Device attestation and intrusion detecting app
Lenovo decided to help organizations comply with internal security practices. For that, the company wanted to add an additional security level to ThinkPad laptops marketed to corporate clients.
The client needed a solution verifying that:
The Softeq team had to create the solution following Intel's specifications for the device attestation process.
Softeq created a client-server solution that performs device attestation and detects intrusions. The system consists of three parts:
Local Attestation Service
Remote Device Health Attestation Server
The device attestation flow starts on the first boot.
Health attestation reports are XML files that verify the successful device attestation and report on the machine/system integrity.
The report contains:
The report also includes a log containing information about boots and any locking/unlocking events or unauthorized modifications.
An “unhealthy” report status may indicate unauthorized access or that the attestation request was transferred under the table to another server.
We provided data protection based on Lenovo and Intel security requirements.
The solution’s security capabilities include:
Softeq developed a client-server application that performs device attestation and detects intrusions. The solution verifies that a device sealed at the factory did not have any changes on the way to the purchaser, and thus helps organizations comply with internal security practices.
The device attestation service was delivered ready for incorporating into Lenovo business-oriented laptop range.