Processing attestation data associated with a plurality of data processing systems
US-9075994-B2 · Jul 7, 2015 · US
Techniques for attesting data processing systems
US9250951B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9250951-B2 |
| Application number | US-201314042267-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 30, 2013 |
| Priority date | Nov 18, 2010 |
| Publication date | Feb 2, 2016 |
| Grant date | Feb 2, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A technique for attesting a plurality of data processing systems includes generating a logical grouping for a data processing system. The logical grouping is associated with a rule that describes a condition that must be met in order for the data processing system to be considered trusted. A list of one or more children associated with the logical grouping is retrieved. The one or more children are attested to determine whether each of the one or more children is trusted. In response to the attesting, the rule is applied to determine whether the condition has been met in order for the data processing system to be considered trusted. A plurality of logical groupings is associated to determine whether an associated plurality of data processing systems can be considered trusted.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for attesting a plurality of data processing systems included in a datacenter, comprising: generating, by a managing data processing system, respective logical groupings for each of the data processing systems, wherein the logical groupings are associated with a rule that describes a condition that must be met in order for the data processing systems to be considered trusted, and wherein the datacenter includes a plurality of machine pools each of which includes two or more of the data processing systems, where each of the plurality of data processing systems includes a plurality of virtual machines each of which has an associated platform configuration register (PCR) that stores a measurement value; retrieving, by the managing data processing system, a list of one or more children associated with each of the logical groupings; attesting, by the managing data processing system, the one or more children to determine whether each of the one or more children is trusted, wherein the attesting includes comparing the measurement value to an expected attestation value; and subsequent to the attesting, applying, by the managing data processing system, the rule to determine whether the condition has been met in order for the data processing systems to be considered trusted, wherein based on the rule a first one of the logical groupings is deemed trusted when all of the children of the first one of the logical groupings have a same untrusted state and a same trusted state, and wherein a child is associated with a PCR or a further logical grouping and when the child is associated with the further logical grouping the retrieving is repeated until another child associated with the PCR is found. 2. The method of claim 1 , wherein the logical groupings are associated with at least one of a physical hierarchy and a functional dependency. 3. The method of claim 1 , wherein the attesting further comprises determining either a trusted state or an untrusted state for a PCR in accordance with the expected attestation value or a trusted value. 4. The method of claim 1 , wherein data associated with the logical groupings is maintained on the managing data processing system. 5. The method of claim 1 , wherein each of the data processing systems represent a managed system.
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9250951B2 cover?
- A technique for attesting a plurality of data processing systems includes generating a logical grouping for a data processing system. The logical grouping is associated with a rule that describes a condition that must be met in order for the data processing system to be considered trusted. A list of one or more children associated with the logical grouping is retrieved. The one or more children…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 02 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).