WO2011149329A1 - Method of providing trusted application services - Google Patents

Method of providing trusted application services Download PDF

Info

Publication number
WO2011149329A1
WO2011149329A1 PCT/MY2010/000328 MY2010000328W WO2011149329A1 WO 2011149329 A1 WO2011149329 A1 WO 2011149329A1 MY 2010000328 W MY2010000328 W MY 2010000328W WO 2011149329 A1 WO2011149329 A1 WO 2011149329A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
application
measurement
agents
tpm
Prior art date
Application number
PCT/MY2010/000328
Other languages
French (fr)
Inventor
Anuar Bin Mat Isa Mohd
Mahmod Ramlan
Mariam Ruzila Raja Ahmad Sufian Raja
Hazwan Halim Muhamad
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2011149329A1 publication Critical patent/WO2011149329A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates generally to method of providing security services in computing, more particularly to a method of providing trusted application services via trusted platform module.
  • TPM Trusted platform module
  • TPM Before a software can use the functionality of TPM, the software has to be modified to suit the requirements of TPM. Effort is needed to review, design, code and test the software according to trusted platform module specification. Hence, TPM is not widely used in security software.
  • a virtual TPM is described in US patent application 2006/0020781.
  • a virtual TPM service creates a virtual TPM for use in a processing system that contains physical TPM.
  • the virtual TPM service stores a key for the virtual TPM in physical TPM and emulates physical TPM features.
  • the present invention proposes a solution which incorporates trusted application services and trusted agents that utilize TPM for software application.
  • the trusted service is a platform that enables the software application to use TPM.
  • a user does not directly invoke the trusted services because the user does not need to know about the existence of TPM.
  • the user shall notify trusted application service if the user applications software wants to be measured by TPM and allows the trusted application services to perform attestation on behalf of the non-trusted application.
  • the trusted services can support numerous applications running simultaneously to use TPM and it has multiple trusted agents to perform trusted computing activities to any application associated to this trusted services. Trusted agent will collect information from non-trusted application and pass the information to the trusted application service which consequently provides integrity measurement.
  • FIG. 1 shows an overview of trusted application service according to the invention
  • Fig. 2 shows a diagram of trusted application service system architecture
  • Fig. 3 show diagrams of possible embodiments of implementation
  • Fig. 4 shows a flow chart of checking the existence of trusted platform module
  • Fig. 5 shows a flow chart of checking and starting trusted application services
  • Fig. 6 shows a flow chart of verifying application
  • Fig. 7 shows a flow chart of starting and closing trusted agent.
  • Fig. 1 shows a block diagram of proposed trusted application services (TAS) in computing.
  • TAS trusted application services
  • the primary objective of TAS is to allow applications which do not have support for trusted platform module (TPM) to be integrated with access to TPM.
  • Trusted platform initialization 001 is a method for checking the existence of TPM in a computer system.
  • TAS integrity measurement 002 is a method for checking and verifying the integrity of TAS while application integrity measurement 003 is a method for checking and verifying the integrity of software application.
  • Trusted agents and application 004 is a method for starting and closing the application via trusted agents. Each method will be described in detail.
  • Fig. 2 is a block diagram showing a proposed architecture of the system.
  • the system uses TPM or virtual TP 1 17 as root of trust for integrity measurement which enables TAS switches user application to be in a secure trusted application.
  • Virtual TPM is a software that emulates hardware TPM.
  • Trusted boot loader 116 performs integrity measurement at operating system TSS and TAS. The measurement is then stored in TPM in program configuration register array. Every time a machine boots, this process will capture the stored integrity measurement and compare with actual measurement. This process will ensure TAS runs at trusted state.
  • the invention can be ported on multiple operating systems 115 such as Windows, Linux, Mobile operating system and any platform that has TPM.
  • Trusted software stack (TSS) 114 can be used as interface between TAS and TPM.
  • Trusted application service (TAS) 112 is a system tools that provide trusted computing functionality to any user application that intends to use TPM. This trusted service provides solution for facilitating applications to use TPM.
  • TAS has multiple managers 109, 1 10, 1 11 to perform specific task and every manager is capable to spawn multiple trusted agents 103, 104, 105, 106, 107, 108 in order to extend the application function.
  • Application A 101 and application B 102 are independent user applications such as system services, network application or system tools. These user applications may or may not support trusted computing functions.
  • Trusted Application is a software designed to support TPM and maintains trust.
  • a non-trusted software application is a program without trusted computing features.
  • Token 113 may take form of a physical device or software used for user authorization for the use of TAS.
  • Token can store encrypted data and configuration, cryptographic keys, migration key, digital signature, biometric data or any other information.
  • TAS can be implemented in one of the three following modes, as shown in Fig. 3. In Mode 1 , TAS runs on a machine with hardware TPM. The layers involved are TAS, TSS, Operating System, TGrub and hardware TPM. In Mode 2, TAS runs on virtual machine using virtual TPM. The layers involved are TAS, TSS, guest Operating System, TGrub virtual TPM, hypervisor/virtualization and hardware with or without TPM. In Mode 3, TAS runs on virtual machine using hardware TPM.
  • Fig. 4 shows a flow chart for checking the existence of trusted platform module in a computer. This flow chart shows how TAS is started by verifying the existence of TPM in the computer. Enabling trusted application services 201 will start the trusted services on the system and consequently check the existence of TPM hardware 202. If hardware TPM does not exist, the existence of virtual TPM 206 is next checked. If virtual TPM does not exist, then the TAS is disabled 205. The existence of at least trusted platform module, or virtual trusted platform is verified.
  • Boot trusted application services 203 if TPM or virtual TPM exist in the computer system.
  • TPM owner is checked 204.
  • TPM ownership is provided 207 if it does not exist.
  • Stage 1 is preceded in the next stage.
  • Stage 1 , 2, 3, 4, 5 is used to provide various entry and exit stage.
  • Fig. 5 shows a flow chart for verifying and running TAS.
  • TAS integrity is verified by checking the integrity measurement of TAS and system configuration. Measurements include operating system, file library and other related information.
  • the valid owner of TPM is checked 301. A typical way of checking the owner is by providing login identification and password.
  • the owner logs into TAS 302.
  • administrator account is configured in trusted service 306.
  • the configuration process includes configuring trusted boot loader by pointing trusted grub to perform integrity measurement on this trusted service. Integrity measurement is performed on kernel, memory buffer register and trusted application services.
  • TAS and system configuration is then measured 307. Additionally, a token 308 can be used to increase security fortification by binding token 309 with trusted services. Later, the integrity measurement is stored in trusted storage 310. The computer needs to be rebooted 311 to apply the new integrity measurement. After login, authorization 304 is performed with token 316 if this feature is enabled in system configuration. Token is inserted 317 as a form of authorization. The system can be configured 305. Otherwise, TAS and system configuration is measured 312. Original integrity measurement from trusted storage is loaded and compared with current integrity measurement 313. If it is a valid measurement 314, TAS is run 315.
  • Fig. 6 shows the process to check the status or integrity of user application and platform configuration.
  • the integrity measurement includes measurement of application, library file and other related files to the application based on the configuration of the application.
  • the application to be loaded is chosen 401 by TAS. If the application is run for the first time 402, then it needs to be configured over TPM. It is given a choice if it prefers auto configuration 403. Default configuration is loaded 404 for auto configuration. Choice of configuration 405 is given if auto configuration is not desired.
  • the application and configuration is measured 406. The measurement is stored in trusted storage 407 for later use. If configuration is not desired, the integrity measurement for this application and configuration is proceeded 409. Original integrity measurement from trusted storage is loaded and compared with current integrity measurement 410. For valid measurements 412, the application is allowed to run 414. Otherwise, the application and trusted agent is halted 413.
  • Fig. 7 shows the process for starting and closing the trusted agents after the application has been executed.
  • TAS spawns trusted agents 501 based on the defined configuration for the application. After the agent completes the task, TAS closes the relevant trusted agents 502 to free system resources.
  • the application is closed 503.
  • Trusted agents collect information, store information and share information. Trusted agents collect information from user application, credential, operating system, network, or related library files to execute the application. Information is stored in trusted storage upon completing trusted action. The trusted agents can share information with other trusted agents. Accordingly, the invention disclosed a trusted application service which utilize trusted platform module for security applications. Trusted application services allow application to be executed if integrity measurement is valid.
  • the trusted application services, application, trusted boot loader and trusted agents areis a machine instructions executeds in athe physical machine or virtual machine to do integrity measurements on the platform with at least a security devices or virtual security devices to store integrity measurements. Approaches were described for applications to be verified. It is the combination of the above features and its technical advantages give rise to the uniqueness of such invention. Although the descriptions above contain much specificity, these should not be construed as limiting the scope of the embodiment but as merely providing illustrations of some of the presently preferred embodiments.

