Integrity checking for computing devices
First Claim
1. A computing device having a closed operating system defining a user portion of the closed operating system and a system portion of the closed operating system, the closed operating system being configured to disallow user access to an identity of system folders or files in the system portion, the computing device comprising:
- a processor circuitry configured to;
determine, via an integrity checking module on the user portion of the closed operating system, a predefined set of device integrity parameters, wherein the set of device integrity parameters comprise at least one parameter associated with a file stored on the system portion of the closed operating system;
perform, via the integrity checking module on the user portion of the closed operating system, a baseline integrity check based on the predefined set of device integrity parameters, wherein the baseline integrity check is configured to submit a first query for information associated with the at least one parameter associated with the file stored on the system portion of the closed operating system, wherein the first query comprises a file name, a file directory, and the at least one parameter associated with the file to the system portion of the closed operating system, which is configured to disallow queries to provide access to the identity of the file name or the file directory of the system portion of the closed operating system to the user portion of the closed operating system, and receive a first response to the first query that includes the information associated with the at least one parameter that is associated with the file;
store, at the user portion of the closed operating system, baseline integrity values of the predefined set of device integrity parameters resulting from the information associated with the at least one parameter that is received during performance of the baseline integrity check;
perform, via the integrity checking module on the user portion of the closed operating system, an integrity check based on at least a subset of the predefined set of device integrity parameters, wherein the subset of the predefined set of device integrity parameters comprises the at least one parameter associated with the file stored on the system portion of the closed operating system, wherein the integrity check is configured to submit a second query that comprises the file name, the file directory, and the at least one parameter associated with the file to the system portion of the closed operating system, which is configured to disallow queries to provide access to the identity of the file name or the file directory of the system portion of the closed operating system to the user portion of the closed operating system, and receive a second response to the second query that includes information associated with the at least one parameter that is associated with the file;
store, at the user portion of the closed operating system, integrity values of the predefined set of device integrity parameters resulting from the information associated with the at least one parameter that is received during performance of the integrity check;
compare the integrity values resulting from the integrity check with the baseline integrity values; and
provide an indication of a potential compromise to an integrity of the computing device based on the comparison of the integrity values associated with the integrity check with the baseline integrity values.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device may perform integrity checks on a closed operating system defining a preconfigured user portion and a preconfigured system portion using an integrity checking module. The integrity checking module may access parameters associated with an object stored on the system portion of the operating system. Files on the system portion may be accessed by submitting a query that comprises a file name, a file directory, and at least one parameter to the system portion of the operating system. The integrity checking module may provide an indication of a potential compromise to the integrity of the computing device based on the integrity check. The integrity check may be performed periodically and/or aperiodically. Updated integrity values may be compared against previously determined integrity values to update the integrity check. The integrity checking module may perform the integrity check using a signature function or hashing function to generate the integrity values.
15 Citations
20 Claims
-
1. A computing device having a closed operating system defining a user portion of the closed operating system and a system portion of the closed operating system, the closed operating system being configured to disallow user access to an identity of system folders or files in the system portion, the computing device comprising:
-
a processor circuitry configured to; determine, via an integrity checking module on the user portion of the closed operating system, a predefined set of device integrity parameters, wherein the set of device integrity parameters comprise at least one parameter associated with a file stored on the system portion of the closed operating system; perform, via the integrity checking module on the user portion of the closed operating system, a baseline integrity check based on the predefined set of device integrity parameters, wherein the baseline integrity check is configured to submit a first query for information associated with the at least one parameter associated with the file stored on the system portion of the closed operating system, wherein the first query comprises a file name, a file directory, and the at least one parameter associated with the file to the system portion of the closed operating system, which is configured to disallow queries to provide access to the identity of the file name or the file directory of the system portion of the closed operating system to the user portion of the closed operating system, and receive a first response to the first query that includes the information associated with the at least one parameter that is associated with the file; store, at the user portion of the closed operating system, baseline integrity values of the predefined set of device integrity parameters resulting from the information associated with the at least one parameter that is received during performance of the baseline integrity check; perform, via the integrity checking module on the user portion of the closed operating system, an integrity check based on at least a subset of the predefined set of device integrity parameters, wherein the subset of the predefined set of device integrity parameters comprises the at least one parameter associated with the file stored on the system portion of the closed operating system, wherein the integrity check is configured to submit a second query that comprises the file name, the file directory, and the at least one parameter associated with the file to the system portion of the closed operating system, which is configured to disallow queries to provide access to the identity of the file name or the file directory of the system portion of the closed operating system to the user portion of the closed operating system, and receive a second response to the second query that includes information associated with the at least one parameter that is associated with the file; store, at the user portion of the closed operating system, integrity values of the predefined set of device integrity parameters resulting from the information associated with the at least one parameter that is received during performance of the integrity check; compare the integrity values resulting from the integrity check with the baseline integrity values; and provide an indication of a potential compromise to an integrity of the computing device based on the comparison of the integrity values associated with the integrity check with the baseline integrity values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, the method comprising:
-
determining, via an integrity checking module on the user portion of a closed operating system on a computing device, a predefined set of device integrity parameters, wherein the set of device integrity parameters comprise at least one parameter associated with a file stored on the system portion of the closed operating system, and wherein the closed operating system defines a user portion of the closed operating system and a system portion of the closed operating system, the closed operating system being configured to disallow user access to an identity of system folders or files in the system portion; performing, via the integrity checking module on the user portion of the closed operating system, a baseline integrity check based on the predefined set of device integrity parameters, wherein the performance of the baseline integrity check comprises; submitting a first query for information associated with the at least one parameter associated with the file stored on the system portion of the closed operating system, wherein the first query comprises a file name, a file directory, and the at least one parameter associated with the file to the system portion of the closed operating system, which is configured to disallow queries to provide access to the identity of the file name or the file directory of the system portion of the closed operating system to the user portion of the closed operating system; and receiving a first response to the first query that includes the information associated with the at least one parameter that is associated with the file;
storing, at the user portion of the closed operating system, baseline integrity values of the predefined set of device integrity parameters resulting from the information associated with the at least one parameter that is received during performance of the baseline integrity check;performing, via the integrity checking module on the user portion of the closed operating system, an integrity check based on at least a subset of the predefined set of device integrity parameters, wherein the subset of the predefined set of device integrity parameters comprises the at least one parameter associated with the file stored on the system portion of the closed operating system, wherein the performance of the integrity check comprises; submitting a second query that comprises the file name, the file directory, and the at least one parameter associated with the file to the system portion of the closed operating system to the user portion of the closed operating system; and receiving a second response to the second query that includes information associated with the at least one parameter that is associated with the file; storing, at the user portion of the closed operating system, integrity values of the predefined set of device integrity parameters resulting from the information associated with the at least one parameter that is received during performance of the integrity check; comparing the integrity values resulting from the integrity check with the baseline integrity values; and providing an indication of a potential compromise to an integrity of the computing device based on the comparison of the integrity values associated with the integrity check with the baseline integrity values. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification