Who is the assignee on this patent?

Smeets Bernard, Ericsson Telefon Ab L M

What technology area does this patent fall under?

Primary CPC classification G06F21/57. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 19 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Method of determining an attribute of a server

US9397903B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9397903-B2
Application number	US-201214124000-A
Country	US
Kind code	B2
Filing date	Jun 5, 2012
Priority date	Jun 8, 2011
Publication date	Jul 19, 2016
Grant date	Jul 19, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method of determining an operational attribute of a server executed on a first execution platform and providing a service, the method comprising: performing a measurement indicative of an operational attribute of the server, wherein the measurement is performed by a platform observer system executed on said first execution platform; communicating a result of said measurement to an external observer system; wherein the communicating comprises protecting secrecy of the communicated result; verifying, by the external observer system, that the received measurement result is indicative of a measurement performed on said server.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method of carrying out a performance verification of a server executing on a server system executed on a trusted platform having a platform observer function executing as a trusted entity independent from the server, the method performed by a node operating as an external observer function and comprising: triggering the platform observer function to make a first performance measurement of the trusted platform, and to request a second performance measurement of the server by a platform observer helper function executing on the server; receiving a performance measurement response from the platform observer function that includes: the first and second performance measurements; a hash of static operating system state information maintained by the server, as provided to the platform observer function by the platform observer helper function in conjunction with the second performance measurement; a sealed key generated as a function of a secret key known between the platform observer function and the external observer function and sealed to the current value of a first register that is maintained by the platform observer helper function and updated each time the platform observer function requests a new performance measurement of the server; and a verification value that depends on a nonce and the current value of a second register that is maintained by the platform observer function in correspondence with the first register and is updated by the platform observer function each time the platform observer function requests a new performance measurement of the server; and verifying that the first and second performance measurements agree with known values corresponding to an overall performance of the trusted platform and a targeted performance of the server; and verifying that the second performance measurement corresponds to the server by: sending the sealed key and the verification value to the platform observer helper function; receiving return verification data from the platform observer helper function comprising a new hash of the static operating system state information maintained by the server, and a derived key that is derived from the sealed key by the platform observer function helper using the current value of the first register at the platform observer helper function; and determining that the second performance measurement corresponds to the server, based on verifying that the new hash of the static operating system state information matches the corresponding hash previously received from the platform observer function, and that the derived key matches the secret key; and responsive to determining that the second performance measurement corresponds to the server, generating an indication of whether the second performance measurement agrees with the targeted performance of the server. 2. The method of claim 1 , wherein the nonce identifies the performance verification, and wherein each subsequent performance verification involves a new nonce. 3. The method of claim 1 , further comprising providing at least one of the nonce and the secret key to the platform observer function via Transport Layer Security (TLS) protocol signaling, as part of triggering the platform observer function to make the first performance measurement of the trusted platform, and to request the second performance measurement of the server by the platform observer helper function executing on the server. 4. The method of claim 1 , further comprising receiving at least one of the secret key and the nonce from the platform observer function via Transport Layer Security (TLS) protocol signaling. 5. The method of claim 1 , further comprising receiving a proof of the verification value in conjunction with the verification value, and conditioning on proving the verification value via a remote attestation procedure executed with the platform observer function said steps of verifying that the first and second performance measurements agree with known values corresponding to the overall performance of the trusted platform and the targeted performance of the server, and verifying that the second performance measurement corresponds to the server. 6. The method of claim 1 , further comprising providing a proof of the second verification value in conjunction with providing the second verification value to the external observer function, and performing a remote attestation procedure with the external observer function in association with the proof. 7. A node configured to carry out a performance verification of a server executing on a server system executed on a trusted platform having a platform observer function executing as a trusted entity independent from the server, the node operative as an external observer function relative to the server and comprising: interface circuitry configured to communicatively couple the node to the platform observer function and to a platform observer helper function that executes on the server; and processing circuitry operatively associated with the interface circuitry and configured to: trigger the platform observer function to make a first performance measurement of the trusted platform, and to request a second performance measurement of the server by the platform observer helper function; receive a performance measurement response from the platform observer function that includes: the first and second performance measurements; a hash of static operating system state information maintained by the server, as provided to the platform observer function by the platform observer helper function in conjunction with the second performance measurement; a sealed key generated as a function of a secret key known between the platform observer function and the external observer function and sealed to the current value of a first register that is maintained by the platform observer helper function and updated each time the platform observer function requests a new performance measurement of the server; and a verification value that depends on a nonce and the current value of a second register that is maintained by the platform observer function in correspondence with the first register and is updated by the platform observer function each time the platform observer function requests a new performance measurement of the server; and verify that the first and second performance measurements agree with known values corresponding to an overall performance of the trusted platform and a targeted performance of the server; and verify that the second performance measurement corresponds to the server, based on being configured to: send the sealed key and the verification value to the platform observer helper function; receive return verification data from the platform observer helper function comprising a new hash of the static operating system state information maintained by the server, and a derived key that is derived from the sealed key by the platform observer function helper using the current value of the first register at the platform observer helper function; and determine that the second performance measurement corresponds to the server, based on verifying that the new hash of the static operating system state information matches the corresponding hash previously received from the platform observer function, and that the derived key matches the secret key; and responsive to determining that the second performance measurement corresponds to the server, generate an indication of whether the second performance measurement agrees with the targeted performance of the server. 8. A method of carrying out a performance verification of a server executing on a server system executed on a trusted platform having a platform obser

Assignees

Inventors

Smeets Bernard

Classifications

G06F21/64
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
H04L43/04Primary
Processing captured monitoring data, e.g. for logfile generation · CPC title

Patent family

Related publications grouped by family.

View patent family 44359475

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9397903B2 cover?: A method of determining an operational attribute of a server executed on a first execution platform and providing a service, the method comprising: performing a measurement indicative of an operational attribute of the server, wherein the measurement is performed by a platform observer system executed on said first execution platform; communicating a result of said measurement to an external ob…
Who is the assignee on this patent?: Smeets Bernard, Ericsson Telefon Ab L M
What technology area does this patent fall under?: Primary CPC classification G06F21/57. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 19 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).