The provision of services often requires the cooperation of different service providers. A term used in this context is “service oriented architecture.” By way of example, the widespread use of cloud services requires an end customer to cooperate with a cloud service provider. Between the two partners, contractual relationships exist that describe the service. In addition, the cloud service provider can in turn outsource some of the provided service to other service providers. Contractual safeguards between the service providers are also necessary in this case. An example from the realm of automation is a smart metering method using a smart meter device (e.g., an electricity meter) associated with a meter data operator. The meter data operator is connected to an energy supplier in order to make the consumption data available for billing.
For such service provision, the integrity of devices that are involved plays a crucial part, since intentional or unintentional alterations or manipulation can adversely affect the quality of the service or disrupt the service provision.
The prior art discloses network access checks, checking information about a present configuration of a system before network access is enabled. In this case, terminals are checked for guideline conformity with guidelines for a network during authentication.
The conventional art further provides a device attestation that assures third parties of system properties of a component via a trusted platform module, TPM for short. In this case, a hardware security integrated circuit produces a cryptographically protected configuration information item about the executed software of a component.
The conventional approaches involve the integrity of a single device being protected or an integrity information item of a single device being confirmed. In a case of a service oriented architecture, integrity information of a single device is not semantically significant, however. A service, such as the provision of a particular service interface, can be provided on multiple different devices. A service can even call other services, that may, in turn, be provided on different hardware devices.