1. FIELD
The present invention relates generally to computer security and, more specifically, to establishing trust in a computer system by evaluating the integrity of components of the computer system.
2. DESCRIPTION
Personal computers (PCs) are typically designed to be open computing systems, and the Internet is designed as an open networking infrastructure. In supplier/buyer electronic commerce and electronic business applications, corporate intranets, and Web portals, this quality of openness has provided information technology (IT) organizations and PC users with the flexibility they need to communicate, collaborate, and conduct transactions. As a result, business-to-business (B2B), business-to-employee (B2E), and business-to-consumer (B2C) applications enable IT to reach a global base of customers and partners with tremendous economies of scale.
For IT managers, this quality of openness can be a two-edged sword, because it can render PCs vulnerable to malicious parties and hackers. Traditional PC security in business depends on a chain of trust, beginning with the IT manager who must trust the computer's operating system, the PC manufacturer, the users of the systems, and also trust that physical security is adequate. Computer security usually involves protecting data and systems from unauthorized access. Corporate IT departments must provide authenticated users with access to authorized information and keep unauthorized persons out.
Many computer users often operate under the assumption that the underlying hardware, firmware, and software of their computer systems have not been compromised. In many cases, these systems may be administered remotely by an IT organization or other owner of the systems. Often, the IT organization or other owner desires to evaluate the integrity of the computer systems. One challenge for remotely administered systems is establishing trust in some components, while allowing other components to remain un-trusted until proof of trustworthiness has been collected and evaluated.