Simplified sensor integrity

US 10,044,696 B2
Filed: 12/22/2015
Issued: 08/07/2018
Est. Priority Date: 12/22/2015
Status: Active Grant

First Claim

Patent Images

1. An attestation apparatus comprising:

at least one processor device;

an energy storage module to power the attestation apparatus;

a memory in which a secret is stored on the attestation apparatus, wherein the secret is provisioned in the memory via a trusted provisioning event by a management system corresponding to a specific use session from a plurality of use sessions of the attestation apparatus and wherein a loss of power event causes the secret to be deleted from the memory;

at least one sensor to sense characteristics of an environment of the apparatus and generate signals indicative of the sensed environmental characteristics;

logic, executable by the at least one processor device, in response to receiving a start of transfer request from a particular gateway device, to;

transmit the stored secret to the particular gateway device and use a signed secret returned from the particular gateway device to generate a custody transfer message to the management system;

generate log data from the signals and store the generated log data in the memory; and

generate attestation data derived from the stored secret along with log data of the attestation apparatus;

a communications interface to send the generated attestation data and the log data to the management system via the particular gateway device to verify integrity and authenticity of the attestation apparatus based on the received attestation data corresponding to said specific use session.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus is provided that includes at least one processor device, an energy storage module to power the apparatus, memory to store a secret such that powering down and restarting the apparatus causes the secret to be lost, logic executable by the at least one processor device to generate attestation data using the secret that data abstracts the secret, and a communications interface to send the attestation data to another device.

Citations

15 Claims

1. An attestation apparatus comprising:
- at least one processor device;
  
  an energy storage module to power the attestation apparatus;
  
  a memory in which a secret is stored on the attestation apparatus, wherein the secret is provisioned in the memory via a trusted provisioning event by a management system corresponding to a specific use session from a plurality of use sessions of the attestation apparatus and wherein a loss of power event causes the secret to be deleted from the memory;
  
  at least one sensor to sense characteristics of an environment of the apparatus and generate signals indicative of the sensed environmental characteristics;
  
  logic, executable by the at least one processor device, in response to receiving a start of transfer request from a particular gateway device, to;
  
  transmit the stored secret to the particular gateway device and use a signed secret returned from the particular gateway device to generate a custody transfer message to the management system;
  
  generate log data from the signals and store the generated log data in the memory; and
  
  generate attestation data derived from the stored secret along with log data of the attestation apparatus;
  
  a communications interface to send the generated attestation data and the log data to the management system via the particular gateway device to verify integrity and authenticity of the attestation apparatus based on the received attestation data corresponding to said specific use session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the secret is stored in a first portion of the memory, the memory comprises a second portion, and the second portion of the memory comprises non-volatile memory.
  - 3. The apparatus of claim 2, wherein the memory comprises random access memory.
  - 4. The apparatus of claim 2, wherein the second portion of the memory is to store log data to be shared with the another device.
  - 5. The apparatus of claim 1, wherein the attestation data is to attest to integrity of the apparatus.
  - 6. The apparatus of claim 5, wherein the integrity of the apparatus is conditioned on the apparatus having maintained power throughout a session and the secret is provisioned to correspond to a start of the session.
  - 7. The apparatus of claim 1, wherein the attestation data is generated from a cryptographic hash of the log data using the secret.
  - 8. The apparatus of claim 1, wherein the attestation data is to represent integrity of the log data.
  - 9. The apparatus of claim 1, wherein the memory is provisioned with a random number and the attestation data is generated based on the random number and secret data.
  - 10. The apparatus of claim 1, wherein the communication interface is further to receive a signal from the another device and send the attestation data to the another device in response to the signal, and the another device is to forward the attestation data to a management system over a network.
  - 11. The apparatus of claim 1, wherein the apparatus comprises an in-package sensor device to sense conditions during a shipment of the package.

12. At least one non-transitory computer-readable storage medium having instructions stored thereon, the instructions when executed on a processor device, cause the processor device to:
- receive, at an attestation device, a signal from a particular gateway device, the attestation device comprising;
  
  an energy storage module to power the attestation device;
  
  a memory in which a secret is stored on the attestation apparatus, wherein the secret is provisioned in the memory via a trusted provisioning event by a management system corresponding to a specific use session from a plurality of use sessions of the attestation apparatus and wherein a loss of power event causes the secret to be deleted from the memory; and
  
  at least one sensor to sense characteristics of an environment of the apparatus and generate signals indicative of the sensed environmental characteristics;
  
  transmit the stored secret to the particular gateway device and use a signed secret returned from the particular gateway device to generate a custody transfer message to the management system;
  
  generate log data from the signals and store the generated log data in the memory; and
  
  generate attestation data derived from the stored secret along with log data of the attestation apparatus;
  
  a communications interface to send the generated attestation data and the log data to the management system via the particular gateway device to verify integrity and authenticity of the attestation apparatus based on the received attestation data corresponding to said specific use session.
- View Dependent Claims (13, 14, 15)
- - 13. The storage medium of claim 12, wherein the instructions, when executed, further cause the machine to configure the attestation device to load the secret in the memory segment and load a firmware image on the attestation device.
  - 14. The storage medium of claim 13, wherein the secret and firmware image are provided by a remote management system.
  - 15. The storage medium of claim 12, wherein the instructions, when executed, further cause the machine to participate with the particular gateway device and at least one other collocated gateway device in a custody transfer protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Walker, Jesse Randall, Herbert, Howard C., Brannock, Kirk D., Price, Stephen H., Cooper, Geoffrey H., deVries, David A., Amols, David M., Schrecker, Sven
Primary Examiner(s)
Chai, Longbit

Application Number

US14/978,920
Publication Number

US 20170180341A1
Time in Patent Office

959 Days
Field of Search

726 3
US Class Current
CPC Class Codes

G06F 8/63   Image based installation; C...

G06F 9/4401   Bootstrapping security arra...

H04L 2209/80   Wireless

H04L 63/08   for authentication of entit...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3242   involving keyed hash functi...

Simplified sensor integrity

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified sensor integrity

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links