| 发明名称 | Validating a system with multiple subsystems using trusted platform modules and virtual platform modules | ||
| 摘要 | Software validation is provided for a breakout system having multiple subsystems at the edge of a mobile data network. The software validation utilizes one or more trusted platform modules (TPM) to secure multiple subsystems including virtual machines in the breakout system. Hash values for the software in the various subsystems are placed in Platform Configuration Registers (PCRs) of the TPM. The TPM cryptographically signs quotes, which are a collection of hash values from the PCRs. The breakout system produces an extensible markup language (XML) file with the signed quotes related to the subsystems and sends them to a network management system for verification. The network management system validates the software configured on the breakout system using a public key to access the quotes and compares the values to known good values stored in an inventory record associated with the specific breakout system being validated. | ||
| 申请公布号 | US8793504(B2) | 申请公布日期 | 2014.07.29 |
| 申请号 | US201213402109 | 申请日期 | 2012.02.22 |
| 申请人 | International Business Machines Corporation | 发明人 | Billau Ronald L.;Di Luoffo Vincenzo V.;Hennessy Terence K. |
| 分类号 | G06F11/30;H04K1/00;G06F9/00;H04M1/66 | 主分类号 | G06F11/30 |
| 代理机构 | Martin & Associates, LLC | 代理人 | Martin & Associates, LLC ;Petersen Bret J. |
| 主权项 | 1. A mobile data network comprising: a breakout system associated with one of a plurality of basestations, where the plurality of basestations each communicate with a corresponding antenna that transmits and receives radio signals to and from user equipment, wherein the plurality of basestations are part of a radio access network that communicates with a core network in the mobile data network, the breakout system further comprising: a service processor with a first trusted platform module (TPM) having PCRs;a system controller that provides hash values to the PCRs of the first TPM;a platform services mechanism that obtains validation quotes from the service processor and the system controller, where the validation quotes comprise digitally signed hash values from platform configuration registers (PCRs) of the trusted platform module (TPM),wherein the platform services mechanism creates an extensible markup language (XML) file with the validation quotes and sends the XML file to a network management system for validation of the system; andthe network management system parses the XML file and uses public keys to compare the validation quotes to known good values stored in a database by the network management system to validate the system. | ||
| 地址 | Armonk NY US | ||