| CPC G06F 21/577 (2013.01) [G06F 21/572 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A computing device, comprising:
a component verification record associated with the computing device, the component verification record being obtained from a first distributed ledger maintained by a plurality of computing sites in a supply chain associated with the computing device, the component verification data record characterizing a provisioning action performed on the computing device by a particular one of the computing sites;
a software bill of materials associated with the computing device, the software bill of materials characterizing software instantiated on the computing device;
a firmware bill of materials associated with the computing device, the firmware bill of materials characterizing firmware instantiated on the computing device; and
a secure device validation record generated by the computing device, the secure device validation record being based upon the component verification record, the software bill of materials, and the firmware bill of materials, and including a first vulnerability score for the computing device based upon the component verification record, the software bill of materials, and the firmware bill of materials;
wherein the computing device is configured to determining an authenticity of the computing device based on validating the secure device validation record with a second distributed ledger.
|