Abstract

Trusted platform module is a processor that stores cryptographic keys according to a specification. This invention proposes a method for software application to access trusted platform module function. Trusted application service and software application is configured (306) to be measured to check the integrity of the trusted application service and software application. Measured trusted application service and system configuration is stored in trusted storage (310). The measured information is compared whenever a user login or application is used. Hence, a user and application is authenticated with trusted platform module.

Description

METHOD OF PROVIDING TRUSTED APPLICATION SERVICES
The present invention relates generally to method of providing security services in computing, more particularly to a method of providing trusted application services via trusted platform module.
BACKGROUND
Trusted platform module (TPM) is specification of a processor that stores cryptographic keys. All TPM hardware follows Trusted Computing Group specification. Most of the computer devices such as laptops follow TPM specification. Hence, each hardware has a unique cryptographic key. TPM can be used to authenticate hardware which can be useful in authenticating a user, base or subscriber.
Before a software can use the functionality of TPM, the software has to be modified to suit the requirements of TPM. Effort is needed to review, design, code and test the software according to trusted platform module specification. Hence, TPM is not widely used in security software.
A virtual TPM is described in US patent application 2006/0020781. A virtual TPM service creates a virtual TPM for use in a processing system that contains physical TPM. The virtual TPM service stores a key for the virtual TPM in physical TPM and emulates physical TPM features.
There are many security software such as network application which can be strengthen by using TPM functionality. It is an object of the invention to allow software application which does not have TPM function to be provided with TPM function. The trusted application service is developed to run on various operating systems.
SUMMARY OF INVENTION
The present invention proposes a solution which incorporates trusted application services and trusted agents that utilize TPM for software application. The trusted service is a platform that enables the software application to use TPM. A user does not directly invoke the trusted services because the user does not need to know about the existence of TPM. The user shall notify trusted application service if the user applications software wants to be measured by TPM and allows the trusted application services to perform attestation on behalf of the non-trusted application. The trusted services can support numerous applications running simultaneously to use TPM and it has multiple trusted agents to perform trusted computing activities to any application associated to this trusted services. Trusted agent will collect information from non-trusted application and pass the information to the trusted application service which consequently provides integrity measurement.
BRIEF DESCRIPTION OF DRAWINGS
The invention will now be described in greater detail, by way of an example, with reference to the accompanying drawings, in which:
Fig. 1 shows an overview of trusted application service according to the invention; Fig. 2 shows a diagram of trusted application service system architecture; Fig. 3 show diagrams of possible embodiments of implementation;
Fig. 4 shows a flow chart of checking the existence of trusted platform module; Fig. 5 shows a flow chart of checking and starting trusted application services;
Fig. 6 shows a flow chart of verifying application; and
Fig. 7 shows a flow chart of starting and closing trusted agent. DESCRIPTION OF EMBODIMENTS
Fig. 1 shows a block diagram of proposed trusted application services (TAS) in computing. The primary objective of TAS is to allow applications which do not have support for trusted platform module (TPM) to be integrated with access to TPM. Trusted platform initialization 001 is a method for checking the existence of TPM in a computer system. TAS integrity measurement 002 is a method for checking and verifying the integrity of TAS while application integrity measurement 003 is a method for checking and verifying the integrity of software application. Trusted agents and application 004 is a method for starting and closing the application via trusted agents. Each method will be described in detail. Fig. 2 is a block diagram showing a proposed architecture of the system. The system uses TPM or virtual TP 1 17 as root of trust for integrity measurement which enables TAS switches user application to be in a secure trusted application. Virtual TPM is a software that emulates hardware TPM. Trusted boot loader 116 performs integrity measurement at operating system TSS and TAS. The measurement is then stored in TPM in program configuration register array. Every time a machine boots, this process will capture the stored integrity measurement and compare with actual measurement. This process will ensure TAS runs at trusted state.
The invention can be ported on multiple operating systems 115 such as Windows, Linux, Mobile operating system and any platform that has TPM. Trusted software stack (TSS) 114 can be used as interface between TAS and TPM. Trusted application service (TAS) 112 is a system tools that provide trusted computing functionality to any user application that intends to use TPM. This trusted service provides solution for facilitating applications to use TPM.
TAS has multiple managers 109, 1 10, 1 11 to perform specific task and every manager is capable to spawn multiple trusted agents 103, 104, 105, 106, 107, 108 in order to extend the application function.
Application A 101 and application B 102 are independent user applications such as system services, network application or system tools. These user applications may or may not support trusted computing functions. Trusted Application is a software designed to support TPM and maintains trust. A non-trusted software application is a program without trusted computing features.
