781A1 (en) * | 2004-06-24 | 2006-01-26 | Scarlata Vincent R | Method and apparatus for providing secure virtualization of a trusted platform module |
US20090307487A1 (en) * | 2006-04-21 | 2009-12-10 | Interdigital Technology Corporation | Apparatus and method for performing trusted computing integrity measurement reporting |
-
2011
- 2011-01-13 MY MYPI2011000166A patent/MY155582A/en unknown
- 2011-07-11 WO PCT/MY2011/000168 patent/WO2012096558A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060020781A1 (en) * | 2004-06-24 | 2006-01-26 | Scarlata Vincent R | Method and apparatus for providing secure virtualization of a trusted platform module |
US20090307487A1 (en) * | 2006-04-21 | 2009-12-10 | Interdigital Technology Corporation | Apparatus and method for performing trusted computing integrity measurement reporting |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114666103A (en) * | 2022-03-04 | 2022-06-24 | 阿里巴巴(中国)有限公司 | Credible measuring device, equipment and system and credible identity authentication method |
CN114666103B (en) * | 2022-03-04 | 2023-08-15 | 阿里巴巴(中国)有限公司 | Trusted measurement device, equipment, system and trusted identity authentication method |
Also Published As
Publication number | Publication date |
---|---|
MY155582A (en) | 2015-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10977372B2 (en) | Technologies for secure bootstrapping of virtual network functions | |
CN108351937B (en) | Computing device | |
US10885197B2 (en) | Merging multiple compute nodes with trusted platform modules utilizing authentication protocol with active trusted platform module provisioning | |
US9678774B2 (en) | Secure migration of virtual machines | |
US8656482B1 (en) | Secure communication using a trusted virtual machine | |
US9819496B2 (en) | Method and system for protecting root CA certificate in a virtualization environment | |
US8850212B2 (en) | Extending an integrity measurement | |
US20160350534A1 (en) | System, apparatus and method for controlling multiple trusted execution environments in a system | |
EP3317875B1 (en) | Keyless signature infrastructure based virtual machine integrity | |
CN104081407A (en) | Remote trust attestation and geo-location of servers and clients in cloud computing environments | |
US20200099536A1 (en) | Merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates | |
KR20150028837A (en) | Measuring platform components with a single trusted platform module | |
CN101523401A (en) | Secure use of user secrets on a computing platform | |
EP3217310A1 (en) | Hypervisor-based attestation of virtual environments | |
US11509480B2 (en) | Remote attestation based on runtime configuration | |
US20210067520A1 (en) | Cross-attestation of electronic devices | |
Velten et al. | Secure and privacy-aware multiplexing of hardware-protected tpm integrity measurements among virtual machines | |
WO2012096558A1 (en) | System and method to provide integrity measurement of a machine without tpm using trusted agent | |
EP4072094A1 (en) | Method for proving trusted state and related device | |
Sechkova et al. | Cloud & edge trusted virtualized infrastructure manager (vim)-security and trust in openstack | |
Nolte et al. | A Secure Workflow for Shared HPC Systems | |
Galanou et al. | Matee: Multimodal attestation for trusted execution environments | |
Zheng et al. | SwitchMan: An Easy-to-Use Approach to Secure User Input and Output | |
CN110115012A (en) | A kind of distribution method and equipment of secret information | |
Li et al. | Formal analysis of trust chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11855560 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11855560 Country of ref document: EP Kind code of ref document: A1 |