Abstract: An apparatus and methods that use trusted platform modules (TPM) to perform integrity measurements of multiple subsystems are disclosed. The state of platform configuration registers (PCRs) after boot up are stored as the base state of the system. In another embodiment, and application that is to be verified requests that its state be extended from the base state of the system. When such a request is received, the state of the system is extended directly from the base state PCR contents and not from the system state. In another embodiment, a virtual PCR is used, where such a virtual PCR uses a larger memory space than a conventional TPM provides for a physical PCR, by use of encrypted storage on external, protected memory.

Abstract: A method and system for enhancing flow of behavior metrics and evaluating security of a node are described. Instead of sending behavior metrics from a trustee node to a trustor node, the trustor node sends an evaluation function to the trustee node. The trustee node performs security evaluation and sends a result to the trustor node. Alternatively, the trustee node and the trustor node may send behavior metrics and an evaluation function to a trusted broker, respectively. The trusted broker evaluates the security of the trustee node using the evaluation function and the behavior metrics, and sends a security evaluation result to the trustor node and the trustee node. There may be multiple trusted brokers. The behavior metrics may be accumulated by each node as the behavior metrics flow downstream. The nodes may submit behavior metrics to an intermediary periodically and may be accumulated by intermediaries.

Abstract: An embodiment is related to a database system for protecting data privacy and efficient organization of data. An enhanced database system comprises a DBMS, a data classifier, a database of applications and a rules and policy unit. The DBMS includes a query processor for processing a query from a user. The rules and policy unit outputs a pointer to a node within the data classification tree based on several criteria. In accordance with another embodiment, a DBMS residing within a communication network organizes data related to the ID of mobile users. In accordance with another embodiment, an enhanced database system comprises a DRM user agent and a DBMS. The DRM user agent receives a CO protected by DRM. The DBMS stores the CO and controls access to the CO based on restrictions specified in an RO associated with the CO.

Abstract: The present application discloses a method and apparatus for using trusted platform modules (TPM) for integrity measurements of multiple subsystems. The state of the platform configuration registers (PCR) after boot up are stored as the base state of the system. Base state in this context is defined as the state of the system when the startup of the system is complete and can only be changed when new software is loaded at the kernel level. This state itself can be reported to challengers who are interested in verifying the integrity of the operating system. Also disclosed is a method where the application that is to be verified, requests that its state be extended from the base state of the system. When such a request is received, the state of the system is extended directly from the base state PCR contents and not from the system state.

Abstract: An embodiment is related to a database system for protecting data privacy and efficient organization of data. An enhanced database system comprises a DBMS, a data classifier, a database of applications and a rules and policy unit. The DBMS includes a query processor for processing a query from a user. The rules and policy unit outputs a pointer to a node within the data classification tree based on several criteria. In accordance with another embodiment, a DBMS residing within a communication network organizes data related to the ID of mobile users. In accordance with another embodiment, an enhanced database system comprises a DRM user agent and a DBMS. The DRM user agent receives a CO protected by DRM. The DBMS stores the CO and controls access to the CO based on restrictions specified in an RO associated with the CO.

Abstract: A method and system for enhancing flow of behavior metrics and evaluating security of a node are described. Instead of sending behavior metrics from a trustee node to a trustor node, the trustor node sends an evaluation function to the trustee node. The trustee node performs security evaluation and sends a result to the trustor node. Alternatively, the trustee node and the trustor node may send behavior metrics and an evaluation function to a trusted broker, respectively. The trusted broker evaluates the security of the trustee node using the evaluation function and the behavior metrics, and sends a security evaluation result to the trustor node and the trustee node. There may be multiple trusted brokers. The behavior metrics may be accumulated by each node as the behavior metrics flow downstream. The nodes may submit behavior metrics to an intermediary periodically and may be accumulated by intermediaries.