Token 113 may take form of a physical device or software used for user authorization for the use of TAS. Token can store encrypted data and configuration, cryptographic keys, migration key, digital signature, biometric data or any other information. TAS can be implemented in one of the three following modes, as shown in Fig. 3. In Mode 1 , TAS runs on a machine with hardware TPM. The layers involved are TAS, TSS, Operating System, TGrub and hardware TPM. In Mode 2, TAS runs on virtual machine using virtual TPM. The layers involved are TAS, TSS, guest Operating System, TGrub virtual TPM, hypervisor/virtualization and hardware with or without TPM. In Mode 3, TAS runs on virtual machine using hardware TPM. This is possible with hypervisor or virtualization features that allow communication between upper layers of TAS, trusted software stack (TSS) and trusted boot loader (TGrub). Fig. 4 shows a flow chart for checking the existence of trusted platform module in a computer. This flow chart shows how TAS is started by verifying the existence of TPM in the computer. Enabling trusted application services 201 will start the trusted services on the system and consequently check the existence of TPM hardware 202. If hardware TPM does not exist, the existence of virtual TPM 206 is next checked. If virtual TPM does not exist, then the TAS is disabled 205. The existence of at least trusted platform module, or virtual trusted platform is verified.
Boot trusted application services 203 if TPM or virtual TPM exist in the computer system. Next, the existence of TPM owner is checked 204. TPM ownership is provided 207 if it does not exist. Stage 1 is preceded in the next stage. Stage 1 , 2, 3, 4, 5 is used to provide various entry and exit stage.
Fig. 5 shows a flow chart for verifying and running TAS. TAS integrity is verified by checking the integrity measurement of TAS and system configuration. Measurements include operating system, file library and other related information. First, the valid owner of TPM is checked 301. A typical way of checking the owner is by providing login identification and password. Then, the owner logs into TAS 302. For first time login 303, administrator account is configured in trusted service 306. The configuration process includes configuring trusted boot loader by pointing trusted grub to perform integrity measurement on this trusted service. Integrity measurement is performed on kernel, memory buffer register and trusted application services.
The TAS and system configuration is then measured 307. Additionally, a token 308 can be used to increase security fortification by binding token 309 with trusted services. Later, the integrity measurement is stored in trusted storage 310. The computer needs to be rebooted 311 to apply the new integrity measurement. After login, authorization 304 is performed with token 316 if this feature is enabled in system configuration. Token is inserted 317 as a form of authorization. The system can be configured 305. Otherwise, TAS and system configuration is measured 312. Original integrity measurement from trusted storage is loaded and compared with current integrity measurement 313. If it is a valid measurement 314, TAS is run 315.
Fig. 6 shows the process to check the status or integrity of user application and platform configuration. When the measurement of both application and configuration matches the stored measurement, the system can then run the application. The integrity measurement includes measurement of application, library file and other related files to the application based on the configuration of the application.
First, the application to be loaded is chosen 401 by TAS. If the application is run for the first time 402, then it needs to be configured over TPM. It is given a choice if it prefers auto configuration 403. Default configuration is loaded 404 for auto configuration. Choice of configuration 405 is given if auto configuration is not desired. The application and configuration is measured 406. The measurement is stored in trusted storage 407 for later use. If configuration is not desired, the integrity measurement for this application and configuration is proceeded 409. Original integrity measurement from trusted storage is loaded and compared with current integrity measurement 410. For valid measurements 412, the application is allowed to run 414. Otherwise, the application and trusted agent is halted 413.
Fig. 7 shows the process for starting and closing the trusted agents after the application has been executed. TAS spawns trusted agents 501 based on the defined configuration for the application. After the agent completes the task, TAS closes the relevant trusted agents 502 to free system resources. When the trusted agents have been terminated, the application is closed 503. Trusted agents collect information, store information and share information. Trusted agents collect information from user application, credential, operating system, network, or related library files to execute the application. Information is stored in trusted storage upon completing trusted action. The trusted agents can share information with other trusted agents. Accordingly, the invention disclosed a trusted application service which utilize trusted platform module for security applications. Trusted application services allow application to be executed if integrity measurement is valid. The trusted application services, application, trusted boot loader and trusted agents areis a machine instructions executeds in athe physical machine or virtual machine to do integrity measurements on the platform with at least a security devices or virtual security devices to store integrity measurements. Approaches were described for applications to be verified. It is the combination of the above features and its technical advantages give rise to the uniqueness of such invention. Although the descriptions above contain much specificity, these should not be construed as limiting the scope of the embodiment but as merely providing illustrations of some of the presently preferred embodiments.

