InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Integration of Trusted Boot with Trusted Network Connect (TNC)

IP.com Disclosure Number: IPCOM000237112D
Publication Date: 2014-Jun-03
Document File: 5 page(s) / 95K

Publishing Venue

The IP.com Prior Art Database


Very relevant in the Cloud scenario .Will increase the Scalability & Capability of Trusted Boot feature significantly. Manual enrollment of Client is not required anymore for remote attestation/verification .Just you need to configure that Policy in the TNC server side . Whenever Client sends a connection request , it will get verified accordingly. Common Policy for large number of clients can be configured ( like Policy for the clients belongs to a particular IP group ) in the TNC Server. Configuration will take lesser time & effort after implementing this. For Example , suppose it takes 5 minutes to configure one client which needs to be verified using Trusted Boot feature , for 1000 LPARs total tome required = 5000 minutes. After implementing this , time required to configure Trust Boot Policy for for 1000 clients would be the same what we need to configure a single client ( a common policy can be used for a large number of clients belongs to a same IP group ). If Boot image of a particular LPAR has been changed recently , an alert Email can be send to notify the corresponding Administrator . The same would applied for a group of LPARs also depending on the configuration.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Page 01 of 5

Integration of Trusted Boot with Trusted Network Connect (TNC)

OpenPTS Architecture -

Above figure shows brief overview of OpenPTS architecture.

OpenPTS is used by both collector (target platform) and verifier sides.

Collector side, 'ptsc' command manages the integrity of target platform. Verifier side, 'openpts' command is used to validate the target platform by remote attestation.

The protocol between ptsc and openpts is based on TCG IF-M protocol. OpenPTS uses SSH between collector and verifier to secure the remote attestation.

Operation Flow of OpenPTS -


Page 02 of 5

Enrollment phase - We trust an installation process. The collector generate the new UUID to identify the target and
reference manifest based on the measurement of initial boot. Thus, the reference manifests are based on actual
BIOS 2 and Operating System measurement at this phase. Verifier get the UUID and manifests from the Collector
and securely stored them.

Operation phase - Verifier validate the target (remote attestation).

Update phase- After the BIOS or OS update, manifest must be updated. The OpenPTS collector do selftest at the startup
run (ptsc -s). If validation was failed due to the change, it generates the new manifest.

If the update was expected, Verifier update the manifest too.

A Partition is said to be trusted if the verifier successfully attests the integrity of the collector . It indicates that the measurements that are recorded within the VTPM match a reference set held by
the verifier. Trusted Boot indicates if the partition booted in a trusted manner .

Brief Background of Trusted Network Connect ( TNC ) -

Trusted Network Connect Client :

The Trusted Network Connect (TNC) client provides the information that is required by the TNC server for verification.

The server determines whether the client is at the level configured by the administrator. If the client is not compliant, the TNC server notifies the administrator about the updates that are required.

The TNC client loads the integrity measurement collectors ( IMCs ) on startup and uses the IMCs to


Page 03 of 5

gather the required information.

Trusted Network Connect server:

The Trusted Network Connect (TNC) server identifies the clients that are added to the network and initiates a verification on them.

The TNC client provides the required fileset level information to the server for verification. The server determines whether the client is at the level that is configured by the administrator.

If the client is not compliant, the TNC server notifies the administrator about the remediation that is required.

The TNC server initiates verifications on the clients that are trying to access the network. The TNC server loads a set of integrity measurement verifiers (IMVs) that can request the integrity

measurements from clients and verify them.

AIX has a default IMV, which verifies the fileset and security patch level of the systems. The TNC server is a framework which loads and manages multiple IMV m...