FIELD OF INVENTION

The present invention relates to a system and method to provide integrity verification for Active Management Technology (AMT) application in a remote platform. In particular, the invention relates to systems and methods which provide an integrity verification process for AMT management application which protect the AMT processor and system from being infected by malicious code or rootkit.

BACKGROUND ART

Active Management Technology (AMT) application is a hardware-based technology for managing and securing personal computers (PCs) from a remote platform. The AMT processor manages and secures PCs by building certain functionality into business PCs to ensure PCs are monitored, maintained, upgraded and repaired. AMT applications are able to communicate on a hardware-based out-of-band (OOB) communication channel. However, existing AMT applications are exposed to hijacking as hackers could hijack remote platform which communicate with AMT's platform. AMT applications are vulnerable to malware attacks. Malware or rootkit is able to be transferred with AMT's command from a remote platform to AMT's platform. Client application of AMT in the remote platform could be infected by virus. United States Patent Publication No. US 2013/0125244 A1 (US '244 Publication) entitled: Platform Integrity Verification System and Information Processing Device relates to a platform integrity verification system and an information processing device, and particularly, to a platform integrity verification system and an information processing device for checking that the components configuring a system platform are reliable without being tampered. The US '244 Publication provides remote platform integrity verification for trusted boot process without causing a delay in system startup time. Further, the invention as disclosed in the US '244 Publication utilizes remote platform to measure and verify integrity of devices that is related to trusted boot process such as BIOS, boot loader in the AMT-host platform. United States Patent No. 8,438,618 B2 (US '618 Patent) entitled: Provisioning Active Management Technology (AMT) in Computer Systems relates to provisioning active management technology (AMT) in computer systems. In the US '618 Patent, a self- signed certificate from the AMT platform is provided to authenticate with the remote platform as compared to the present invention which utilizes encrypted combination of integrity report and secret password from the remote platform to authenticate and integrity-verified with the AMT platform. Mutually authenticated session is provided by the provisioning server with the AMT platform utilizing transport layer security (TLSFurther, in the invention as disclosed in the US '618 Patent provides a management console for storing AMT references and values of the AMT platform.

International Patent Publication No. WO 2013/101083 A1 (WO Ό83 Publication) entitled: An Apparatus for Hardware Accelerated Runtime Integrity Measurement relates to operation of processors. The invention as disclosed in the WO Ό83 Publication provides runtime integrity verification of a platform by utilizing out-of-band signalling to report that an integrity failure has occurred. Further, in the invention as disclosed in the WO Ό83 Publication, a timer is activated to periodically trigger a run-time integrity verification of the system. The present invention provides an integrity verification process for AMT management application which protects the AMT processor and system from being infected by malicious code or rootkit. A secured and protected transaction is provided by using lightweight encryption between remote platform and AMT platform.

SUMMARY OF INVENTION

The present invention relates to a system and method to provide integrity verification for Active Management Technology (AMT) application in a remote platform. In particular, the invention relates to systems and methods which provide an integrity verification process for AMT management application by using lightweight encryption between remote platform and AMT platform.

One aspect of the present invention provides a system (100) for providing integrity verification for Active Management Technology (AMT) application in a remote platform. The system comprises at least one AMT processor (104) at AMT's platform with at least one Integrity Verifier (IV) (106); at least one Remote Virtual Module (RVM) (1 14) at remote platform consisting application of AMT management (1 16); and at least one Remote Application (RA) (1 18) for AMT at remote platform. The at least one Remote Application (RA) (1 18) comprising at least one Application Launcher Module (ALM) (120); at least one Integrity Measurement Module (IMM) (122); and at least one Report Manager Module (RMM) (124); the Integrity Measurement Module (IMM) (122) having measuring means for measuring Remote Virtual Module (RVM) (1 14) in the remote platform for providing integrity report (IR) (108) for integrity verification by the Integrity Verifier (IV) (106) in the AMT-host platform.