Claims

1. A method of providing trusted application services in computing, comprising: configuring trusted boot loader to perform integrity measurement at least, on kernel, memory buffer register and trusted application services (306);
measuring trusted application services and system configurations (307);
storing measurement in trusted storage (310);
booting the machine to apply new integrity measurement (311);
configuring an application through trusted application services;
measuring the application and configuration (406); and
storing an application measurements in trusted storage (407);
wherein trusted application services allow application to be executed if integrity measurement is valid.
2. A method according to claim 1 , further comprising binding a token (309) to integrity measurement, said token is used as authorization tool for user login.
3. A method according to claim 1 , further comprising;
measuring trusted application services and system configurations (312) after authorizing user login;
comparing measurement with stored measurement (313);
running trusted application services if the measurements is valid (314); and spawning trusted agents to perform assigned tasks (501).
4. A method according to claim 3, wherein spawning trusted agents perform assigned tasks comprising:
measuring the application and configuration (409) before the application is executed;
comparing measurement obtained with stored measurement (410); and allow application to executes if the measurement is valid (314);
5. A method according to claim 4, wherein trusted agents collect information from user application, credential, operating system, network, or related library files to execute the application.
6. A method according to claim 4, wherein trusted agents store information in trusted storage upon completing trusted action.
7. A method according to claim 4, wherein trusted agents share information with other trusted agents.
8. A method according to claim 4, wherein at least trusted agents spawning other agents to perform it task.
9. A method according to claim 1 , wherein the steps are performed after the existence of at least trusted platform module, or virtual trusted platform module is verified.
10. A method according to claim 1 , wherein at least the trusted application services, application, trusted boot loader and trusted agents are machine instructions executed in a physical machine or virtual machine to do integrity measurements on the platform with at least a security devices or virtual security devices to store integrity measurements.
PCT/MY2010/000328 2010-05-26 2010-12-20 Method of providing trusted application services WO2011149329A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2010700032 2010-05-26
MYPI2010700032A MY181899A (en) 2010-05-26 2010-05-26 Method of providing trusted application services

Publications (1)

Publication Number Publication Date
WO2011149329A1 true WO2011149329A1 (en) 2011-12-01

Family

ID=45004147

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2010/000328 WO2011149329A1 (en) 2010-05-26 2010-12-20 Method of providing trusted application services

Country Status (2)

