Device configuration parameter determination
US-11240104-B1 · Feb 1, 2022 · US
Hardware device integrity validation using platform configuration values
US11853417B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11853417-B2 |
| Application number | US-202017132001-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 23, 2020 |
| Priority date | Dec 23, 2020 |
| Publication date | Dec 26, 2023 |
| Grant date | Dec 26, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are provided for hardware device integrity validation using platform configuration values. One method comprises obtaining platform configuration values associated with software of a hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a platform configuration table; and performing one or more automated remedial actions (e.g., initiating a reboot of the hardware device) based on a result of the comparison. The platform configuration values for the hardware device may be obtained from a local platform configuration value table of the hardware device. The platform configuration values for the hardware device may be obtained by an integrity validation monitor associated with the hardware device, and the integrity validation monitor may send the obtained platform configuration values for the hardware device to an integrity validation server that securely stores the platform configuration table and performs the comparison.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: obtaining a plurality of platform configuration values for a hardware device from a local platform configuration value table of the hardware device, wherein the hardware device comprises a plurality of software components, and wherein the platform configuration values are generated by applying a function to one or more of: (i) a content of respective ones of the plurality of software components of the hardware device, and (ii) an identifier of respective ones of the plurality of software components of the hardware device, wherein the function generates the plurality of platform configuration values, and wherein the local platform configuration value table of the hardware device is secured by a cryptographic module of the hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a second platform configuration table to identify one or more software changes to at least one of the plurality of software components of the hardware device; and performing one or more automated actions based at least in part on a result of the comparison, wherein the one or more automated actions comprise one or more of (i) initiating a reboot of the hardware device and (ii) sending one or more notifications to at least one recipient device; wherein the method is performed by at least one processing device comprising a processor coupled to a memory. 2. The method of claim 1 , wherein the one or more platform configuration values for the hardware device are obtained by an integrity validation monitor associated with the hardware device, and wherein the integrity validation monitor sends the obtained platform configuration values for the hardware device to an integrity validation server that securely stores the second platform configuration table and performs the comparison. 3. The method of claim 1 , wherein the one or more platform configuration values for the hardware device are stored in the second platform configuration table in response to the hardware device being produced or in response to at least one software item of the hardware device being updated. 4. The method of claim 1 , wherein the comparison detects an unknown platform configuration value for the hardware device in the second platform configuration table. 5. The method of claim 2 , wherein the hardware device comprises one of a plurality of hardware devices at a first location that is different than a second location of the integrity validation server. 6. The method of claim 1 , wherein the one or more platform configuration values for the hardware device comprise a hash value related to the respective software component. 7. The method of claim 1 , wherein the one or more software changes to the at least one of the plurality of software components of the hardware device comprise one or more of: (i) a change to the content of the at least one software component; and (ii) an addition of a new software component to the plurality of software components. 8. An apparatus comprising: at least one processing device comprising a processor coupled to a memory; the at least one processing device being configured to implement the following steps: obtaining a plurality of platform configuration values for a hardware device from a local platform configuration value table of the hardware device, wherein the hardware device comprises a plurality of software components, and wherein the platform configuration values are generated by applying a function to one or more of: (i) a content of respective ones of the plurality of software components of the hardware device, and (ii) an identifier of respective ones of the plurality of software components of the hardware device, wherein the function generates the plurality of platform configuration values, and wherein the local platform configuration value table of the hardware device is secured by a cryptographic module of the hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a second platform configuration table to identify one or more software changes to at least one of the plurality of software components of the hardware device; and performing one or more automated actions based at least in part on a result of the comparison, wherein the one or more automated actions comprise one or more of (i) initiating a reboot of the hardware device and (ii) sending one or more notifications to at least one recipient device. 9. The apparatus of claim 8 , wherein the one or more platform configuration values for the hardware device are obtained by an integrity validation monitor associated with the hardware device, and wherein the integrity validation monitor sends the obtained platform configuration values for the hardware device to an integrity validation server that securely stores the second platform configuration table and performs the comparison. 10. The apparatus of claim 8 , wherein the one or more platform configuration values for the hardware device are stored in the second platform configuration table in response to the hardware device being produced or in response to at least one software item of the hardware device being updated. 11. The apparatus of claim 8 , wherein the comparison detects an unknown platform configuration value for the hardware device in the second platform configuration table. 12. The apparatus of claim 9 , wherein the hardware device comprises one of a plurality of hardware devices at a first location that is different than a second location of the integrity validation server. 13. The apparatus of claim 8 , wherein the one or more software changes to the at least one of the plurality of software components of the hardware device comprise one or more of: (i) a change to the content of the at least one software component; and (ii) an addition of a new software component to the plurality of software components. 14. A non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device causes the at least one processing device to perform the following steps: obtaining a plurality of platform configuration values for a hardware device from a local platform configuration value table of the hardware device, wherein the hardware device comprises a plurality of software components, and wherein the platform configuration values are generated by applying a function to one or more of: (i) a content of respective ones of the plurality of software components of the hardware device, and (ii) an identifier of respective ones of the plurality of software components of the hardware device, wherein the function generates the plurality of platform configuration values, and wherein the local platform configuration value table of the hardware device is secured by a cryptographic module of the hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a second platform configuration table to identify one or more software changes to at least one of the plurality of software components of the hardware device; and performing one or more automated actions based at least in part on a result of the comparison, wherein the one or more automated actions comprise one or more of (i) initiating a reboot of the hardware device and (ii) sending one or more notifications to at least one recipient device. 15. The non-transitory proc
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
by adding security routines or objects to programs · CPC title
Providing cryptographic facilities or services · CPC title
- G06F11/0793Primary
Remedial or corrective actions (recovery from an exception in an instruction pipeline G06F9/3861; by retry G06F11/1402; for recovering from a failure of a protocol instance or entity H04L69/40) · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11853417B2 cover?
- Techniques are provided for hardware device integrity validation using platform configuration values. One method comprises obtaining platform configuration values associated with software of a hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a platform configuration table; and performing one or m…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 26 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).