Information security system

摘要

An information security system is disclosed having a considerably simplified access control infrastructure. The number of secrets in a computer system domain is reduced to a minimum, yet individual users may still be identified and access to applications may still be individually controlled. The trusted entity in each of a plurality of platforms (100, 200, 202, 203) of the computer system may store an identity secret of the platform (100, 200, 202, 203) and may be trusted to use that secret in conjunction with an information label only when the platform (100, 200, 202, 203) is running the correct software to provide and/or take part in a particular service associated with that information label.

主权项

1. A computing platform comprising:
a trusted entity implemented in a computer; and storage that securely provides to the trusted entity both a label identifying a computing resource that the computing platform can provide, and integrity-metric reference values; wherein the computing platform responds to a request received at the computing platform for the computing resource, by generating a digitally-signed positive response only following the trusted entity having made a determination that the computing platform is in a software state providing the requested computing resource, the trusted entity making said determination by matching measured integrity metric values of the computing platform with the integrity-metric reference values.