Country Link
MY (1) MY181899A (en)
WO (1) WO2011149329A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014153635A1 (en) * 2013-03-26 2014-10-02 Irdeto Canada Corporation Method and system for platform and user application security on a device
CN110647740A (en) * 2018-06-27 2020-01-03 复旦大学 TPM-based container trusted boot method and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116340956B (en) * 2023-05-25 2023-08-08 国网上海能源互联网研究院有限公司 Trusted protection optimization method and device for electric embedded terminal equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015717A1 (en) * 2004-07-15 2006-01-19 Sony Corporation And Sony Electronics, Inc. Establishing a trusted platform in a digital processing system
US20070192864A1 (en) * 2006-02-10 2007-08-16 Bryant Eric D Software root of trust
US20090165081A1 (en) * 2007-12-21 2009-06-25 Samsung Electronics Co., Ltd. Trusted multi-stakeholder environment
US20100082991A1 (en) * 2008-09-30 2010-04-01 Hewlett-Packard Development Company, L.P. Trusted key management for virtualized platforms
US20100175112A1 (en) * 2009-01-07 2010-07-08 Telcordia Technologies, Inc. System, method, and computer program products for enabling trusted access to information in a diverse service environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015717A1 (en) * 2004-07-15 2006-01-19 Sony Corporation And Sony Electronics, Inc. Establishing a trusted platform in a digital processing system
US20070192864A1 (en) * 2006-02-10 2007-08-16 Bryant Eric D Software root of trust
US20090165081A1 (en) * 2007-12-21 2009-06-25 Samsung Electronics Co., Ltd. Trusted multi-stakeholder environment
US20100082991A1 (en) * 2008-09-30 2010-04-01 Hewlett-Packard Development Company, L.P. Trusted key management for virtualized platforms
US20100175112A1 (en) * 2009-01-07 2010-07-08 Telcordia Technologies, Inc. System, method, and computer program products for enabling trusted access to information in a diverse service environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014153635A1 (en) * 2013-03-26 2014-10-02 Irdeto Canada Corporation Method and system for platform and user application security on a device
CN110647740A (en) * 2018-06-27 2020-01-03 复旦大学 TPM-based container trusted boot method and device
CN110647740B (en) * 2018-06-27 2023-12-05 复旦大学 Container trusted starting method and device based on TPM

Also Published As

Publication number Publication date
MY181899A (en) 2021-01-12

Similar Documents

Publication Publication Date Title
US8201239B2 (en) Extensible pre-boot authentication
US8909940B2 (en) Extensible pre-boot authentication
US8332930B2 (en) Secure use of user secrets on a computing platform
US8522018B2 (en) Method and system for implementing a mobile trusted platform module
US10152600B2 (en) Methods and systems to measure a hypervisor after the hypervisor has already been measured and booted
US10148429B2 (en) System and method for recovery key management
US8978127B2 (en) Virtual appliance pre-boot authentication
CN109669734B (en) Method and apparatus for starting a device
JP5957004B2 (en) System, method, computer program product, and computer program for providing validation that a trusted host environment is compliant with virtual machine (VM) requirements
KR100989977B1 (en) Methods and arrangements to launch trusted, co-existing environments
US8539551B2 (en) Trusted virtual machine as a client
US9202062B2 (en) Virtual machine validation
JP4323473B2 (en) Computer security system and method
US8850212B2 (en) Extending an integrity measurement
US8108668B2 (en) Associating a multi-context trusted platform module with distributed platforms
US8464047B2 (en) Method and apparatus for authorizing host to access portable storage device
US9164925B2 (en) Method and apparatus for authorizing host to access portable storage device
WO2019095357A1 (en) Ststem startup check method and system, electronic device and computer storage medium
CN108595983B (en) Hardware architecture based on hardware security isolation execution environment and application context integrity measurement method
JP2014531683A (en) Out-of-band remote authentication
WO2007130182A1 (en) Selectively unlocking a core root of trust for measurement (crtm)
US10037418B2 (en) Pre-boot authentication credential sharing system
US8108905B2 (en) System and method for an isolated process to control address translation
CN115470477A (en) Intelligent terminal, processor system thereof and trusted execution method
WO2011149329A1 (en) Method of providing trusted application services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10852267

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10852267

Country of ref document: EP

Kind code of ref document: A1