Another aspect of the invention provides that the at least one Application Launcher Module (ALM) (120) launches the Remote Virtual Module (RVM) (1 14). A further aspect of the invention provides that the Remote Virtual Module (RVM) (1 14) is a protected virtual area created by at least a lightweight virtualization module with a read-only file system; and the Remote Virtual Module (RVM) (1 14) protects the application of AMT management which resides within the Remote Virtual Module (RVM) (1 14).

A further aspect of the invention provides that the at least one Report Manager Module (RMM) (124) further encrypts combination message of integrity report (IR) and secret password; and sends the encrypted combination message of integrity report (IR) and secret password to AMT's platform. Yet another aspect of the invention provides that the at least one Integrity Verifier (IV) (106) further decrypts encrypted combination message of integrity report (IR) and secret password; and verifies secret password and integrity report of the remote platform. Still another aspect of the invention provides that the AMT platform (102) and remote platform (1 10) may be connected through a machine based out of band (OOB) communication channel; or through a machine based in-band communication channel.

Another aspect of the invention provides a method for providing integrity verification for Active Management Technology (AMT) application in a remote platform. The method comprising steps of executing Remote Application (RA) for AMT in remote platform (202); launching Remote Virtual Module (RVM) by Application Launcher Module (ALM) residing in the Remote Application (RA) (204); booting Remote Virtual Module (RVM) with a read-only file system (206); measuring Remote Virtual Module (RVM) in the remote platform by Integrity Measurement Module (IMM) (208); creating integrity report (IR) by the Integrity Measurement Module (IMM) through integrity measurements of the Remote Virtual Module (RVM) and all applications in the remote platform (210); sending said integrity report (IR) to Report Manager Module (RMM) (212); encrypting combination of combination message of integrity report (IR) and secret password and sending the encrypted combination message of integrity report (IR) and secret password to AMT's platform (214); receiving encrypted combination message of integrity report (IR) and secret password from the remote platform by Integrity Verifier (IV) in the AMT processor (216); decrypting said encrypted combination message of integrity report (IR) and secret password by the Integrity Verifier (IV) (218); verifying said integrity report (IR) and secret password by the Integrity Verifier (220); determining if combination message of integrity report (IR) and secret password is valid (222); blocking connection from the Remote Application (RA) on the remote platform to AMT's platform by AMT processor if combination message of integrity report (IR) and secret password is not valid (224); and allowing connection from the Remote Application (RA) on the remote platform to AMT's platform by AMT processor if combination message of integrity report (IR) and secret password is valid (226). The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.

BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS

To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 .0 illustrates the general architecture of the system of the present invention.

FIG. 2.0 is a flowchart illustrating the steps of the method of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention provides a system and method to provide integrity verification for Active Management Technology (AMT) application in a remote platform. In particular, the invention relates to systems and methods which measure the remote virtual area in the remote platform to provide integrity report for integrity verification. Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.

Referring to FIG. 1 .0, a general architecture of the system of the present invention is illustrated. As illustrated in FIG. 1 .0, the system of the present invention for providing integrity verification for Active Management Technology (AMT) application in a remote platform comprising an AMT processor (104) at AMT's platform; a Remote Virtual Module (RVM) (1 14) consisting application of AMT management (1 16); and a Remote Application (RA) (1 18) for AMT at the remote platform. The AMT platform and remote platform is connected through a network and the AMT platform is required to have an active AMT processor at all times regardless if said AMT platform is in a sleep state. The network (NWK) connecting the AMT platform (102) and the network (NWK) of the remote platform (1 10) through a machine based out of band (OOB) communication channel (1 12); or a machine based in-band communication channel. The AMT processor (104) that resides in the AMT platform is required to be activated and provisioned with a preset secret password which enables it to be accessed from the remote platform. The said AMT processor (104) further comprising an Integrity Verifier (IV) (106) installed in the AMT processor (104). The Integrity Verifier (IV) (106) decrypts encrypted combination message of integrity report (IR) (108) and secret password; and verifies secret password and integrity report of the remote platform. The Remote Application (RA) (1 18) for AMT at the remote platform further comprising an Application Launcher Module (ALM) (120); an Integrity Measurement Module (IMM) (122); and a Report Manager Module (RMM) (124). The Report Virtual Module (RVM) (1 14) is a protected virtual area created by at least a lightweight virtualization module with a read-only file system which is launched by the Application Launcher Module (ALM) (120). The Remote Virtual Module (RVM) (1 14) protects the application of AMT management which resides within the Remote Virtual Module (RVM) (1 14).

