| 发明名称 |
Extending an integrity measurement |
| 摘要 |
A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement. |
| 申请公布号 |
US8850212(B2) |
申请公布日期 |
2014.09.30 |
| 申请号 |
US201113698235 |
申请日期 |
2011.05.12 |
| 申请人 |
Hewlett-Packard Development Company, L.P. |
发明人 |
Proudler Graeme John;Chen Liqun |
| 分类号 |
G06F21/57;G06F21/51;G06F21/50;G06F21/60;G06F21/00 |
主分类号 |
G06F21/57 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of extending an integrity measurement in a trusted device operating in a trusted platform by using a set of policy commands to:
extend into a policy register: a list of Platform Configuration Registers (PCRs) for the device, current values of the listed PCRs, an integrity value identifying the integrity measurement, and a PCR, from the list of PCRs, intended to be extended into the policy register; verify a signature over the integrity value extended into the policy register, and, when verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, wherein verifying the signature is performed using a first verification public key and wherein the verification key extended into the policy register is the first verification public key plus an indication that it is a verification key; compare the integrity value extended into the policy register with a value stored in the trusted platform, and, when the compared values are the same:
extend the stored value, plus an indication that it is a stored value, into the policy register; andextend the integrity measurement in the trusted device when the stored value in the policy register matches a value stored with the integrity measurement. |
| 地址 |
Houston TX US |
