Attestation device custody transfer protocol

US 10,193,858 B2
Filed: 12/22/2015
Issued: 01/29/2019
Est. Priority Date: 12/22/2015
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

send, from a particular gateway device, a start of transfer request to an attestation device over a short range wireless communication channel;

receive, at the particular gateway device, a nonce from the attestation device in association with the start of transfer request;

sign the nonce at the particular gateway device;

send the signed nonce to the attestation device;

receive a transfer confirmation message from the attestation device; and

send a transfer message to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device, wherein;

the transfer message comprises the transfer confirmation message;

the transfer confirmation message is based on log data generated by the attestation device and the nonce, and comprises the log data and a hash of the nonce and the log data; and

the hash of the nonce and the log data comprises a hash of the nonce, the signed nonce, a copy of the nonce signed by the other gateway device, and the log data.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A custody transfer of a device can include sending a start of transfer request to an attestation device over a short range wireless communication channel, a nonce is received from the attestation device in association with the start of transfer request, and the nonce is signed at the particular gateway device. The signed nonce is sent to the attestation device, a transfer confirmation message is received from the attestation device, and a transfer message is sent to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device.

23 Citations

16 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- send, from a particular gateway device, a start of transfer request to an attestation device over a short range wireless communication channel;
  
  receive, at the particular gateway device, a nonce from the attestation device in association with the start of transfer request;
  
  sign the nonce at the particular gateway device;
  
  send the signed nonce to the attestation device;
  
  receive a transfer confirmation message from the attestation device; and
  
  send a transfer message to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device, wherein;
  
  the transfer message comprises the transfer confirmation message;
  
  the transfer confirmation message is based on log data generated by the attestation device and the nonce, and comprises the log data and a hash of the nonce and the log data; and
  
  the hash of the nonce and the log data comprises a hash of the nonce, the signed nonce, a copy of the nonce signed by the other gateway device, and the log data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The storage medium of claim 1, wherein the particular gateway device is associated with a first entity and the other gateway device comprises a second entity.
  - 3. The storage medium of claim 2, wherein the transfer in custody comprises a transfer from the first entity to the second entity.
  - 4. The storage medium of claim 1, wherein the particular gateway device communicates with the attestation device over a short range wireless connection.
  - 5. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to:
    - receive attestation data from the attestation device; and
      
      forward the attestation data to the management system.
  - 6. The storage medium of claim 5, wherein the instructions, when executed, further cause the machine to:
    - receive log data from the attestation device; and
      
      forward the attestation data to the management system.
  - 7. The storage medium of claim 6, wherein the log data is integrated in the attestation data.
  - 8. The storage medium of claim 1, wherein the nonce is to be signed using a public key infrastructure (PKI) key of the particular gateway device.

9. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- receive, at an attestation device, a first custody transfer request from a first gateway device;
  
  generate a nonce in response to the first custody transfer request;
  
  send a copy of the nonce to the first gateway device;
  
  receive, at the attestation device, a first signed copy of the nonce from the first gateway device;
  
  receive, at the attestation device, a second custody transfer request from a second gateway device;
  
  send another copy of the nonce to the second gateway device;
  
  receive, at the attestation device, a second signed copy of the nonce from the second gateway device;
  
  generate a transfer confirmation message based on the first and second signed copies of the nonce, wherein the transfer confirmation message represents a transfer in custody of the attestation; and
  
  send the transfer confirmation message to at least one of the first and second gateway devices, wherein;
  
  the transfer confirmation message is based on log data generated by the attestation device and the nonce, and comprises the log data and a hash of the nonce and the log data; and
  
  the hash of the nonce and the log data comprises a hash of the nonce, the first signed copy of the nonce, the second signed copy of the nonce, and the log data.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The storage medium of claim 9, wherein the instructions, when executed, further cause the machine to:
    - generate attestation data from secret data stored in the attestation device; and
      
      send attestation data to the first gateway device.
  - 11. The storage medium of claim 10, wherein the secret data is configured to be erased on a restart of the attestation device.
  - 12. The storage medium of claim 9, wherein the instructions, when executed, further cause the machine to generate log data based on readings of one or more sensors of the attestation device, and the attestation data comprises a hash of the secret data and the log data.
  - 13. The storage medium of claim 9, wherein generating the transfer confirmation message comprises hashing the first and second signed copies of the nonce and the nonce.
  - 14. The storage medium of claim 13, wherein hashing the first and second signed copies of the nonce and the nonce comprises hashing the first and second signed copies of the nonce, the nonce, and log data of the attestation device.

15. A system comprising:
- a gateway device comprising;
  
  a short range communications module to;
  
  send a signal to a particular attestation device; and
  
  receive attestation data from the particular attestation device;
  
  a second communication module to;
  
  send a message to a remote management system over a wide area network, wherein the message identifies the gateway device and includes the received attestation data; and
  
  protocol logic to support a custody transfer protocol, wherein the custody transfer protocol comprises;
  
  sending a custody transfer request to the particular attestation device;
  
  receiving a nonce from the particular attestation device in response to the custody transfer request;
  
  signing the nonce;
  
  sending a signed nonce to the particular attestation device;
  
  receiving a transfer confirmation data from the particular attestation device; and
  
  sending a transfer message to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device based on the transfer confirmation data, wherein;
  
  the transfer message comprises the transfer confirmation data;
  
  the transfer confirmation data is based on log data generated by the attestation device and the nonce, and comprises the log data and a hash of the nonce and the log data; and
  
  the hash of the nonce and the log data comprises a hash of the nonce, the signed nonce, a copy of the nonce signed by the other gateway device, and the log data.
- View Dependent Claims (16)
- - 16. The system of claim 15, wherein the custody transfer protocol further comprises:
    - identifying another gateway device in proximity of the gateway device and the attestation device;
      
      receiving first data from the another gateway device, wherein the data identifies the another gateway device; and
      
      sending second data to the other gateway device to identify the gateway device to the other gateway device, wherein the custody transfer response is based on identifiers of the gateway device and the other gateway device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, LLC
Inventors
Walker, Jesse Randall, Herbert, Howard C., Brannock, Kirk D., Cooper, Geoffrey H., deVries, David A., Amols, David M., Schrecker, Sven, Price, Stephen H.
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US14/978,658
Publication Number

US 20170180314A1
Time in Patent Office

1,134 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0209   Architectural arrangements,...

H04L 63/0281   Proxies

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/126   the source of the received ...

H04L 9/006   involving public key infras...

H04L 9/083   involving central third par...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

Attestation device custody transfer protocol

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Attestation device custody transfer protocol

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links