| 发明名称 | Attestation architecture and system | ||
| 摘要 | An architecture and system are provided for flexible, composable attestation systems. Systems built according to this attestation architecture can be composed to accomplish complex attestation scenarios. The system is designed around composable components to permit flexible recombination. A system, method, and computer program product are provided for proving attestations to an appraiser regarding a target system. In an embodiment, an attestation request is sent from an appraiser to a target system, wherein the attestation request includes queries regarding properties of the target system needed by the appraiser to make trust decisions regarding the target system. The attestation request is forwarded from the target system to an attester which collects the requested data. The attester sends an attestation response to the appraiser, wherein the response includes at least information regarding properties of the target system requested by the appraiser in order to make a trust decision regarding the target system. | ||
| 申请公布号 | US9276905(B2) | 申请公布日期 | 2016.03.01 |
| 申请号 | US200812032190 | 申请日期 | 2008.02.15 |
| 申请人 | The MITRE Corporation | 发明人 | Coker, II George S.;Herzog Amy L.;Guttman Joshua;Loscocco Peter A.;Millen Jonathan K.;Ramsdell John D.;Segall Ariel;Sheehy Justin;Sniffen Brian T.;Wagner Grant |
| 分类号 | G06F11/00;G06F12/14;G06F12/16;G08B23/00;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Sterne, Kessler, Goldstein & Fox P.L.L.C. | 代理人 | Sterne, Kessler, Goldstein & Fox P.L.L.C. |
| 主权项 | 1. A method for making trust decisions regarding a target system, the method comprising: (a) receiving an attestation request at the target system, wherein the attestation request includes queries regarding specific dynamic properties of the target system needed by an appraiser to make trust decisions regarding the target system, and wherein the attestation request contains a subset of information contained in an original request from the appraiser; (b) sending the attestation request from the target system to an attester, wherein sending the attestation request from the target system to the attester comprises sending a subset of information contained in the attestation request to the attester; (c) collecting information regarding the specific dynamic properties by invoking measurement agents that perform measurements on software executing on the target system, wherein the collected information corresponds to the subset of information sent from the target system to the attester; (d) sending an attestation response from the attester to the appraiser, wherein the response includes at least information regarding the specific dynamic properties of the target system requested by the appraiser in step (a) and information regarding the reliability of the attestation response, wherein the information regarding the reliability of the attestation response identifies an attestation architecture of the attester; and (e) making a trust decision at the appraiser regarding the target system based on the information regarding the specific dynamic properties and the reliability of the attestation response contained in the attestation response. | ||
| 地址 | McLean VA US | ||