Integrity Measurement Module (IMM) (122) having measuring means for measuring Remote Virtual Module (RVM) (1 14) in the remote platform for providing integrity report (IR) (108) for integrity verification by the Integrity Verifier (IV) (106) in the AMT-host platform. The Integrity Measurement Module (IMM) (122) utilizes strong and accurate measurements of at least SHA1 hash generator or MD5 hash generator. The Report Manager Module (RMM) (124) residing in the Remote Application (RA) (1 18) encrypts combination message of integrity report (IR) (108) and secret password; and sends the encrypted combination message of integrity report (IR) (108) and secret password to AMT's platform.

Referring to FIG. 2.0, a flowchart illustrating the steps of the methodology of the present invention is illustrated. As illustrated in FIG. 2.0, to provide integrity verification for Active Management Technology (AMT) application in a remote platform, the Remote Application (RA) for AMT in remote platform is first executed (202). Thereafter, the Remote Virtual Module (RVM) is launched by the Application Launcher Module (ALM) residing in the Remote Application (RA) (204). The Remote Virtual Module (RVM) is booted with a read-only file system (206) and the Remote Virtual Module (RVM) in the remote platform is measured by the Integrity Measurement Module (IMM) (208). Subsequently, the Integrity Measurement Module (IMM) creates the integrity report (IR) through integrity measurements of the Remote Virtual Module (RVM) and all applications in the remote platform (210). The integrity measurements of the Remote Virtual Module (RVM) in the remote platform consist of AMT-based application, applications and information in the remote platform. The Integrity Measurement Module (IMM) sends the integrity report (IR) to the Report Manager Module (RMM) (212) for encryption. The Report Manager Module (RMM) encrypts the combination message of integrity report (IR) and secret password and sends the encrypted combination message of integrity report (IR) and secret password to AMT's platform (214). Thereafter, the Integrity Verifier upon receiving the encrypted combination message of integrity report (IR) and secret password from the remote platform by Integrity Verifier (IV) in the AMT processor (216); decrypts said encrypted combination message of integrity report (IR) and secret password (218). The Integrity Verifier verifies the integrity report (IR) and secret password of the remote platform (220). It is further determined if combination message of integrity report (IR) and secret password is valid (222). If the combination message of integrity report (IR) and secret password is valid, connection from the Remote Application (RA) on the remote platform to AMT's platform is allowed by AMT processor (226). If it is found otherwise; if the combination message of integrity report (IR) and secret password is not valid, AMT processor blocks the connection from the Remote Application (RA) on the remote platform to AMT's platform (224)

The present invention utilizes Integrity Measurement Module (IMM) to measure the remote virtual area in the remote platform. Remote authentication in the present invention utilizes encrypted combination message of integrity report and secret password between the remote platform and the AMT-host platform provides a secured and protected transaction. Unless the context requires otherwise or specifically stated to the contrary, integers, steps or elements of the invention recited herein as singular integers, steps or elements clearly encompass both singular and plural forms of the recited integers, steps or elements. Throughout this specification, unless the context requires otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated step or element or integer or group of steps or elements or integers, but not the exclusion of any other step or element or integer or group of steps, elements or integers. Thus, in the context of this specification, the term "comprising" is used in an inclusive sense and thus should be understood as meaning "including principally, but not necessarily solely".

It will be appreciated that the foregoing description has been given by way of illustrative example of the invention and that all such modifications and variations thereto as would be apparent to persons of skill in the art are deemed to fall within the broad scope and ambit of the invention as herein set forth.