Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization
US-2015067813-A1 · Mar 5, 2015 · US
Partially virtualizing PCR banks in mobile TPM
US9307411B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9307411-B2 |
| Application number | US-201314074135-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 7, 2013 |
| Priority date | Nov 8, 2012 |
| Publication date | Apr 5, 2016 |
| Grant date | Apr 5, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering, with an entity of a device, an attestation with a trusted platform module/mobile platform module of the device; and in response to the triggering, sending information comprising a platform configuration register value towards the entity, where the platform configuration register depends on measurements of the entity triggering the attestation.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: triggering, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, defining, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and using the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application. 2. The method of claim 1 , further comprising binding the trusted application to the trusted platform module of the mobile device based on at least the value. 3. The method of claim 1 , where the information comprises measurement information associated with the trusted application. 4. The method of claim 1 , where the aggregate of late-launched measurements from the trusted application and at least one other trusted application comprises separate entries in the virtualized platform configuration register separating late-launched measurements from the trusted application from late-launched measurements from the at least one other trusted application, where the separate entries are separated by at least one comma in the virtualized platform configuration register. 5. The method of claim 1 , where the virtualized platform configuration register is associated with the trusted application. 6. The method of claim 1 , where the aggregate of late-launched measurements from the trusted application and the at least one other trusted application is bound, respectively, to the trusted application and the at least one other trusted application in the platform configuration register. 7. The method of claim 6 , where the value of the platform configuration register depends on a late-launched measurement from the aggregate of late-launched measurements of the virtualized platform configuration register that is bound to the trusted application triggering the attestation. 8. The method of claim 1 , where the value of the platform configuration register is defined based on an identification associated with the trusted application triggering the attestation. 9. A non-transitory computer readable medium encoded with computer program instructions executable by a processor to perform actions comprising: triggering, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, defining, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and using the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application. 10. The non-transitory computer readable medium of claim 9 , further comprising binding the trusted application to the trusted platform module of the mobile device based on at least the value. 11. The non-transitory computer readable medium of claim 9 , where the information comprises measurement information associated with the trusted application. 12. The non-transitory computer readable medium of claim 9 , where the aggregate of late-launched measurements from the trusted application and at least one other trusted application comprises separate entries in the virtualized platform configuration register separating late-launched measurements from the trusted application from late-launched measurements from the at least one other trusted application, where the separate entries are separated by at least one comma in the virtualized platform configuration register. 13. The non-transitory computer readable medium of claim 9 , where the virtualized platform configuration register is associated with the trusted application. 14. An apparatus comprising: at least one processor; and at least one memory including computer program code, where the at least one memory and the computer program code are configured, with the at least one processor, to cause the apparatus to at least: trigger, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, define, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and use the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application. 15. The apparatus of claim 14 , further comprising binding the trusted application to the trusted platform module of the mobile device based on at least the value. 16. The apparatus of claim 14 , where the information comprises measurement information associated with the trusted application. 17. The apparatus of claim 14 , where the aggregate of the late-launched measurements from the trusted application and at least one other trusted application comprises separate entries in the virtualized platform configuration register separating late-launched measurements from the trusted application from late-launched measurements from the at least one other trusted application, where the separate entries are separated by at least one comma in the virtualized platform configuration register. 18. The apparatus of claim 14 , where the virtualized platform configuration register is associated with the trusted application.
Assignees
Inventors
Classifications
- G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
Subscription-based services using application servers or record carriers, e.g. SIM application toolkits · CPC title
- H04L9/0877Primary
using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM] · CPC title
- H04W12/10Primary
Integrity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9307411B2 cover?
- In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering, with an entity of a device, an attestation with a trusted platform module/mobile platform module of the device; and in response to the triggering, sending information comprising a platform configuration register value towards the entity, where the pl…
- Who is the assignee on this patent?
- Nokia Corp, Nokia Technologies Oy
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).