Patent application number | Description | Published |
20120084549 | Attesting a Component of a System During a Boot Process - A method, apparatus and program product for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system. | 04-05-2012 |
20120131334 | Method for Attesting a Plurality of Data Processing Systems - A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively. | 05-24-2012 |
20120216255 | Attesting a Plurality of Data Processing Systems - A technique for attesting a plurality of data processing systems. The method includes: configuring a chain of data processing systems wherein a first data processing system is responsible for retrieving attestation data associated with a second data processing system; sending a request for attestation of the first data processing system; in response to receiving the request, retrieving a list of associated one or more children, wherein the one or more children comprise the second data processing system; retrieving and storing attestation data associated with each child; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first and second data processing systems, such that the attestation data associated with the first and second data processing systems can be used to attest the first and second data processing systems, respectively. | 08-23-2012 |
20130080756 | Attesting a Component of a System During a Boot Process - A method for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system. | 03-28-2013 |
20140025961 | VIRTUAL MACHINE VALIDATION - A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM. | 01-23-2014 |
20140137089 | EXECUTION CONTROL DURING PROGRAM CODE CONVERSION - Execution control techniques are described for use in a translator that converts subject code into target code. The translator includes a translator trampoline function that is called from a translator run loop and which in turn calls either to a translator code generator to generate target code, or else calls previously generated target code for execution. Control then returns to the translator trampoline function to make a new call, or returns to the translator run loop. Other aspects include making context switches through the trampoline function and setting first and second calling conventions either side of the trampoline function. Jumping directly or indirectly between target code blocks during execution is also described. | 05-15-2014 |
20140157268 | CONSENT-BASED VIRTUAL MACHINE MIGRATION - A system, method, and computer program product for controlling migration of a VM operable on a first site and a second site. The system includes an identify component for identifying the second site; a request component for sending a consent request message to a software component, wherein the consent request message comprises at least one of an identifier of the VM and an identifier of the second site; a calculate component, operable on the software component and responsive to receiving the consent request message, for determining consent for the second site; a send component, responsive to a positive determination, for sending a consent message; and a migrate component, responsive to receiving the consent message, for migrating the VM from the first site to the second site. | 06-05-2014 |
20150135311 | VIRTUAL MACHINE VALIDATION - A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM. | 05-14-2015 |